Analysis Overview
SHA256
30091faafd62ea7ba9868db2ee575dab98fd126a78d39590f57ea7b38b20d966
Threat Level: Known bad
The file Ultimate Tweaks.exe was found to be: Known bad.
Malicious Activity Summary
Zloader family
Executes dropped EXE
Loads dropped DLL
Checks computer location settings
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
Program crash
Unsigned PE
Enumerates physical storage devices
Command and Scripting Interpreter: PowerShell
System Location Discovery: System Language Discovery
Suspicious use of SendNotifyMessage
Suspicious behavior: GetForegroundWindowSpam
Uses Task Scheduler COM API
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Checks processor information in registry
Modifies registry class
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-09-22 11:14
Signatures
Zloader family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral31
Detonation Overview
Submitted
2024-09-22 11:13
Reported
2024-09-22 11:23
Platform
win10v2004-20240802-en
Max time kernel
148s
Max time network
304s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1560 wrote to memory of 3776 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1560 wrote to memory of 3776 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1560 wrote to memory of 3776 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsExec.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsExec.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3776 -ip 3776
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 612
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-22 11:13
Reported
2024-09-22 11:23
Platform
win7-20240903-en
Max time kernel
120s
Max time network
124s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Ultimate Tweaks.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Ultimate Tweaks.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Ultimate Tweaks.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Ultimate Tweaks.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Ultimate Tweaks.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Ultimate Tweaks.exe
"C:\Users\Admin\AppData\Local\Temp\Ultimate Tweaks.exe"
Network
Files
\Users\Admin\AppData\Local\Temp\nsdB146.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
\Users\Admin\AppData\Local\Temp\nsdB146.tmp\UAC.dll
| MD5 | adb29e6b186daa765dc750128649b63d |
| SHA1 | 160cbdc4cb0ac2c142d361df138c537aa7e708c9 |
| SHA256 | 2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08 |
| SHA512 | b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada |
\Users\Admin\AppData\Local\Temp\nsdB146.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-09-22 11:13
Reported
2024-09-22 11:23
Platform
win10v2004-20240802-en
Max time kernel
92s
Max time network
212s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2064 wrote to memory of 3268 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2064 wrote to memory of 3268 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2064 wrote to memory of 3268 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3268 -ip 3268
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 628
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.170.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-09-22 11:13
Reported
2024-09-22 11:23
Platform
win7-20240903-en
Max time kernel
299s
Max time network
305s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | bitbucket.org | N/A | N/A |
| N/A | bitbucket.org | N/A | N/A |
| N/A | bitbucket.org | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3056.0.1524721661\1655230473" -parentBuildID 20221007134813 -prefsHandle 1268 -prefMapHandle 1264 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {18660dc3-cd3d-421a-ac36-37422378fc75} 3056 "\\.\pipe\gecko-crash-server-pipe.3056" 1360 114faf58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3056.1.1951607172\1803665560" -parentBuildID 20221007134813 -prefsHandle 1520 -prefMapHandle 1516 -prefsLen 21708 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0915e6f2-a11d-409f-a638-6cbd0a58a2e6} 3056 "\\.\pipe\gecko-crash-server-pipe.3056" 1532 43fce58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3056.2.1935527947\132802561" -childID 1 -isForBrowser -prefsHandle 1920 -prefMapHandle 1916 -prefsLen 21746 -prefMapSize 233444 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a071a723-85f9-4143-9fc3-e669ec1306a3} 3056 "\\.\pipe\gecko-crash-server-pipe.3056" 2072 19e93e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3056.3.1312907345\874953504" -childID 2 -isForBrowser -prefsHandle 2460 -prefMapHandle 2456 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b83d2829-81e6-47ee-a72c-d9fffbac2372} 3056 "\\.\pipe\gecko-crash-server-pipe.3056" 2472 d67e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3056.4.1178387559\1355602747" -childID 3 -isForBrowser -prefsHandle 3696 -prefMapHandle 3692 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e2f0151-82e2-4f79-874d-2bba799b2b80} 3056 "\\.\pipe\gecko-crash-server-pipe.3056" 3708 1e4c5a58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3056.5.435353387\1462990345" -childID 4 -isForBrowser -prefsHandle 3816 -prefMapHandle 3820 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1f80900-d89a-4767-9461-6bdc2e29d069} 3056 "\\.\pipe\gecko-crash-server-pipe.3056" 3804 1e4c7558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3056.6.183093485\257716420" -childID 5 -isForBrowser -prefsHandle 3980 -prefMapHandle 3984 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d79a61ec-7f36-494c-a97c-731e2f830ac3} 3056 "\\.\pipe\gecko-crash-server-pipe.3056" 3968 1e4c6f58 tab
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:49204 | tcp | |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| N/A | 127.0.0.1:49212 | tcp | |
| US | 8.8.8.8:53 | source.chromium.org | udp |
| US | 8.8.8.8:53 | www.kurims.kyoto-u.ac.jp | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | source.chromium.org | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | source.chromium.org | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | aomedia.googlesource.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | aomedia.googlesource.com | udp |
| US | 8.8.8.8:53 | chromium.googlesource.com | udp |
| US | 8.8.8.8:53 | aomedia.googlesource.com | udp |
| US | 8.8.8.8:53 | chromium.googlesource.com | udp |
| US | 8.8.8.8:53 | source.android.com | udp |
| US | 8.8.8.8:53 | chromium.googlesource.com | udp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | developer.android.com | udp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | ci.android.com | udp |
| US | 8.8.8.8:53 | android.googlesource.com | udp |
| US | 8.8.8.8:53 | ci.android.com | udp |
| US | 8.8.8.8:53 | android.googlesource.com | udp |
| US | 8.8.8.8:53 | ci.android.com | udp |
| US | 8.8.8.8:53 | android.googlesource.com | udp |
| US | 8.8.8.8:53 | www.mojohaus.org | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | mojohaus.github.io | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | mojohaus.github.io | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | beto-core.googlesource.com | udp |
| US | 8.8.8.8:53 | tsuru.kurims.kyoto-u.ac.jp | udp |
| US | 8.8.8.8:53 | software.blackmagicdesign.com | udp |
| US | 8.8.8.8:53 | beto-core.googlesource.com | udp |
| US | 8.8.8.8:53 | software.blackmagicdesign.com | udp |
| US | 8.8.8.8:53 | beto-core.googlesource.com | udp |
| US | 8.8.8.8:53 | software.blackmagicdesign.com | udp |
| US | 8.8.8.8:53 | www.chromium.org | udp |
| US | 8.8.8.8:53 | boringssl.googlesource.com | udp |
| US | 8.8.8.8:53 | www.chromium.org | udp |
| US | 8.8.8.8:53 | boringssl.googlesource.com | udp |
| US | 8.8.8.8:53 | www.chromium.org | udp |
| US | 8.8.8.8:53 | boringssl.googlesource.com | udp |
| US | 8.8.8.8:53 | www.daemonology.net | udp |
| US | 8.8.8.8:53 | sigslot.sourceforge.net | udp |
| US | 8.8.8.8:53 | projects.sourceforge.net.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | www.daemonology.net | udp |
| US | 8.8.8.8:53 | projects.sourceforge.net.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | www.daemonology.net | udp |
| US | 8.8.8.8:53 | checkerframework.org | udp |
| US | 8.8.8.8:53 | code.google.com | udp |
| US | 8.8.8.8:53 | checkerframework.org | udp |
| US | 8.8.8.8:53 | code.l.google.com | udp |
| US | 8.8.8.8:53 | code.l.google.com | udp |
| US | 8.8.8.8:53 | checkerframework.org | udp |
| US | 8.8.8.8:53 | pypi.python.org | udp |
| US | 8.8.8.8:53 | crashpad.chromium.org | udp |
| US | 8.8.8.8:53 | dualstack.python.map.fastly.net | udp |
| US | 8.8.8.8:53 | ghs.googlehosted.com | udp |
| US | 8.8.8.8:53 | dualstack.python.map.fastly.net | udp |
| US | 8.8.8.8:53 | ghs.googlehosted.com | udp |
| US | 8.8.8.8:53 | www.npmjs.com | udp |
| US | 8.8.8.8:53 | www.npmjs.com | udp |
| US | 8.8.8.8:53 | www.opensource.apple.com | udp |
| US | 8.8.8.8:53 | tsuru.kurims.kyoto-u.ac.jp | udp |
| US | 8.8.8.8:53 | www.npmjs.com | udp |
| US | 8.8.8.8:53 | world-gen.g.aaplimg.com | udp |
| US | 8.8.8.8:53 | code.videolan.org | udp |
| US | 8.8.8.8:53 | world-gen.g.aaplimg.com | udp |
| US | 8.8.8.8:53 | code.videolan.org | udp |
| US | 8.8.8.8:53 | dawn.googlesource.com | udp |
| US | 8.8.8.8:53 | code.videolan.org | udp |
| US | 8.8.8.8:53 | dawn.googlesource.com | udp |
| US | 8.8.8.8:53 | easylist.to | udp |
| US | 8.8.8.8:53 | dawn.googlesource.com | udp |
| US | 8.8.8.8:53 | easylist.to | udp |
| US | 8.8.8.8:53 | gitlab.com | udp |
| US | 8.8.8.8:53 | easylist.to | udp |
| US | 8.8.8.8:53 | gitlab.com | udp |
| US | 8.8.8.8:53 | www.netlib.org | udp |
| US | 8.8.8.8:53 | gitlab.com | udp |
| US | 8.8.8.8:53 | ffmpeg.org | udp |
| US | 8.8.8.8:53 | ffmpeg.org | udp |
| US | 8.8.8.8:53 | ffmpeg.org | udp |
| US | 8.8.8.8:53 | netlib.org | udp |
| US | 8.8.8.8:53 | findbugs.sourceforge.net | udp |
| US | 8.8.8.8:53 | firebase.google.com | udp |
| US | 8.8.8.8:53 | www.flotcharts.org | udp |
| US | 8.8.8.8:53 | firebase.google.com | udp |
| US | 8.8.8.8:53 | www.flotcharts.org | udp |
| US | 8.8.8.8:53 | firebase.google.com | udp |
| US | 8.8.8.8:53 | www.flotcharts.org | udp |
| US | 8.8.8.8:53 | www.freetype.org | udp |
| US | 8.8.8.8:53 | netlib.org | udp |
| US | 8.8.8.8:53 | fuchsia.googlesource.com | udp |
| US | 8.8.8.8:53 | www.freetype.org | udp |
| US | 8.8.8.8:53 | www.freetype.org | udp |
| US | 8.8.8.8:53 | fuchsia.googlesource.com | udp |
| US | 8.8.8.8:53 | fusejs.io | udp |
| US | 8.8.8.8:53 | fuchsia.googlesource.com | udp |
| US | 8.8.8.8:53 | fusejs.io | udp |
| US | 8.8.8.8:53 | sourceware.org | udp |
| US | 8.8.8.8:53 | www.gnu.org | udp |
| US | 8.8.8.8:53 | www.gnu.org | udp |
| US | 8.8.8.8:53 | sourceware.org | udp |
| US | 8.8.8.8:53 | fusejs.io | udp |
| US | 8.8.8.8:53 | www.gnu.org | udp |
| US | 8.8.8.8:53 | sourceware.org | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | cloud.google.com | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | cloud.google.com | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | harfbuzz.org | udp |
| US | 8.8.8.8:53 | cloud.google.com | udp |
| US | 8.8.8.8:53 | hunspell.sourceforge.net | udp |
| US | 8.8.8.8:53 | harfbuzz.org | udp |
| US | 8.8.8.8:53 | bgoffice.sourceforge.net | udp |
| US | 8.8.8.8:53 | www.ijg.org | udp |
| US | 8.8.8.8:53 | harfbuzz.org | udp |
| US | 8.8.8.8:53 | www.ijg.org | udp |
| US | 8.8.8.8:53 | developer.mozilla.org | udp |
| US | 8.8.8.8:53 | jinja.palletsprojects.com | udp |
| US | 8.8.8.8:53 | www.ijg.org | udp |
| US | 8.8.8.8:53 | mdn.prod.mdn.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | readthedocs.io | udp |
| US | 8.8.8.8:53 | www.khronos.org | udp |
| US | 8.8.8.8:53 | mdn.prod.mdn.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | readthedocs.io | udp |
| US | 8.8.8.8:53 | www.khronos.org | udp |
| US | 8.8.8.8:53 | registry.khronos.org | udp |
| US | 8.8.8.8:53 | kotlinlang.org | udp |
| US | 8.8.8.8:53 | www.khronos.org | udp |
| US | 8.8.8.8:53 | registry.khronos.org | udp |
| US | 8.8.8.8:53 | kotlinlang.org | udp |
| US | 8.8.8.8:53 | brltty.app | udp |
| US | 8.8.8.8:53 | kotlinlang.org | udp |
| US | 8.8.8.8:53 | registry.khronos.org | udp |
| US | 8.8.8.8:53 | brltty.app | udp |
| US | 8.8.8.8:53 | libcxx.llvm.org | udp |
| US | 8.8.8.8:53 | libcxxabi.llvm.org | udp |
| US | 8.8.8.8:53 | brltty.app | udp |
| US | 8.8.8.8:53 | gitlab.freedesktop.org | udp |
| US | 8.8.8.8:53 | gitlab.freedesktop.org | udp |
| US | 8.8.8.8:53 | gitlab.freedesktop.org | udp |
| US | 8.8.8.8:53 | libevent.org | udp |
| US | 8.8.8.8:53 | libevent.org | udp |
| US | 8.8.8.8:53 | lists.llvm.org | udp |
| US | 8.8.8.8:53 | lists.llvm.org | udp |
| US | 8.8.8.8:53 | libevent.org | udp |
| US | 8.8.8.8:53 | lists.llvm.org | udp |
| US | 8.8.8.8:53 | lists.llvm.org | udp |
| US | 8.8.8.8:53 | libpng.org | udp |
| US | 8.8.8.8:53 | libpng.org | udp |
| US | 8.8.8.8:53 | libpng.org | udp |
| US | 8.8.8.8:53 | git.gnome.org | udp |
| US | 8.8.8.8:53 | ocp-ingress.fastly.gnome.org | udp |
| US | 8.8.8.8:53 | ocp-ingress.fastly.gnome.org | udp |
| US | 8.8.8.8:53 | www.freedesktop.org | udp |
| US | 8.8.8.8:53 | libusb.info | udp |
| US | 8.8.8.8:53 | xmlsoft.org | udp |
| US | 8.8.8.8:53 | annarchy.freedesktop.org | udp |
| US | 8.8.8.8:53 | xmlsoft.org | udp |
| US | 8.8.8.8:53 | annarchy.freedesktop.org | udp |
| US | 8.8.8.8:53 | libusb.info | udp |
| US | 8.8.8.8:53 | xmlsoft.org | udp |
| US | 8.8.8.8:53 | lit.dev | udp |
| US | 8.8.8.8:53 | libusb.info | udp |
| US | 8.8.8.8:53 | reviews.llvm.org | udp |
| US | 8.8.8.8:53 | lit.dev | udp |
| US | 8.8.8.8:53 | www.7-zip.org | udp |
| US | 8.8.8.8:53 | reviews.llvm.org | udp |
| US | 8.8.8.8:53 | lit.dev | udp |
| US | 8.8.8.8:53 | www.7-zip.org | udp |
| US | 8.8.8.8:53 | reviews.llvm.org | udp |
| US | 8.8.8.8:53 | www.7-zip.org | udp |
| US | 8.8.8.8:53 | www.mesa3d.org | udp |
| US | 8.8.8.8:53 | dxr.mozilla.org | udp |
| US | 8.8.8.8:53 | searchfox.org | udp |
| US | 8.8.8.8:53 | prod.refractr.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | searchfox.org | udp |
| US | 8.8.8.8:53 | prod.refractr.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | searchfox.org | udp |
| US | 8.8.8.8:53 | www.mozilla.org | udp |
| US | 8.8.8.8:53 | cgit.freedesktop.org | udp |
| US | 8.8.8.8:53 | cristal.univ-lille.fr | udp |
| US | 8.8.8.8:53 | www.mozorg.moz.works | udp |
| US | 8.8.8.8:53 | molly.freedesktop.org | udp |
| US | 8.8.8.8:53 | proxy-inst.lifl.fr | udp |
| US | 8.8.8.8:53 | www.mozorg.moz.works | udp |
| US | 8.8.8.8:53 | www.openh264.org | udp |
| US | 8.8.8.8:53 | proxy-inst.lifl.fr | udp |
| US | 8.8.8.8:53 | gitlab.xiph.org | udp |
| US | 8.8.8.8:53 | cisco.github.io | udp |
| US | 8.8.8.8:53 | molly.freedesktop.org | udp |
| US | 8.8.8.8:53 | cisco.github.io | udp |
| US | 8.8.8.8:53 | pdfium.googlesource.com | udp |
| US | 8.8.8.8:53 | pdfium.googlesource.com | udp |
| US | 8.8.8.8:53 | gitlab.xiph.org | udp |
| US | 8.8.8.8:53 | pdfium.googlesource.com | udp |
| US | 8.8.8.8:53 | azillionmonkeys.com | udp |
| US | 8.8.8.8:53 | bitbucket.org | udp |
| US | 8.8.8.8:53 | bitbucket.org | udp |
| US | 8.8.8.8:53 | gitlab.xiph.org | udp |
| US | 8.8.8.8:53 | bitbucket.org | udp |
| US | 8.8.8.8:53 | azillionmonkeys.com | udp |
| US | 8.8.8.8:53 | www.polymer-project.org | udp |
| US | 8.8.8.8:53 | ghs.google.com | udp |
| US | 8.8.8.8:53 | polymer-library.polymer-project.org | udp |
| US | 8.8.8.8:53 | ghs.google.com | udp |
| US | 8.8.8.8:53 | pypi.org | udp |
