Analysis Overview
SHA256
dd9e3c06246ef0c285d3b180b9000b365392a94cc0f6ae09ed8016d994624735
Threat Level: Known bad
The file New Text Document.txt was found to be: Known bad.
Malicious Activity Summary
Android 888 RAT payload
888RAT
Loads dropped DLL
ACProtect 1.3x - 1.4x DLL software
Executes dropped EXE
UPX packed file
Drops file in System32 directory
AutoIT Executable
Subvert Trust Controls: Mark-of-the-Web Bypass
Enumerates physical storage devices
Program crash
System Location Discovery: System Language Discovery
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Checks processor information in registry
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Modifies registry key
Opens file in notepad (likely ransom note)
Suspicious behavior: GetForegroundWindowSpam
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Uses Task Scheduler COM API
Suspicious behavior: EnumeratesProcesses
Modifies registry class
NTFS ADS
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-13 10:53
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-13 10:53
Reported
2024-10-13 11:14
Platform
win10-20240404-en
Max time kernel
1199s
Max time network
1198s
Command Line
Signatures
888RAT
Android 888 RAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
ACProtect 1.3x - 1.4x DLL software
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\GhostEyeWorm\GhostEyeWorm.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\GhostEyeWorm\GhostEyeWorm.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\GhostEyeWorm\Stub.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\888RATv1.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\flagx.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\888RATv1.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\exe2msi.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\888RATv1.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\888RATv1.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\888RATv1.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\888RATv1.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\888RATv1.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\888RATv1.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\888RATv1.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\888RATv1.exe | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\eventvwr.msc | C:\Windows\system32\mmc.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\888RATv1.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Downloads\888RATv1.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\flagx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\888RATv1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\exe2msi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\GhostEyeWorm\Stub.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\eventvwr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\888RATv1.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Users\Admin\Desktop\GhostEyeWorm\GhostEyeWorm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Users\Admin\Desktop\GhostEyeWorm\GhostEyeWorm.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Users\Admin\Desktop\GhostEyeWorm\GhostEyeWorm.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Users\Admin\Desktop\GhostEyeWorm\GhostEyeWorm.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\mscfile\shell\open\command | C:\Windows\SysWOW64\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Users\Admin\Downloads\888RATv1.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202 | C:\Users\Admin\Downloads\888RATv1.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell | C:\Users\Admin\Downloads\888RATv1.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance | C:\Users\Admin\Downloads\888RATv1.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\mscfile\shell | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\mscfile\shell\open\command\ = "REG ADD HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 0 /f" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}" | C:\Users\Admin\Downloads\888RATv1.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202 | C:\Users\Admin\Downloads\888RATv1.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 020000000100000000000000ffffffff | C:\Users\Admin\Downloads\888RATv1.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\mscfile\shell\open\command | C:\Windows\SysWOW64\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Users\Admin\Downloads\888RATv1.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\MRUListEx = ffffffff | C:\Users\Admin\Downloads\888RATv1.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9 | C:\Users\Admin\Downloads\888RATv1.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Users\Admin\Downloads\888RATv1.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Users\Admin\Downloads\888RATv1.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Users\Admin\Downloads\888RATv1.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Users\Admin\Downloads\888RATv1.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Users\Admin\Downloads\888RATv1.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings | C:\Users\Admin\Downloads\888RATv1.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Users\Admin\Downloads\888RATv1.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance | C:\Users\Admin\Downloads\888RATv1.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg | C:\Users\Admin\Downloads\888RATv1.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Users\Admin\Downloads\888RATv1.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Users\Admin\Downloads\888RATv1.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\NodeSlot = "9" | C:\Users\Admin\Downloads\888RATv1.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Users\Admin\Downloads\888RATv1.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Users\Admin\Downloads\888RATv1.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Users\Admin\Downloads\888RATv1.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\mscfile | C:\Windows\SysWOW64\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\mscfile\shell\open | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000020000000300000001000000ffffffff | C:\Users\Admin\Downloads\888RATv1.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Users\Admin\Downloads\888RATv1.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Users\Admin\Downloads\888RATv1.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Users\Admin\Downloads\888RATv1.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe110000002eb059e18986da01da395fba5e1ddb01da395fba5e1ddb0114000000 | C:\Users\Admin\Downloads\888RATv1.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2 | C:\Users\Admin\Downloads\888RATv1.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\SniffedFolderType = "Generic" | C:\Users\Admin\Downloads\888RATv1.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\GhostEyeWorm.zip:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\H-WORMExtendedFullSetup.rar:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\888RATv1.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\888RATv1.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\888RATv1.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\888RATv1.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\888RATv1.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\888RATv1.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\888RATv1.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\888RATv1.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\888RATv1.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\New Text Document.txt"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4820.0.1210647480\482807611" -parentBuildID 20221007134813 -prefsHandle 1712 -prefMapHandle 1704 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {294b74fe-7c12-4a0c-9da3-8b8461de4bb9} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" 1796 2201dad7258 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4820.1.1117328196\945827981" -parentBuildID 20221007134813 -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d36f241a-0387-48f1-9109-22ba9f04ebf3} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" 2148 2200b4de558 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4820.2.647193860\783879050" -childID 1 -isForBrowser -prefsHandle 2780 -prefMapHandle 2800 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {27fe034c-0608-4f96-a402-918a21bf5153} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" 2944 22021a9fa58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4820.3.264969005\1714589584" -childID 2 -isForBrowser -prefsHandle 3104 -prefMapHandle 3196 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e003f55b-daac-499d-b25d-9e421ae12064} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" 3476 2200b46fe58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4820.4.1949571576\366140533" -childID 3 -isForBrowser -prefsHandle 4392 -prefMapHandle 4388 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {03cf93ce-ffb3-4e2b-81cd-378bc302c5b0} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" 4404 220229db958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4820.5.959878769\646164840" -childID 4 -isForBrowser -prefsHandle 4900 -prefMapHandle 4896 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4752cb95-47b6-4fb2-9776-7733c675dd04} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" 4908 220220d9e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4820.6.1072722270\658595649" -childID 5 -isForBrowser -prefsHandle 5036 -prefMapHandle 5040 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5d3d747-7b3a-46b5-ab7b-4de07112bec6} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" 5028 220242e8758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4820.7.471448520\418755416" -childID 6 -isForBrowser -prefsHandle 5236 -prefMapHandle 5240 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b989d0a6-7960-44a2-b5cb-b629e77b0d64} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" 5228 22024465558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4820.8.828254717\1022978632" -childID 7 -isForBrowser -prefsHandle 5632 -prefMapHandle 5628 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {926f0f59-804e-4776-932c-00bd04ec917e} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" 5608 2200b45f258 tab
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\GhostEyeWorm\" -ad -an -ai#7zMap27685:86:7zEvent28264
C:\Users\Admin\Desktop\GhostEyeWorm\GhostEyeWorm.exe
"C:\Users\Admin\Desktop\GhostEyeWorm\GhostEyeWorm.exe"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\GhostEyeWorm\Password.txt
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\93d23ead692e4abc9ec9db123dbdb5b3 /t 4396 /p 4664
C:\Users\Admin\Desktop\GhostEyeWorm\GhostEyeWorm.exe
"C:\Users\Admin\Desktop\GhostEyeWorm\GhostEyeWorm.exe"
C:\Users\Admin\Desktop\GhostEyeWorm\Stub.exe
"C:\Users\Admin\Desktop\GhostEyeWorm\Stub.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1684.0.964366572\1425416255" -parentBuildID 20221007134813 -prefsHandle 1616 -prefMapHandle 1604 -prefsLen 20871 -prefMapSize 233583 -appDir "C:\Program Files\Mozilla Firefox\browser" - {934c2b56-37f6-44ea-8233-193d0e42d29b} 1684 "\\.\pipe\gecko-crash-server-pipe.1684" 1704 2264a104758 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1684.1.962692041\1259035747" -parentBuildID 20221007134813 -prefsHandle 1980 -prefMapHandle 1976 -prefsLen 20916 -prefMapSize 233583 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {59239782-ad3d-4864-8f81-c729bb6612c0} 1684 "\\.\pipe\gecko-crash-server-pipe.1684" 1992 22649b36158 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1684.2.1706631663\1170758467" -childID 1 -isForBrowser -prefsHandle 2664 -prefMapHandle 2612 -prefsLen 21377 -prefMapSize 233583 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {224d8d4e-1f63-4e0e-a8c0-c91531808d33} 1684 "\\.\pipe\gecko-crash-server-pipe.1684" 2732 2264cba2858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1684.3.1610108505\1884671798" -childID 2 -isForBrowser -prefsHandle 3424 -prefMapHandle 3420 -prefsLen 26555 -prefMapSize 233583 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {641f6733-5060-4a3d-9155-d8e3bbb54a33} 1684 "\\.\pipe\gecko-crash-server-pipe.1684" 3120 22637d62558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1684.4.565687661\577867134" -childID 3 -isForBrowser -prefsHandle 3888 -prefMapHandle 3872 -prefsLen 26555 -prefMapSize 233583 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ad3d42c-07d3-4eca-8420-a16a3a91e98f} 1684 "\\.\pipe\gecko-crash-server-pipe.1684" 3064 2264fbea258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1684.5.179392747\1389565152" -childID 4 -isForBrowser -prefsHandle 4360 -prefMapHandle 4412 -prefsLen 26555 -prefMapSize 233583 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e68b6bf-8b82-4a8a-baed-57b814584166} 1684 "\\.\pipe\gecko-crash-server-pipe.1684" 4468 2264d57e858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1684.6.1487693277\1361137843" -childID 5 -isForBrowser -prefsHandle 4592 -prefMapHandle 4596 -prefsLen 26555 -prefMapSize 233583 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {680702f3-082c-414b-875f-220789586764} 1684 "\\.\pipe\gecko-crash-server-pipe.1684" 4584 2264ffb6b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1684.7.2134473520\1033191251" -childID 6 -isForBrowser -prefsHandle 4784 -prefMapHandle 4788 -prefsLen 26555 -prefMapSize 233583 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {61ff9950-9fd0-489e-b5c3-55dbf48dc2a6} 1684 "\\.\pipe\gecko-crash-server-pipe.1684" 4776 2264ffb6558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1684.8.242707924\111488388" -childID 7 -isForBrowser -prefsHandle 5272 -prefMapHandle 5260 -prefsLen 26555 -prefMapSize 233583 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {679f1e4f-501c-4ec7-9c06-dabad87c6e3a} 1684 "\\.\pipe\gecko-crash-server-pipe.1684" 5288 2264a595358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1684.9.887932781\2058615768" -childID 8 -isForBrowser -prefsHandle 5048 -prefMapHandle 4672 -prefsLen 26555 -prefMapSize 233583 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {516b35bb-c31c-4e41-ba61-59b010fc3224} 1684 "\\.\pipe\gecko-crash-server-pipe.1684" 5428 22652653b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1684.10.506735338\1376134095" -childID 9 -isForBrowser -prefsHandle 9412 -prefMapHandle 9620 -prefsLen 26555 -prefMapSize 233583 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f52a7ee2-013b-41fa-8984-7c3ec86e80da} 1684 "\\.\pipe\gecko-crash-server-pipe.1684" 9596 226528aea58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1684.11.1231096372\421033743" -childID 10 -isForBrowser -prefsHandle 9304 -prefMapHandle 9312 -prefsLen 26555 -prefMapSize 233583 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e58377f5-8175-416e-9232-b8e4be42852a} 1684 "\\.\pipe\gecko-crash-server-pipe.1684" 9288 22653303e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1684.12.1998199050\892977203" -childID 11 -isForBrowser -prefsHandle 8960 -prefMapHandle 8956 -prefsLen 26555 -prefMapSize 233583 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9f7cea5-706f-4e98-b5b7-f192fc954030} 1684 "\\.\pipe\gecko-crash-server-pipe.1684" 8972 22653305f58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1684.13.1120768716\945740686" -childID 12 -isForBrowser -prefsHandle 5368 -prefMapHandle 7080 -prefsLen 26555 -prefMapSize 233583 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {74078cbc-4b40-4c73-9bcd-6b411066ec56} 1684 "\\.\pipe\gecko-crash-server-pipe.1684" 5360 2264ebd2258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1684.14.1795307149\1562423694" -childID 13 -isForBrowser -prefsHandle 8956 -prefMapHandle 8960 -prefsLen 26555 -prefMapSize 233583 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3fc8fde8-77e9-49ff-9bb9-01c02e111e1c} 1684 "\\.\pipe\gecko-crash-server-pipe.1684" 7060 22653671258 tab
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\H-WORMExtendedFullSetup\" -spe -an -ai#7zMap13992:108:7zEvent21680
C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe
"C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.0.817531219\628942368" -parentBuildID 20221007134813 -prefsHandle 1604 -prefMapHandle 1580 -prefsLen 20871 -prefMapSize 233583 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6011def6-353d-4cc7-92b0-56b02654781b} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 1684 16ac3bfbc58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.1.1382581633\180558781" -parentBuildID 20221007134813 -prefsHandle 1992 -prefMapHandle 1988 -prefsLen 20916 -prefMapSize 233583 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {20169889-4022-4632-87e3-0405b3781d72} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 2004 16ac3837658 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.2.319401719\982930256" -childID 1 -isForBrowser -prefsHandle 2712 -prefMapHandle 2708 -prefsLen 21377 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4795cf0-f597-420d-a23d-f0291cf6c63c} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 2724 16ac763dc58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.3.166238666\1860584405" -childID 2 -isForBrowser -prefsHandle 3364 -prefMapHandle 3352 -prefsLen 26555 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {589fd5ea-2d77-4db5-8323-1b545a816a45} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 3376 16ac7bf9c58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.4.1400903907\5100728" -childID 3 -isForBrowser -prefsHandle 3688 -prefMapHandle 3684 -prefsLen 26555 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {57456534-6a7d-4d67-99ef-79dbce777de2} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 3700 16ac9351158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.5.1933671369\1188431477" -childID 4 -isForBrowser -prefsHandle 4608 -prefMapHandle 4604 -prefsLen 26555 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1e6fe96-f1b1-4f56-9b80-b1f1b3f8bde1} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 4616 16ac9bb7e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.6.2138985439\546555460" -childID 5 -isForBrowser -prefsHandle 4752 -prefMapHandle 4756 -prefsLen 26555 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4964f454-61cd-405f-8ddd-b815eee60f31} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 4836 16ac9dd5f58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.7.704669008\1408196619" -childID 6 -isForBrowser -prefsHandle 4980 -prefMapHandle 4984 -prefsLen 26555 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1e30a62-20e5-4939-8712-c1e56d848313} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 4636 16aca352f58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.8.352826533\1220514631" -childID 7 -isForBrowser -prefsHandle 4976 -prefMapHandle 5288 -prefsLen 26555 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a2410b33-e166-4717-8c27-587cf236928c} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 4980 16acb011558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.9.855437201\305104144" -childID 8 -isForBrowser -prefsHandle 3728 -prefMapHandle 5772 -prefsLen 27511 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d22b9f33-38a5-4d53-b774-1342b05a11b5} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 5780 16acb7eef58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.10.709571125\1205889922" -childID 9 -isForBrowser -prefsHandle 4976 -prefMapHandle 5816 -prefsLen 27511 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd542a06-9bdf-42de-984b-265340415f51} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 9416 16ace198b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.11.728210075\1380630284" -childID 10 -isForBrowser -prefsHandle 4824 -prefMapHandle 4764 -prefsLen 27511 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1d2b5be-b974-4e01-bacd-d7de63cfa7b7} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 9224 16ace9fc658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.12.1307899658\70270569" -childID 11 -isForBrowser -prefsHandle 4692 -prefMapHandle 4680 -prefsLen 27511 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {94ccaa19-9574-48e2-9e9f-2855dcba952d} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 4716 16acd7b1858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.13.880450750\904918758" -childID 12 -isForBrowser -prefsHandle 9124 -prefMapHandle 9120 -prefsLen 27511 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b20d9766-85ba-4191-ace9-f2978955af0d} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 9132 16acd7b1e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.14.2050026665\109243580" -childID 13 -isForBrowser -prefsHandle 9476 -prefMapHandle 5476 -prefsLen 27511 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e9122799-ae99-4d45-ae16-3bbc15881915} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 8936 16acd7b4858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.15.1450568565\415267199" -childID 14 -isForBrowser -prefsHandle 8752 -prefMapHandle 8748 -prefsLen 27511 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {230f0846-86f2-4a9d-bec0-cf84f22da709} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 5156 16acf095b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.16.1616772812\1937979624" -childID 15 -isForBrowser -prefsHandle 3728 -prefMapHandle 5172 -prefsLen 27511 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e131718f-72cf-4cc4-aa63-0af2cd98fa1a} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 5164 16acf095858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.17.620702363\1345947224" -childID 16 -isForBrowser -prefsHandle 9120 -prefMapHandle 9124 -prefsLen 27511 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3147889a-eb97-4061-814a-c38c61dddb19} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 8624 16acf098858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.18.25954600\328512803" -childID 17 -isForBrowser -prefsHandle 8384 -prefMapHandle 8388 -prefsLen 27511 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e87fc1c-cac4-42a9-8a11-e978ca42a6f8} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 8372 16acdff3058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.19.1097428760\1207853120" -childID 18 -isForBrowser -prefsHandle 8400 -prefMapHandle 8356 -prefsLen 27511 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {35e6b8c2-42dd-418e-b796-ef5b85c999ca} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 9556 16acfa9d658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.20.89344405\1305012685" -childID 19 -isForBrowser -prefsHandle 7888 -prefMapHandle 7892 -prefsLen 27511 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fda3184c-d2da-42cf-899b-788fc24c58c5} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 7900 16acf22eb58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.21.1462992001\1435707601" -childID 20 -isForBrowser -prefsHandle 7952 -prefMapHandle 7948 -prefsLen 27511 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d646ea59-3303-48cb-82db-72d901801a10} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 7772 16acfbfbb58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.22.1930027535\139656821" -childID 21 -isForBrowser -prefsHandle 8356 -prefMapHandle 8096 -prefsLen 27511 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dcb4f3a5-0b3e-4666-a98e-47e5f9cda22e} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 7748 16ad00b2e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.23.2080769625\452180807" -childID 22 -isForBrowser -prefsHandle 7808 -prefMapHandle 7804 -prefsLen 27511 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {55a37b80-9955-4909-9e99-70f6993491ef} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 7992 16ad0d1c158 tab
C:\Users\Admin\Downloads\888RATv1.exe
"C:\Users\Admin\Downloads\888RATv1.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.24.394844633\1377762388" -parentBuildID 20221007134813 -prefsHandle 5392 -prefMapHandle 7696 -prefsLen 27576 -prefMapSize 233583 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa12ab7c-e7c5-4890-934d-b3eb001239dd} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 5784 16ac6f97e58 rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.25.672465379\1532206457" -childID 23 -isForBrowser -prefsHandle 7072 -prefMapHandle 7076 -prefsLen 27576 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6bf386dc-8493-4cfc-b8f7-0c087d87fcf4} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 7064 16acde89f58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.26.1009467780\511021132" -childID 24 -isForBrowser -prefsHandle 7460 -prefMapHandle 7752 -prefsLen 27576 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b26a6812-8d35-4208-a2c7-6d467a0c1f43} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 7352 16acde88758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.27.327643627\815077557" -childID 25 -isForBrowser -prefsHandle 7952 -prefMapHandle 7288 -prefsLen 27576 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {358c9e3c-b995-426b-8f15-7cda868c261d} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 6908 16acde88a58 tab
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0xf8
C:\Users\Admin\AppData\Local\Temp\flagx.exe
"C:\Users\Admin\AppData\Local\Temp\flagx.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6480 -s 1448