| US | 8.8.8.8:53 | quiche.googlesource.com | udp |
| US | 8.8.8.8:53 | redux.js.org | udp |
| US | 8.8.8.8:53 | pypi.org | udp |
| US | 8.8.8.8:53 | quiche.googlesource.com | udp |
| US | 8.8.8.8:53 | redux-docs.netlify.app | udp |
| US | 8.8.8.8:53 | pypi.org | udp |
| US | 8.8.8.8:53 | quiche.googlesource.com | udp |
| US | 8.8.8.8:53 | redux-docs.netlify.app | udp |
| US | 8.8.8.8:53 | opensource.perlig.de | udp |
| US | 8.8.8.8:53 | sizzlejs.com | udp |
| US | 8.8.8.8:53 | skia.org | udp |
| US | 8.8.8.8:53 | sizzlejs.com | udp |
| US | 8.8.8.8:53 | perlig.de | udp |
| US | 8.8.8.8:53 | skia.org | udp |
| US | 8.8.8.8:53 | sizzlejs.com | udp |
| US | 8.8.8.8:53 | skia.org | udp |
| US | 8.8.8.8:53 | perlig.de | udp |
| US | 8.8.8.8:53 | google.github.io | udp |
| US | 8.8.8.8:53 | www.pertinentdetail.org | udp |
| US | 8.8.8.8:53 | google.github.io | udp |
| US | 8.8.8.8:53 | sqlite.org | udp |
| US | 8.8.8.8:53 | google.github.io | udp |
| US | 8.8.8.8:53 | gpaas9.dc2.gandi.net | udp |
| US | 8.8.8.8:53 | sqlite.org | udp |
| US | 8.8.8.8:53 | gpaas9.dc2.gandi.net | udp |
| US | 8.8.8.8:53 | www.strongtalk.org | udp |
| US | 8.8.8.8:53 | sqlite.org | udp |
| US | 8.8.8.8:53 | www.strongtalk.org | udp |
| US | 8.8.8.8:53 | www.suitable.com | udp |
| US | 8.8.8.8:53 | swiftshader.googlesource.com | udp |
| US | 8.8.8.8:53 | www.strongtalk.org | udp |
| US | 8.8.8.8:53 | www.suitable.com | udp |
| US | 8.8.8.8:53 | swiftshader.googlesource.com | udp |
| US | 8.8.8.8:53 | source.corp.google.com | udp |
| US | 8.8.8.8:53 | www.suitable.com | udp |
| US | 8.8.8.8:53 | swiftshader.googlesource.com | udp |
| US | 8.8.8.8:53 | uberproxy.l.google.com | udp |
| US | 8.8.8.8:53 | www.linux-usb.org | udp |
| US | 8.8.8.8:53 | cldr.unicode.org | udp |
| US | 8.8.8.8:53 | uberproxy.l.google.com | udp |
| US | 8.8.8.8:53 | vhost.sourceforge.net | udp |
| US | 8.8.8.8:53 | cldr.pages.dev | udp |
| US | 8.8.8.8:53 | hg.mozilla.org | udp |
| US | 8.8.8.8:53 | vhost.sourceforge.net | udp |
| US | 8.8.8.8:53 | cldr.pages.dev | udp |
| US | 8.8.8.8:53 | hg.public.mdc1.mozilla.com | udp |
| US | 8.8.8.8:53 | git.linuxtv.org | udp |
| US | 8.8.8.8:53 | hg.public.mdc1.mozilla.com | udp |
| US | 8.8.8.8:53 | www.linuxtv.org | udp |
| US | 8.8.8.8:53 | v8.dev | udp |
| US | 8.8.8.8:53 | valgrind.org | udp |
| US | 8.8.8.8:53 | www.linuxtv.org | udp |
| US | 8.8.8.8:53 | v8.dev | udp |
| US | 8.8.8.8:53 | webkit.org | udp |
| US | 8.8.8.8:53 | v8.dev | udp |
| US | 8.8.8.8:53 | www.webrtc.org | udp |
| US | 8.8.8.8:53 | webkit.org | udp |
| US | 8.8.8.8:53 | valgrind.org | udp |
| US | 8.8.8.8:53 | webkit.org | udp |
| US | 8.8.8.8:53 | opensource.apple.com | udp |
| US | 8.8.8.8:53 | sourceforge.net | udp |
| US | 8.8.8.8:53 | valgrind.org | udp |
| US | 8.8.8.8:53 | tukaani.org | udp |
| US | 8.8.8.8:53 | sourceforge.net | udp |
| US | 8.8.8.8:53 | zlib.net | udp |
| US | 8.8.8.8:53 | zlib.net | udp |
| US | 8.8.8.8:53 | zlib.net | udp |
| US | 8.8.8.8:53 | tukaani.org | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| GB | 88.221.134.155:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.178.14:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.178.14:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r1---sn-5oxmp55u-8pxe.gvt1.com | udp |
| AT | 144.208.213.44:443 | r1---sn-5oxmp55u-8pxe.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1.sn-5oxmp55u-8pxe.gvt1.com | udp |
| US | 8.8.8.8:53 | r1.sn-5oxmp55u-8pxe.gvt1.com | udp |
| AT | 144.208.213.44:443 | r1.sn-5oxmp55u-8pxe.gvt1.com | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o97f221x.default-release\datareporting\glean\pending_pings\6026dbb0-e2f4-436d-9da0-59e7119d838a
| MD5 | 785ad43c5a49459a9b869a70b931924f |
| SHA1 | 88052c38a9bbef5de5b5a93115bc55d135ffd6ab |
| SHA256 | 18336fbc871bcf5b745c620f04c1cacde43e261a29347883652c46f2b383a562 |
| SHA512 | 159573e4def1d60cf1e30be2ee1a10bc5384c7a40b074c1661b29b3592d3298cf3b430c3cee22e5846fe7a65c062a6f131c8447a7de7a9db102e52584cd42604 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o97f221x.default-release\datareporting\glean\pending_pings\9db2de9e-efea-4bb5-abd1-8c30dee23d05
| MD5 | 27e7ec903b71b61a7f4265f02c487ba3 |
| SHA1 | 3e37449543d77e44f5970f89f01a566ba0589dff |
| SHA256 | 84fd158c5bc739dd34f09820879f632282e7c265ad419591cac8e2caa56671d5 |
| SHA512 | dd2404fb2c92c22009f06ba8feca517006efdd7de4f604c9303840c2adfe894d46cf941978b748e3d1938f0f83e986ae87061af74dee8432c122cf2a79608cbf |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o97f221x.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 4b57e4591688fc4bb325d4d10d1504b5 |
| SHA1 | f5340cf5f52bdff1aaf46936421661f6f57b026a |
| SHA256 | 9bafd61bc8d3539dc79f4e87cefa4270eda470c03c1a913de9f85a47a80883a1 |
| SHA512 | 76b9a8618d08f9013d2de74fce696543673862f70c46ad58584ebfe912f4978227ba2804edfd67f2c17537ea6937493cf9d808a07746ac59965f615cb88fcafb |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\o97f221x.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 39067d086916d30296dc6d7cb9284e18 |
| SHA1 | 010e49fc3e1eed5858f6bdb7cc08e40a1831697d |
| SHA256 | 5038312292f96953da0f3937e799dd935212952d916319a6e8df47bf6e940583 |
| SHA512 | 17bcb225c3e9b3f838e55551a9e8756777691dd23b2a25e68100c48e244cc49fae80723bbfdffdbeafd4168a01ca6a0e1e392b697c2b19fb1e80b58e8505c6a8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o97f221x.default-release\prefs-1.js
| MD5 | 8582978afe8f8bc56cb42cf44a2b6bd4 |
| SHA1 | 7d2fd7cdaea771aff448b27a3d2c032e9f5967a7 |
| SHA256 | 748361011b5f2afcc5221b9e3569946c361bcb242e93ea0590d01e0a1d719266 |
| SHA512 | 3469cda0e253e7006de006370592af801504f958b2bf8afd817aa5c82b8ef9f19e37a2f56dd1cd25a5a2e4dfbcfff17320d719c64e68107d5257cd31378d7f6d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o97f221x.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | cf0dee9090c2e9cc8d03a24bb7b61044 |
| SHA1 | c96b5059eca5a715f656127a5d0a2bff7de7dcc6 |
| SHA256 | 643b8208914de7146b196789fc33852ede7fd1790b629cb7d19f8c04284e1fb7 |
| SHA512 | 067d427148de9c79dc777aa8897bf5a320e92366b15972e61877689ac9956d7a1bb10b884258b2b98e35f44048d2722243059333145c0a38a44ad29343fa6fb4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o97f221x.default-release\prefs-1.js
| MD5 | 9193a96039abc1a3c1e6784a1f6dc57f |
| SHA1 | 8e1516b0f93b0eea5bc5a3325872f7c7f8f9f7e4 |
| SHA256 | 251d912f20dfbe45cf187204aeb43df919809d1db3878a80242926d213cc080c |
| SHA512 | 296ef4b3fe1452d07727d56a82a77e44f29e942eff453fe84fe9483a821b9d4379e12e1bcc7d7642833cc6309746eaf2912590c6dd815b069c759dbcf98d05ea |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o97f221x.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o97f221x.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\o97f221x.default-release\cache2\entries\22386449CA13D8975B935875780066C6EF52CE37
| MD5 | 3a5bc078368893d99a75e8604e795b76 |
| SHA1 | 55e0c545d262e72d52dbd7fd207d89551a4b8855 |
| SHA256 | 392e9017b101ea5c8a7c0ae0504b979e10b4cc4f3a83225e5f7942bf0450f2ad |
| SHA512 | a9f04c316bfff5db2e5657a5a04045faa8943ffffe1beaa2f62c43312a580ce0f70c4b020d69c8bf08571ed9b62be4a8f9aa6b3e2dbf44e728c0fd3ce6a249b2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o97f221x.default-release\prefs-1.js
| MD5 | 4d39be5941ae61d2be7d64cd4f466f32 |
| SHA1 | f5b52b9027e0fc8abff7968c4020591267229c22 |
| SHA256 | b1be273bbcb64c00c9eef618d76d0dfe1797a66b4d491d8ae6b8cc8990c1b902 |
| SHA512 | 06ee39a2d2fcbcaa6a05e67c294002b3fed07938449554ffdbf2a315b692620f7977a1db4ebb286b66a6745addf1fa22c75b77847fcb83295de4a7b8cc386af6 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\o97f221x.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308
| MD5 | 7fb24694efd1773f8674a3987c3ee334 |
| SHA1 | 2046214d60c87b8f9f700773abe251403ecc6d34 |
| SHA256 | 114e05ecd9318dcd961f8f7364d1297ce240da091d765392b6ce5ed5d69e74ae |
| SHA512 | 2ab02e80e709bb4dea9cba455bf214d12a1469a2194256c0e62b773bf1285db2865e6d2c1c0da17d2c67ed90f02b72642ad33ae2f199d244aa750305e9907979 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o97f221x.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 0fef2ccfdbb5853b3844b402f6396a64 |
| SHA1 | 8b815912bf12e274070a35935f088367170f32ca |
| SHA256 | f4dba43ca64daed4f66002377ff78b9ed89e7a8150615f9d81aa45372506e807 |
| SHA512 | a0044e4aafe4d0b685f52fa595607f22a2ef7a6d058984ebcda6dbc5238033f374690059a99ba728418927911440338de7f72908f6b30c7d7c5fa501e22d35b5 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o97f221x.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o97f221x.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o97f221x.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o97f221x.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o97f221x.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o97f221x.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 002db66f446c9b7e7a8d8c476a8bbb8c |
| SHA1 | 4b9c1d0fbbba504c282308418471170ed670e88e |
| SHA256 | 2e291b21010f2feb9cb5a4d0e3f89c7b6fa9b4849b9ae3879314080ab7dafd3d |
| SHA512 | 8a89d3ca6e4eb4c83808ef4415b3bab0030a68d155530ccd3d7122a9447c99896bedc175f6b42f54676ebec9e4589febff44f458abbabfe0a52a9744a9c81e00 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o97f221x.default-release\prefs-1.js
| MD5 | ef3feb143890e2aba71f625159affe4b |
| SHA1 | aa3ef280b56c781ce15dab91d9c08196aff06ebb |
| SHA256 | caf04b00c1a928ae5c95fb1f14d769b6054008d2c8185ae948a31f63ce80c70f |
| SHA512 | 16b7f191da8275deb40bf0d4393bba4e4c29a13807c1f56a543507408bdbd1ffe564a24f6f324c567113846771b9d6b30c682312c6299340b67ae63c5ea245a1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o97f221x.default-release\broadcast-listeners.json
| MD5 | a98adaa87f7a685d763056f62c912f25 |
| SHA1 | 4ae2276f8a24d3c9a548f172c457dc13b6587541 |
| SHA256 | d5ec427912ef64d736c2e1b45e5aafd435e533caba045eebc7be8a8049fbc430 |
| SHA512 | abd54aa204034f011045f2cf2205a1498b063bd7fafd953675d328de938de759963ccab59122a54485af6ed3b77952eb7c426c65967c89a731b6e98feddc348f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o97f221x.default-release\sessionCheckpoints.json
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o97f221x.default-release\targeting.snapshot.json
| MD5 | b957568ab8169d03a477dc5ce99bd5f5 |
| SHA1 | bfd0c99c1ecc3f04ca686dbf0d9dcd094b858d16 |
| SHA256 | 8f5e55a214462aa3b51268819abca9fc0d98f47c4a2440c59dcc1277b84d2c56 |
| SHA512 | 098ad2c2bf7ab63557de1b43c54af448616e6d6d3e9fb891dc1e3c808b95413cabbf3e203264e5288efa340d843c4981907a5d625f6349bcb03a50e17d94cb4f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o97f221x.default-release\bookmarkbackups\bookmarks-2024-09-22_11_JQcC4sfBNmv2Tr5WUD8P6g==.jsonlz4
| MD5 | c0b5b3ec984df12a18ec7dae769eb631 |
| SHA1 | 2a03310190be5e1da31f5400a9994296aaae790b |
| SHA256 | b3f23595c219b38e59ac956c6f9e465a505dbddc13ecded283d0d4b34dadec95 |
| SHA512 | 0cf7849ec9d5fd64e0c03bde88f5ccb831facfea0abd90ca2feed4255a246e9154d98c1f3c8cae5d200161747af98dc00e325aa6c3b376a360ec63a953dc1620 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 0c4db7c61f0c4e8898044ab9b1ed63ba |
| SHA1 | 29172b54adf5093c121db275e313589e3acb5a02 |
| SHA256 | f51a0081ebbdc04a0a0a4516a83883fce92e367ed8a0b4b30675bfa479c0acf4 |
| SHA512 | d1c4e18e4662fe99671b7f919ed102ecef030f6cc541086f9d8f8b5074cdf5f253104a6d14f6744985ebe5a9f70e25f65eab0ac372d0a6f88b307c90055758f5 |
Analysis: behavioral18
Detonation Overview
Submitted
2024-09-22 11:13
Reported
2024-09-22 11:23
Platform
win7-20240903-en
Max time kernel
120s
Max time network
130s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\libEGL.dll,#1
Network
Files
Analysis: behavioral21
Detonation Overview
Submitted
2024-09-22 11:13
Reported
2024-09-22 11:23
Platform
win10v2004-20240802-en
Max time kernel
89s
Max time network
192s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\libGLESv2.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.140.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-09-22 11:13
Reported
2024-09-22 11:23
Platform
win10v2004-20240802-en
Max time kernel
148s
Max time network
301s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Ultimate Tweaks.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Ultimate Tweaks.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Ultimate Tweaks.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Ultimate Tweaks.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Ultimate Tweaks.exe
"C:\Users\Admin\AppData\Local\Temp\Ultimate Tweaks.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.140.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.143.182.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\nskA019.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
C:\Users\Admin\AppData\Local\Temp\nskA019.tmp\UAC.dll
| MD5 | adb29e6b186daa765dc750128649b63d |
| SHA1 | 160cbdc4cb0ac2c142d361df138c537aa7e708c9 |
| SHA256 | 2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08 |
| SHA512 | b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada |
C:\Users\Admin\AppData\Local\Temp\nskA019.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
Analysis: behavioral6
Detonation Overview
Submitted
2024-09-22 11:13
Reported
2024-09-22 11:23
Platform
win10v2004-20240802-en
Max time kernel
300s
Max time network
204s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3976 wrote to memory of 3876 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3976 wrote to memory of 3876 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3976 wrote to memory of 3876 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 3876 -ip 3876
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 612
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp | |
| N/A | 20.42.65.91:443 | tcp |
Files
Analysis: behavioral20
Detonation Overview
Submitted
2024-09-22 11:13
Reported
2024-09-22 11:23
Platform
win7-20240708-en
Max time kernel
121s
Max time network
128s
Command Line
Signatures
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2028 wrote to memory of 592 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
| PID 2028 wrote to memory of 592 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
| PID 2028 wrote to memory of 592 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\libGLESv2.dll,#1
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2028 -s 88
Network
Files
Analysis: behavioral26
Detonation Overview
Submitted
2024-09-22 11:13
Reported
2024-09-22 11:23
Platform
win7-20240708-en
Max time kernel
120s
Max time network
126s
Command Line
Signatures
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2372 wrote to memory of 2160 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
| PID 2372 wrote to memory of 2160 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
| PID 2372 wrote to memory of 2160 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\vulkan-1.dll,#1
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2372 -s 88
Network
Files
Analysis: behavioral29
Detonation Overview
Submitted
2024-09-22 11:13
Reported
2024-09-22 11:23
Platform
win10v2004-20240802-en
Max time kernel
148s
Max time network
302s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1868 wrote to memory of 832 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1868 wrote to memory of 832 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1868 wrote to memory of 832 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 832 -ip 832
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 636
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.229.138.52.in-addr.arpa | udp |