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.28.1092292242\498907405" -childID 26 -isForBrowser -prefsHandle 5644 -prefMapHandle 6668 -prefsLen 27576 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6613fd02-303e-413d-8b6c-40a101af82a4} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 6700 16acfa9ca58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.29.1956565360\1399863997" -childID 27 -isForBrowser -prefsHandle 6472 -prefMapHandle 6364 -prefsLen 27576 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e71f3ff-f217-4df7-add8-3a345b050812} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 6476 16ac9353b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.30.180729965\879946145" -childID 28 -isForBrowser -prefsHandle 6884 -prefMapHandle 6896 -prefsLen 27576 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9fd91a5f-f3c9-437a-a326-13f521d780ab} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 6800 16aca351458 tab
C:\Users\Admin\Downloads\888RATv1.exe
"C:\Users\Admin\Downloads\888RATv1.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c REG ADD HKCU\Software\Classes\mscfile\shell\open\command /t REG_EXPAND_SZ /d "REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 0 /f" /f & eventvwr.exe & REG DELETE HKCU\Software\Classes\mscfile\shell\open\command /f
C:\Windows\SysWOW64\reg.exe
REG ADD HKCU\Software\Classes\mscfile\shell\open\command /t REG_EXPAND_SZ /d "REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 0 /f" /f
C:\Windows\SysWOW64\eventvwr.exe
eventvwr.exe
C:\Windows\SysWOW64\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\system32\eventvwr.msc"
C:\Windows\SysWOW64\reg.exe
REG DELETE HKCU\Software\Classes\mscfile\shell\open\command /f
C:\Windows\system32\mmc.exe
"C:\Windows\system32\eventvwr.msc" "C:\Windows\system32\eventvwr.msc"
C:\Users\Admin\AppData\Local\Temp\exe2msi.exe
"C:\Users\Admin\AppData\Local\Temp\exe2msi.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.31.966598758\1882104984" -childID 29 -isForBrowser -prefsHandle 3916 -prefMapHandle 4436 -prefsLen 27585 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {14836253-5e92-4512-8106-595b91af8581} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 3924 16ac9443058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.32.749356983\17553031" -childID 30 -isForBrowser -prefsHandle 4412 -prefMapHandle 3940 -prefsLen 27585 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {15f181f3-5926-4ebe-acf0-62ba2827fad7} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 4408 16aca352358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.33.2140521122\310420603" -childID 31 -isForBrowser -prefsHandle 6904 -prefMapHandle 6692 -prefsLen 27585 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {af55b5de-4587-4386-b95f-f3cbcf6a7a7c} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 6836 16acb656558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.34.911014141\713660800" -childID 32 -isForBrowser -prefsHandle 6768 -prefMapHandle 3916 -prefsLen 27585 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8eea6db5-5ddf-492d-b2d1-1b9b654a7845} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 6748 16acba79d58 tab
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:49761 | tcp | |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | 166.188.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.49.25.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:49768 | tcp | |
| US | 8.8.8.8:53 | file.io | udp |
| US | 45.55.107.24:443 | file.io | tcp |
| US | 8.8.8.8:53 | file.io | udp |
| US | 8.8.8.8:53 | file.io | udp |
| US | 8.8.8.8:53 | 24.107.55.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.file.io | udp |
| CZ | 65.9.95.24:443 | www.file.io | tcp |
| US | 8.8.8.8:53 | www.file.io | udp |
| US | 8.8.8.8:53 | www.file.io | udp |
| US | 8.8.8.8:53 | hb.vntsm.com | udp |
| US | 8.8.8.8:53 | 24.95.9.65.in-addr.arpa | udp |
| GB | 79.127.237.132:443 | hb.vntsm.com | tcp |
| US | 8.8.8.8:53 | vmhb.b-cdn.net | udp |
| US | 8.8.8.8:53 | vmhb.b-cdn.net | udp |
| GB | 79.127.237.132:443 | hb.vntsm.com | tcp |
| US | 8.8.8.8:53 | hb.vntsm.io | udp |
| US | 8.8.8.8:53 | hb-vntsm-com.global.ssl.fastly.net | udp |
| US | 151.101.1.194:443 | hb-vntsm-com.global.ssl.fastly.net | tcp |
| US | 8.8.8.8:53 | hb-vntsm-com.global.ssl.fastly.net | udp |
| US | 104.22.46.142:443 | hb.vntsm.io | tcp |
| US | 8.8.8.8:53 | hb.vntsm.io.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | hb-vntsm-com.global.ssl.fastly.net | udp |
| US | 8.8.8.8:53 | hb.vntsm.io.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | 132.237.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.46.22.104.in-addr.arpa | udp |
| US | 45.55.107.24:443 | file.io | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| GB | 172.217.169.35:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| GB | 172.217.169.35:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | cdn.exelator.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| CZ | 65.9.98.75:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | d1ykf07e75w7ss.cloudfront.net | udp |
| CZ | 65.9.95.83:443 | cdn.exelator.com | tcp |
| US | 8.8.8.8:53 | dfh8hwrwbxm35.cloudfront.net | udp |
| GB | 216.58.204.66:443 | securepubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | dfh8hwrwbxm35.cloudfront.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | d1ykf07e75w7ss.cloudfront.net | udp |
| GB | 216.58.204.66:443 | securepubads.g.doubleclick.net | udp |
| BE | 74.125.206.155:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.3.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.98.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.95.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mydmp.exelator.com | udp |
| IE | 54.78.254.47:443 | mydmp.exelator.com | tcp |
| US | 8.8.8.8:53 | load-euw1.exelator.com | udp |
| BE | 74.125.206.155:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | load-euw1.exelator.com | udp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| GB | 172.217.169.78:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | secure.cdn.fastclick.net | udp |
| US | 8.8.8.8:53 | cdn.hadronid.net | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| US | 104.22.53.173:443 | cdn.hadronid.net | tcp |
| US | 8.8.8.8:53 | cdn.hadronid.net | udp |
| US | 8.8.8.8:53 | e4536.g.akamaiedge.net | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | cdn.hadronid.net | udp |
| US | 8.8.8.8:53 | e4536.g.akamaiedge.net | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | load77.exelator.com | udp |
| US | 8.8.8.8:53 | onsite-tag-logs.apps.nielsen.com | udp |
| GB | 172.217.169.78:443 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | nmcapps-onsite-tag-external-alb-315845598.us-east-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | 1605158521.rsc.cdn77.org | udp |
| US | 8.8.8.8:53 | nmcapps-onsite-tag-external-alb-315845598.us-east-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | 1605158521.rsc.cdn77.org | udp |
| CZ | 65.9.95.29:443 | config.aps.amazon-adsystem.com | tcp |
| GB | 104.78.175.230:443 | e4536.g.akamaiedge.net | tcp |
| US | 104.22.52.86:443 | cdn.id5-sync.com | tcp |
| GB | 104.78.175.230:443 | e4536.g.akamaiedge.net | tcp |
| FR | 185.93.2.8:443 | 1605158521.rsc.cdn77.org | tcp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| US | 104.22.5.69:443 | id.hadron.ad.gt | tcp |
| US | 8.8.8.8:53 | id.hadron.ad.gt.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | id.hadron.ad.gt.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 142.250.180.1:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | googlehosted.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 155.206.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.254.78.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.53.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.175.78.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.2.93.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.52.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.95.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.5.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googlehosted.l.googleusercontent.com | udp |
| US | 18.211.59.193:443 | nmcapps-onsite-tag-external-alb-315845598.us-east-1.elb.amazonaws.com | tcp |
| US | 8.8.8.8:53 | a.ad.gt | udp |
| US | 8.8.8.8:53 | a.ad.gt.cdn.cloudflare.net | udp |
| US | 104.22.5.69:443 | a.ad.gt.cdn.cloudflare.net | tcp |
| GB | 142.250.180.1:443 | googlehosted.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | a.ad.gt.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | proc.ad.cpe.dotomi.com | udp |
| NL | 63.215.202.178:443 | proc.ad.cpe.dotomi.com | tcp |
| US | 8.8.8.8:53 | convex-rr.global.dual.dotomi.weighted.com.akadns.net | udp |
| US | 8.8.8.8:53 | convex-rr.global.dual.dotomi.weighted.com.akadns.net | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| US | 8.8.8.8:53 | p.cpx.to | udp |
| DE | 162.19.138.117:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | pub.doubleverify.com | udp |
| US | 8.8.8.8:53 | secure.quantserve.com | udp |
| DE | 162.19.138.118:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.59.211.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.202.215.63.in-addr.arpa | udp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| US | 8.8.8.8:53 | cadmus.script.ac | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| IE | 52.30.96.33:443 | p.cpx.to | tcp |
| US | 104.18.23.145:443 | cadmus.script.ac | tcp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | static.nl3.vip.prod.criteo.net | udp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| US | 8.8.8.8:53 | static.nl3.vip.prod.criteo.net | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | p.cpx.to | udp |
| US | 8.8.8.8:53 | pub.doubleverify.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | p.cpx.to | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | pub.doubleverify.com.cdn.cloudflare.net | udp |
| US | 34.102.146.192:443 | oa.openxcdn.net | udp |
| US | 8.8.8.8:53 | global.px.quantserve.com | udp |
| US | 8.8.8.8:53 | cadmus.script.ac | udp |
| CZ | 65.9.95.19:443 | tags.crwdcntrl.net | tcp |
| NL | 178.250.1.3:443 | static.nl3.vip.prod.criteo.net | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| US | 104.18.35.167:443 | cdn-ima.33across.com.cdn.cloudflare.net | tcp |
| US | 104.18.167.224:443 | pub.doubleverify.com.cdn.cloudflare.net | tcp |
| DE | 91.228.74.166:443 | global.px.quantserve.com | tcp |
| US | 8.8.8.8:53 | global.px.quantserve.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | cadmus.script.ac | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | i.clean.gg | udp |
| US | 8.8.8.8:53 | ib.anycast.adnxs.com | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | i.clean.gg | udp |
| US | 8.8.8.8:53 | ib.anycast.adnxs.com | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | i.clean.gg | udp |
| US | 34.95.69.49:443 | i.clean.gg | tcp |
| US | 34.95.69.49:443 | i.clean.gg | tcp |
| US | 8.8.8.8:53 | d1jvc9b8z3vcjs.cloudfront.net | udp |
| US | 8.8.8.8:53 | cdn.edkt.io | udp |
| US | 8.8.8.8:53 | lexicon.33across.com | udp |
| CZ | 65.9.9.197:443 | d1jvc9b8z3vcjs.cloudfront.net | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | udp |
| US | 104.18.167.224:443 | pub.doubleverify.com.cdn.cloudflare.net | udp |
| US | 34.120.111.33:443 | cdn.edkt.io | tcp |
| US | 8.8.8.8:53 | cdn.edkt.io | udp |
| US | 8.8.8.8:53 | d1jvc9b8z3vcjs.cloudfront.net | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | lexicon.33across.com | udp |
| US | 8.8.8.8:53 | api.rlcdn.com | udp |
| US | 8.8.8.8:53 | lexicon.33across.com | udp |
| US | 8.8.8.8:53 | gum.nl3.vip.prod.criteo.com | udp |
| US | 8.8.8.8:53 | cdn.edkt.io | udp |
| US | 8.8.8.8:53 | gum.nl3.vip.prod.criteo.com | udp |
| US | 8.8.8.8:53 | api.rlcdn.com | udp |
| US | 8.8.8.8:53 | api.rlcdn.com | udp |
| US | 8.8.8.8:53 | track.venatusmedia.com | udp |
| US | 8.8.8.8:53 | ex.ingage.tech | udp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| US | 8.8.8.8:53 | apex.go.sonobi.com | udp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| US | 8.8.8.8:53 | prg.smartadserver.com | udp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| US | 8.8.8.8:53 | elb.the-ozone-project.com | udp |
| IE | 52.51.116.85:443 | track.venatusmedia.com | tcp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 104.18.41.106:443 | ex.ingage.tech | tcp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 104.18.41.106:443 | ex.ingage.tech | tcp |
| US | 8.8.8.8:53 | s.cpx.to | udp |
| US | 8.8.8.8:53 | track.venatusmedia.com | udp |
| US | 8.8.8.8:53 | ex.ingage.tech | udp |
| US | 8.8.8.8:53 | iad-2-apex.go.sonobi.com | udp |
| US | 172.64.153.66:443 | elb.the-ozone-project.com | tcp |
| IE | 52.51.93.160:443 | s.cpx.to | tcp |
| US | 8.8.8.8:53 | track.venatusmedia.com | udp |
| FR | 163.5.194.36:443 | prebid.a-mo.net | tcp |
| US | 8.8.8.8:53 | ex.ingage.tech | udp |
| US | 8.8.8.8:53 | iad-2-apex.go.sonobi.com | udp |
| US | 8.8.8.8:53 | eu-tlx.3lift.com | udp |
| US | 8.8.8.8:53 | euw2.smartadserver.com | udp |
| US | 8.8.8.8:53 | hb-api-fra02.omnitagjs.com | udp |
| US | 8.8.8.8:53 | 192.146.102.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.96.30.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.23.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.70.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.35.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.167.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.74.228.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.95.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.69.95.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.9.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.111.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.41.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.116.51.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.153.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | eu-tlx.3lift.com | udp |
| US | 8.8.8.8:53 | euw2.smartadserver.com | udp |
| US | 8.8.8.8:53 | hb-api-fra02.omnitagjs.com | udp |
| US | 8.8.8.8:53 | btlr-eu-central-1.sharethrough.com | udp |
| US | 8.8.8.8:53 | elb.the-ozone-project.com | udp |
| US | 8.8.8.8:53 | s.cpx.to | udp |
| US | 8.8.8.8:53 | btlr-eu-central-1.sharethrough.com | udp |
| US | 8.8.8.8:53 | elb.the-ozone-project.com | udp |
| US | 8.8.8.8:53 | hbopenbid-lhrc.pubmnet.com | udp |
| US | 8.8.8.8:53 | nld-prebid.a-mx.net | udp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| US | 8.8.8.8:53 | hbopenbid-lhrc.pubmnet.com | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | nld-prebid.a-mx.net | udp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| US | 8.8.8.8:53 | image2.pubmatic.com | udp |
| US | 8.8.8.8:53 | pixel.rubiconproject.net.akadns.net | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | pug-ams-bc.pubmnet.com | udp |
| US | 8.8.8.8:53 | pixel.rubiconproject.net.akadns.net | udp |
| US | 8.8.8.8:53 | pug-ams-bc.pubmnet.com | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 104.18.167.224:443 | pub.doubleverify.com.cdn.cloudflare.net | udp |
| DE | 37.252.171.52:443 | secure.adnxs.com | tcp |
| DE | 3.78.168.176:443 | eu-tlx.3lift.com | tcp |
| US | 69.166.1.32:443 | iad-2-apex.go.sonobi.com | tcp |
| FR | 185.255.84.151:443 | hb-api-fra02.omnitagjs.com | tcp |
| FR | 51.178.195.209:443 | euw2.smartadserver.com | tcp |
| FR | 51.178.195.209:443 | euw2.smartadserver.com | tcp |
| DE | 18.199.220.232:443 | btlr.sharethrough.com | tcp |
| DE | 18.199.220.232:443 | btlr.sharethrough.com | tcp |
| DE | 18.199.220.232:443 | btlr.sharethrough.com | tcp |
| DE | 18.199.220.232:443 | btlr.sharethrough.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid-lhrc.pubmnet.com | tcp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.net.akadns.net | tcp |
| DE | 37.252.172.123:443 | secure.adnxs.com | tcp |
| NL | 198.47.127.205:443 | pug-ams-bc.pubmnet.com | tcp |
| US | 8.8.8.8:53 | 36.194.5.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.93.51.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.171.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.220.199.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.168.78.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.195.178.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.1.166.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.172.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tg1.aniview.com | udp |
| GB | 104.82.233.61:443 | tg1.aniview.com | tcp |
| US | 8.8.8.8:53 | e11385.dscd.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e11385.dscd.akamaiedge.net | udp |
| US | 8.8.8.8:53 | track4.aniview.com | udp |
| US | 8.8.8.8:53 | feed.avplayer.com | udp |
| US | 8.8.8.8:53 | player.avplayer.com | udp |
| US | 172.240.45.75:443 | track4.aniview.com | tcp |
| US | 8.8.8.8:53 | track-sc-main-was.aniview.com | udp |
| GB | 2.22.249.133:443 | feed.avplayer.com | tcp |
| US | 8.8.8.8:53 | e16009.dscd.akamaiedge.net | udp |
| GB | 2.19.117.84:443 | player.avplayer.com | tcp |
| US | 8.8.8.8:53 | a1970.dscd.akamai.net | udp |
| US | 8.8.8.8:53 | track-sc-main-was.aniview.com | udp |
| US | 8.8.8.8:53 | e16009.dscd.akamaiedge.net | udp |
| US | 8.8.8.8:53 | a1970.dscd.akamai.net | udp |
| US | 8.8.8.8:53 | 61.233.82.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.249.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.45.240.172.in-addr.arpa | udp |
| US | 172.240.45.75:443 | track-sc-main-was.aniview.com | udp |
| US | 8.8.8.8:53 | play.aniview.com | udp |
| GB | 104.82.233.61:443 | play.aniview.com | tcp |
| US | 8.8.8.8:53 | content1.avplayer.com | udp |
| GB | 2.19.117.107:443 | content1.avplayer.com | tcp |
| US | 8.8.8.8:53 | player.aniview.com | udp |
| GB | 2.19.117.107:443 | player.aniview.com | tcp |
| US | 8.8.8.8:53 | prod.tahoe-analytics.publishers.advertising.a2z.com | udp |
| US | 8.8.8.8:53 | prod.tahoe-analytics.publishers.advertising.a2z.com | udp |
| US | 44.237.22.19:443 | prod.tahoe-analytics.publishers.advertising.a2z.com | tcp |
| US | 44.237.22.19:443 | prod.tahoe-analytics.publishers.advertising.a2z.com | tcp |
| US | 8.8.8.8:53 | prod.tahoe-analytics.publishers.advertising.a2z.com | udp |
| GB | 2.19.117.107:443 | player.aniview.com | udp |
| US | 8.8.8.8:53 | a23e679de53defb48171c4c14a757c2c.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 107.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.22.237.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pagead-googlehosted.l.google.com | udp |
| GB | 142.250.180.1:443 | pagead-googlehosted.l.google.com | tcp |
| GB | 142.250.180.1:443 | pagead-googlehosted.l.google.com | udp |
| US | 8.8.8.8:53 | pagead-googlehosted.l.google.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 228.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 157.240.214.35:80 | www.facebook.com | tcp |
| GB | 157.240.214.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 35.214.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.113.50.184.in-addr.arpa | udp |
| GB | 157.240.214.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.173.189.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:50308 | tcp | |
| N/A | 127.0.0.1:50321 | tcp | |
| US | 45.55.107.24:443 | file.io | tcp |
| US | 8.8.8.8:53 | file.io | udp |
| US | 8.8.8.8:53 | www.file.io | udp |
| CZ | 65.9.95.72:443 | www.file.io | tcp |
| US | 8.8.8.8:53 | www.file.io | udp |
| US | 8.8.8.8:53 | www.file.io | udp |
| US | 8.8.8.8:53 | hb.vntsm.com | udp |
| US | 8.8.8.8:53 | 72.95.9.65.in-addr.arpa | udp |
| GB | 143.244.38.136:443 | hb.vntsm.com | tcp |
| US | 8.8.8.8:53 | vmhb.b-cdn.net | udp |
| GB | 143.244.38.136:443 | hb.vntsm.com | tcp |
| US | 104.22.46.142:443 | hb.vntsm.io.cdn.cloudflare.net | tcp |
| US | 8.8.8.8:53 | hb-vntsm-com.global.ssl.fastly.net | udp |
| US | 8.8.8.8:53 | vmhb.b-cdn.net | udp |
| US | 8.8.8.8:53 | hb-vntsm-com.global.ssl.fastly.net | udp |
| US | 151.101.1.194:443 | hb-vntsm-com.global.ssl.fastly.net | tcp |
| US | 8.8.8.8:53 | hb-vntsm-com.global.ssl.fastly.net | udp |
| GB | 216.58.204.66:443 | securepubads.g.doubleclick.net | udp |
| GB | 172.217.169.78:443 | www3.l.google.com | udp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | 136.38.244.143.in-addr.arpa | udp |
| US | 45.55.107.24:443 | file.io | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 142.250.180.3:443 | www.google.co.uk | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| GB | 142.250.180.3:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | cdn.exelator.com | udp |
| US | 8.8.8.8:53 | p.cpx.to | udp |
| US | 8.8.8.8:53 | pub.doubleverify.com | udp |
| US | 8.8.8.8:53 | secure.quantserve.com | udp |
| US | 104.18.23.145:443 | cadmus.script.ac | tcp |
| US | 8.8.8.8:53 | ib.anycast.adnxs.com | udp |
| DE | 37.252.171.52:443 | ib.anycast.adnxs.com | tcp |
| US | 35.71.131.137:443 | match.adsrvr.org | tcp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| CZ | 65.9.98.75:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | ib.anycast.adnxs.com | udp |
| US | 8.8.8.8:53 | d1ykf07e75w7ss.cloudfront.net | udp |
| US | 104.18.166.224:443 | pub.doubleverify.com | udp |
| CZ | 65.9.95.67:443 | cdn.exelator.com | tcp |
| US | 8.8.8.8:53 | global.px.quantserve.com | udp |
| IE | 34.251.246.210:443 | p.cpx.to | tcp |
| US | 34.95.69.49:443 | i.clean.gg | tcp |
| US | 8.8.8.8:53 | global.px.quantserve.com | udp |
| US | 8.8.8.8:53 | dfh8hwrwbxm35.cloudfront.net | udp |
| US | 8.8.8.8:53 | mydmp.exelator.com | udp |
| US | 8.8.8.8:53 | d1ykf07e75w7ss.cloudfront.net | udp |
| US | 8.8.8.8:53 | rules.quantcount.com | udp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| CZ | 65.9.98.75:443 | d1ykf07e75w7ss.cloudfront.net | tcp |
| US | 8.8.8.8:53 | p.cpx.to | udp |
| IE | 54.78.254.47:443 | mydmp.exelator.com | tcp |
| US | 8.8.8.8:53 | dfh8hwrwbxm35.cloudfront.net | udp |
| US | 8.8.8.8:53 | i.clean.gg | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | secure.cdn.fastclick.net | udp |
| US | 8.8.8.8:53 | p.cpx.to | udp |
| US | 8.8.8.8:53 | load-euw1.exelator.com | udp |
| US | 8.8.8.8:53 | d2fashanjl7d9f.cloudfront.net | udp |
| CZ | 65.9.98.75:443 | d1ykf07e75w7ss.cloudfront.net | tcp |
| US | 104.22.53.173:443 | cdn.hadronid.net | tcp |
| US | 34.120.111.33:443 | cdn.edkt.io | tcp |
| US | 34.95.69.49:443 | i.clean.gg | tcp |
| CZ | 65.9.9.197:443 | aax.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | cdn.edkt.io | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.166.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.131.71.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.246.251.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d2fashanjl7d9f.cloudfront.net | udp |
| US | 8.8.8.8:53 | track.venatusmedia.com | udp |
| IE | 34.254.107.188:443 | track.venatusmedia.com | tcp |
| US | 8.8.8.8:53 | lexicon.33across.com | udp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | e4536.g.akamaiedge.net | udp |
| US | 34.95.69.49:443 | i.clean.gg | udp |
| US | 34.120.111.33:443 | cdn.edkt.io | udp |
| US | 8.8.8.8:53 | d1jvc9b8z3vcjs.cloudfront.net | udp |
| US | 8.8.8.8:53 | s.cpx.to | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | e4536.g.akamaiedge.net | udp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| US | 8.8.8.8:53 | d1jvc9b8z3vcjs.cloudfront.net | udp |
| IE | 52.30.96.33:443 | s.cpx.to | tcp |
| US | 8.8.8.8:53 | track.venatusmedia.com | udp |
| US | 8.8.8.8:53 | s.cpx.to | udp |
| US | 8.8.8.8:53 | track.venatusmedia.com | udp |
| US | 8.8.8.8:53 | s.cpx.to | udp |
| US | 172.67.23.234:443 | id.hadron.ad.gt | tcp |
| US | 172.67.23.234:443 | id.hadron.ad.gt | tcp |
| US | 8.8.8.8:53 | load77.exelator.com | udp |
| US | 8.8.8.8:53 | onsite-tag-logs.apps.nielsen.com | udp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | nmcapps-onsite-tag-external-alb-315845598.us-east-1.elb.amazonaws.com | udp |
| IE | 67.220.226.238:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | 1605158521.rsc.cdn77.org | udp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | nmcapps-onsite-tag-external-alb-315845598.us-east-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | 1605158521.rsc.cdn77.org | udp |
| US | 34.120.111.33:443 | cdn.edkt.io | tcp |
| US | 34.120.111.33:443 | cdn.edkt.io | tcp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | pixel.rubiconproject.net.akadns.net | udp |
| US | 8.8.8.8:53 | prg.smartadserver.com | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| US | 172.64.153.66:443 | elb.the-ozone-project.com | tcp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| FR | 163.5.194.37:443 | prebid.a-mo.net | tcp |
| US | 104.18.41.106:443 | ex.ingage.tech | tcp |
| US | 104.18.41.106:443 | ex.ingage.tech | tcp |
| US | 8.8.8.8:53 | api.edkt.io | udp |
| US | 8.8.8.8:53 | hbopenbid-lhrc.pubmnet.com | udp |
| US | 8.8.8.8:53 | elb.the-ozone-project.com | udp |
| US | 8.8.8.8:53 | api.edkt.io | udp |
| US | 8.8.8.8:53 | nld-prebid.a-mx.net | udp |
| US | 34.120.111.33:443 | api.edkt.io | udp |
| US | 8.8.8.8:53 | euw2.smartadserver.com | udp |
| US | 8.8.8.8:53 | btlr-eu-central-1.sharethrough.com | udp |
| US | 8.8.8.8:53 | hb-api-fra02.omnitagjs.com | udp |
| US | 104.22.5.69:443 | id.hadron.ad.gt | tcp |
| US | 8.8.8.8:53 | eu-tlx.3lift.com | udp |
| US | 8.8.8.8:53 | btlr-eu-central-1.sharethrough.com | udp |
| US | 8.8.8.8:53 | eu-tlx.3lift.com | udp |
| US | 3.209.146.58:443 | nmcapps-onsite-tag-external-alb-315845598.us-east-1.elb.amazonaws.com | tcp |
| US | 8.8.8.8:53 | 188.107.254.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.23.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.226.220.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.194.5.163.in-addr.arpa | udp |