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-09-22 11:13
Reported
2024-09-22 11:23
Platform
win7-20240903-en
Max time kernel
122s
Max time network
125s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\UAC.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\UAC.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1344 -s 224
Network
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-09-22 11:13
Reported
2024-09-22 11:23
Platform
win10v2004-20240802-en
Max time kernel
148s
Max time network
310s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2312 wrote to memory of 1180 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2312 wrote to memory of 1180 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2312 wrote to memory of 1180 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\UAC.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\UAC.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 176 -p 1180 -ip 1180
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1180 -s 624
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.140.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.73.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral23
Detonation Overview
Submitted
2024-09-22 11:13
Reported
2024-09-22 11:23
Platform
win10v2004-20240802-en
Max time kernel
90s
Max time network
206s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe
"C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.143.123.92.in-addr.arpa | udp |
Files
Analysis: behavioral27
Detonation Overview
Submitted
2024-09-22 11:13
Reported
2024-09-22 11:23
Platform
win10v2004-20240802-en
Max time kernel
90s
Max time network
209s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\vulkan-1.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
Files
Analysis: behavioral22
Detonation Overview
Submitted
2024-09-22 11:13
Reported
2024-09-22 11:23
Platform
win7-20240704-en
Max time kernel
119s
Max time network
130s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe
"C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe"
Network
Files
Analysis: behavioral24
Detonation Overview
Submitted
2024-09-22 11:13
Reported
2024-09-22 11:23
Platform
win7-20240903-en
Max time kernel
122s
Max time network
130s
Command Line
Signatures
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2196 wrote to memory of 2720 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
| PID 2196 wrote to memory of 2720 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
| PID 2196 wrote to memory of 2720 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\vk_swiftshader.dll,#1
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2196 -s 80
Network
Files
Analysis: behavioral14
Detonation Overview
Submitted
2024-09-22 11:13
Reported
2024-09-22 11:23
Platform
win10v2004-20240802-en
Max time kernel
77s
Max time network
306s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Ultimate Tweaks.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Programs\Ultimate Tweaks\Ultimate Tweaks.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Programs\Ultimate Tweaks\Ultimate Tweaks.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Programs\Ultimate Tweaks\Ultimate Tweaks.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Programs\Ultimate Tweaks\Ultimate Tweaks.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Programs\Ultimate Tweaks\Ultimate Tweaks.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Ultimate Tweaks.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Checks installed software on the system
Command and Scripting Interpreter: PowerShell
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\ultimate-tweaks-updater\pending\Ultimate-Tweaks-Setup-1.0.2.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Users\Admin\AppData\Local\Temp\Ultimate Tweaks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\Ultimate Tweaks.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\Ultimate Tweaks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 | C:\Users\Admin\AppData\Local\Temp\Ultimate Tweaks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 | C:\Users\Admin\AppData\Local\Programs\Ultimate Tweaks\Ultimate Tweaks.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz | C:\Users\Admin\AppData\Local\Temp\Ultimate Tweaks.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\Ultimate Tweaks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Programs\Ultimate Tweaks\Ultimate Tweaks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 | C:\Users\Admin\AppData\Local\Programs\Ultimate Tweaks\Ultimate Tweaks.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz | C:\Users\Admin\AppData\Local\Programs\Ultimate Tweaks\Ultimate Tweaks.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString | C:\Users\Admin\AppData\Local\Programs\Ultimate Tweaks\Ultimate Tweaks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 | C:\Users\Admin\AppData\Local\Temp\Ultimate Tweaks.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Users\Admin\AppData\Local\Programs\Ultimate Tweaks\Ultimate Tweaks.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Programs\Ultimate Tweaks\Ultimate Tweaks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Ultimate Tweaks.exe
"C:\Users\Admin\AppData\Local\Temp\Ultimate Tweaks.exe"
C:\Users\Admin\AppData\Local\Temp\Ultimate Tweaks.exe
"C:\Users\Admin\AppData\Local\Temp\Ultimate Tweaks.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Ultimate Tweaks" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1700 --field-trial-handle=1704,i,4163772060346678251,18004069619306332356,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2
C:\Users\Admin\AppData\Local\Temp\Ultimate Tweaks.exe
"C:\Users\Admin\AppData\Local\Temp\Ultimate Tweaks.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Ultimate Tweaks" --mojo-platform-channel-handle=2068 --field-trial-handle=1704,i,4163772060346678251,18004069619306332356,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:3
C:\Users\Admin\AppData\Local\Temp\Ultimate Tweaks.exe
"C:\Users\Admin\AppData\Local\Temp\Ultimate Tweaks.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Ultimate Tweaks" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2404 --field-trial-handle=1704,i,4163772060346678251,18004069619306332356,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "chcp"
C:\Windows\system32\chcp.com
chcp
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Users\Admin\AppData\Local\ultimate-tweaks-updater\pending\Ultimate-Tweaks-Setup-1.0.2.exe
C:\Users\Admin\AppData\Local\ultimate-tweaks-updater\pending\Ultimate-Tweaks-Setup-1.0.2.exe --updated /S --force-run
C:\Users\Admin\AppData\Local\Programs\Ultimate Tweaks\Ultimate Tweaks.exe
"C:\Users\Admin\AppData\Local\Programs\Ultimate Tweaks\Ultimate Tweaks.exe" --updated
C:\Users\Admin\AppData\Local\Programs\Ultimate Tweaks\Ultimate Tweaks.exe
"C:\Users\Admin\AppData\Local\Programs\Ultimate Tweaks\Ultimate Tweaks.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Ultimate Tweaks" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1744 --field-trial-handle=1748,i,5187955094878870905,6876468273860451291,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2
C:\Users\Admin\AppData\Local\Programs\Ultimate Tweaks\Ultimate Tweaks.exe
"C:\Users\Admin\AppData\Local\Programs\Ultimate Tweaks\Ultimate Tweaks.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Ultimate Tweaks" --mojo-platform-channel-handle=2152 --field-trial-handle=1748,i,5187955094878870905,6876468273860451291,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:3
C:\Users\Admin\AppData\Local\Programs\Ultimate Tweaks\Ultimate Tweaks.exe
"C:\Users\Admin\AppData\Local\Programs\Ultimate Tweaks\Ultimate Tweaks.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Ultimate Tweaks" --app-path="C:\Users\Admin\AppData\Local\Programs\Ultimate Tweaks\resources\app.asar" --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2436 --field-trial-handle=1748,i,5187955094878870905,6876468273860451291,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "chcp"
C:\Windows\system32\chcp.com
chcp
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Users\Admin\AppData\Local\Programs\Ultimate Tweaks\Ultimate Tweaks.exe
"C:\Users\Admin\AppData\Local\Programs\Ultimate Tweaks\Ultimate Tweaks.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Ultimate Tweaks" --app-path="C:\Users\Admin\AppData\Local\Programs\Ultimate Tweaks\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3636 --field-trial-handle=1748,i,5187955094878870905,6876468273860451291,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:1
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Users\Admin\AppData\Local\Programs\Ultimate Tweaks\Ultimate Tweaks.exe
"C:\Users\Admin\AppData\Local\Programs\Ultimate Tweaks\Ultimate Tweaks.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Ultimate Tweaks" --app-path="C:\Users\Admin\AppData\Local\Programs\Ultimate Tweaks\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3560 --field-trial-handle=1748,i,5187955094878870905,6876468273860451291,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:1
C:\Users\Admin\AppData\Local\Programs\Ultimate Tweaks\Ultimate Tweaks.exe
"C:\Users\Admin\AppData\Local\Programs\Ultimate Tweaks\Ultimate Tweaks.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Ultimate Tweaks" --app-path="C:\Users\Admin\AppData\Local\Programs\Ultimate Tweaks\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3544 --field-trial-handle=1748,i,5187955094878870905,6876468273860451291,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:1
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Users\Admin\AppData\Local\Programs\Ultimate Tweaks\Ultimate Tweaks.exe
"C:\Users\Admin\AppData\Local\Programs\Ultimate Tweaks\Ultimate Tweaks.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\Ultimate Tweaks" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=3036 --field-trial-handle=1748,i,5187955094878870905,6876468273860451291,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 240.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.181.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.25.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.111.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.109.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| PL | 142.250.203.193:443 | tcp | |
| US | 8.8.8.8:53 | 193.203.250.142.in-addr.arpa | udp |
| PL | 142.250.203.193:443 | udp | |
| PL | 142.250.203.132:443 | udp | |
| PL | 142.250.203.132:443 | tcp | |
| US | 8.8.8.8:53 | 132.203.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ie54expa.srg.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/1904-73-0x000002DAF85E0000-0x000002DAF8602000-memory.dmp
memory/4396-87-0x000001F3FFC60000-0x000001F3FFCA4000-memory.dmp
memory/4396-88-0x000001F3FFD30000-0x000001F3FFDA6000-memory.dmp
memory/1904-93-0x000002DAF8B40000-0x000002DAF8B6A000-memory.dmp
memory/1904-94-0x000002DAF8B40000-0x000002DAF8B64000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | 5c3cc3c6ae2c1e0b92b502859ce79d0c |
| SHA1 | bde46d0f91ad780ce5cba924f8d9f4c175c5b83d |
| SHA256 | 5a48860ad5bdf15d7a241aa16124163ec48adc0f0af758e43561ac07e4f163b2 |
| SHA512 | 269b79931df92c30741c9a42a013cb24935887272ed8077653f0b6525793da52c5004c70329d8e0e7b2776fc1aba6e32da5dadf237ae42f7398fdf35a930663e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
| MD5 | 28c65370f12e84b734af87ad491ea257 |
| SHA1 | 402d3a8203115f1365d48fa72daf0a56e14d8a08 |
| SHA256 | 4ea873fb3d77a2f8eefae82c943f621f16723516e181bde133568f8f0c91290c |
| SHA512 | 56eb34162b0a39da4aaf66aad35ef355a7709982b5060792e3b4849c36650725176e927815537ec58e7ddf0fb1763066b203d6b7f9d1b3dd2c8bc091c0c850cc |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
| MD5 | a5a1b31e397f430cb02cf453dfce8683 |
| SHA1 | f48cf81689101c975afa31b198ab4881eddf175f |
| SHA256 | 9984ba6d46e89df8c5368627ae7b74c8500b4b5bf13333b3a07879114af9d766 |
| SHA512 | 6fdde225377b54034d6630b85deac9d4e8ac864a6dbf8e2987a1b1a1073ad7f1951bb4dd20f0cd979e837fc89bb5c5ba3c7d5240ee4c3d6cb7215b77f223e217 |
C:\Users\Admin\AppData\Roaming\Ultimate Tweaks\Preferences
| MD5 | 58127c59cb9e1da127904c341d15372b |
| SHA1 | 62445484661d8036ce9788baeaba31d204e9a5fc |
| SHA256 | be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de |
| SHA512 | 8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a |
C:\Users\Admin\AppData\Roaming\Ultimate Tweaks\Preferences~RFe57ff11.TMP
| MD5 | d11dedf80b85d8d9be3fec6bb292f64b |
| SHA1 | aab8783454819cd66ddf7871e887abdba138aef3 |
| SHA256 | 8029940de92ae596278912bbbd6387d65f4e849d3c136287a1233f525d189c67 |
| SHA512 | 6b7ec1ca5189124e0d136f561ca7f12a4653633e2d9452d290e658dfe545acf6600cc9496794757a43f95c91705e9549ef681d4cc9e035738b03a18bdc2e25f0 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
| MD5 | 52cf61a9bb0d93f700229e25917abeab |
| SHA1 | 3d65feda1cc831deedcfbb4f0e0c419334074c78 |
| SHA256 | 467b2f924bb4a941aff22c0237845b2c3634883afaccd3f7a26ae5be1c9b2011 |
| SHA512 | 5053b8196d794e02eceed5145a565ce5c800b56f7e522fa1a8a2781b5308ceec9f84e0179957797676d36bad7adf4270e78079f97d3bae549486a920f0ba0a33 |
memory/1372-186-0x000001CA70750000-0x000001CA70798000-memory.dmp
memory/4572-190-0x000002366A530000-0x000002366A578000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
| MD5 | 6c7d4ef75182eef3d7e16a08f3923e90 |
| SHA1 | 7221407d0f4f750badb78db1c809dff40fbf1aec |
| SHA256 | b7c81efa60b8b53b856a64f1559b3b321a34a63b7092292f2f5b2edd14cd95bb |
| SHA512 | f9dd85517e38a492905ef8043290e50283887a8a1158ae850534560b2460bfdacf5ec861b0e28842da6403299ed4c9cb61fe3b63255bc7b0a28ad933a672adda |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
| MD5 | 69e22225031fc5de2b61c687c5ac3ff4 |
| SHA1 | 6ea095b9bee851360fa52e66fd355b71b81e3316 |
| SHA256 | bc1330e459b7cb8d67348360e2d10acb924b2c61610f0abdaea5e93f5e1a5f6f |
| SHA512 | 71ac77c2f757dc60adeb625338dfe750c19c1605abd70ccd719f78844798e895cf00ff32a6e60d449e2bb21321ada2cd411ab3b54dfb264a562fdacbb9813f97 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
| MD5 | dbcc5931119265f81da4cbe935fed23e |
| SHA1 | 2fde7154a30dfe860e530e448a1b874fa637f54e |
| SHA256 | c2a8768d7f86101f819839efb11bfdfd3ba926c86bdf69f722abd2389d0c241f |
| SHA512 | a2cff95c0142f602c780029a37a8f397143ed127878756583a53bdebd09f69b53b6b9ea173bac1167501cce3469cb66cb7a08c8a9e683cca3e3924771b64adba |
C:\Users\Admin\AppData\Roaming\Ultimate Tweaks\logs\main.log
| MD5 | 5f572c5fe5de8d5bf2830bb5b4efdb3b |
| SHA1 | 72fcc4fcca850b65412dbbad31418f5b3ff8e505 |
| SHA256 | bd76edc49bb99e93f0117b0da130a624ddfbe148b84efb782545598fdd56b96e |
| SHA512 | c8edf57b7faaa8abc4d1cf476e44c57104dd00cf53927eb790251e75fafa7af28e175a160f35d59b82b346a31944563e0806092a78e0d1c5bc3625266e49460e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
| MD5 | 226d1d095ab536821b3eefbcb1917a5f |
| SHA1 | bb11271bdd1dd72ba354e7f3b4e49a46e3a7b0eb |
| SHA256 | dbd5726584b89405d7aa8a62c5b5185e9dfd188e34d667cab6e571246dd20bc6 |
| SHA512 | 94329c05c47e599b3a34b2e82dd810d73fe8379e607d002ee6861595a7c1d995b9aa77fd91a01352d39b219cd0f27262156b63674cbf159df1723bd00492364b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
| MD5 | 63623648d7e06c651f88de5a432dc377 |
| SHA1 | d96ad320cdee769c5d70112fac9c4ccce8bb1007 |
| SHA256 | bdd34b2db04c9c5037d46cc366557256235e12b28c0134733624564fba65a848 |
| SHA512 | 166b3aec9ac364eeaa69ac25d93f018d16866349cf5ea1374aae3641621fc251ea3e1829b684962fb0182f689e30188a18a644290cb231248621e8dd511144e4 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