| US | 104.18.166.224:443 | pub.doubleverify.com | udp |
| CZ | 65.9.95.47:443 | d2fashanjl7d9f.cloudfront.net | tcp |
| CZ | 65.9.95.29:443 | config.aps.amazon-adsystem.com | tcp |
| GB | 104.78.175.230:443 | e4536.g.akamaiedge.net | tcp |
| US | 104.22.52.86:443 | cdn.id5-sync.com | tcp |
| GB | 104.78.175.230:443 | e4536.g.akamaiedge.net | tcp |
| US | 35.244.193.51:443 | lexicon.33across.com | tcp |
| DE | 162.19.138.117:443 | lb.eu-1-id5-sync.com | tcp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.net.akadns.net | tcp |
| DE | 37.252.171.53:443 | secure.adnxs.com | tcp |
| NL | 198.47.127.205:443 | pug-ams-bc.pubmnet.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid-lhrc.pubmnet.com | tcp |
| FR | 178.32.197.48:443 | prg.smartadserver.com | tcp |
| FR | 178.32.197.48:443 | prg.smartadserver.com | tcp |
| US | 69.166.1.32:443 | iad-2-apex.go.sonobi.com | tcp |
| DE | 3.120.207.148:443 | btlr-eu-central-1.sharethrough.com | tcp |
| DE | 3.120.207.148:443 | btlr-eu-central-1.sharethrough.com | tcp |
| DE | 3.120.207.148:443 | btlr-eu-central-1.sharethrough.com | tcp |
| DE | 3.120.207.148:443 | btlr-eu-central-1.sharethrough.com | tcp |
| FR | 185.255.84.150:443 | hb-api.omnitagjs.com | tcp |
| DE | 3.124.64.248:443 | eu-tlx.3lift.com | tcp |
| NL | 178.250.1.11:443 | gum.nl3.vip.prod.criteo.com | tcp |
| US | 8.8.8.8:53 | file.io | udp |
| US | 8.8.8.8:53 | pixel.quantcount.com | udp |
| US | 8.8.8.8:53 | pixel.quantserve.com | udp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| US | 8.8.8.8:53 | file.io | udp |
| DE | 91.228.74.244:443 | pixel.quantserve.com | tcp |
| CO | 172.217.173.35:443 | csi.gstatic.com | tcp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| US | 8.8.8.8:53 | 0459048d4cc096b831b624855fe18694.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| GB | 142.250.180.1:443 | 0459048d4cc096b831b624855fe18694.safeframe.googlesyndication.com | tcp |
| GB | 142.250.180.1:443 | 0459048d4cc096b831b624855fe18694.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 58.146.209.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.193.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.95.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.171.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.197.32.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.207.120.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.64.124.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.74.228.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.173.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tg1.aniview.com | udp |
| CO | 172.217.173.35:443 | csi.gstatic.com | udp |
| GB | 104.82.233.61:443 | tg1.aniview.com | tcp |
| US | 8.8.8.8:53 | e11385.dscd.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e11385.dscd.akamaiedge.net | udp |
| DE | 91.228.74.166:443 | pixel.quantserve.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | udp |
| US | 172.240.45.75:443 | track-sc-main-was.aniview.com | tcp |
| US | 8.8.8.8:53 | track-sc-main-was.aniview.com | udp |
| US | 8.8.8.8:53 | feed.avplayer.com | udp |
| US | 8.8.8.8:53 | player.avplayer.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.36:443 | www.google.com | udp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| GB | 2.22.249.147:443 | feed.avplayer.com | tcp |
| GB | 2.19.117.107:443 | player.avplayer.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | e16009.dscd.akamaiedge.net | udp |
| US | 8.8.8.8:53 | a1970.dscd.akamai.net | udp |
| US | 8.8.8.8:53 | a1970.dscd.akamai.net | udp |
| US | 8.8.8.8:53 | e16009.dscd.akamaiedge.net | udp |
| US | 172.240.45.75:443 | track-sc-main-was.aniview.com | udp |
| US | 8.8.8.8:53 | 36.200.250.142.in-addr.arpa | udp |
| GB | 2.19.117.107:443 | a1970.dscd.akamai.net | tcp |
| US | 8.8.8.8:53 | 147.249.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.aniview.com | udp |
| GB | 104.82.233.61:443 | play.aniview.com | tcp |
| US | 8.8.8.8:53 | content1.avplayer.com | udp |
| GB | 2.19.117.107:443 | content1.avplayer.com | tcp |
| US | 8.8.8.8:53 | player.aniview.com | udp |
| GB | 2.19.117.84:443 | player.aniview.com | udp |
| US | 8.8.8.8:53 | cdn1.vntsm.com | udp |
| DE | 138.199.37.227:443 | cdn1.vntsm.com | tcp |
| US | 8.8.8.8:53 | cdn1-vntsm.b-cdn.net | udp |
| US | 8.8.8.8:53 | cdn1-vntsm.b-cdn.net | udp |
| US | 8.8.8.8:53 | 227.37.199.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | track1.avplayer.com | udp |
| US | 8.8.8.8:53 | track-sc-main-was.avplayer.com | udp |
| US | 8.8.8.8:53 | track-sc-main-was.avplayer.com | udp |
| N/A | 127.0.0.1:50770 | tcp | |
| US | 45.55.107.24:443 | file.io | tcp |
| US | 8.8.8.8:53 | file.io | udp |
| US | 8.8.8.8:53 | www.file.io | udp |
| CZ | 65.9.95.21:443 | www.file.io | tcp |
| US | 8.8.8.8:53 | www.file.io | udp |
| US | 8.8.8.8:53 | www.file.io | udp |
| US | 8.8.8.8:53 | 21.95.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hb.vntsm.com | udp |
| GB | 79.127.237.132:443 | hb.vntsm.com | tcp |
| US | 8.8.8.8:53 | vmhb.b-cdn.net | udp |
| US | 104.22.46.142:443 | hb.vntsm.io.cdn.cloudflare.net | tcp |
| US | 8.8.8.8:53 | hb-vntsm-com.global.ssl.fastly.net | udp |
| US | 151.101.193.194:443 | hb-vntsm-com.global.ssl.fastly.net | tcp |
| US | 8.8.8.8:53 | hb-vntsm-com.global.ssl.fastly.net | udp |
| US | 8.8.8.8:53 | hb-vntsm-com.global.ssl.fastly.net | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| GB | 142.250.180.3:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | 194.193.101.151.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| GB | 142.250.180.3:443 | www.google.co.uk | udp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| GB | 216.58.204.66:443 | securepubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| CZ | 65.9.98.75:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | d1ykf07e75w7ss.cloudfront.net | udp |
| US | 8.8.8.8:53 | d1ykf07e75w7ss.cloudfront.net | udp |
| GB | 216.58.204.66:443 | securepubads.g.doubleclick.net | udp |
| N/A | 127.0.0.1:50776 | tcp | |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| DE | 23.55.161.185:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | 185.161.55.23.in-addr.arpa | udp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r4---sn-aigl6nsd.gvt1.com | udp |
| GB | 74.125.105.41:443 | r4---sn-aigl6nsd.gvt1.com | tcp |
| US | 8.8.8.8:53 | r4.sn-aigl6nsd.gvt1.com | udp |
| US | 8.8.8.8:53 | r4.sn-aigl6nsd.gvt1.com | udp |
| GB | 74.125.105.41:443 | r4.sn-aigl6nsd.gvt1.com | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.105.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | file.io | udp |
| US | 45.55.107.24:443 | file.io | tcp |
| CZ | 65.9.95.21:443 | www.file.io | tcp |
| US | 8.8.8.8:53 | www.file.io | udp |
| US | 8.8.8.8:53 | hb.vntsm.com | udp |
| US | 8.8.8.8:53 | vmhb.b-cdn.net | udp |
| GB | 79.127.237.132:443 | vmhb.b-cdn.net | tcp |
| GB | 79.127.237.132:443 | vmhb.b-cdn.net | tcp |
| US | 8.8.8.8:53 | hb.vntsm.io | udp |
| US | 8.8.8.8:53 | hb-vntsm-com.global.ssl.fastly.net | udp |
| US | 8.8.8.8:53 | vmhb.b-cdn.net | udp |
| US | 151.101.193.194:443 | hb-vntsm-com.global.ssl.fastly.net | tcp |
| US | 8.8.8.8:53 | hb-vntsm-com.global.ssl.fastly.net | udp |
| GB | 79.127.237.132:443 | vmhb.b-cdn.net | tcp |
| US | 8.8.8.8:53 | hb.vntsm.io.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | hb-vntsm-com.global.ssl.fastly.net | udp |
| US | 8.8.8.8:53 | hb.vntsm.io.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| GB | 216.58.204.66:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 45.55.107.24:443 | file.io | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| GB | 142.250.180.3:443 | www.google.co.uk | udp |
| GB | 172.217.169.78:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| GB | 172.217.169.78:443 | www3.l.google.com | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.69.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d1ykf07e75w7ss.cloudfront.net | udp |
| US | 8.8.8.8:53 | cdn.exelator.com | udp |
| US | 8.8.8.8:53 | p.cpx.to | udp |
| US | 8.8.8.8:53 | pub.doubleverify.com | udp |
| US | 8.8.8.8:53 | secure.quantserve.com | udp |
| US | 8.8.8.8:53 | cadmus.script.ac | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| CZ | 65.9.98.75:443 | d1ykf07e75w7ss.cloudfront.net | tcp |
| US | 8.8.8.8:53 | p.cpx.to | udp |
| CZ | 65.9.95.75:443 | cdn.exelator.com | tcp |
| US | 8.8.8.8:53 | dfh8hwrwbxm35.cloudfront.net | udp |
| US | 104.18.166.224:443 | pub.doubleverify.com | udp |
| US | 8.8.8.8:53 | pub.doubleverify.com.cdn.cloudflare.net | udp |
| DE | 37.252.171.53:443 | ib.adnxs.com | tcp |
| DE | 91.228.74.166:443 | secure.quantserve.com | tcp |
| US | 8.8.8.8:53 | p.cpx.to | udp |
| US | 34.95.69.49:443 | i.clean.gg | udp |
| US | 8.8.8.8:53 | dfh8hwrwbxm35.cloudfront.net | udp |
| US | 8.8.8.8:53 | rules.quantcount.com | udp |
| US | 8.8.8.8:53 | pub.doubleverify.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | cadmus.script.ac | udp |
| US | 8.8.8.8:53 | ib.anycast.adnxs.com | udp |
| CZ | 65.9.98.75:443 | d1ykf07e75w7ss.cloudfront.net | tcp |
| US | 34.95.69.49:443 | i.clean.gg | tcp |
| US | 8.8.8.8:53 | global.px.quantserve.com | udp |
| US | 8.8.8.8:53 | global.px.quantserve.com | udp |
| US | 8.8.8.8:53 | cadmus.script.ac | udp |
| US | 8.8.8.8:53 | ib.anycast.adnxs.com | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | i.clean.gg | udp |
| US | 8.8.8.8:53 | d2fashanjl7d9f.cloudfront.net | udp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | i.clean.gg | udp |
| CZ | 65.9.9.197:443 | aax.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | track.venatusmedia.com | udp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | d2fashanjl7d9f.cloudfront.net | udp |
| US | 8.8.8.8:53 | d1jvc9b8z3vcjs.cloudfront.net | udp |
| IE | 52.51.116.85:443 | track.venatusmedia.com | tcp |
| US | 8.8.8.8:53 | track.venatusmedia.com | udp |
| US | 8.8.8.8:53 | d1jvc9b8z3vcjs.cloudfront.net | udp |
| US | 34.120.111.33:443 | api.edkt.io | udp |
| US | 8.8.8.8:53 | cdn.edkt.io | udp |
| US | 8.8.8.8:53 | track.venatusmedia.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | lexicon.33across.com | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 104.18.166.224:443 | pub.doubleverify.com.cdn.cloudflare.net | udp |
| CZ | 65.9.95.126:443 | d2fashanjl7d9f.cloudfront.net | tcp |
| CZ | 65.9.95.29:443 | config.aps.amazon-adsystem.com | tcp |
| US | 35.244.193.51:443 | lexicon.33across.com | tcp |
| NL | 178.250.1.11:443 | gum.nl3.vip.prod.criteo.com | tcp |
| DE | 162.19.138.82:443 | id5-sync.com | tcp |
| US | 35.71.131.137:443 | match.adsrvr.org | tcp |
| NL | 178.250.1.11:443 | gum.nl3.vip.prod.criteo.com | tcp |
| US | 8.8.8.8:53 | pixel.quantserve.com | udp |
| DE | 91.228.74.244:443 | pixel.quantserve.com | tcp |
| US | 8.8.8.8:53 | secure.cdn.fastclick.net | udp |
| US | 8.8.8.8:53 | cdn.hadronid.net | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | e4536.g.akamaiedge.net | udp |
| US | 172.67.36.110:443 | cdn.hadronid.net | tcp |
| US | 8.8.8.8:53 | cdn.hadronid.net | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 35.244.193.51:443 | lexicon.33across.com | udp |
| US | 8.8.8.8:53 | 75.95.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.138.19.162.in-addr.arpa | udp |
| US | 34.120.111.33:443 | api.edkt.io | udp |
| US | 8.8.8.8:53 | e4536.g.akamaiedge.net | udp |
| US | 8.8.8.8:53 | cdn.hadronid.net | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | api.edkt.io | udp |
| US | 8.8.8.8:53 | nld-prebid.a-mx.net | udp |
| FR | 163.5.194.37:443 | nld-prebid.a-mx.net | tcp |
| US | 8.8.8.8:53 | prg.smartadserver.com | udp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| US | 8.8.8.8:53 | ex.ingage.tech | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | elb.the-ozone-project.com | udp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| US | 8.8.8.8:53 | nld-prebid.a-mx.net | udp |
| US | 172.67.23.234:443 | id.hadron.ad.gt | tcp |
| US | 8.8.8.8:53 | euw2.smartadserver.com | udp |
| US | 172.67.23.234:443 | id.hadron.ad.gt | tcp |
| US | 8.8.8.8:53 | id.hadron.ad.gt.cdn.cloudflare.net | udp |
| US | 172.64.146.150:443 | ex.ingage.tech | tcp |
| US | 172.64.146.150:443 | ex.ingage.tech | tcp |
| US | 8.8.8.8:53 | eu-tlx.3lift.com | udp |
| US | 172.64.153.66:443 | elb.the-ozone-project.com | tcp |
| US | 8.8.8.8:53 | euw2.smartadserver.com | udp |
| US | 8.8.8.8:53 | id.hadron.ad.gt.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | s.cpx.to | udp |
| US | 8.8.8.8:53 | eu-tlx.3lift.com | udp |
| US | 8.8.8.8:53 | hbopenbid-lhrc.pubmnet.com | udp |
| US | 8.8.8.8:53 | ex.ingage.tech | udp |
| IE | 52.51.93.160:443 | s.cpx.to | tcp |
| US | 8.8.8.8:53 | btlr-eu-central-1.sharethrough.com | udp |
| US | 8.8.8.8:53 | hbopenbid-lhrc.pubmnet.com | udp |
| US | 8.8.8.8:53 | ex.ingage.tech | udp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | btlr-eu-central-1.sharethrough.com | udp |
| US | 8.8.8.8:53 | onsite-tag-logs.apps.nielsen.com | udp |
| US | 8.8.8.8:53 | hb-api-fra02.omnitagjs.com | udp |
| US | 8.8.8.8:53 | elb.the-ozone-project.com | udp |
| US | 8.8.8.8:53 | s.cpx.to | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | elb.the-ozone-project.com | udp |
| US | 8.8.8.8:53 | s.cpx.to | udp |
| DE | 141.95.98.65:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | 5e0d9c2187133a7e1a30190d70516ad3.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | nmcapps-onsite-tag-external-alb-315845598.us-east-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | nmcapps-onsite-tag-external-alb-315845598.us-east-1.elb.amazonaws.com | udp |
| GB | 142.250.180.1:443 | 5e0d9c2187133a7e1a30190d70516ad3.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| GB | 142.250.180.1:443 | 5e0d9c2187133a7e1a30190d70516ad3.safeframe.googlesyndication.com | udp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.200.36:443 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 18.211.59.193:443 | nmcapps-onsite-tag-external-alb-315845598.us-east-1.elb.amazonaws.com | tcp |
| US | 8.8.8.8:53 | 150.146.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.36.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.98.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tg1.aniview.com | udp |
| GB | 104.82.233.61:443 | tg1.aniview.com | tcp |
| US | 8.8.8.8:53 | e11385.dscd.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e11385.dscd.akamaiedge.net | udp |
| US | 8.8.8.8:53 | track4.aniview.com | udp |
| US | 8.8.8.8:53 | feed.avplayer.com | udp |
| US | 8.8.8.8:53 | player.avplayer.com | udp |
| US | 8.8.8.8:53 | track-sc-main-was.aniview.com | udp |
| US | 172.240.45.75:443 | track4.aniview.com | tcp |
| GB | 2.22.249.147:443 | feed.avplayer.com | tcp |
| US | 8.8.8.8:53 | e16009.dscd.akamaiedge.net | udp |
| US | 8.8.8.8:53 | a1970.dscd.akamai.net | udp |
| GB | 2.19.117.107:443 | a1970.dscd.akamai.net | tcp |
| US | 8.8.8.8:53 | e16009.dscd.akamaiedge.net | udp |
| US | 8.8.8.8:53 | a1970.dscd.akamai.net | udp |
| US | 8.8.8.8:53 | cdn1.vntsm.com | udp |
| DE | 185.59.220.199:443 | cdn1.vntsm.com | tcp |
| US | 8.8.8.8:53 | cdn1-vntsm.b-cdn.net | udp |
| US | 8.8.8.8:53 | cdn1-vntsm.b-cdn.net | udp |
| US | 172.240.45.75:443 | track4.aniview.com | udp |
| US | 8.8.8.8:53 | play.aniview.com | udp |
| US | 8.8.8.8:53 | content1.avplayer.com | udp |
| GB | 2.19.117.84:443 | content1.avplayer.com | tcp |
| US | 8.8.8.8:53 | player.aniview.com | udp |
| GB | 2.19.117.84:443 | player.aniview.com | udp |
| US | 8.8.8.8:53 | www.file.io | udp |
| US | 8.8.8.8:53 | www.file.io | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | acdn.adnxs.com | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 8.8.8.8:53 | www.file.io | udp |
| GB | 23.219.196.188:443 | ads.pubmatic.com | tcp |
| US | 8.8.8.8:53 | e6603.g.akamaiedge.net | udp |
| US | 8.8.8.8:53 | eb2.3lift.com | udp |
| US | 8.8.8.8:53 | prod.appnexus.map.fastly.net | udp |
| US | 8.8.8.8:53 | visitor-fra02.omnitagjs.com | udp |
| US | 151.101.129.108:443 | prod.appnexus.map.fastly.net | tcp |
| FR | 185.255.84.152:443 | visitor-fra02.omnitagjs.com | tcp |
| US | 8.8.8.8:53 | e6603.g.akamaiedge.net | udp |
| US | 8.8.8.8:53 | visitor-fra02.omnitagjs.com | udp |
| US | 8.8.8.8:53 | prod.appnexus.map.fastly.net | udp |
| US | 13.248.245.213:443 | eb2.3lift.com | tcp |
| US | 8.8.8.8:53 | eu-eb2.3lift.com | udp |
| US | 8.8.8.8:53 | eu-eb2.3lift.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 108.129.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.196.219.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.245.248.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dis.criteo.com | udp |
| US | 8.8.8.8:53 | ib.anycast.adnxs.com | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | creativecdn.com | udp |
| US | 8.8.8.8:53 | api-2-0.spot.im | udp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| US | 8.8.8.8:53 | sync.richaudience.com | udp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| US | 44.214.164.136:443 | api-2-0.spot.im | tcp |
| US | 8.8.8.8:53 | b1sync.zemanta.com | udp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| US | 8.8.8.8:53 | jadserve.postrelease.com | udp |
| US | 8.8.8.8:53 | tracker.open-adsyield.com | udp |
| US | 8.8.8.8:53 | rtb.mfadsrvr.com | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| US | 8.8.8.8:53 | bttrack.com | udp |
| DE | 37.252.171.53:443 | ib.anycast.adnxs.com | tcp |
| DE | 37.252.171.53:443 | ib.anycast.adnxs.com | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| NL | 35.214.136.108:443 | x.bidswitch.net | tcp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| DE | 148.251.20.249:443 | sync.richaudience.com | tcp |
| IE | 34.253.109.63:443 | match.prod.bidr.io | tcp |
| US | 35.71.131.137:443 | match.adsrvr.org | tcp |
| GB | 185.64.191.214:443 | image8.pubmatic.com | tcp |
| US | 50.31.142.31:443 | b1sync.zemanta.com | tcp |
| US | 8.8.8.8:53 | eu-west-1-cs-rtb.openwebmp.com | udp |
| US | 8.8.8.8:53 | gum.aidemsrv.com | udp |
| US | 8.8.8.8:53 | cs-server-s2s.yellowblue.io | udp |
| US | 8.8.8.8:53 | ssc-cms.33across.com | udp |
| US | 50.31.142.31:443 | b1sync.zemanta.com | tcp |
| US | 8.8.8.8:53 | secure-assets.rubiconproject.com | udp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| US | 8.8.8.8:53 | widget.nl3.vip.prod.criteo.com | udp |
| US | 172.111.38.86:443 | tracker.open-adsyield.com | tcp |
| US | 54.157.243.69:443 | sync.srv.stackadapt.com | tcp |
| IE | 34.251.85.66:443 | jadserve.postrelease.com | tcp |
| US | 67.202.105.24:443 | ssc-cms.33across.com | tcp |
| NL | 35.214.199.88:443 | rtb.mfadsrvr.com | tcp |
| IE | 52.50.94.78:443 | ap.lijit.com | tcp |
| US | 35.244.174.68:443 | id.rlcdn.com | tcp |
| US | 192.132.33.69:443 | bttrack.com | tcp |
| US | 8.8.8.8:53 | creativecdn.com | udp |
| US | 8.8.8.8:53 | widget.nl3.vip.prod.criteo.com | udp |
| US | 104.18.7.198:443 | gum.aidemsrv.com | tcp |
| GB | 23.215.239.190:443 | secure-assets.rubiconproject.com | tcp |
| NL | 89.149.193.84:443 | ssbsync.smartadserver.com | tcp |
| CZ | 65.9.95.36:443 | eu-west-1-cs-rtb.openwebmp.com | tcp |
| DE | 51.89.9.254:443 | onetag-sys.com | tcp |
| US | 54.147.159.241:443 | cs-server-s2s.yellowblue.io | tcp |
| US | 8.8.8.8:53 | creativecdn.com | udp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| US | 8.8.8.8:53 | k8s-kongow-generalp-4b9a3bfec6-974801183.us-east-1.elb.amazonaws.com | udp |
| NL | 35.214.136.108:443 | x.bidswitch.net | udp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| US | 8.8.8.8:53 | sync.richaudience.com | udp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| NL | 35.214.199.88:443 | rtb.mfadsrvr.com | udp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| US | 35.244.174.68:443 | id.rlcdn.com | udp |
| US | 8.8.8.8:53 | user-data-eu.bidswitch.net | udp |
| US | 8.8.8.8:53 | sync.richaudience.com | udp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| US | 8.8.8.8:53 | 136.164.214.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.191.64.185.in-addr.arpa | udp |
| GB | 2.17.5.216:443 | eus.rubiconproject.com | tcp |
| US | 104.18.7.198:443 | gum.aidemsrv.com | udp |
| DE | 51.89.9.254:443 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | 9.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.136.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.20.251.148.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.109.253.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.85.251.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.174.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.199.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.94.50.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.243.157.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.33.132.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.105.202.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.239.215.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.7.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.193.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.9.89.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.95.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.159.147.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | user-data-eu.bidswitch.net | udp |
| US | 8.8.8.8:53 | imagsync-lhrpairbc.pubmatic.com | udp |
| US | 8.8.8.8:53 | chidc2.outbrain.org | udp |
| US | 8.8.8.8:53 | imagsync-lhrpairbc.pubmatic.com | udp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| US | 8.8.8.8:53 | qvdt3feo.com | udp |
| US | 8.8.8.8:53 | dorpat.geo.iponweb.net | udp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| US | 34.200.40.250:443 | qvdt3feo.com | tcp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| US | 8.8.8.8:53 | jadserve.postrelease.com.akadns.net | udp |
| US | 8.8.8.8:53 | dorpat.geo.iponweb.net | udp |
| US | 8.8.8.8:53 | blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | bttrack.com | udp |
| US | 8.8.8.8:53 | jadserve.postrelease.com.akadns.net | udp |
| US | 8.8.8.8:53 | track1.avplayer.com | udp |
| US | 8.8.8.8:53 | blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | bttrack.com | udp |
| US | 8.8.8.8:53 | tracker-use.ortb.net | udp |
| US | 172.240.45.76:443 | track1.avplayer.com | tcp |
| US | 8.8.8.8:53 | pixel.33across.com | udp |
| US | 8.8.8.8:53 | gum.aidemsrv.com | udp |
| US | 8.8.8.8:53 | tracker-use.ortb.net | udp |
| US | 8.8.8.8:53 | gum.aidemsrv.com | udp |
| US | 8.8.8.8:53 | e8960.e2.akamaiedge.net | udp |
| US | 8.8.8.8:53 | ssbsync-euw1.smartadserver.com | udp |
| US | 8.8.8.8:53 | dckrl2e5yf7xg.cloudfront.net | udp |
| US | 8.8.8.8:53 | e8960.e2.akamaiedge.net | udp |
| US | 8.8.8.8:53 | ssbsync-euw1.smartadserver.com | udp |
| US | 8.8.8.8:53 | dckrl2e5yf7xg.cloudfront.net | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | cs-server-s2s.yellowblue.io | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | e8960.b.akamaiedge.net | udp |
| US | 8.8.8.8:53 | cs-server-s2s.yellowblue.io | udp |
| US | 8.8.8.8:53 | qvdt3feo.com | udp |
| US | 8.8.8.8:53 | e8960.b.akamaiedge.net | udp |
| US | 8.8.8.8:53 | track-sc-main-was.avplayer.com | udp |
| US | 8.8.8.8:53 | qvdt3feo.com | udp |
| US | 172.240.45.76:443 | track1.avplayer.com | udp |
| US | 8.8.8.8:53 | 216.5.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.40.200.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.45.240.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sync.aniview.com | udp |
| US | 172.240.45.96:443 | sync.aniview.com | tcp |
| US | 8.8.8.8:53 | sync-sc-main-was.aniview.com | udp |
| US | 8.8.8.8:53 | sync-sc-main-was.aniview.com | udp |
| US | 8.8.8.8:53 | support.mozilla.org | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | pixel-sync.sitescout.com | udp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| US | 8.8.8.8:53 | pixel-sync.sitescout.com | udp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | 96.45.240.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.216.36.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| NL | 69.173.156.148:443 | token.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | pixel.rubiconproject.net.akadns.net | udp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.net.akadns.net | tcp |
| US | 8.8.8.8:53 | pixel.rubiconproject.net.akadns.net | udp |
| US | 8.8.8.8:53 | btlr-eu-central-1.sharethrough.com | udp |
| US | 8.8.8.8:53 | eu-tlx.3lift.com | udp |
| US | 8.8.8.8:53 | btlr-eu-central-1.sharethrough.com | udp |
| US | 8.8.8.8:53 | eu-tlx.3lift.com | udp |
| DE | 18.153.93.230:443 | btlr.sharethrough.com | tcp |
| DE | 18.153.93.230:443 | btlr.sharethrough.com | tcp |
| DE | 3.124.64.248:443 | eu-tlx.3lift.com | tcp |
| FR | 217.182.178.224:443 | euw2.smartadserver.com | tcp |
| DE | 37.252.171.53:443 | ib.anycast.adnxs.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid-lhrc.pubmnet.com | tcp |
| GB | 216.58.204.66:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | track.venatusmedia.com | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| GB | 142.250.200.33:443 | cdn.ampproject.org | tcp |
| GB | 142.250.200.33:443 | cdn.ampproject.org | tcp |
| GB | 142.250.200.33:443 | cdn.ampproject.org | tcp |
| GB | 142.250.200.33:443 | cdn.ampproject.org | tcp |
| US | 8.8.8.8:53 | cdn-content.ampproject.org | udp |
| GB | 142.250.200.33:443 | cdn-content.ampproject.org | tcp |
| US | 8.8.8.8:53 | cdn-content.ampproject.org | udp |
| US | 8.8.8.8:53 | 230.93.153.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.178.182.217.in-addr.arpa | udp |
| GB | 142.250.200.33:443 | cdn-content.ampproject.org | udp |
| US | 69.166.1.32:443 | iad-2-apex.go.sonobi.com | tcp |