| MD5 | 503fd450544748dca3522886a2c89e54 |
| SHA1 | 254be2b970ba926e12de2518caf50bdb36567add |
| SHA256 | da4d4a955f643af10c310a471a6bc37c098d9d9d77fb9045d9ba32d9a6bba932 |
| SHA512 | 4dcc7412e0a55f8b521d4897819acf4175fc69eaed2425107c3b3a7aa6373e2cec1b1732164469d90f9fcba190c365c3ab1e767b19aa4035d9deae9f1437a334 |
C:\Users\Admin\AppData\Roaming\Ultimate Tweaks\Session Storage\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Roaming\Ultimate Tweaks\DawnCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Roaming\Ultimate Tweaks\Session Storage\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Roaming\Ultimate Tweaks\DawnCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Roaming\Ultimate Tweaks\DawnCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Roaming\Ultimate Tweaks\Network\Network Persistent State
| MD5 | 91a01b44439a757883d0d22a10677b95 |
| SHA1 | 1307586d7f818aea82699b41b03e824b6d5d5cd3 |
| SHA256 | 2263d4f467a687036f340e36924af0f2908941f2ea6991f6b106dcde08268c70 |
| SHA512 | 6b7880978e3bf659f5e78e2299623b29b7915aaaccb7f604da4b966d0baf2a9132c2e1048ab24ca7bd4b8335d114b3ba23e03158f8f9683a274397188a8bca38 |
C:\Users\Admin\AppData\Roaming\Ultimate Tweaks\Network\Network Persistent State~RFe587421.TMP
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\UAC.dll
| MD5 | adb29e6b186daa765dc750128649b63d |
| SHA1 | 160cbdc4cb0ac2c142d361df138c537aa7e708c9 |
| SHA256 | 2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08 |
| SHA512 | b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\nsExec.dll
| MD5 | ec0504e6b8a11d5aad43b296beeb84b2 |
| SHA1 | 91b5ce085130c8c7194d66b2439ec9e1c206497c |
| SHA256 | 5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962 |
| SHA512 | 3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57 |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Users\Admin\AppData\Local\Programs\Ultimate Tweaks\chrome_100_percent.pak
| MD5 | b1bccf31fa5710207026d373edd96161 |
| SHA1 | ae7bb0c083aea838df1d78d61b54fb76c9a1182e |
| SHA256 | 49aff5690cb9b0f54f831351aa0f64416ba180a0c4891a859fa7294e81e9c8e3 |
| SHA512 | 134a13ad86f8bd20a1d2350236269fd39c306389a600556a82025d5e0d5adaab0709d59e9b7ee96e8e2d25b6df49fefea27cdccefe5fba9687abf92a9a941d91 |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\ffmpeg.dll
| MD5 | bf09deeeb497aeddaf6194e695776b8b |
| SHA1 | e7d8719d6d0664b8746581b88eb03a486f588844 |
| SHA256 | 450d5e6a11dc31dc6e1a7af472cd08b7e7a78976b1f0aa1c62055a0a720f5080 |
| SHA512 | 38d3cac922634df85ddfd8d070b38cf4973bba8f37d3246453377f30165cc4377b4e67c4e0bca0ffe3c3fa0e024b23a31ec009e16d0ab3042593b5a6e164669f |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\d3dcompiler_47.dll
| MD5 | 2191e768cc2e19009dad20dc999135a3 |
| SHA1 | f49a46ba0e954e657aaed1c9019a53d194272b6a |
| SHA256 | 7353f25dc5cf84d09894e3e0461cef0e56799adbc617fce37620ca67240b547d |
| SHA512 | 5adcb00162f284c16ec78016d301fc11559dd0a781ffbeff822db22efbed168b11d7e5586ea82388e9503b0c7d3740cf2a08e243877f5319202491c8a641c970 |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\chrome_200_percent.pak
| MD5 | e02160c24b8077b36ff06dc05a9df057 |
| SHA1 | fc722e071ce9caf52ad9a463c90fc2319aa6c790 |
| SHA256 | 4d5b51f720f7d3146e131c54a6f75e4e826c61b2ff15c8955f6d6dd15bedf106 |
| SHA512 | 1bf873b89b571974537b685cdb739f8ed148f710f6f24f0f362f8b6bb605996fcfec1501411f2cb2df374d5fdaf6e2daaada8cea68051e3c10a67030ea25929e |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\icudtl.dat
| MD5 | e0f1ad85c0933ecce2e003a2c59ae726 |
| SHA1 | a8539fc5a233558edfa264a34f7af6187c3f0d4f |
| SHA256 | f5170aa2b388d23bebf98784dd488a9bcb741470384a6a9a8d7a2638d768defb |
| SHA512 | 714ed5ae44dfa4812081b8de42401197c235a4fa05206597f4c7b4170dd37e8360cc75d176399b735c9aec200f5b7d5c81c07b9ab58cbca8dc08861c6814fb28 |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\libEGL.dll
| MD5 | 3a5cbf0ce848ec30a2f8fe1760564515 |
| SHA1 | 31bf9312cd1beaedaa91766e5cde13406d6ea219 |
| SHA256 | afef052c621f72ba986d917a9e090d23a13f4ab6bc09f158eeb73fd671b94219 |
| SHA512 | bd5713e1d22145b4cc52f4e46b464f443aad6f783a5793268e7d9dca969f27b70e706eecd54cb01be1c94256e6a95864c6b7e50027cef7fa870cdb16820ad602 |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\libGLESv2.dll
| MD5 | c783045e4b7f00c847678d43a77367f7 |
| SHA1 | 7f9192ce0b23ac93561aeec9d9c38daa3136c146 |
| SHA256 | 3a39137dcee6cb6663ae9cca424b6b05cf56c0ad7e32fb72cb94549ea9dbcae8 |
| SHA512 | 64e6d4fc84f1217ceef05a22ad63a6618ffdc470b1faf4ad9e2d7bab59e9285527b9c5fd7ea4be673a08b9466434e3c098e839bf6955597e3d8aa0e80589f4a3 |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\LICENSE.electron.txt
| MD5 | 4d42118d35941e0f664dddbd83f633c5 |
| SHA1 | 2b21ec5f20fe961d15f2b58efb1368e66d202e5c |
| SHA256 | 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d |
| SHA512 | 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63 |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\LICENSES.chromium.html
| MD5 | bd0ced1bc275f592b03bafac4b301a93 |
| SHA1 | 68776b7d9139588c71fbc51fe15243c9835acb67 |
| SHA256 | ad35e72893910d6f6ed20f4916457417af05b94ab5204c435c35f66a058d156b |
| SHA512 | 5052ae32dae0705cc29ea170bcc5210b48e4af91d4ecec380cb4a57ce1c56bc1d834fc2d96e2a0f5f640fcac8cafe4a4fdd0542f26ca430d76aa8b9212ba77aa |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\snapshot_blob.bin
| MD5 | cadef56f5fb216b1fbf7ada1f894ea6d |
| SHA1 | 373d2a4266be5c8fbf61d4363ec47ddeb2d79253 |
| SHA256 | 0976145cc8c02f3e64ddbf51dc983bdbb456be7fcf3ce54608e218981671ac12 |
| SHA512 | 9c90e8943f9ef6d644fe0fbe55ab25ed371739d17da8cf973893a2e41ebfa0a92bcf1761e72da032f9f3d1c6f1080c62f856aa07a3cbb609c9e8c186f92216b6 |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\resources.pak
| MD5 | 67bb5e75ceb8ced4c98cf0454933cb45 |
| SHA1 | c2b1c8c8d753318bc5ec18762c27512a5eb9f9cd |
| SHA256 | 5d63acd4034f7771ca346d138d7478014abf1f3f4386d07fc025dbc2c2bc0bff |
| SHA512 | fd213d59ebc625f6f8b20cc8fde1a22132ce827b81deaddb9ca7993fe0d9616de17e089def338d23c4b6bbd7d3a931ee73aa329325eaa17f8145a58fe11d8c38 |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\v8_context_snapshot.bin
| MD5 | 81870fb2f641c8b845e9c6d1a632f0b7 |
| SHA1 | fcd47d8d1232c189a1c4087bb03a015ce14c25ba |
| SHA256 | 875515af4e7254458c17a98bed087fc609d45fbc8ebf60663e112c37204f6840 |
| SHA512 | 7748c8fb6f356aa45023a56245c43c5171d0413617fb1ac6c75650be75bbe94bd5528e9aa83cd9df9a08af65540a76ab59bc866e5dcf0fa7284122f290bd45d3 |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\vk_swiftshader.dll
| MD5 | 0a071201e4dd76996e273c81533bfa74 |
| SHA1 | 5c92c634027692c344a8e74eab8b4d5c3e049497 |
| SHA256 | 08e34bc25653f9357a4ccf62966d698b7cc6265dc668046a28403ae5786132ee |
| SHA512 | b5de6548c5c743b6f119183fa06aaf67dcd4cdbc3542378ff87916b670ace1e2f4270f6dcaa4caabd01460c638bd02b565267e7bd9617ca92d72187d374bb7d6 |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\vulkan-1.dll
| MD5 | a6588e66186ccf486eede8e9223f0d41 |
| SHA1 | 777a5c4028c7675ee1fc4e265a825b35d5099577 |
| SHA256 | 419488597ea255ec61f028aeecd36572d072dfe49b7ab716cd2c0a8e186f24e6 |
| SHA512 | ba8b9577f47ac5b9503aab8d4cca6059c7208bf0eb37999f4fbef0c2cf03032a9359559a0221f332c6cd66c38366fb0e1f1d32173f282afd639fabea8fc9400e |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\locales\ar.pak
| MD5 | 7608398c66cd0b55396f7250b3c8747c |
| SHA1 | 7e8417dfc7055fb9ecbe7cfc97a8aba0bd5a0e13 |
| SHA256 | 3bb407fa588fb801ab241e8dda018461b54010a38648c3acc1e3550c0dfbd75a |
| SHA512 | 5dd757e4f114782eab9ab8cadbfe3179ded594285b3d0f7f6fa5ca50d80d866e7c8ff6a1f44deba8bdf09c04106de635c1da22597c008023b1fdf1cc747b6f1c |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\locales\el.pak
| MD5 | 35ba1b364ecfff6486daed2a33cc6431 |
| SHA1 | b894b392d400fde4d35bc3b4edc130853cda340b |
| SHA256 | c0434492be64b08f9ad00bc7cff65314822406dfb0c591fea0df6af9b6fc89c5 |
| SHA512 | 5f5d2cf1d5c8158c62fe310338bfb1c9683ea2f43726c9f02fe6d2c29482e3211fd3d61a30dc0cf738549dc7047dfce0dbac36b9d22dfffb558f118fdbb3d856 |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\locales\en-GB.pak
| MD5 | a44922cb4cd8816b9ce3d018dba9e6a0 |
| SHA1 | 2ed3a8bd4a11bb89d3699f583372ad7aecc46ddd |
| SHA256 | e0df967ffdf872f0a9589a0d74d68a742fa9b956add7a6736b82aebd9e8f02d3 |
| SHA512 | 461b04a170c562382f6c1022f881db9f6928a36c962a2e3aeabee62dd4c46e08b59ef33a2d1d26af21dcc47d00b0c51e10b43f14dcd627f84104ab4f31a9e526 |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\locales\en-US.pak
| MD5 | 731c45f9f23957acc11b43d775758aaa |
| SHA1 | 12e66417a2dc0c5211ed67f026208ef02fcb40af |
| SHA256 | 02b97817b6eebd7caeaaff750f6462abc68911c398ddf0571b7900ff9b4ea9a2 |
| SHA512 | 1a008df585ef76d9cf4459fc3e617b8d4397e7078c77852712fc7cf4f304081bc5195243437e64074016b05a8cd671db93666042e59b959595ba854ceb330a81 |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\locales\de.pak
| MD5 | 5a252c49719970b8fb33fbc8ec98971a |
| SHA1 | 931834866af36a9e25582a1f631a8cbc965a8e84 |
| SHA256 | d5746f48800efbff7db9d1bb8d6e5a5102eb7d79ae136e0485fd427be1ca63a1 |
| SHA512 | d4e6ab68d0b1a564b886c8bbe60e7bf67c3f71e6fc70ed5bfbb63a974f72afce62e03559f29f46a424908c256e990ff6cebeab8fddfbd79f6deca997cf7117cd |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\locales\da.pak
| MD5 | c54edb2260d2b907049cdd4772d5313b |
| SHA1 | a12f623e6310b667a9c38b4c9143920d08564377 |
| SHA256 | 318a9ec9e9fbe35d5d8cb9b719ecfbe1ecba9d8f246876c949c082107b439ddb |
| SHA512 | 4eef045080fecaf55bf2cca7d72d039b7d7a7b28021b649becee320a3a8c0753f4e0e5f869a188813e746bad05fd08c726b5c25f40ef9555967fafd93f7f6989 |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\locales\cs.pak
| MD5 | 926b4d7f540ce0b1912e5fb6383dabb7 |
| SHA1 | a7adbc83ef38092a90d964d61359a6caa1253090 |
| SHA256 | 2964edcdcb27b2edf73515615501d8af28ad94b5dd31d2794f2624808c74de38 |
| SHA512 | bf6160e46eebf16d6b6f05d330068fa226118457ff03277b59ed4e1a6d2d28b212155cae2f48c34adfa81d20ff71e4206f25052257559f4768323b342dd16278 |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\locales\ca.pak
| MD5 | bd846046383d64073da6eb192f5cddb1 |
| SHA1 | 6dd4bfb982101ecafc14eb35834caa1fe5b1e3f5 |
| SHA256 | 1dca9a7fcd850aecd48288999b436ff7e70cd4a96f47b40319759a800fb8eefa |
| SHA512 | 521ddf6e8fb444b911212501825392562af14cfb5b31a80707fdeffb13c8afb04852b0e3f7e3363a1c3a37c5c35bb1cbe84b458e14e30b5e8d8cb00a6a349ce0 |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\locales\bn.pak
| MD5 | d179d38e8b9f7e60a943e2fc9f9471ad |
| SHA1 | 8d109081959d194c82b89fb25a514a65233435a7 |
| SHA256 | a45279ccc13390e0d93cfe1e33a7f276a5d9e97f6aefa6b6e14ecc4289703bda |
| SHA512 | fa6f3e45f40e1e48f191e4a65f5d15dabd7058af4537eea3e34998dc67dd250b00e52d1f07b10a73a67a15aada4523e50f40160d98a5f37ef4684a30ff338468 |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\locales\bg.pak
| MD5 | c80a2008d9f61c182430a728a6e059af |
| SHA1 | 2f2aa33573156d9939e3fc81f8d81de4aac21e61 |
| SHA256 | 5947f567ce1f4ab945dc6dab1599422d412f4417b9097905150d669122e43f7d |
| SHA512 | 016ce835b6bac4d5b38d72c0b3adf4d6b4e0ac04677d70c53e5938acd28b12220d2878bca7875471d008b779ea6ab4972a9875b44304e867d0bb5e4318c0edc3 |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\locales\am.pak
| MD5 | 92ffe73f193d41c5a90303955b2da67f |
| SHA1 | 1d4136d8bb752da2834ebf0f4f62de56efefd78f |
| SHA256 | 325dd137903fc0d9e5010a62a314d9c6984ff82afbdff2254f7c48bd03dda06a |
| SHA512 | 6c4f0aac10276ab84ec4e63ec9ad0e20a1b3ce9d2368ec966cc6471600c3d28df8f9e501b4843bafa5bcf2aab57242559ba430d58853180ea653afbc8f468e67 |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\locales\af.pak
| MD5 | 9554e414159d76754147d7e185056094 |
| SHA1 | e0fb0c95cef8e8d1ebeb11a6e2ea03b9067d799e |
| SHA256 | f402c0d8494c9a2fceedcd7845ddf43b62e7d01ddb1d9c8e132efea83b724824 |
| SHA512 | 9e8b41f69605d7bd426243e49b0f22347b211f7d13038ee6350d86d06cc7274bb2ef1918e27548802a5437903a653d86fce85338fa97f8c9642c0e74ed59ae88 |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\locales\et.pak
| MD5 | 97918bb7b36900705b1a53b7851db6b3 |
| SHA1 | f8cca656478c6e15baa8f344dda2704087f54776 |
| SHA256 | 8021814965878c4913d1f9f9d226da49cc2a37746d976f3b84aad7fe096fd14f |
| SHA512 | 6daa8f56c231cfd7dfc17bb5d5c56afca9490f953f22c92365a1f88e995c3a1705de98a725177001bb449070c860fd1c843ee0a499c6dd8321f2e6f4cf914da9 |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\locales\fa.pak
| MD5 | 04f629bc5fa6d761f1d7b5dc28a6b97e |
| SHA1 | d80f74a2b6508bae49b8344809062b48dc2b2dc5 |
| SHA256 | 9b5334e4883a716c5616c859889aacd7b179b30ac65e5657198eb4e877700f81 |
| SHA512 | ea412096170ae29b33f3d54f17fb9f2f5a41035df56e2af9596ec7c15422277943c5c651df6b3a232aca4e979946732bec496da03b3e47e0d4629675751a4c67 |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\locales\he.pak
| MD5 | c47322869b458a1cd231f3dc385f80fb |
| SHA1 | 4155444dcb69c5b64711139cadb32a6df95ce3ae |
| SHA256 | 9e5544340da0e0aa28298e68765716a3960a28e50d86146b5324fd70fd756b41 |
| SHA512 | ca4664a9acbdd5896c6a0921e09d99f1a7ce3d7a80338c1a4310ad499a5a2cbb60ca074a02fcff128789da0a4cf82d3869f83836ae3ae3171085e58d6155fb73 |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\locales\it.pak
| MD5 | cfb2ddc4caafd038db00c1e7378d316e |
| SHA1 | 2573f32a41735efde916f0a73b415ca689c0dd36 |
| SHA256 | 9395bf9a547561df6cd20d8e076452369cb72184f215448d1acd802dccf3a47d |
| SHA512 | 8a02ca980a8de8af8b179d610ff25557f81f67bfb5a9f82511641ec87b378a2ab7214d5ec681797acba1a865bd726cb9c5f609647ae6ee71a393b7e16fc06f8e |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\locales\ja.pak
| MD5 | d84e12cecf6e4355933ed68816f090f6 |
| SHA1 | eb35ef52f341442dd887d43a52af7f02926d5288 |
| SHA256 | 8de18410e38f4036367113bd4ed253a4957709d87e0aeb11134742bc89e16d62 |
| SHA512 | 9dbe703493acb7b48ee1dbc4458ce0b9d757419e3fbf01379bc8dcbd22cc30a99348f7cb96840c19e873d6d97bb4d1a3baa4fcd6e0d332480273020a6e13a375 |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\locales\id.pak
| MD5 | 260d34aaada70c9d491bfbedcf5ca8d1 |
| SHA1 | 5fa83a3e53e6aa9eede9fa34a84eb55ee8493314 |
| SHA256 | 64a8a25717ffae1855114d84b02223ad5b3963c1c6a21c826636146726d0a8a2 |
| SHA512 | a19ec6fae22689a8f851c1a782eb748ee9f38dfad89f05291c01a6070b24a8a02fac4bb4a441421f411966e8bc08e996900871d498efa307ac1793191710ebd2 |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\locales\hu.pak
| MD5 | f55e37076460b2e8b5ed0f414618d256 |
| SHA1 | b313287de6197f1bf9f9770e3d2c99e70c4d8179 |
| SHA256 | 61854ab102bc57a7ad7b85a4fa008c3f071306838ba1a0491f68c19153decd49 |
| SHA512 | e8121a064a3209878f24c33e9c20c810c56aa15476909de1ce076c80ef635e69a60ac655b7714a116951de5b99bb690827edafddcd5e6b00ee6310807d78ce58 |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\locales\ko.pak
| MD5 | c21dde26f43530135ef37323b00dc1fd |
| SHA1 | a118e9713b155bd2999f04c3075f2e1bb05bffaa |
| SHA256 | ff88b56be0614232947bfb07e6beb88327a18ebec98cece17caa9b7cd8e6dd24 |
| SHA512 | 0db144f03992c41c3703719e985183a6ec988265e5a629d09bf683d9b208656d605565d6b5597cead909c814f25ce200739e65b1327172afe10d395a5018206c |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\locales\kn.pak
| MD5 | a4cce1cfe646eb2c268493603dcb358b |
| SHA1 | aa19ee1cdf8776d07bf35614ff063aed5a798ef8 |
| SHA256 | 01250aec7310bb59e0e847382325f940ea2cdab00369c1c7efe2f340d01ff806 |
| SHA512 | cecb7794a288e879324e74e7522bee61a43072ab58a289b686f1d48d98fe9a0d29a5505b8c891fe411b823c3d8366d6c1cffbcc1deffa6c7d3a04339a769dbc7 |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\locales\hr.pak
| MD5 | 2f7462a076c14f2c2733a41dcc5ecf1b |
| SHA1 | c453dbf62d1cfe85adb64ae374b6a79cff2ef97f |
| SHA256 | 6dcc7d5d771475874471b78ee84db0230341f8634f4b38a9cb90c37226d70b00 |