| GB | 142.250.200.36:443 | www.google.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 33.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| DE | 37.252.171.53:443 | ib.anycast.adnxs.com | tcp |
| US | 8.8.8.8:53 | eu-tlx.3lift.com | udp |
| DE | 18.153.93.230:443 | btlr.sharethrough.com | tcp |
| FR | 217.182.178.224:443 | euw2.smartadserver.com | tcp |
| US | 8.8.8.8:53 | eu-tlx.3lift.com | udp |
| US | 69.166.1.32:443 | iad-2-apex.go.sonobi.com | tcp |
| US | 8.8.8.8:53 | www.file.io | udp |
| US | 8.8.8.8:53 | www.file.io | udp |
| US | 8.8.8.8:53 | www.file.io | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | d1jvc9b8z3vcjs.cloudfront.net | udp |
| US | 8.8.8.8:53 | d1jvc9b8z3vcjs.cloudfront.net | udp |
| US | 172.240.45.75:443 | track4.aniview.com | tcp |
| US | 8.8.8.8:53 | go1.aniview.com | udp |
| US | 8.8.8.8:53 | content1.avplayer.com | udp |
| US | 172.240.45.81:443 | go1.aniview.com | tcp |
| US | 8.8.8.8:53 | go1-sc-main-was.aniview.com | udp |
| US | 8.8.8.8:53 | go1-sc-main-was.aniview.com | udp |
| DE | 37.252.171.53:443 | ib.anycast.adnxs.com | tcp |
| DE | 18.153.93.230:443 | btlr.sharethrough.com | tcp |
| FR | 217.182.178.224:443 | euw2.smartadserver.com | tcp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| US | 8.8.8.8:53 | a1970.dscd.akamai.net | udp |
| US | 8.8.8.8:53 | eu-tlx.3lift.com | udp |
| US | 8.8.8.8:53 | eu-tlx.3lift.com | udp |
| US | 172.240.45.81:443 | go1-sc-main-was.aniview.com | udp |
| NL | 89.149.193.84:443 | ssbsync-euw1.smartadserver.com | tcp |
| US | 8.8.8.8:53 | ads.stickyadstv.com | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | secure-assets.rubiconproject.com | udp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| DE | 51.89.9.254:443 | onetag-sys.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| FR | 154.54.250.81:443 | ads.stickyadstv.com | tcp |
| FR | 154.54.250.81:443 | ads.stickyadstv.com | tcp |
| US | 8.8.8.8:53 | user-data-eu.bidswitch.net | udp |
| US | 8.8.8.8:53 | u.openx.net | udp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| US | 8.8.8.8:53 | e8960.e2.akamaiedge.net | udp |
| US | 8.8.8.8:53 | match.sharethrough.com | udp |
| US | 8.8.8.8:53 | assets.a-mo.net | udp |
| DE | 18.195.234.25:443 | match.sharethrough.com | tcp |
| US | 34.98.64.218:443 | u.openx.net | tcp |
| US | 8.8.8.8:53 | e6603.g.akamaiedge.net | udp |
| US | 8.8.8.8:53 | user-data-eu.bidswitch.net | udp |
| US | 8.8.8.8:53 | 81.45.240.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | e8960.e2.akamaiedge.net | udp |
| US | 8.2.110.134:443 | cs.krushmedia.com | tcp |
| US | 34.98.64.218:443 | u.openx.net | udp |
| US | 8.8.8.8:53 | pixel-eu.rubiconproject.com | udp |
| US | 104.19.158.19:443 | assets.a-mo.net | tcp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| US | 8.8.8.8:53 | cs.admanmedia.com | udp |
| US | 8.8.8.8:53 | t.adx.opera.com | udp |
| US | 8.8.8.8:53 | ssbsync-global.smartadserver.com | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | eu-west-dual.ads.stickyadstv.com.akadns.net | udp |
| US | 8.8.8.8:53 | blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com | udp |
| DE | 18.195.234.25:443 | match.sharethrough.com | tcp |
| DE | 162.19.138.82:443 | lb.eu-1-id5-sync.com | tcp |
| NL | 178.250.1.9:443 | widget.nl3.vip.prod.criteo.com | tcp |
| US | 8.8.8.8:53 | eu-west-dual.ads.stickyadstv.com.akadns.net | udp |
| US | 8.8.8.8:53 | blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | match-eu-central-1-ecs.sharethrough.com | udp |
| US | 80.77.87.162:443 | cs.admanmedia.com | tcp |
| US | 8.8.8.8:53 | match-eu-central-1-ecs.sharethrough.com | udp |
| US | 8.8.8.8:53 | e8960.b.akamaiedge.net | udp |
| US | 8.8.8.8:53 | u.openx.net | udp |
| US | 8.8.8.8:53 | cs.krushmedia.com | udp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | id.a-mx.com | udp |
| US | 8.8.8.8:53 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | cm.adform.net | udp |
| US | 8.8.8.8:53 | ssum.casalemedia.com | udp |
| US | 8.8.8.8:53 | cs.krushmedia.com | udp |
| US | 8.8.8.8:53 | u.openx.net | udp |
| US | 8.8.8.8:53 | e8960.b.akamaiedge.net | udp |
| NL | 69.173.156.149:443 | pixel.rubiconproject.com | tcp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| GB | 216.58.201.98:443 | cm.g.doubleclick.net | udp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| FR | 51.178.195.213:443 | ssbsync-global.smartadserver.com | tcp |
| US | 8.8.8.8:53 | player.aniview.com | udp |
| US | 8.8.8.8:53 | s2s.aniview.com | udp |
| US | 8.8.8.8:53 | optimized-by.rubiconproject.com | udp |
| NL | 79.127.227.46:443 | id.a-mx.com | tcp |
| US | 8.8.8.8:53 | assets.a-mo.net.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | pixel.rubiconproject.net.akadns.net | udp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | tcp |
| DK | 37.157.6.237:443 | cm.adform.net | tcp |
| FR | 51.178.195.213:443 | ssbsync-global.smartadserver.com | tcp |
| GB | 216.58.201.98:443 | cm.g.doubleclick.net | tcp |
| GB | 216.58.201.98:443 | cm.g.doubleclick.net | tcp |
| US | 104.18.36.155:443 | ssum.casalemedia.com | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | udp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | assets.a-mo.net.cdn.cloudflare.net | udp |
| DE | 3.127.90.72:443 | optimized-by.rubiconproject.com | tcp |
| US | 172.240.45.70:443 | s2s.aniview.com | tcp |
| US | 8.8.8.8:53 | ssbsync-euw2.smartadserver.com | udp |
| US | 98.82.158.241:443 | s.amazon-adsystem.com | tcp |
| US | 104.18.36.155:443 | ssum.casalemedia.com | udp |
| GB | 2.19.117.84:443 | player.aniview.com | udp |
| GB | 2.19.117.84:443 | player.aniview.com | tcp |
| GB | 2.19.117.84:443 | player.aniview.com | tcp |
| GB | 2.19.117.84:443 | player.aniview.com | tcp |
| GB | 2.19.117.84:443 | player.aniview.com | tcp |
| US | 8.8.8.8:53 | 81.250.54.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.64.98.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.110.2.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.158.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.87.77.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sync.a-mo.net | udp |
| US | 8.8.8.8:53 | pixel-eu.rubiconproject.net.akadns.net | udp |
| US | 8.8.8.8:53 | pixel-eu.rubiconproject.net.akadns.net | udp |
| FR | 163.5.194.30:443 | sync.a-mo.net | tcp |
| FR | 163.5.194.30:443 | sync.a-mo.net | tcp |
| US | 8.8.8.8:53 | pr-bh.ybp.yahoo.com | udp |
| NL | 69.173.156.148:443 | pixel-eu.rubiconproject.net.akadns.net | tcp |
| DE | 3.127.90.72:443 | optimized-by.rubiconproject.com | tcp |
| US | 172.240.45.70:443 | s2s.aniview.com | tcp |
| US | 98.82.158.241:443 | s.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | outspot2-ams.adx.opera.com | udp |
| US | 8.8.8.8:53 | sync.a-mo.net | udp |
| IE | 34.249.222.253:443 | pr-bh.ybp.yahoo.com | tcp |
| FR | 163.5.194.34:443 | sync.a-mo.net | tcp |
| US | 8.8.8.8:53 | outspot2-ams.adx.opera.com | udp |
| US | 8.8.8.8:53 | 8.213.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.195.178.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.227.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.252.227.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.6.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.36.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.194.5.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.90.127.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.222.249.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.45.240.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.158.82.98.in-addr.arpa | udp |
| FR | 163.5.194.34:443 | sync.a-mo.net | tcp |
| US | 8.8.8.8:53 | cs.admanmedia.com | udp |
| US | 8.8.8.8:53 | ssbsync-euw2.smartadserver.com | udp |
| US | 8.8.8.8:53 | cs.admanmedia.com | udp |
| US | 8.8.8.8:53 | track-eu.adformnet.akadns.net | udp |
| US | 8.8.8.8:53 | ssum.casalemedia.com | udp |
| US | 8.8.8.8:53 | track-eu.adformnet.akadns.net | udp |
| US | 8.8.8.8:53 | ssum.casalemedia.com | udp |
| US | 8.8.8.8:53 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | id.a-mx.com | udp |
| US | 8.8.8.8:53 | rtb.openx.net | udp |
| FR | 163.5.194.34:443 | sync.a-mo.net | tcp |
| US | 8.8.8.8:53 | videoproxyservervip-2125505963.eu-central-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | id.a-mx.com | udp |
| US | 8.8.8.8:53 | videoproxyservervip-2125505963.eu-central-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | s2s-sc-main-was.aniview.com | udp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| US | 172.240.45.70:443 | s2s-sc-main-was.aniview.com | udp |
| US | 8.8.8.8:53 | s2s-sc-main-was.aniview.com | udp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | 34.194.5.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nld-prebid.a-mx.net | udp |
| US | 8.8.8.8:53 | ds-pr-bh.ybp.gysm.yahoodns.net | udp |
| US | 8.8.8.8:53 | ds-pr-bh.ybp.gysm.yahoodns.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| GB | 216.58.204.66:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 25.234.195.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prebid.adnxs.com | udp |
| US | 8.8.8.8:53 | ow.pubmatic.com | udp |
| NL | 185.89.208.11:443 | prebid.adnxs.com | tcp |
| GB | 185.64.190.84:443 | ow.pubmatic.com | tcp |
| US | 8.8.8.8:53 | ow-lhrc.pubmnet.com | udp |
| US | 8.8.8.8:53 | ow-lhrc.pubmnet.com | udp |
| US | 8.8.8.8:53 | xandr-prebid.trafficmanager.net | udp |
| US | 8.8.8.8:53 | 84.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.208.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | targeting.unrulymedia.com | udp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| US | 8.8.8.8:53 | tag.1rx.io | udp |
| US | 8.8.8.8:53 | tag.1rx.io | udp |
| NL | 46.228.174.115:443 | tag.1rx.io | tcp |
| US | 8.8.8.8:53 | prebid-server.rubiconproject.com | udp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| NL | 69.173.156.150:443 | prebid-server.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | prebid-server-perf-eu.rubiconproject.net.akadns.net | udp |
| CZ | 65.9.95.37:443 | hb.yellowblue.io | tcp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| US | 8.8.8.8:53 | prebid-server-perf-eu.rubiconproject.net.akadns.net | udp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| US | 8.8.8.8:53 | 157.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.95.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6898ef8f9599ddd9f3e1c4e7e2306b03.safeframe.googlesyndication.com | udp |
| GB | 142.250.180.1:443 | 6898ef8f9599ddd9f3e1c4e7e2306b03.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | pagead-googlehosted.l.google.com | udp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | pagead-googlehosted.l.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.36:443 | www.google.com | udp |
| GB | 142.250.180.1:443 | pagead-googlehosted.l.google.com | udp |
| US | 8.8.8.8:53 | imasdk.googleapis.com | udp |
| GB | 172.217.169.74:443 | imasdk.googleapis.com | tcp |
| US | 8.8.8.8:53 | imasdk.googleapis.com | udp |
| GB | 172.217.169.74:443 | imasdk.googleapis.com | tcp |
| US | 8.8.8.8:53 | imasdk.googleapis.com | udp |
| GB | 172.217.169.74:443 | imasdk.googleapis.com | udp |
| US | 8.8.8.8:53 | 234.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| GB | 216.58.201.102:443 | s0.2mdn.net | tcp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| GB | 216.58.201.102:443 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | 102.201.58.216.in-addr.arpa | udp |
| US | 69.166.1.32:443 | iad-2-apex.go.sonobi.com | tcp |
| DE | 37.252.171.53:443 | ib.anycast.adnxs.com | tcp |
| FR | 217.182.178.224:443 | euw2.smartadserver.com | tcp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| FR | 163.5.194.32:443 | prebid.a-mo.net | tcp |
| US | 8.8.8.8:53 | 32.194.5.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | equativ-match.dotomi.com | udp |
| US | 8.8.8.8:53 | bh.contextweb.com | udp |
| US | 8.8.8.8:53 | rtb-csync.smartadserver.com | udp |
| US | 8.8.8.8:53 | image6.pubmatic.com | udp |
| NL | 63.215.202.137:443 | equativ-match.dotomi.com | tcp |
| US | 8.8.8.8:53 | bfp.global.dual.dotomi.weighted.com.akadns.net | udp |
| NL | 198.47.127.19:443 | image6.pubmatic.com | tcp |
| NL | 81.17.55.97:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | pugm-amsfpairbc.pubmnet.com | udp |
| NL | 81.17.55.97:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | rtb-csync-euw1.smartadserver.com | udp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| US | 8.8.8.8:53 | pugm-amsfpairbc.pubmnet.com | udp |
| US | 8.8.8.8:53 | rtb-csync-euw1.smartadserver.com | udp |
| US | 8.8.8.8:53 | bfp.global.dual.dotomi.weighted.com.akadns.net | udp |
| US | 8.8.8.8:53 | am1-direct-bgp.contextweb.com | udp |
| US | 8.8.8.8:53 | wt.rqtrk.eu | udp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | wt.rqtrk.eu | udp |