| SHA512 | f1df750b779c908547a38b49bae0ed8734fe37cd96d3502186926e6cbd657c248c528cf9944353dfd26695ab384f17f22f0bec251e65a20906da4d67852cc516 |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\locales\hi.pak
| MD5 | 6d3ce5a6049eda31ecbc55a9d3abb163 |
| SHA1 | 100afed265c77a20f6636a0ab48c8a723e30b087 |
| SHA256 | 8dae029a489f1bd7530650a9cb1be1f03741e1d7018503feb3c78759da8af531 |
| SHA512 | 3668952ea707da9ee8fd3753c04d5dfbed97685b76dcc75dcf8d6a3699a832c3ff0db9cd40810f6ea9364f2b7aff4b1cd68980c74b59808fcb4900a36d933bba |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\locales\gu.pak
| MD5 | ba34657d3f5ebe61b36a807c4a053d72 |
| SHA1 | 163875c4ef39e3473d9d5aec4b6273f34a90a02d |
| SHA256 | 8c762963cca8eef2cbd39bd7bcd8b809f3b57a75353e687743894add9c19440f |
| SHA512 | cb1c4adc59c3e99f819645ae84e3e6b601b340e05ae2182c0b1568bbbcd3eabf7bf09ef34e5d0757530997d0734dc52dd744b8b0edbb3702a3c06e29ba7f0c4e |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\locales\fr.pak
| MD5 | 6708a286a0529ba7bed9840d53035be8 |
| SHA1 | af289ed518d9d90c75b69a870615e3f475c5d0e4 |
| SHA256 | 7169684ff44f342b98648839b8963916f7323115dead332c2471baed6264b80e |
| SHA512 | b329798fd85eac1505d0af5cb827ba11a5850eb926be39b414c40b5fdb56432db5f3dbc45237510bd4d1174c1cd62f623c6cc8ab10eb0ca51dea5d5487f0b0fd |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\locales\fil.pak
| MD5 | 89a63085d14b1b80f259e166e6ffe56d |
| SHA1 | d1326c879a6ad203489226f7c5be08c897be71ac |
| SHA256 | 00b8cfe6131499a8a67a51dd8560a965a2abb863d52635dd3931df0479c3f5ee |
| SHA512 | ab48fc4bc604648b4cc010a530fbcc5138b9d0a0f09398d2a69b6219799a43a052722c47dba96c9d001b4f6ddd491683c0a871c19ac2abc12843e68f9d4c2cf4 |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\locales\fi.pak
| MD5 | 3acdfec7edd4d3eb473f0deb32713c14 |
| SHA1 | 41fdd4af5f9fa78f4f81d3996ecafd69587f05ef |
| SHA256 | 4bf099ac8a76449bf597caf005790f5c02efd533b9a329c5fdc460d38f77607e |
| SHA512 | b167caf1e5ff38b0c80f891715866a7754e9bf3f1479aa1faa3cf3e8ae7fe9b71a87109239750f71855330b6d20704b43e814f188672aa52a5dc6912297f1997 |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\locales\es.pak
| MD5 | f6f452e9fe45b56b489b2e99c99848d7 |
| SHA1 | c64384626ea966d3a24dfd4d6c2f42c1cc082d2f |
| SHA256 | 54f85551269c8b5f3985a09d313fdc04c4595e5058163cf147ede049b8faa605 |
| SHA512 | f3c50308531f9654ff394cbdfdcc6029c60dc6659fe60e0326b4855a31f3eedc86f3df82a96a9e7691d12c7a69079c4abe2722f599aae29f48b291fb5a39a3a1 |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\locales\es-419.pak
| MD5 | 763f8c8ce092a3d64bbebddf4169e108 |
| SHA1 | 89f2834c1b4e3f84870af29650bda6fe360350f5 |
| SHA256 | 0c816f00b15d59809d30b6611aa455ea1bf8b022d2f887137f1c9d7a5600d5d9 |
| SHA512 | 8401cec52e80a5136543473b317f0e2d920008c83b9667605cd0deb9fa5f933deeda0aa475b436520001c6a7c91118a4d9b11e28a9f4b31271662780e678dc06 |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\locales\lt.pak
| MD5 | 93a0a8181e8c251a2375645a552293d6 |
| SHA1 | 57faf2e9f965a49d5294cf9759b9b50d87c2ad1d |
| SHA256 | f87b2baacdde69b2b24dc7859d47bad0844cf4d275072812aaf4eedb10318450 |
| SHA512 | 51e1ff74442cfd51fd2fe218755335ed99e4850c8266425b8d55aa0abde2712ab765ff909d6ee620268ade9d7b51a93be659d6a52143da2abf4ec309bbe9f2fc |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\locales\nb.pak
| MD5 | c2c49ebaebc448cfeb7933ce2cbd6ca6 |
| SHA1 | c3efca0fee40a3daf7d69768d7659de60b3e2c4f |
| SHA256 | 67d997fff8a24eaa030eadede7f5345fff5e954e96bc8f36d399839bed998774 |
| SHA512 | c500bc1097ed9077742c5708bd55dc4215c45f751522131b8203d7ae802d278ffc3a9ef607325bbea5b650d594dde0d74e7fa4502e1a0f905534c32fa1521bba |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\locales\ms.pak
| MD5 | 578dcc1aef901d00a57f2698a6e15826 |
| SHA1 | 4dca370c3b22f9f54a62d31166a84848336a8fea |
| SHA256 | e5e77421c5fca5b1eaef96fbf33c345c63119015986163cb43d65075df6265d0 |
| SHA512 | 073aecedf4132faef7e896e6840bb6297e866a06fd65a7490f0a61179013f27b6592a4fb2be91cb5e139c77f6db7695bf60e5788154e51c9ab7889f6e7040a33 |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\locales\mr.pak
| MD5 | fcaca3a4264563461b42b16d8fde4b02 |
| SHA1 | af37d4e73588d4a6d3d52f2dba67414393c9b168 |
| SHA256 | 362df1aa112a0a521617c0496087b3547a242eb79a5416b8414c5798f31e187d |
| SHA512 | 9114dc4e7da2affdcee5c86b1f1f78e47279c31d0f76c8deb1eac545e0268b9592463bbe1a4b433ff4fcab1ad4a596655b775608515bf7455fda550d3bf47b8a |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\locales\ml.pak
| MD5 | 70c0c80fdfc006be0ff502e0e6115b2b |
| SHA1 | 43f96be4652ecbd22677b18ffe2260b79bcca19c |
| SHA256 | 878e268428ec7aa51105c921740931c545d4ba6a274b367c52675c90741d23bf |
| SHA512 | c463c5d91b3cae6b2c70ef6b7e3758bacecbe76088d813e2632bde7939c1fb28bad3cccf914a14861b8611a490ea74ef2d8d10e7336b203d12cee9904e8f9423 |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\locales\lv.pak
| MD5 | 07405dc51eddde72e367737c093c20db |
| SHA1 | c66b8eccf167060c43b3c53631fc0c95b3afe05d |
| SHA256 | dbc860a35ad08e4f502b8784ca1548110d3c7334478f6c392db42f52cb3074f2 |
| SHA512 | 98f276fc137d6592cdbc1c804dd59983e290409bf7908137627ab114ab485e332f568d28c60a35d1dcb3d9753c2d1740065c654396af5f56f0dd5e1dfcffcf71 |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\locales\pt-BR.pak
| MD5 | f18cae95b8bb6760d370b435235c5629 |
| SHA1 | eb62bc4249ea8e5688c67aa65bfa2b628fd5e1d8 |
| SHA256 | 952234ef1d2792204f4e65cc814e9fc6dc007610668ceffb980c74fc0167ba0b |
| SHA512 | 218e9e4e59c875fe7931f16e6df877f67b8466a5e8a5565a1cab0f091b40b0652eefcf205536f5f4b8697966aa201092c26249142dcd8b40e055529e23ef7819 |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\locales\pl.pak
| MD5 | ab94060826404cc09d5fed31f63cec05 |
| SHA1 | 20d1cea9d2e60b9bbd4fddb38a652856a3561008 |
| SHA256 | 03258ecf731487231cc7eab8f6cb96e92b7ede4cc5b63c3def6ba08e0f16da10 |
| SHA512 | a9ec28912bdd2b8b1e1b3fc4d5c76139253ee4ada8f0d562ecd611d7366b0cdc97c379c5ae93c9db69eb045d8834cd0e1e0ba84813ac0071b5a2bf6cea81173e |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\locales\nl.pak
| MD5 | 9229e4ded3219c948747a4dc9a6a5e32 |
| SHA1 | 9147b2f2ac3837588aa3b71eb4a255d29cab0e74 |
| SHA256 | d88b02d74e01b9350d3ac9c48fe08333ca9c68e3e3824d64fae86c5b8b531feb |
| SHA512 | 8a81cefd9fa718b18de87555cb2d5c8e87ed14921fd3a0247b47988a1f3896d63b16dbf86fbf103097c73181473c37393c0f4e9e0a07d95d847aebcad526e8e8 |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\locales\sl.pak
| MD5 | 299acf51d74b95ae4272730c437763aa |
| SHA1 | 8a0ff73f37d830b6677e514371a5825631aa455d |
| SHA256 | 26e29cd70c4143d7e9fb65e86e02c9173997f2fc062633a5edb2b7df55942157 |
| SHA512 | d7d298a4eb476a3cd4411261058f6f9409d0dddb3756cdc1e27e64280efc8b84fe40afbd92c754d56f58ea333623b0481766320b5969f5dd71f0c2a93be8ff77 |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\locales\sw.pak
| MD5 | e2958cf2ab6cc74551c8360e6cc34333 |
| SHA1 | 806aa1129f228ee48744cfa55d061149b37522b0 |
| SHA256 | 51482431411be2d89bfc026b9acf9ce1a0fb971376468a47829a15392b47178a |
| SHA512 | 1f5f306b7233279800d18fa461f4c94ecad809b2bb7c292fce16abcac2e963f7567a86e43a3c950fc86bc73b4fef8451389fc57ac6750fe7546afad8ae00f589 |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\locales\ta.pak
| MD5 | 474a2016df48f886e91fb9fd331d9bf9 |
| SHA1 | 2548525143292d7d150f5014b44ef294ba7c4189 |
| SHA256 | 75638ac7fdb226c0840d5c2edf763bae35afa1f47e89199d9724ff46c003a2c2 |
| SHA512 | a4c2c2c046420c77948a0479cbd2be3aa11c1b347eb508d020231eece5cf0c2cba8d4f6a0e9f875dece4a16413157fd9e9f1cf09e1746335eb11e8f8590cd013 |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\locales\sv.pak
| MD5 | eb39645ebed4f980ab12585feae2f4b5 |
| SHA1 | fc7c471b93f59bef13f7bb4669e683385a8b9dec |
| SHA256 | ca34ee1c147358b5e32b5829acc0c355708925dc8df91c21d8e495c7485fa5c7 |
| SHA512 | 5fb25d7dfca3483967a5262d2c62b5d37a192f5a7a19dcf6722a9a8753e299e567bf7f26171859c374c8d035bb521fb4eddc4821aebf9ceea1253c63e1595c60 |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\locales\sr.pak
| MD5 | 02bdb4d99bd466eed5fed3445560d52d |
| SHA1 | c24e1895145b3066840be0d349f5e866e46e2a39 |
| SHA256 | ac09005a83d4ac8f61855c7e301e48a753d2f3558a04cdb94f23b539e2086e54 |
| SHA512 | fac7bcefe31f41b6e37f215f271b33ab21dad281c1b0bdaf28769c99e31bccca625f213fcfd7c0047b3e2104a8f51b2ebc5fb374b32f58ae22c4130e315aee1e |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\locales\sk.pak
| MD5 | e9bb6352cdd0f1c2fdd543a48ba076fe |
| SHA1 | 50053620d7be5566bb3ee588feda1a4daa207672 |
| SHA256 | 441155d63257beaac9e2998afa1a9e65957286ed1cd9e0670072a63e24ff3f8b |
| SHA512 | c1f87c7976159c8ff3e28185adcabf93d47ace0dc9b95fbaa4d1e5ed9ea8257263276880486a4c17a68a5869e6ec640eaf81f5ae6c4481e351e73e7b4dd9dd9e |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\locales\ru.pak
| MD5 | a0072d84d1bcb2fa7bbe7ae4e06151ba |
| SHA1 | b9227c6cd4ff9f6db6a8edf694c444beccd369f6 |
| SHA256 | 8c169d6995d97feae8b8ec947be27697ca0ff731b593fff36163e4f31969a6fd |
| SHA512 | fad335e81a24427f2b0a2853733da94c9839139a7982796bf742eacba306ecd9998914bcac49b925d5bb18953091a4dcc62ea6a628fff125c086099cfd33e3b5 |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\locales\ro.pak
| MD5 | 36f8327b36f2c6c003f864895968af2f |
| SHA1 | 248d88aa9fe46cbcd013ea7d7270f8483215c073 |
| SHA256 | 6343589863bdd2ae81ec9c33e335048fd8792d2c2e8872f91f7a325a1f0d97ac |
| SHA512 | bb03b5af3ddf676dadb35d5b94f40ae1c95cba2e7175c87d128c319e0055dd91f412883daace89fa33a17b9761f1cd7bccdf261b16ffadd6e10da594445c2c8d |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\locales\pt-PT.pak
| MD5 | 4aa908b531adedb0ee795704ab72e248 |
| SHA1 | 2ea9f4a7e561e70b06b675b3fe35ccb0f2a12fca |
| SHA256 | 72ca754dcb34c54b72087ab7fd5a4a3fa03e09cd1ced906d99d6525c7a19ee9c |
| SHA512 | 7d4a1add737136acfc7ed7848b0ee54646d5c8aa3a54addd7cf0340ebf42b58f6ce2eff56a2ba94125475e7b64989d06fedfc8b1ee41ece63b18b1f95686ad08 |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\locales\tr.pak
| MD5 | 4727af70df9094888ba46f3a62eff264 |
| SHA1 | d2ead301efab607d040c69c238a06d3b4d080717 |
| SHA256 | 026fc65ed90fe356ce2b5e2b459a4487512d89e48f0ff8b044d6739ef51c1658 |
| SHA512 | 5bb8dd6ad100581a7e0cb87b57e054ab23551c263144f7ffebf729b2280a1bd95e92eba9c64b80e2f77ce59c3c4315ba2b5253ac83dbb540828e7a59a70e74ac |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\locales\zh-CN.pak
| MD5 | 156894db535f0fbe193d66c0afb4b112 |
| SHA1 | e347caa3c41ea7461c217c029dbca54567fbe27c |
| SHA256 | cc5a411d3bf0ddfba9e5041dfeeaed70265ba949f7b7ccba0170b88e3e14ceb0 |
| SHA512 | e81a0968598536e91c17a1998682cb5fff42bd3199c41b64e2d76827c96b187e8f86182843c061735dad2b7cd5e32750e473c1a5f9c82bcc0dcc30f1bdb8b806 |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\locales\vi.pak
| MD5 | 593d33203c539d027c5b5bcc13bb38c9 |
| SHA1 | 2f6288bc43ddf31e49a733af97e3e9e2fb8a2940 |
| SHA256 | d435c4c7154c24982185842a09cacd343cea77a5eb7fb859c4d38973cf240a42 |
| SHA512 | 7c41c74f7220270da242562b93db8db053c0a7b08fdc1864d063706caccbc6926f288ae6bff1de43af656af67fcf2d8ad57f53d791bbc47a3b29a6a0856a68e5 |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\locales\ur.pak
| MD5 | 305d39b5de5a1935d786da4bfc736dc5 |
| SHA1 | 8dd952fea4dae937b9f87d229638cd22ca197a8c |
| SHA256 | b551a93a300ab78ee6da5087ea417584c4fd3941fbac99c84c9c58be2c88a7e8 |
| SHA512 | d75ef12a56c2dbde5c7a1967297270f7d717a366776f6b2a316784f033c71fcb9d25dabc857398e8459d8ac40aae1bae59e82f551e00e9b96bfbea00a54fcde5 |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\locales\uk.pak
| MD5 | 7f8d31b43f7319164bc0f6453bbaf007 |
| SHA1 | 4be254da0ccb13040489403cc2d8015f448292da |
| SHA256 | e33b1a611feca93d105dee7c867521b5fbf27da38532ea3ca0aec61bec7f6108 |
| SHA512 | 9569bd24aa5d2f9b0a13784f5f3d98e636f72177c7ff7a14c7d390f1d5f0b39ffab512276f70e4d2df0d37fba94a2c2322a840ba303a4cde33ccb20f7980395f |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\locales\zh-TW.pak
| MD5 | 337bba163068f2dd7ff107ea929c8473 |
| SHA1 | 536ec5756f229696dd6f875180778afcee1966fb |
| SHA256 | 58753d4313ed7f548df16a9cd9aa1f0e30cebee675a76b8359ed23fc95825574 |
| SHA512 | 000b98249d7b0e4c7e463bafdf827e3dc5afac447750320d6344c984f4ad41cab5795861920525f03dcaeea5aa3615684101b08bbc103d3ba01065676c8bd64f |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\resources\app-update.yml
| MD5 | b0e31c54422860c9390a2e456d8f4624 |
| SHA1 | 1b73cc7e00cbcae94a3ed921fbd055a393dedc0c |
| SHA256 | 897dac554968a2c49044a5e601cfcaf7c24d41599a58c03e91c62bd664b60ecf |
| SHA512 | 561cff0a281e073b0b2e3bc139a18b44ee1e2ab147d99ff007d5deae48c0c4c847bee4e14ad2e36abb27f7d9240f95aee7fcc9987246c717ba48666f550cc121 |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\locales\th.pak
| MD5 | 7512a162ea0b65dd9477ac8c190136b9 |
| SHA1 | ae5fbce9516882a0d58da9ebee3c767c7ba4c305 |
| SHA256 | d01ecd4edecf1809d5c2133366df2502a4621e88d894817e80b913f3a0926fa4 |
| SHA512 | 425fd803cd3ed9589df5d04bb8ca4b62af0e573301d31c48a1a05bf3b707a0672e1a033965946223e5873a98eb3c9d52bcdcc1296a08cb4971d0b1b6d2e95eb7 |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\locales\te.pak
| MD5 | 1f20952c1a61fa6e42a7f055de8986ea |
| SHA1 | 301ec89ca80695865d884927c4c07c6777fb321e |
| SHA256 | caeba6c853a0ee12a802fb9f610a95c676071414c1d8407d18b05f2fe8ce6bb7 |
| SHA512 | c43f5316dff21cd08f86e0d3d7c407449cdc751ff466683dff9a51e3a07bda203e8e22064bf240726e6e389b661d6dc2bf5ed5dc42750539990379e513228d53 |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\resources\elevate.exe
| MD5 | 792b92c8ad13c46f27c7ced0810694df |
| SHA1 | d8d449b92de20a57df722df46435ba4553ecc802 |
| SHA256 | 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37 |
| SHA512 | 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40 |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\7z-out\resources\app.asar
| MD5 | 04261cff6d42b7dac2b2429df634387e |
| SHA1 | bd26ae0ef0c42a898f7a04a5bd8bcc7291ee11c7 |
| SHA256 | e0abebd549f6705666f056ac69cfa9989ffc9ea19eb86a562ac99ccacd8bee45 |
| SHA512 | 0163f376c24cad9e2f189a60eec22f34ebc2526109fc9574a0c0986177e01179218507cf55e60c39a64d1b410f6e2cd2432b9523f6ac3aff7696106e6f482f13 |
C:\Users\Admin\AppData\Local\Temp\nsp7636.tmp\WinShell.dll
| MD5 | 1cc7c37b7e0c8cd8bf04b6cc283e1e56 |
| SHA1 | 0b9519763be6625bd5abce175dcc59c96d100d4c |
| SHA256 | 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6 |
| SHA512 | 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f |
C:\Users\Admin\AppData\Roaming\Ultimate Tweaks\Local State
| MD5 | 1a60d8c264b4bd388376d09065521303 |
| SHA1 | 57b41a3d63e5b1e22b1b8eb1033074709586d202 |
| SHA256 | 01b909a8d5d647ff0783d1af060aa9294af976bd7497cc6d3a3a0301d0bf9a4d |
| SHA512 | 0b9e50cac1c94f67ba4b22f834d31cfb3ba777b59f2d498d907ea14c600ddc1c60b6a0ab551bd33f7bb911fcee429e1a756809257f13494f3c4c4a03f852ca26 |
C:\Users\Admin\AppData\Roaming\Ultimate Tweaks\Network\Trust Tokens-journal
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Roaming\Ultimate Tweaks\Code Cache\wasm\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Roaming\Ultimate Tweaks\Network\Trust Tokens
| MD5 | 7289d4bdfbd73ed571278f95cb4c1939 |
| SHA1 | 7c911f54243d9777a34666f4526a49c7e7aea244 |
| SHA256 | 2d4ccf8ac8ae4f5c6ec8e0566210ff56585b6ba0290501a1a11ed9b23bfc226e |
| SHA512 | 6e7d48e18b0317449807c4ac2c377b3cccf5bd6121077d51152d7e188ba1ea3cf62372b7611036938986dd0c84465dbd747fe8580e3a699f8470229a6d57a749 |
C:\Users\Admin\AppData\Roaming\Ultimate Tweaks\Network\TransportSecurity
| MD5 | d2bc41fae11192d93df9a87ada0f7d11 |
| SHA1 | 69860828d0e94ae3f9b86779cb01ac2b5a6da271 |
| SHA256 | cd0ebfc9ec2d99e0268a512c6aff45772fb9245e0d2682ca165abbe927d289e5 |
| SHA512 | 73ecb6b90aeeee6b96ddcee87d424e9e7fb48596dac3dd7ebdc15c230574d230f6c1861d4534d210a423e154caae5917b29796a27bf21824fc40879c00f8eaeb |
C:\Users\Admin\AppData\Roaming\Ultimate Tweaks\Network\Cookies
| MD5 | a603e09d617fea7517059b4924b1df93 |
| SHA1 | 31d66e1496e0229c6a312f8be05da3f813b3fa9e |
| SHA256 | ccd15f9c7a997ae2b5320ea856c7efc54b5055254d41a443d21a60c39c565cb7 |
| SHA512 | eadb844a84f8a660c578a2f8e65ebcb9e0b9ab67422be957f35492ff870825a4b363f96fd1c546eaacfd518f6812fcf57268ef03c149e5b1a7af145c7100e2cc |
C:\Users\Admin\AppData\Roaming\Ultimate Tweaks\Shared Dictionary\db
| MD5 | 71ccdda9f3186c8e729bb559f93bb992 |
| SHA1 | 3712c11bb21b8e2a74bb879d47b2819ed1ac14a8 |
| SHA256 | 79b107307408e5ad9a145c87533316174fd13f4ad943497d079522fbe325b3b1 |
| SHA512 | 19f8134fcd1211964111b07884b52878b1649644b6ec623bb586df1a9b7dabc7f8c8a755d2a52c908b563bdd968135f4f703cc35103696e40d0ab0020c8dc4bd |
C:\Users\Admin\AppData\Roaming\Ultimate Tweaks\Shared Dictionary\cache\index-dir\the-real-index
| MD5 | 92917a927384361303902f97a6a9ac71 |
| SHA1 | 944c59acc33239426506a0812b54c4f4d1b1cb1d |
| SHA256 | 9bc50ecb8598db2c38e3df7c1363f3db50ea12ca2c1eabe29e0bacc1705a3468 |
| SHA512 | 7bb3dbae8122f1988ea5705aab40f0d435710f33362c392bb594b06f76ca91af20b9532bded8dceda82b1866983d8d543f10b73ef74311091e5b7f7311136276 |
C:\Users\Admin\AppData\Roaming\Ultimate Tweaks\Cache\Cache_Data\index
| MD5 | 25f5ff5146bddce4b456d1a5b90aed58 |
| SHA1 | 5962ab9d4bf1303f957cbb02c5af5b2454cd3cca |
| SHA256 | c277a256c08226f34d01973c99b2023d75fb68bd197c0334b1a18d4016589cd3 |
| SHA512 | 594f4f0a69d4a2cda339df2ab36a256246acceafb227b3b725ca64c62a4334deca6a786360317b6ed9213545bf4ab8bef3883bd845e4e927d7eb0bb6a2cb8a32 |
C:\Users\Admin\AppData\Roaming\Ultimate Tweaks\Cache\Cache_Data\f_000001
| MD5 | 057478083c1d55ea0c2182b24f6dd72f |
| SHA1 | caf557cd276a76992084efc4c8857b66791a6b7f |
| SHA256 | bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b |
| SHA512 | 98ff4416db333e5a5a8f8f299c393dd1a50f574a2c1c601a0724a8ea7fb652f6ec0ba2267390327185ebea55f5c5049ab486d88b4c5fc1585a6a975238507a15 |
C:\Users\Admin\AppData\Roaming\Ultimate Tweaks\Cache\Cache_Data\data_3
| MD5 | 6ccf4c8c68aba99ab8413bb44aba14c2 |
| SHA1 | ab13634b1f2bb1ba2e90f127008207bc4dbc0ca1 |
| SHA256 | fc9c6072300da7994d561747aced727463f43fba287ddc361b950abaf4310419 |
| SHA512 | 63dfe5bc54e4b3785a979e77094ac8755c0b04ba1d48001fa7f8a2edba65dbcfdfab63d232adf542effd62e1ccae568098ed9828080e28ed50a711415ad3b50b |
C:\Users\Admin\AppData\Roaming\Ultimate Tweaks\Cache\Cache_Data\data_2
| MD5 | 8251265bcd9e7c145bfc2a579f7eefa3 |
| SHA1 | a3be9866da8624df4d32f4682fd0e8ff3e33728a |
| SHA256 | 22627a4d15b0687e4e6731f45e0869e3306fd69f2bb0e4e70a231ca6baa492a8 |
| SHA512 | c8902999322b427e31928cab813cdfc8adcd08a78cbc2bbf3c2e5f7475c91a1d565dd31f321680a3aa79b63ad5994a360551f16efcb0079e32301794a6180fa3 |
C:\Users\Admin\AppData\Roaming\Ultimate Tweaks\Cache\Cache_Data\data_1
| MD5 | ce8766dc10115e337727490e5fa8e4f0 |
| SHA1 | b9082fd9f05ae00725ba0fd6a970587d0b040d27 |
| SHA256 | 6c1df66ea9f55fd8efa88f2012d3c8cc29b821eecc3fe65f6ef1159cc76a43be |
| SHA512 | 64b7ef21d17cd4e17c83632f770a8e50ebb50a719bd951de60a5aedd46d0ea93691366f1de6fd90a63f9be5e2033e411cfa966efaced57319478ed8ad8730a30 |
C:\Users\Admin\AppData\Roaming\Ultimate Tweaks\Cache\Cache_Data\data_0
| MD5 | 5051109320b13cb92029615254f382f2 |
| SHA1 | 848a60a2b215e0d539b9b8e98cf1735da13ac382 |
| SHA256 | a5edaa9f8b9129cc66c914f5ede381dd61f8d9bad7df25210dbaeba5f8c04ef6 |
| SHA512 | a0a9f83b412cbd9fc8e44ca1c106a8caafad3bf6ee4ef0027ece1f35f70c225432234a1f0f5594eff0ab2512635887c4503c30edd19f70f34167416ad880bf28 |
C:\Users\Admin\AppData\Roaming\Ultimate Tweaks\Local Storage\leveldb\LOG
| MD5 | 7f027f73b98a887de5712c1d6572f80c |
| SHA1 | 3fe6a44f8498341ee1a7452ebbf9a6caeb269e7a |
| SHA256 | 28af4ae10f5eda9ee4cb41d2fb0adc155c66eba8187dda8ad6b122de3978327d |
| SHA512 | d26e69b5336be874d8001632858e3dd3865ce811ec4bc494d9af68929cf370d76214ebf70422e7d4474a0d7c4d6f80c1ee18099eda504ae45b7021b438610b0e |
memory/3412-1298-0x00007FFD0C310000-0x00007FFD0C311000-memory.dmp
memory/3412-1297-0x00007FFD0B270000-0x00007FFD0B271000-memory.dmp
C:\Users\Admin\AppData\Roaming\Ultimate Tweaks\Network\Network Persistent State
| MD5 | b63d48c8a7961fcfaf2586058d40ea5b |
| SHA1 | ce4a3076bbeb7eba1203b4a1d98650dcd4870a4a |
| SHA256 | d1b7f59368fc156ae51d6f07081be890f997360815ede2262ef9d52cf2291ec1 |
| SHA512 | ed382c0ebe6faafe918af8662673228e22e00db343ce5a10a895e2aa3fa00c36a94b8733279afc05c4949d533773b190e0d27a696d77a0cee8ee9780526e7464 |
C:\Users\Admin\AppData\Roaming\Ultimate Tweaks\Network\TransportSecurity
| MD5 | c03370db0a56e1cb99860200a70923af |
| SHA1 | 5873a9a737c5f94c819aa448d0d14a74403b6a10 |
| SHA256 | e148c6fb6e9596cbdaf59560716bd5c788605e2c45da0dc14ab4c138cacccad6 |
| SHA512 | 3ebe428d790c1bffd47988d60110223f24f83fab86129e1cac7738d83c1d957346ea60f3843d0597ed0efe7e750de915bba980a6f1fe74a7e1d351539d0336ee |
C:\Users\Admin\AppData\Roaming\Ultimate Tweaks\Network\TransportSecurity
| MD5 | 5d0b2c2a85eb4b2c1e06886ca20eae12 |
| SHA1 | 3efca9f7fa746bf637e5206bc64939de339eccfe |
| SHA256 | 0e7609260b6e778838139050fa7bdd91a010b0b612488fa858a07544814c024a |
| SHA512 | 04ff0538562ce02738da14e03244ca38465f01db3c9fe86e66d00620a22b1f516a1115b20ef0cff0c897738109dbbe143cd7a87b8c537aa52110098537d91389 |
C:\Users\Admin\AppData\Roaming\Ultimate Tweaks\Code Cache\js\index-dir\the-real-index
| MD5 | 485958adb2ca8df1f49cedad523cd0c7 |
| SHA1 | b691dfc5bddfebfbd09677f36564b9286d87f483 |
| SHA256 | c6b9f8e93f14fcf6b3cd8ebb1cafa3487f5d4374fab11f3d469a4666e4501601 |
| SHA512 | 5d72438cc82e3ecaa05a1a312e7aaf62a0c58ed810679374ae8a69af7c7e8de4fa87897b8c2c8da17b3ccbcd9df204509b7f57015346bca5098c192b66909364 |
C:\Users\Admin\AppData\Roaming\Ultimate Tweaks\Network\Network Persistent State
| MD5 | 2ecc4359e1278fdbc0e6a934771c1159 |
| SHA1 | 1d10112f704aaffcb966c25bc69739fb9981e94b |
| SHA256 | f40e48a11f403cc56c4d46650b48bd191722eba34872b7c3639514d76c121b4f |
| SHA512 | dfa6b1864e71255ae8cd25193f4b371f1a2bf753e1aa5312276a3c57cfa4b7b4e7f665b3d1700ee0ff895a75121e8e0a503307431ab10b1fa7f821a01e046efe |
memory/5260-1909-0x0000015A12D40000-0x0000015A12D41000-memory.dmp
memory/5260-1908-0x0000015A12D40000-0x0000015A12D41000-memory.dmp
memory/5260-1910-0x0000015A12D40000-0x0000015A12D41000-memory.dmp
memory/5260-1920-0x0000015A12D40000-0x0000015A12D41000-memory.dmp
memory/5260-1919-0x0000015A12D40000-0x0000015A12D41000-memory.dmp
memory/5260-1918-0x0000015A12D40000-0x0000015A12D41000-memory.dmp
memory/5260-1917-0x0000015A12D40000-0x0000015A12D41000-memory.dmp
memory/5260-1916-0x0000015A12D40000-0x0000015A12D41000-memory.dmp
memory/5260-1915-0x0000015A12D40000-0x0000015A12D41000-memory.dmp
memory/5260-1914-0x0000015A12D40000-0x0000015A12D41000-memory.dmp
Analysis: behavioral16
Detonation Overview
Submitted
2024-09-22 11:13
Reported
2024-09-22 11:23
Platform
win7-20240903-en
Max time kernel
122s
Max time network
132s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ffmpeg.dll,#1
Network
Files
Analysis: behavioral19
Detonation Overview
Submitted
2024-09-22 11:13
Reported
2024-09-22 11:23
Platform
win10v2004-20240802-en
Max time kernel
90s
Max time network
212s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\libEGL.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-09-22 11:13
Reported
2024-09-22 11:23
Platform
win7-20240704-en
Max time kernel
117s
Max time network
122s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 220
Network
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-09-22 11:13
Reported
2024-09-22 11:23
Platform
win7-20240903-en
Max time kernel
240s
Max time network
252s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 224
Network
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-09-22 11:13
Reported
2024-09-22 11:23
Platform
win10v2004-20240802-en
Max time kernel
149s
Max time network
302s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2348 wrote to memory of 2196 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2348 wrote to memory of 2196 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2348 wrote to memory of 2196 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2196 -ip 2196
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 612
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.140.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.170.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.143.123.92.in-addr.arpa | udp |
| IE | 52.111.236.23:443 | tcp | |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.143.182.52.in-addr.arpa | udp |
Files
Analysis: behavioral32
Detonation Overview
Submitted
2024-09-22 11:13
Reported
2024-09-22 11:23
Platform
win7-20240903-en
Max time kernel
122s
Max time network
134s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsis7z.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsis7z.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 224
Network
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-09-22 11:13
Reported
2024-09-22 11:23
Platform
win7-20240903-en
Max time kernel
118s
Max time network
126s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 220
Network
Files
Analysis: behavioral12
Detonation Overview
Submitted
2024-09-22 11:13
Reported
2024-09-22 11:23
Platform
win10v2004-20240802-en
Max time kernel
242s
Max time network
311s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | bitbucket.org | N/A | N/A |
| N/A | bitbucket.org | N/A | N/A |
| N/A | bitbucket.org | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1996 -parentBuildID 20240401114208 -prefsHandle 1924 -prefMapHandle 1916 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2a98660-48de-4eb8-808e-ca36003ac319} 1740 "\\.\pipe\gecko-crash-server-pipe.1740" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2432 -parentBuildID 20240401114208 -prefsHandle 2408 -prefMapHandle 2404 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d9a56b8-6c5c-4efd-915e-7137e3a416c5} 1740 "\\.\pipe\gecko-crash-server-pipe.1740" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3008 -childID 1 -isForBrowser -prefsHandle 3112 -prefMapHandle 3056 -prefsLen 24741 -prefMapSize 244658 -jsInitHandle 948 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {717dfb25-3f73-4680-bde8-597fce2c87fe} 1740 "\\.\pipe\gecko-crash-server-pipe.1740" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3448 -childID 2 -isForBrowser -prefsHandle 3528 -prefMapHandle 2792 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 948 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f64ab4e3-f0a7-4890-93d9-03e68c5da086} 1740 "\\.\pipe\gecko-crash-server-pipe.1740" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1092 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4676 -prefMapHandle 2564 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {446eb857-b91f-45cc-82d3-a72078d3885a} 1740 "\\.\pipe\gecko-crash-server-pipe.1740" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5064 -childID 3 -isForBrowser -prefsHandle 5048 -prefMapHandle 5056 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 948 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a42a7e5b-12eb-49a1-b26c-ccbd48f0e142} 1740 "\\.\pipe\gecko-crash-server-pipe.1740" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5192 -childID 4 -isForBrowser -prefsHandle 5176 -prefMapHandle 5180 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 948 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b71e5ad9-5dac-4c6c-ad47-ab5eb0952eb5} 1740 "\\.\pipe\gecko-crash-server-pipe.1740" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5388 -childID 5 -isForBrowser -prefsHandle 5184 -prefMapHandle 5092 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 948 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {24d14b8d-3427-4dc0-9e48-704b519fea1f} 1740 "\\.\pipe\gecko-crash-server-pipe.1740" tab
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.140.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| N/A | 127.0.0.1:49864 | tcp | |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 79.70.235.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 53.121.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | source.chromium.org | udp |
| US | 8.8.8.8:53 | www.kurims.kyoto-u.ac.jp | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | aomedia.googlesource.com | udp |
| US | 8.8.8.8:53 | chromium.googlesource.com | udp |
| US | 8.8.8.8:53 | source.android.com | udp |
| US | 8.8.8.8:53 | developer.android.com | udp |
| US | 8.8.8.8:53 | ci.android.com | udp |
| US | 8.8.8.8:53 | android.googlesource.com | udp |
| US | 8.8.8.8:53 | www.mojohaus.org | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | beto-core.googlesource.com | udp |
| US | 8.8.8.8:53 | software.blackmagicdesign.com | udp |
| US | 8.8.8.8:53 | www.chromium.org | udp |
| US | 8.8.8.8:53 | boringssl.googlesource.com | udp |
| US | 8.8.8.8:53 | www.daemonology.net | udp |
| US | 8.8.8.8:53 | sigslot.sourceforge.net | udp |
| US | 8.8.8.8:53 | checkerframework.org | udp |
| US | 8.8.8.8:53 | code.google.com | udp |
| US | 8.8.8.8:53 | pypi.python.org | udp |
| US | 8.8.8.8:53 | crashpad.chromium.org | udp |
| US | 8.8.8.8:53 | www.npmjs.com | udp |
| US | 8.8.8.8:53 | www.opensource.apple.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | projects.sourceforge.net.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | aomedia.googlesource.com | udp |
| US | 8.8.8.8:53 | www.chromium.org | udp |
| US | 8.8.8.8:53 | software.blackmagicdesign.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | source.chromium.org | udp |
| US | 8.8.8.8:53 | mojohaus.github.io | udp |
| US | 8.8.8.8:53 | world-gen.g.aaplimg.com | udp |
| US | 8.8.8.8:53 | code.l.google.com | udp |
| US | 8.8.8.8:53 | boringssl.googlesource.com | udp |
| US | 8.8.8.8:53 | www.daemonology.net | udp |
| US | 8.8.8.8:53 | android.googlesource.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | www.npmjs.com | udp |
| US | 8.8.8.8:53 | dualstack.python.map.fastly.net | udp |
| US | 8.8.8.8:53 | chromium.googlesource.com | udp |
| US | 8.8.8.8:53 | ci.android.com | udp |
| US | 8.8.8.8:53 | beto-core.googlesource.com | udp |
| US | 8.8.8.8:53 | ghs.googlehosted.com | udp |
| US | 8.8.8.8:53 | checkerframework.org | udp |
| US | 8.8.8.8:53 | software.blackmagicdesign.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | www.chromium.org | udp |
| US | 8.8.8.8:53 | projects.sourceforge.net.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | world-gen.g.aaplimg.com | udp |
| US | 8.8.8.8:53 | source.chromium.org | udp |
| US | 8.8.8.8:53 | aomedia.googlesource.com | udp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | www.daemonology.net | udp |
| US | 8.8.8.8:53 | code.l.google.com | udp |
| US | 8.8.8.8:53 | dualstack.python.map.fastly.net | udp |
| US | 8.8.8.8:53 | www.npmjs.com | udp |
| US | 8.8.8.8:53 | mojohaus.github.io | udp |
| US | 8.8.8.8:53 | chromium.googlesource.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | ci.android.com | udp |
| US | 8.8.8.8:53 | android.googlesource.com | udp |
| US | 8.8.8.8:53 | ghs.googlehosted.com | udp |
| US | 8.8.8.8:53 | beto-core.googlesource.com | udp |
| US | 8.8.8.8:53 | boringssl.googlesource.com | udp |
| US | 8.8.8.8:53 | code.videolan.org | udp |
| US | 8.8.8.8:53 | dawn.googlesource.com | udp |
| US | 8.8.8.8:53 | easylist.to | udp |
| US | 8.8.8.8:53 | checkerframework.org | udp |
| US | 8.8.8.8:53 | gitlab.com | udp |
| US | 8.8.8.8:53 | www.netlib.org | udp |
| US | 8.8.8.8:53 | ffmpeg.org | udp |
| US | 8.8.8.8:53 | findbugs.sourceforge.net | udp |
| US | 8.8.8.8:53 | firebase.google.com | udp |
| US | 8.8.8.8:53 | www.flotcharts.org | udp |
| US | 8.8.8.8:53 | www.freetype.org | udp |
| US | 8.8.8.8:53 | fuchsia.googlesource.com | udp |
| US | 8.8.8.8:53 | fusejs.io | udp |
| US | 8.8.8.8:53 | sourceware.org | udp |
| US | 8.8.8.8:53 | www.gnu.org | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | cloud.google.com | udp |
| US | 8.8.8.8:53 | harfbuzz.org | udp |
| US | 8.8.8.8:53 | hunspell.sourceforge.net | udp |
| US | 8.8.8.8:53 | bgoffice.sourceforge.net | udp |
| US | 8.8.8.8:53 | www.ijg.org | udp |
| US | 8.8.8.8:53 | developer.mozilla.org | udp |
| US | 8.8.8.8:53 | jinja.palletsprojects.com | udp |
| US | 8.8.8.8:53 | dawn.googlesource.com | udp |
| US | 8.8.8.8:53 | easylist.to | udp |
| US | 8.8.8.8:53 | gitlab.com | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | www.gnu.org | udp |
| US | 8.8.8.8:53 | www.flotcharts.org | udp |
| US | 8.8.8.8:53 | sourceware.org | udp |
| US | 8.8.8.8:53 | code.videolan.org | udp |
| US | 8.8.8.8:53 | www.freetype.org | udp |
| US | 8.8.8.8:53 | firebase.google.com | udp |
| US | 8.8.8.8:53 | www.khronos.org | udp |
| US | 8.8.8.8:53 | fuchsia.googlesource.com | udp |
| US | 8.8.8.8:53 | harfbuzz.org | udp |
| US | 8.8.8.8:53 | mdn.prod.mdn.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | fusejs.io | udp |
| US | 8.8.8.8:53 | readthedocs.io | udp |
| US | 8.8.8.8:53 | cloud.google.com | udp |
| US | 8.8.8.8:53 | registry.khronos.org | udp |
| US | 8.8.8.8:53 | kotlinlang.org | udp |
| US | 8.8.8.8:53 | www.khronos.org | udp |
| US | 8.8.8.8:53 | code.videolan.org | udp |
| US | 8.8.8.8:53 | www.gnu.org | udp |
| US | 8.8.8.8:53 | www.flotcharts.org | udp |
| US | 8.8.8.8:53 | dawn.googlesource.com | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | sourceware.org | udp |
| US | 8.8.8.8:53 | gitlab.com | udp |
| US | 8.8.8.8:53 | www.ijg.org | udp |
| US | 8.8.8.8:53 | easylist.to | udp |
| US | 8.8.8.8:53 | ffmpeg.org | udp |
| US | 8.8.8.8:53 | brltty.app | udp |
| US | 8.8.8.8:53 | harfbuzz.org | udp |
| US | 8.8.8.8:53 | mdn.prod.mdn.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | fuchsia.googlesource.com | udp |
| US | 8.8.8.8:53 | firebase.google.com | udp |
| US | 8.8.8.8:53 | www.freetype.org | udp |
| US | 8.8.8.8:53 | libcxx.llvm.org | udp |
| US | 8.8.8.8:53 | www.ijg.org | udp |
| US | 8.8.8.8:53 | brltty.app | udp |
| US | 8.8.8.8:53 | libcxxabi.llvm.org | udp |
| US | 8.8.8.8:53 | www.khronos.org | udp |
| US | 8.8.8.8:53 | kotlinlang.org | udp |
| US | 8.8.8.8:53 | gitlab.freedesktop.org | udp |
| US | 8.8.8.8:53 | libevent.org | udp |
| US | 8.8.8.8:53 | libpng.org | udp |
| US | 8.8.8.8:53 | git.gnome.org | udp |
| US | 8.8.8.8:53 | www.freedesktop.org | udp |
| US | 8.8.8.8:53 | cloud.google.com | udp |
| US | 8.8.8.8:53 | ffmpeg.org | udp |
| US | 8.8.8.8:53 | fusejs.io | udp |
| US | 8.8.8.8:53 | libusb.info | udp |
| US | 8.8.8.8:53 | readthedocs.io | udp |
| US | 8.8.8.8:53 | xmlsoft.org | udp |
| US | 8.8.8.8:53 | lit.dev | udp |
| US | 8.8.8.8:53 | reviews.llvm.org | udp |
| US | 8.8.8.8:53 | www.7-zip.org | udp |
| US | 8.8.8.8:53 | brltty.app | udp |
| US | 8.8.8.8:53 | registry.khronos.org | udp |
| US | 8.8.8.8:53 | www.mesa3d.org | udp |
| US | 8.8.8.8:53 | kotlinlang.org | udp |
| US | 8.8.8.8:53 | dxr.mozilla.org | udp |
| US | 8.8.8.8:53 | libpng.org | udp |
| US | 8.8.8.8:53 | ocp-ingress.fastly.gnome.org | udp |
| US | 8.8.8.8:53 | gitlab.freedesktop.org | udp |
| US | 8.8.8.8:53 | searchfox.org | udp |
| US | 8.8.8.8:53 | libevent.org | udp |
| US | 8.8.8.8:53 | www.mozilla.org | udp |
| US | 8.8.8.8:53 | reviews.llvm.org | udp |
| US | 8.8.8.8:53 | xmlsoft.org | udp |
| US | 8.8.8.8:53 | registry.khronos.org | udp |
| US | 8.8.8.8:53 | www.7-zip.org | udp |
| US | 8.8.8.8:53 | cgit.freedesktop.org | udp |
| US | 8.8.8.8:53 | lit.dev | udp |
| US | 8.8.8.8:53 | cristal.univ-lille.fr | udp |
| US | 8.8.8.8:53 | libusb.info | udp |
| US | 8.8.8.8:53 | www.openh264.org | udp |
| US | 8.8.8.8:53 | prod.refractr.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | libpng.org | udp |
| US | 8.8.8.8:53 | gitlab.xiph.org | udp |
| US | 8.8.8.8:53 | ocp-ingress.fastly.gnome.org | udp |
| US | 8.8.8.8:53 | gitlab.freedesktop.org | udp |
| US | 8.8.8.8:53 | www.azillionmonkeys.com | udp |
| US | 8.8.8.8:53 | searchfox.org | udp |
| US | 8.8.8.8:53 | www.mozorg.moz.works | udp |
| US | 8.8.8.8:53 | reviews.llvm.org | udp |
| US | 8.8.8.8:53 | xmlsoft.org | udp |
| US | 8.8.8.8:53 | libevent.org | udp |
| US | 8.8.8.8:53 | www.7-zip.org | udp |
| US | 8.8.8.8:53 | molly.freedesktop.org | udp |
| US | 8.8.8.8:53 | lit.dev | udp |
| US | 8.8.8.8:53 | pdfium.googlesource.com | udp |
| US | 8.8.8.8:53 | cisco.github.io | udp |
| US | 8.8.8.8:53 | gitlab.xiph.org | udp |
| US | 8.8.8.8:53 | bitbucket.org | udp |
| US | 8.8.8.8:53 | www.polymer-project.org | udp |
| US | 8.8.8.8:53 | prod.refractr.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | polymer-library.polymer-project.org | udp |
| US | 8.8.8.8:53 | pypi.org | udp |
| US | 8.8.8.8:53 | libusb.info | udp |
| US | 8.8.8.8:53 | searchfox.org | udp |
| US | 8.8.8.8:53 | quiche.googlesource.com | udp |
| US | 8.8.8.8:53 | www.mozorg.moz.works | udp |
| US | 8.8.8.8:53 | proxy-inst.lifl.fr | udp |
| US | 8.8.8.8:53 | annarchy.freedesktop.org | udp |
| US | 8.8.8.8:53 | redux.js.org | udp |
| US | 8.8.8.8:53 | opensource.perlig.de | udp |
| US | 8.8.8.8:53 | molly.freedesktop.org | udp |
| US | 8.8.8.8:53 | bitbucket.org | udp |
| US | 8.8.8.8:53 | sizzlejs.com | udp |
| US | 8.8.8.8:53 | pypi.org | udp |
| US | 8.8.8.8:53 | skia.org | udp |
| US | 8.8.8.8:53 | pdfium.googlesource.com | udp |
| US | 8.8.8.8:53 | netlib.org | udp |
| N/A | 127.0.0.1:49872 | tcp | |
| US | 8.8.8.8:53 | google.github.io | udp |
| US | 8.8.8.8:53 | www.pertinentdetail.org | udp |
| US | 8.8.8.8:53 | sqlite.org | udp |
| US | 8.8.8.8:53 | proxy-inst.lifl.fr | udp |
| US | 8.8.8.8:53 | www.strongtalk.org | udp |
| US | 8.8.8.8:53 | redux-docs.netlify.app | udp |
| US | 8.8.8.8:53 | pypi.org | udp |
| US | 8.8.8.8:53 | quiche.googlesource.com | udp |
| US | 8.8.8.8:53 | annarchy.freedesktop.org | udp |
| US | 8.8.8.8:53 | azillionmonkeys.com | udp |
| US | 8.8.8.8:53 | bitbucket.org | udp |
| US | 8.8.8.8:53 | sizzlejs.com | udp |
| US | 8.8.8.8:53 | www.suitable.com | udp |
| US | 8.8.8.8:53 | pdfium.googlesource.com | udp |
| US | 8.8.8.8:53 | swiftshader.googlesource.com | udp |
| US | 8.8.8.8:53 | skia.org | udp |
| US | 8.8.8.8:53 | google.github.io | udp |
| US | 8.8.8.8:53 | sqlite.org | udp |
| US | 8.8.8.8:53 | gpaas9.dc2.gandi.net | udp |
| US | 8.8.8.8:53 | perlig.de | udp |
| US | 8.8.8.8:53 | www.strongtalk.org | udp |
| US | 8.8.8.8:53 | source.corp.google.com | udp |
| US | 8.8.8.8:53 | redux-docs.netlify.app | udp |
| US | 8.8.8.8:53 | quiche.googlesource.com | udp |
| US | 8.8.8.8:53 | lists.llvm.org | udp |
| US | 8.8.8.8:53 | swiftshader.googlesource.com | udp |
| US | 8.8.8.8:53 | www.linux-usb.org | udp |
| US | 8.8.8.8:53 | cldr.unicode.org | udp |
| US | 8.8.8.8:53 | sizzlejs.com | udp |
| US | 8.8.8.8:53 | hg.mozilla.org | udp |
| US | 8.8.8.8:53 | www.suitable.com | udp |
| US | 8.8.8.8:53 | git.linuxtv.org | udp |
| US | 8.8.8.8:53 | skia.org | udp |
| US | 8.8.8.8:53 | gitlab.xiph.org | udp |
| US | 8.8.8.8:53 | sqlite.org | udp |
| US | 8.8.8.8:53 | google.github.io | udp |
| US | 8.8.8.8:53 | uberproxy.l.google.com | udp |
| US | 8.8.8.8:53 | netlib.org | udp |
| US | 8.8.8.8:53 | v8.dev | udp |
| US | 8.8.8.8:53 | valgrind.org | udp |
| US | 8.8.8.8:53 | www.strongtalk.org | udp |
| US | 8.8.8.8:53 | ghs.google.com | udp |
| US | 8.8.8.8:53 | lists.llvm.org | udp |
| US | 8.8.8.8:53 | vhost.sourceforge.net | udp |
| US | 8.8.8.8:53 | webkit.org | udp |
| US | 8.8.8.8:53 | hg.public.mdc1.mozilla.com | udp |
| US | 8.8.8.8:53 | perlig.de | udp |
| US | 8.8.8.8:53 | cldr.pages.dev | udp |
| US | 8.8.8.8:53 | www.suitable.com | udp |
| US | 8.8.8.8:53 | swiftshader.googlesource.com | udp |
| US | 8.8.8.8:53 | azillionmonkeys.com | udp |
| US | 8.8.8.8:53 | www.webrtc.org | udp |
| US | 8.8.8.8:53 | sourceforge.net | udp |
| US | 8.8.8.8:53 | valgrind.org | udp |
| US | 8.8.8.8:53 | uberproxy.l.google.com | udp |
| US | 8.8.8.8:53 | www.linuxtv.org | udp |
| US | 8.8.8.8:53 | opensource.apple.com | udp |
| US | 8.8.8.8:53 | tukaani.org | udp |
| US | 8.8.8.8:53 | vhost.sourceforge.net | udp |
| US | 8.8.8.8:53 | ghs.google.com | udp |
| US | 8.8.8.8:53 | v8.dev | udp |
| US | 8.8.8.8:53 | hg.public.mdc1.mozilla.com | udp |
| US | 8.8.8.8:53 | webkit.org | udp |
| US | 8.8.8.8:53 | zlib.net | udp |
| US | 8.8.8.8:53 | cldr.pages.dev | udp |
| US | 8.8.8.8:53 | valgrind.org | udp |
| US | 8.8.8.8:53 | tukaani.org | udp |
| US | 8.8.8.8:53 | sourceforge.net | udp |
| US | 8.8.8.8:53 | www.linuxtv.org | udp |
| US | 8.8.8.8:53 | webkit.org | udp |
| US | 8.8.8.8:53 | zlib.net | udp |
| US | 8.8.8.8:53 | tukaani.org | udp |
| US | 8.8.8.8:53 | sourceforge.net | udp |
| US | 8.8.8.8:53 | zlib.net | udp |
| US | 8.8.8.8:53 | tsuru.kurims.kyoto-u.ac.jp | udp |
| US | 8.8.8.8:53 | tsuru.kurims.kyoto-u.ac.jp | udp |
| US | 8.8.8.8:53 | v8.dev | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| GB | 88.221.134.155:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | 155.134.221.88.in-addr.arpa | udp |
| GB | 142.250.178.14:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.178.14:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r1---sn-ntnxax8xo-cxge.gvt1.com | udp |
| DE | 185.46.139.12:443 | r1---sn-ntnxax8xo-cxge.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1.sn-ntnxax8xo-cxge.gvt1.com | udp |
| US | 8.8.8.8:53 | r1.sn-ntnxax8xo-cxge.gvt1.com | udp |
| US | 8.8.8.8:53 | 12.139.46.185.in-addr.arpa | udp |
| DE | 185.46.139.12:443 | r1.sn-ntnxax8xo-cxge.gvt1.com | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | 216.72.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\pending_pings\2cee1e11-2364-4111-94b2-981c26249e26
| MD5 | 1dc7bbb678f39a8447d5c46ca2999c5c |
| SHA1 | 1400d7d46f515a4be1c834bc305714073bda0917 |
| SHA256 | c102bde23fd34d91402c84b46e33f465d83e1d6eb063f50aef832c0d88ef0bf1 |
| SHA512 | 6e1ea5131b43f627c5152bce564153785db1643abae32173d6c023e09ad78e62f86ce4c3913ba5ba8b7800c93cb6c4c544b3a4114268b3ec9e882a7f86e5f852 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\pending_pings\d424fca4-ab1b-48c2-99c4-010dfa4a3802
| MD5 | d0aaac99e3841f6bdf9ea39a7b8cc538 |
| SHA1 | 559081b32ca50c953393f3076b81b65e18ded4a6 |
| SHA256 | 4139d0b6a9593448a0109357a3505e5df3d0dbbd8f45e8babb309ed781388d85 |
| SHA512 | 19de29e887a47c1554d6cdf8567d589bd4a2bd54a8908ce87a9d6d03a1ed0ac52e06a6061b6e6a8863b343be795bdd7a3ccffd8e9499e3b90e92c04a2ba86386 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\pending_pings\1be7e7c6-a14b-4d30-8e60-2dea765496c4
| MD5 | 7983423ea7203dd94a53f567348af193 |
| SHA1 | be6db253a3dd3a91a1f617b1cc05ffc691b42d4d |
| SHA256 | 7983bb6c2b197df9cfa8857435164318fa9caab8ec3a2a8d6add254325f6ff42 |
| SHA512 | ad527ecf3fb6fd570a60d212be75c017c73238f745418dfac4493b4c4ffd44def0d24c0f4884242a29be418fb44bc631dd93cf96cc477e01d6e85756a5aa4edd |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 8fe923973b2b17568a707b63e6a9f1c2 |
| SHA1 | a776c799185fe5094ea34d86f5983be79e1776b4 |
| SHA256 | e4522a829d3eef2c86a0281f00a26fc73424e3d59559884283ecd33fda1008dc |
| SHA512 | 64a34672b76391c2cd7b566710470416d60684689625e15099a8ada6c7cdbfd4bd2993d366f5bbc11f019f8b98445fff9008909302a644b223e2612ce80d73a0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs.js
| MD5 | f342f4ea79f75e5518bf7793b783cef7 |
| SHA1 | 52b9b7cdb4cb099c01980995fea44ff129b6fda5 |
| SHA256 | ac8e72536b3536a866837ede391e00adfed8f483c82456ed08524a73a684ce20 |
| SHA512 | 35833a414c89217c5fd309dea1cea7edb75fef0e01d232327a6972543917495cae00d9858edeafe799bcb56cf06fdecc82ab46953f1f31488ea4405e5f0f6848 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 006647d2c3933d8f2e9e6116b6e51354 |
| SHA1 | 82d56f95ee2c99fb854ea5be7510ef4f24a3693a |
| SHA256 | 49b47b6826ebdab69ec9652ea555f255a99519de81507c4e73eb4dfb16d8c7ff |
| SHA512 | 05fc482896f2c98c3843147153c07842b817c1bcc6ff7ce2c0634a9c6305e81ca6a05801c8cf1bbc7796f43c5212647350501bf6213be775184c64c7736e34de |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 86390ffb275fe040c5e581dc50f6c0ab |
| SHA1 | 76fa33a898d0ceb822c409ff64ca56958e88389d |
| SHA256 | 1dc4b79cd34185f773ca6a410ad0e1437569f1fd04f947c45404c55ea541ab44 |
| SHA512 | cc7188f9c9e38ccc5eada34a731c20c14a28f2f28706e1b699455a9dd37278ee660645f9f08a55098c75b10bdddfbe7fd41d281d2c1cd32b580d9f45e3f6af21 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl
| MD5 | c460716b62456449360b23cf5663f275 |
| SHA1 | 06573a83d88286153066bae7062cc9300e567d92 |
| SHA256 | 0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0 |
| SHA512 | 476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 2eea8f88c7177de10947055fce340c88 |
| SHA1 | 3935d9623b353af29b3cd8e576de5a9f5e339fed |
| SHA256 | 7840063aea8dd550f43b93345748fd31df57db5a15d987ecb8f662bfe2afdada |
| SHA512 | e7207e62c050136273460a5c17b075a01fae8e5857b2f682749b18cf7557c691a53eb7c7c80090cb742f7e9e9be0c43e39c5b12b6f19d513ffcf09f0e460c81c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\db\data.safe.bin
| MD5 | cb8eee8b61746101730e4057d17dfa05 |
| SHA1 | 7391ef0df6fa9008ab9a0a1b4b58e777fc8e3767 |
| SHA256 | 8c6d123708217f36c6ef6127f3d7f0eb4d4295e08281ba1838062b2f179f9d8e |
| SHA512 | a1412f30b7fa3a84e29bca198c51875b2291b2ab2a775796fabcb1160f29dba45b7637ab11c495c485c2a08ab394e5e4c71692a75e9bc2fef5c056e9e2f9a28a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs.js
| MD5 | 6ac1b8fb9ba380ea4cd1101977745175 |
| SHA1 | b311ede99651af39e6cbbe43fa6d287d26eede32 |
| SHA256 | 31a49e888e8c27d95edc4933c692dfa518955b978ce8428cfa80e10144f222c4 |
| SHA512 | 1afad5511a2c92ecc719e864b3afffc70a21ead8cc458d895e6a2fd00bb1331055f6a5435bd4227947224df885d05fd6c9512f52bb10c525d3a9a6ae5cad485b |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs.js
| MD5 | 2a1ab3f092245c5de039907b2c89795c |
| SHA1 | bf2b4049ca8f9027635f06804398c4e45cc9d633 |
| SHA256 | f8ba66b8c4eece4cdeeed89d1e354d13a93d273c19ce54fcf7d6239ec0beff6f |
| SHA512 | 5832c371562bfffb2b561c4bd4f0eddc65b428c774f5e575d0e4828cc86822f334fe9d447ed33c1e75e7682c4669abf5575552ddbd6b02b8a3a25ba6bb9742ab |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\22386449CA13D8975B935875780066C6EF52CE37
| MD5 | 512fe020fc4fb8d0498309017c08cbe8 |
| SHA1 | f7c448b43a780177e73bff4db4998cce2ba1e37d |
| SHA256 | 421820bc792bc79c834847bbe1ff59aed4cef4f1a5e7026693cb046fa1798029 |
| SHA512 | ae1755315ebd58e99f22b223ad899a521872d83049d394b16ada5f09f8afbe431dd98e5b1ab8d5ca8512c228ae57f6271331eeca6dac56ea08b6add0485b9ebf |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\AlternateServices.bin
| MD5 | 4cca0523d83bca189b8424910272c555 |
| SHA1 | 3adab769d13c506d82e90f28d1d3ba96071926e1 |
| SHA256 | fcbaa1291e747e525baef744889ee6903da3ad5e676b3dc748f82c89cc123825 |
| SHA512 | ebdbfff7f350c196fabcc9b5d2ee1ff911c2d4e7e2e522609ea679fef67c06159e432c129d9ef68b89b8a69233b8729e036be8f1dc3e9413c08123753d787cd8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 5464b19379bfc270bd78c292a4cf5250 |
| SHA1 | 85e364514bbd4606341f32b6d45907677b952ead |
| SHA256 | d4012fbc6a0a7ba10dabadbcd0351905c75739dcc41af81ff6ff6ffb59ca7710 |
| SHA512 | 1e9103eea89e666300b623987ea87727c6db9e0b72b3325ad922c0ddd8550014f33df89c23a30e4e5ebb0ed7b879df41c43c04ce9a55381618390913fc8c0478 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs-1.js
| MD5 | 37b2a255f1a48dda17040030bfe7996d |
| SHA1 | 3fe3e25797032723677df3e656892aaf76742bb4 |
| SHA256 | 2459588d8eea69aa110abc9471b3dba141f6ef0ff16555970d874e13424f9025 |
| SHA512 | d2c9d3ad10aea263844374dfc895dc20db03e8c562f3962f733a895ed4ad4684297e778b450a447fb5788bdefe8170da6406732f2c87cae17b32cde059dcd48b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\sessionstore-backups\recovery.baklz4
| MD5 | fa2b5f7d961f4364a54d971ef92d9843 |
| SHA1 | 0894e7f2ecec4a0520a5ac3200be8234b5a518dc |
| SHA256 | f0ddccc3f9e31e3beef87df5910a388fb917c5fa4c3afa8999fd0a4f1a806341 |
| SHA512 | 694d0d6a01eaa18f25fdd3a594a2d7ef40ede07b94673771fbf1b715c13c12ee44766a0cb759f80da0fffd0bff974e568d9f1031fedb199e2b5e2ae068644d60 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\personality-provider\recipe_attachment.json
| MD5 | be3d0f91b7957bbbf8a20859fd32d417 |
| SHA1 | fbc0380fe1928d6d0c8ab8b0a793a2bba0722d10 |
| SHA256 | fc07d42847eeaf69dcbf1b9a16eb48b141c11feb67aa40724be2aee83cb621b7 |
| SHA512 | 8da24afcf587fbd4f945201702168e7cfc12434440200d00f09ddcd1d1d358a5e01065ac2a411fdf96a530e94db3697e3530578b392873cf874476b5e65d774a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\personality-provider\nb_model_build_attachment_sports.json
| MD5 | ce4e75385300f9c03fdd52420e0f822f |
| SHA1 | 85c34648c253e4c88161d09dd1e25439b763628c |
| SHA256 | 44da98b03350e91e852fe59f0fc05d752fc867a5049ab0363da8bb7b7078ad14 |
| SHA512 | d119dc4706bbf3b6369fe72553cfacf1c9b2688e0188a7524b56d3e2ac85582a18bbee66d5594e0fb40767432646c23bf3e282090bd9b4c29f989a374aeae61f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\personality-provider\nb_model_build_attachment_computers_and_electronics.json
| MD5 | 6ccd943214682ac8c4ec08b7ec6dbcbd |
| SHA1 | 18417647f7c76581d79b537a70bf64f614f60fa2 |
| SHA256 | ab20b97406b0d9bf4f695e5ec7db4ebad5efb682311e74ca757d45b87ffc106b |
| SHA512 | e57573d6f494df8aa7e8e6a20427a18f6868e19dc853b441b8506998158b23c7a4393b682c83b3513aae5075a21148dd8ca854a11dabcea6a0a0db8f2e6828b8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\personality-provider\nb_model_build_attachment_science.json
| MD5 | 7a8fd079bb1aeb4710a285ec909c62b9 |
| SHA1 | 8429335e5866c7c21d752a11f57f76399e5634b6 |
| SHA256 | 9606ce3988b2d2a4921b58ac454f54e53a9ea8f358326522a8b1dcc751b50b32 |
| SHA512 | 8fc1546e509b5386c9e1088e0e3a1b81f288ef67f1989f3e83888057e23769907a2b184d624a4e4c44fcd5b88d719bd4cca94dfb33798804a721b8be022ec0c6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | ec07372c62cfb593a434714552305d27 |
| SHA1 | 73062a9314f013842ba6abcd0011e50cff1081c6 |
| SHA256 | 3f70becdc0735110b2e8a959a2f5b0b3378289327421f572e9fbb46a3b0c89ec |
| SHA512 | f938aae4de30f2bfec1443a1e7c72656736ad69033a0c6905718727d24328b684c2fa9c1483a86d59f4cfa6ad4c8c2a7398f5f1a99ee1e7c84397430901353bc |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\personality-provider\nb_model_build_attachment_jobs_and_education.json
| MD5 | 2d69892acde24ad6383082243efa3d37 |
| SHA1 | d8edc1c15739e34232012bb255872991edb72bc7 |
| SHA256 | 29080288b2130a67414ecb296a53ddd9f0a4771035e3c1b2112e0ce656a7481a |
| SHA512 | da391152e1fbce1f03607b486c5dea9a298a438e58e440ebb7b871bd5c62d7339b540eed115b4001b9840de1ba3898c6504872ff9094ba4d6a47455051c3f1c5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\personality-provider\nb_model_build_attachment_real_estate.json
| MD5 | 9899942e9cd28bcb9bf5074800eae2d0 |
| SHA1 | 15e5071e5ed58001011652befc224aed06ee068f |
| SHA256 | efcf6b2d09e89b8c449ffbcdb5354beaa7178673862ebcdd6593561f2aa7d99a |
| SHA512 | 9f7a5fbe6d46c694e8bc9b50e7843e9747ea3229cf4b00b8e95f1a5467bd095d166cbd523b3d9315c62e9603d990b8e56a018ba4a11d30ad607f5281cc42b4cd |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\personality-provider\nb_model_build_attachment_shopping.json
| MD5 | 97d4a0fd003e123df601b5fd205e97f8 |
| SHA1 | a802a515d04442b6bde60614e3d515d2983d4c00 |
| SHA256 | bfd7e68ddca6696c798412402965a0384df0c8c209931bbadabf88ccb45e3bb6 |
| SHA512 | 111e8a96bc8e07be2d1480a820fc30797d861a48d80622425af00b009512aacb30a2df9052c53bfbf4ee0800b6e6f5b56daa93d33f30fecb52e2f3850dfa9130 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\personality-provider\nb_model_build_attachment_people_and_society.json
| MD5 | b1bd26cf5575ebb7ca511a05ea13fbd2 |
| SHA1 | e83d7f64b2884ea73357b4a15d25902517e51da8 |
| SHA256 | 4990a5d17bea15617624c48a0c7c23d16e95f15e2ec9dd1d82ee949567bbaec0 |
| SHA512 | edcede39c17b494474859bc1a9bbf18c9f6abd3f46f832086db3bb1337b01d862452d639f89f9470ca302a6fcb84a1686853ebb4b08003cb248615f0834a1e02 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\personality-provider\nb_model_build_attachment_autos_and_vehicles.json
| MD5 | 39b73a66581c5a481a64f4dedf5b4f5c |
| SHA1 | 90e4a0883bb3f050dba2fee218450390d46f35e2 |
| SHA256 | 022f9495f8867fea275ece900cfa7664c68c25073db4748343452dbc0b9eda17 |
| SHA512 | cfb697958e020282455ab7fabc6c325447db84ead0100d28b417b6a0e2455c9793fa624c23cb9b92dfea25124f59dcd1d5c1f43bf1703a0ad469106b755a7cdd |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\personality-provider\nb_model_build_attachment_internet_and_telecom.json
| MD5 | 36689de6804ca5af92224681ee9ea137 |
| SHA1 | 729d590068e9c891939fc17921930630cd4938dd |
| SHA256 | e646d43505c9c4e53dbaa474ef85d650a3f309ccf153d106f328d9b6aeb66d52 |
| SHA512 | 1c4f4aa02a65a9bbdf83dc5321c24cbe49f57108881616b993e274f5705f0466be2dd3389055a725b79f3317c98bdf9f8d47f86d62ebd151e4c57cc4dca2487c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\personality-provider\nb_model_build_attachment_pets_and_animals.json
| MD5 | 5b26aca80818dd92509f6a9013c4c662 |
| SHA1 | 31e322209ba7cc1abd55bbb72a3c15bc2e4a895f |
| SHA256 | dd537bfb1497eb9457c0c8ecbd2846f325e13ddef3988fd293a29e68ab0b2671 |
| SHA512 | 29038f9f3b9b12259fb42daa93cdefabb9fb32a10f0d20f384a72fe97214eff1864b7fa2674c37224b71309d7d9cea4e36abd24a45a0e65f0c61dc5ca161ec7c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\personality-provider\nb_model_build_attachment_online_communities.json
| MD5 | 37a74ab20e8447abd6ca918b6b39bb04 |
| SHA1 | b50986e6bb542f5eca8b805328be51eaa77e6c39 |
| SHA256 | 11b6084552e2979b5bc0fd6ffdc61e445d49692c0ae8dffedc07792f8062d13f |
| SHA512 | 49c6b96655ba0b5d08425af6815f06237089ec06926f49de1f03bc11db9e579bd125f2b6f3eaf434a2ccf10b262c42af9c35ab27683e8e9f984d5b36ec8f59fd |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\personality-provider\nb_model_build_attachment_books_and_literature.json
| MD5 | df96946198f092c029fd6880e5e6c6ec |
| SHA1 | 9aee90b66b8f9656063f9476ff7b87d2d267dcda |
| SHA256 | df23a5b6f583ec3b4dce2aca8ff53cbdfadfd58c4b7aeb2e397eade5ff75c996 |
| SHA512 | 43a9fc190f4faadef37e01fa8ad320940553b287ed44a95321997a48312142f110b29c79eed7930477bfb29777a5a9913b42bf22ce6bb3e679dda5af54a125ea |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\personality-provider\nb_model_build_attachment_games.json
| MD5 | 4182a69a05463f9c388527a7db4201de |
| SHA1 | 5a0044aed787086c0b79ff0f51368d78c36f76bc |
| SHA256 | 35e67835a5cf82144765dfb1095ebc84ac27d08812507ad0a2d562bf68e13e85 |
| SHA512 | 40023c9f89e0357fae26c33a023609de96b2a0b439318ef944d3d5b335b0877509f90505d119154eaa81e1097ecfb5aa44dd8bb595497cdecfc3ee711a1fe1d5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\personality-provider\nb_model_build_attachment_beauty_and_fitness.json
| MD5 | 0ed0473b23b5a9e7d1116e8d4d5ca567 |
| SHA1 | 4eb5e948ac28453c4b90607e223f9e7d901301c4 |
| SHA256 | eed46e8fe6ff20f89884b4fc68a81e8d521231440301a01bb89beec8ebad296b |
| SHA512 | 464508d7992edfa0dfb61b04cfc5909b7daacf094fc81745de4d03214b207224133e48750a710979445ee1a65bb791bf240a2b935aacaf3987e5c67ff2d8ba9c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\personality-provider\nb_model_build_attachment_finance.json
| MD5 | e95c2d2fc654b87e77b0a8a37aaa7fcf |
| SHA1 | b4b00c9554839cab6a50a7ed8cd43d21fdaf35dc |
| SHA256 | 384bf5fcc6928200c7ebb1f03f99bf74f6063e78d3cd044374448f879799318e |
| SHA512 | 9696998a8d0e3a85982016ff0a22bb8ae1790410f1f6198bb379c0a192579f24c75c25c7648b76b00d25a32ac204178acaccd744ee78846dfc62ebf70bf7b93a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\personality-provider\nb_model_build_attachment_arts_and_entertainment.json
| MD5 | 6c651609d367b10d1b25ef4c5f2b3318 |
| SHA1 | 0abcc756ea415abda969cd1e854e7e8ebeb6f2d4 |
| SHA256 | 960065cc44a09bef89206d28048d3c23719d2f5e9b38cfc718ca864c9e0e91e9 |
| SHA512 | 3e084452eefe14e58faa9ef0d9fda2d21af2c2ab1071ae23cde60527df8df43f701668ca0aa9d86f56630b0ab0ca8367803c968347880d674ad8217fba5d8915 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\personality-provider\nb_model_build_attachment_law_and_government.json
| MD5 | 80c49b0f2d195f702e5707ba632ae188 |
| SHA1 | e65161da245318d1f6fdc001e8b97b4fd0bc50e7 |
| SHA256 | 257ee9a218a1b7f9c1a6c890f38920eb7e731808e3d9b9fc956f8346c29a3e63 |
| SHA512 | 972e95de7fe330c61cd22111bd3785999d60e7c02140809122d696a1f1f76f2cd0d63d6d92f657cdec24366d66b681e24f2735a8aabb8bcecec43c74e23fb4f5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\personality-provider\nb_model_build_attachment_health.json
| MD5 | 11711337d2acc6c6a10e2fb79ac90187 |
| SHA1 | 5583047c473c8045324519a4a432d06643de055d |
| SHA256 | 150f21c4f60856ab5e22891939d68d062542537b42a7ce1f8a8cec9300e7c565 |
| SHA512 | c2301ed72f623b22f05333c5ecc5ebf55d8a2d9593167cc453a66d8f42c05ff7c11e2709b6298912038a8ea6175f050bbc6d1fc4381f385f7ad7a952ad1e856b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\personality-provider\nb_model_build_attachment_business_and_industrial.json
| MD5 | a92a0fffc831e6c20431b070a7d16d5a |
| SHA1 | da5bbe65f10e5385cbe09db3630ae636413b4e39 |
| SHA256 | 8410809ebac544389cf27a10e2cbd687b7a68753aa50a42f235ac3fc7b60ce2c |
| SHA512 | 31a8602e1972900268651cd074950d16ad989b1f15ff3ebbd8e21e0311a619eef4d7d15cdb029ea8b22cf3b8759fa95b3067b4faaadcb90456944dbc3c9806a9 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\personality-provider\nb_model_build_attachment_food_and_drink.json
| MD5 | 70ba02dedd216430894d29940fc627c2 |
| SHA1 | f0c9aa816c6b0e171525a984fd844d3a8cabd505 |
| SHA256 | 905357002f2eced8bba1be2285a9b83198f60d2f9bb1144b5c119994f2ec6e34 |
| SHA512 | 3ae60d0bf3c45d28e340d97106790787be2cc80ba579d313b5414084664b86e89879391c99e94b6e33bdc5508ea42a9fd34f48ca9b1e7adfa7b6dd22c783c263 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\personality-provider\nb_model_build_attachment_reference.json
| MD5 | 567eaa19be0963b28b000826e8dd6c77 |
| SHA1 | 7e4524c36113bbbafee34e38367b919964649583 |
| SHA256 | 3619daa64036d1f0197cdadf7660e390d4b6e8c1b328ed3b59f828a205a6ea49 |
| SHA512 | 6766919b06ca209eaed86f99bee20c6dad9cc36520fc84e1c251a668bcfe0afcf720ea6c658268dc3bbaaf602bfdf61eb237c68e08d5252ea6e5d1d2a373b9fe |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\personality-provider\nb_model_build_attachment_home_and_garden.json
| MD5 | 250acc54f92176775d6bdd8412432d9f |
| SHA1 | a6ad9ad7519e5c299d4b4ba458742b1b4d64cb65 |
| SHA256 | 19edd15ebce419b83469d2ab783c0c1377d72a186d1ff08857a82bca842eea54 |
| SHA512 | a52c81062f02c15701f13595f4476f0a07735034fcf177b1a65b001394a816020ee791fed5afae81d51de27630b34a85efa717fe80da733556fdda8739030f49 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\personality-provider\nb_model_build_attachment_blogging_resources_and_services.json
| MD5 | c82700fcfcd9b5117176362d25f3e6f6 |
| SHA1 | a7ad40b40c7e8e5e11878f4702952a4014c5d22a |
| SHA256 | c9f2a779dba0bc886cc1255816bd776bdc2e8a6a8e0f9380495a92bb66862780 |
| SHA512 | d38e65ab55cee8fef538ad96448cd0c6b001563714fc7b37c69a424d0661ec6b7d04892cf4b76b13ddbc7d300c115e87e0134d47c3f38ef51617e5367647b217 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\personality-provider\nb_model_build_attachment_hobbies_and_leisure.json
| MD5 | bb45971231bd3501aba1cd07715e4c95 |
| SHA1 | ea5bfd43d60a3d30cda1a31a3a5eb8ea0afa142a |
| SHA256 | 47db7797297a2a81d28c551117e27144b58627dbac1b1d52672b630d220f025d |
| SHA512 | 74767b1badbd32cacd3f996b8172df9c43656b11fea99f5a51fff38c6c6e2120fae8bdd0dd885234a3f173334054f580164fdf8860c27cbcf5fb29c5bcdc060d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\personality-provider\nb_model_build_attachment_travel.json
| MD5 | 48139e5ba1c595568f59fe880d6e4e83 |
| SHA1 | 5e9ea36b9bb109b1ecfc41356cd5c8c9398d4a78 |
| SHA256 | 4336ac211a822b0a5c3ce5de0d4730665acc351ee1965ea8da1c72477e216dfa |
| SHA512 | 57e826f0e1d9b12d11b05d47e2f5ae4f5787537862f26e039918cb14faff4bc854298c0b7de3023e371756a331c0f3ee1aa7cebbbf94ec70cdfc29e00a900ed1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\bookmarkbackups\bookmarks-2024-09-22_11_ur4QAd1T37d7n-N7hRALqw==.jsonlz4
| MD5 | 99a805992ec9e668f077d145f44c7772 |
| SHA1 | e12680aa9442d649197b0aa95c7dce714e469c21 |
| SHA256 | de60c0ffe55b67100bfbcb3129221cb3f6b427ca3b575d0c1f9f3d634fff054b |
| SHA512 | 1a816aded29b43ee6f7c436e71adf8621da746e27626eef7fa7ce3193b4938f8fd17ef464df715c13d6152fdc64dc69c61cb790ce504436b265ffd1fb064d427 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\RYJOAPTDUGR7GQ0LUV5C.temp
| MD5 | fd0c6b81fc2fd1ea660cce39eeef2ee1 |
| SHA1 | a036f85a407768f3fbc7ded75c5a7fc1f96561ae |
| SHA256 | 6c5cdce84858ac482f9b85c397d02a16d2a3304651a4904e472e2ed9ac412098 |
| SHA512 | 52ce55edd2ceae4208856c37d9f3137aa77724935037e3aa0d9fa031c7373ecbc8cb6602d8db568d7abcc74d48c4f321abd52e2a6375379e000aa8af80cff0ae |
Analysis: behavioral13
Detonation Overview
Submitted
2024-09-22 11:13
Reported
2024-09-22 11:23
Platform
win7-20240903-en
Max time kernel
122s
Max time network
128s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\Ultimate Tweaks.exe
"C:\Users\Admin\AppData\Local\Temp\Ultimate Tweaks.exe"
Network
Files
Analysis: behavioral15
Detonation Overview
Submitted
2024-09-22 11:13
Reported
2024-09-22 11:23
Platform
win10v2004-20240802-en
Max time kernel
144s
Max time network
306s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d3dcompiler_47.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.140.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.73.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral25
Detonation Overview
Submitted
2024-09-22 11:13
Reported
2024-09-22 11:23
Platform
win10v2004-20240802-en
Max time kernel
144s
Max time network
301s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\vk_swiftshader.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.170.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.140.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.229.138.52.in-addr.arpa | udp |
Files
Analysis: behavioral30
Detonation Overview
Submitted
2024-09-22 11:13
Reported
2024-09-22 11:23
Platform
win7-20240903-en
Max time kernel
122s
Max time network
129s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsExec.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsExec.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 220
Network
Files
Analysis: behavioral17
Detonation Overview
Submitted
2024-09-22 11:13
Reported
2024-09-22 11:23
Platform
win10v2004-20240802-en
Max time kernel
145s
Max time network
306s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ffmpeg.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.170.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.140.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.179.89.13.in-addr.arpa | udp |
Files
Analysis: behavioral28
Detonation Overview
Submitted
2024-09-22 11:13
Reported
2024-09-22 11:23
Platform
win7-20240903-en
Max time kernel
120s
Max time network
126s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 240