| DE | 57.129.18.113:443 | wt.rqtrk.eu | tcp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | wt.rqtrk.eu | udp |
| US | 8.8.8.8:53 | 19.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.169.93.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.55.17.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | file.io | udp |
| US | 45.55.107.24:443 | file.io | tcp |
| US | 8.8.8.8:53 | file.io | udp |
| US | 8.8.8.8:53 | www.file.io | udp |
| US | 8.8.8.8:53 | www.file.io | udp |
| CZ | 65.9.95.24:443 | www.file.io | tcp |
| US | 8.8.8.8:53 | hb.vntsm.com | udp |
| US | 8.8.8.8:53 | vmhb.b-cdn.net | udp |
| GB | 143.244.38.136:443 | vmhb.b-cdn.net | tcp |
| US | 8.8.8.8:53 | vmhb.b-cdn.net | udp |
| US | 8.8.8.8:53 | hb.vntsm.io | udp |
| US | 8.8.8.8:53 | hb-vntsm-com.global.ssl.fastly.net | udp |
| US | 8.8.8.8:53 | hb-vntsm-com.global.ssl.fastly.net | udp |
| US | 151.101.193.194:443 | hb-vntsm-com.global.ssl.fastly.net | tcp |
| US | 104.22.47.142:443 | hb.vntsm.io | tcp |
| US | 8.8.8.8:53 | hb-vntsm-com.global.ssl.fastly.net | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 142.250.180.3:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| GB | 142.250.180.3:443 | www.google.co.uk | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| GB | 216.58.204.66:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | d1ykf07e75w7ss.cloudfront.net | udp |
| CZ | 65.9.98.75:443 | d1ykf07e75w7ss.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 142.47.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content1.avplayer.com | udp |
| US | 8.8.8.8:53 | a1970.dscd.akamai.net | udp |
| GB | 2.19.117.84:443 | a1970.dscd.akamai.net | tcp |
| US | 8.8.8.8:53 | a1970.dscd.akamai.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | content1.avplayer.com | udp |
| US | 8.8.8.8:53 | a1970.dscd.akamai.net | udp |
| GB | 2.19.117.84:443 | a1970.dscd.akamai.net | tcp |
| US | 8.8.8.8:53 | a1970.dscd.akamai.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | content1.avplayer.com | udp |
| US | 8.8.8.8:53 | a1970.dscd.akamai.net | udp |
| GB | 2.19.117.84:443 | a1970.dscd.akamai.net | tcp |
| US | 8.8.8.8:53 | a1970.dscd.akamai.net | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 216.72.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content1.avplayer.com | udp |
| US | 8.8.8.8:53 | a1970.dscd.akamai.net | udp |
| GB | 2.19.117.84:443 | a1970.dscd.akamai.net | tcp |
| US | 8.8.8.8:53 | a1970.dscd.akamai.net | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\0ffac2b6-b6bd-46da-b8cd-eda9e8fc1b8f
| MD5 | 331797bdc948c085ce32d9e0d07cd825 |
| SHA1 | 58dab2f93458a260e75229a0f64b3d2cb47452ed |
| SHA256 | 1d7c5f952c5c40f7d84dd571c60e01c6504358eac3046ba07852aac81453a2d5 |
| SHA512 | 3688236787acd0995a43fc6bba5899d388966b6dd4101361a09a5bcbd67c4044175517020be95c602cd1868d13d2f55629e9bfe5a3873949b507c4b5a46ef0c8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\c3502d9e-7542-49da-b0b6-27503800d6ca
| MD5 | bff400581458b1b429a3e4e61135b3b1 |
| SHA1 | ce30c6c5335c9198e57cc203068c54dba0a9b356 |
| SHA256 | 81324a10a5db23d33b4052e0c7e675979892da799b3b3b9e148e246102b42f6f |
| SHA512 | 1c3eb6c0e2b6479471116c8fcd0ecc73c8da00d34ab49e98efbee2c1327624efad638c54564043f7257cce40f5938575f8e273ecbcf489fd686d3f01a629ff29 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 3175171efe61fe3fc3c5a182c8c12f1c |
| SHA1 | 581b1cdf05f76657dc66ef4024aee549384f54d4 |
| SHA256 | 0ee9b79bc59f7f90b97aa76316386f8e3d394abb1848497d6e7f7210aed08945 |
| SHA512 | 01575ff9921b75ccdae5d707bf008665ff0c6c93645f9ec6e35504f527cab861190dbe70a6cb310339cde5cc4d480f31cb7f3c7bfd271e672f229f6af587d0c5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | e7d901ad03d22078f4c42ecc83c3bd45 |
| SHA1 | 13ffe2ced2026e6b99c39a96d006c7832a72ba17 |
| SHA256 | fddee54013f830a84e74dce5679f6e4c3c71b4c5c51ecdf58bcef7e27eba4f17 |
| SHA512 | 8e7373116183db845f03c74e28effbe85b53c6c109f0a1a867fc4daa2944c099846644c5b6ecfa6408091d097a08b3f1b8cedcbeffbdcfaa14147f6b76663ec9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js
| MD5 | c989e59d272bed28f687a382edfe24e4 |
| SHA1 | e254084ca5667bef3f83a9b90a368c403eae1aca |
| SHA256 | 53df4b0ca2bbd6baf301d70e5be6c2dd4201cbe16f98aaeaeae775c5ceeec949 |
| SHA512 | fcc885d9101f4d5a0f1e1eb87727a4c6b49875ad0caf98ce75529550624db7c52d4c8f9f13ab696f81076145d21b33a1988b588e02714d693456074f75322c3c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
| MD5 | cc32d054e712504a857196bf907091a3 |
| SHA1 | 8a984bd371a5634b42a396f021b293414ac5519a |
| SHA256 | 357212ff8c07dd8db8d87881e595bc9ffc9739df0b9a10b2187ada7cbf94d00c |
| SHA512 | d2f0470aae9d88ae18827e7c2497291939cd790f5f1aaab90b5a0efe0e11245e0f633b5e12bb77eb922be00100c493e9f17a18d8eac3902be46877b2ad0f3849 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 006bbd1acdddcdf23af44fda7eca74d5 |
| SHA1 | 78b775fd8021497ea8741a6e5ff2f0b4a2691ef3 |
| SHA256 | 63888802a012f3a17369ff0e2d0943b258d58d45ae12e9ecc2de650b66ff9bff |
| SHA512 | a9d4f6de0fc4aef29b7b76bdfd881bc96405f34beee4b51ae290fa658ebd35fefcf67003f28e7454bde1f99b9c108762c21baeaa30b776d8763671077a5ce9da |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\21688
| MD5 | 71bd14d34dc361c8656b82c3b92853be |
| SHA1 | 1028da4fba2ce60982cae69e1c488d21f3ac520e |
| SHA256 | 624d270d448af14abdb5e5f39f90be23931c7c45e7e765bc3eda462232b1b1d5 |
| SHA512 | 2d79e794d65d0bc7f3810b22fad32a1531f78b4d736ea14188b229d2b3d49bc5c170d7a45477910c96d5a02abaa2de3fdf1e8e737ba9da17434634894a49c335 |
C:\Users\Admin\Downloads\GhostEyeWorm.JYEEXGm6.zip.part
| MD5 | c98130b77eb64a0eeffe1e2e3088892d |
| SHA1 | edbb07ce7cdf26c23db6da44cd730f1c72855c50 |
| SHA256 | 04148d67f85f70a8b2c3c531b54950c1f00dbcebf3ee4c7760e04b31d1ecb5d2 |
| SHA512 | 120d7de0e71ebe4891a4d014a770907ffe1d34a2c05e10fea44f677681e709184c36d97292476367177020526c8707efee02499213b3010e72c1c11f296b585d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore.jsonlz4
| MD5 | 97493df3b87817c4bfb28cf8f0011726 |
| SHA1 | 8702a609f3ea4de8223fc9a684b67ef73b450497 |
| SHA256 | bf684cbf0893b3bf7662695fe58fc516a91ea990677c53f758ee6c0513ccc3bd |
| SHA512 | e00bda6e07f1a3bcb80603aa8da1c163aacd3d9e1bc20e207ced3b22669fa4a14e6a69f3bcf42cee9a9d409b2f89a9c374ceaec2a651747d35ebdbbafb697084 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
| MD5 | 1da49226eaf7151129ed658d3b1e10f8 |
| SHA1 | 3c3a578f2a2d60deeda4babccf36a5d84d0b986a |
| SHA256 | 403affcfcf4df4f72d58d3f45b7d0691abef8708882201773e8f9f65b25ff3c5 |
| SHA512 | 58229757ccbe84bb8b0021f1529b76ccb42753590ff5aee0eba53c2687bc27204bc1c48d532757d176db483afa238c268f38bea4297d8dd86e822cab5d636e8a |
C:\Users\Admin\Desktop\GhostEyeWorm\GhostEyeWorm.exe
| MD5 | e36c8c6d6a9f1df626db78481258597c |
| SHA1 | 574af51bd4f9c242cebbf1626234309489260290 |
| SHA256 | 837ebab1fad28d2abf5aa873999ce6c8b55d70f99f18f8bebeea5478ee677df8 |
| SHA512 | 96ed6a1a134907290ba91efe861855608fe82132233d12cdd09b7bb63447dd6ae8eed86c4845231226479b0c33fe66195a61a0cb1018a1bfa89c7fda730edad5 |
memory/4664-425-0x0000000000850000-0x000000000096C000-memory.dmp
memory/4664-426-0x000000001B430000-0x000000001B4F2000-memory.dmp
C:\Users\Admin\Desktop\GhostEyeWorm\33
| MD5 | ed8bf55cfce5f58d887523daeed9544c |
| SHA1 | 20bc855d5991965ca821c0af512115c8d230fbc1 |
| SHA256 | 42b71241c2eaae200ec275db63da65d6c98db58c9e63b9150e0f52e08834ca3d |
| SHA512 | 2077b2ea7fef5c02405f8749e8d4a4e997ff3d977e190267100e1ba09ae376be76835725b551ca037a4c2b4fd259474cb9c7e31cf48eaccfb80dd5a7e5eca850 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_1D3FEAC48A65656E96E3BD618D58D1B0
| MD5 | f2435f0dcde0f4a225fc8942d342d812 |
| SHA1 | 5947589f49473483a5eca506fbdeac2018df7305 |
| SHA256 | 792ee5c5b9b5d509de298aa690417c25c0ca143040dabad48f91cb1350706161 |
| SHA512 | cfef70bf9211cd55c68ffd30294d8b237e177efa16ddf20b73df91a21d62c201251f6cac984b0ab1f730c138ce692deae5d881bea4e2cf3e483f9b426e153057 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_1D3FEAC48A65656E96E3BD618D58D1B0
| MD5 | e80c98f1c8006619e9549240076797bb |
| SHA1 | 3d936cbd5f29204a72e5b57b06ecdd7d873fedf8 |
| SHA256 | 3d19e5dc2a085e96293233a771a387a726ff483f9b18e88053210f37bf0d195a |
| SHA512 | 4870960f771fb486153de5b51a2133d7b5de8511b69092dcefbbab701fb3d975ff3452f29f6161c9f10a57940b3cdb366af29386d20a7e266122346aba95438a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB
| MD5 | dc5241fe685e093263f44de9ad416b62 |
| SHA1 | ef2be338c719f3d13037952928e49fc49f4bdc33 |
| SHA256 | 7d58f67d5e6df8482bf76f8e31de9801ad369ab6fb8baef6dee589703ab462f3 |
| SHA512 | b244739b386cc84685d2c4c9c18d2f06905954067220824c154da0e674cc48539748b7cbac00cacca5151447b0cf7e5bc306dffc3f10631f13df224727d46e23 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB
| MD5 | 889ff3c049a7b96702c129a605b529fb |
| SHA1 | 4d1792704b8e4e2177584d8971811abea3eb8fed |
| SHA256 | 84c6cd256d2b75ccd8f7f6bf8147d9c963765a372d5b216d9ee3ccd2bfe65ec2 |
| SHA512 | 61dacac99375249d70d10a5b462e0a0e2870efe9fc69b3e53eb2d46ad0e139740973deb0c6a12cf2f8f4fbcb5b1134fcc563b54f5602afdabd11cfdad1159e47 |
C:\Users\Admin\Desktop\GhostEyeWorm\Stub.exe
| MD5 | 54b1c45da8980b32759042e2c3c78dfb |
| SHA1 | 11e8bc2db98786c69e5dadf53d00ff3ee03d64f8 |
| SHA256 | 9d5efce48ed68dcb4caaa7fbecaf47ce2cab0a023afc6ceed682d1d532823773 |
| SHA512 | 73169989b97a032fe923272fbe4bc27be77e491d125b360120fc1e02419d99f807b1f62a3edaff85ebfd16e9c240ec295be9431cfe4d6c353f0cf0dbeec4d2ac |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js
| MD5 | 5296c81f158fa10f6f06dedeeb80f2e9 |
| SHA1 | 2a8fc8d36150654a3ad24724c65f7d92e78d8fa9 |
| SHA256 | 589a77996b27b2eb0ed90616b5f08e67f45c300c18378cc0137211995f0f3e88 |
| SHA512 | e1e511784ac01d9ec5181a89eb0dd0a19dedb77cdf8346e32f7c31fa72d6fc43bd586b14da167e12258914ba9ad40cab9e65e5e3a85be4fd45d100588c256865 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\startupCache\scriptCache.bin
| MD5 | ae5a4548cda41b7d6ace48080e63cf86 |
| SHA1 | b058868aa0730cfb99c5e71eeb72603b611a5662 |
| SHA256 | a1d2edb4f8178b9f285eebf5ba4c50a1edcaf2e9372039777cb7b161fe8a99b9 |
| SHA512 | 8a4fb3c7206dc7d5a272cfa59d5c83200f66b4dfecb48e2f4033498d58581c95d4f43bc2a5c52f1ac314b2dbcd5eb0170233011d5d526cae04a0317ed29208af |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\xulstore.json
| MD5 | 58e240288763218d12bf235d34e5aee2 |
| SHA1 | 89135494b57f590011c09668dec3b90d2c5ee9ae |
| SHA256 | 615f80e71dfde24711e7fefc1b7959f7592c5e5cf9ad0f3aecb4235b93187176 |
| SHA512 | caed2638902987aead199e73cffb90881bf245bbb616cb38c46b281d4aaaa54dc20a54e9bfe17a8d6e68847394c113fb7606e94b64f44ab0b52bf7846f26e936 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\startupCache\urlCache.bin
| MD5 | fa7717c30226b22964a956170efd4ce4 |
| SHA1 | eccdc9c53757cb3b6fec814605250d59aef8174e |
| SHA256 | 1770f6f02d6382d8949c68bf6ed7ae2a6d772dc9fe590b65db5b05ba8e3bd5eb |
| SHA512 | 76010ce78a31ec0f534af5ab0d0d311517ec46d0cf27a89866813bc46a19d33cd29fcb7474e03882db05490719a63dd0c3602b3d4387a13ee869c7b3c12ebcdc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\permissions.sqlite
| MD5 | 7826e29d8a520be121c61525f31563c1 |
| SHA1 | 1d82c4d5c2e3fe10e71187f231878cc851fdbf6a |
| SHA256 | 8f6ece8f6c89793194dffba01173bde701f993104a4ab0a521afc92a63172842 |
| SHA512 | fc7c238b5d9eaee7e31e1cf2f7cdf6ebb350a683f2d6b8b1ba84fb7f793ab26529fe9c58f62105aa2c85d68c7d4a44fe396e08670b7187d3a3a67f14cd8c1034 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json
| MD5 | 6b77a9f779399e95d1cee931a2c8f8ff |
| SHA1 | 826efd4feb0d50fcce5696111af7c811b81adcd9 |
| SHA256 | 3a0285c8233ef0324b269f7291094e19fd9b77259f9419861ad796f7e9c979f3 |
| SHA512 | ef537c75fab8e86483ac03cc0d2feaf41575e35f54b95669a26bf6dfbf58021dc9a5bbe54d9537b55da3fbb0e0262adf6c5efd4394faaec81a31604533afec4f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp
| MD5 | ea8b62857dfdbd3d0be7d7e4a954ec9a |
| SHA1 | b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a |
| SHA256 | 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da |
| SHA512 | 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cookies.sqlite
| MD5 | 8d1ae19c58e1ad1e11e0bb3b4b8e22d7 |
| SHA1 | f3d4780a1bd1efe7aa471d7a14bd70e88dfeca83 |
| SHA256 | 2dac47ee078d9fff5748a9df66609b4c17e5718da45123d4636c416e16223b3a |
| SHA512 | 80741bdd23ffc2425220fe274e502ffbc55412b555762a48717ba170e0da05135b596de286812a6c06e1e0c1a53d221634d0507d6b8d57ed7a71d5b25ef675a8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage.sqlite
| MD5 | 4767b15e5a76dc43c2a8afd267208363 |
| SHA1 | 29c01978de97b269a5b22cbf063f4340548b596f |
| SHA256 | b5f14babf9ba38cc84fd5fad292d8e2c72095a4bdfaf2428a87469fb5e7a5e68 |
| SHA512 | 8ee525e2ad1611df8da7be3fae3e98a928e2c425e7275ebab07d715d30a045bdc32588cbd06b27db98880d5135beaa57f199e9053ce33b5215ee9584f4990cb4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cert9.db
| MD5 | 11b4208aa83f5df1ea8a254134645073 |
| SHA1 | c15fd68ff18dcf682de397d9b9749cb47c488f0a |
| SHA256 | 2aa45ebe80a6b8aa3404690115f9e3b70d7c03783deaedad0c68f8cbfc9c24e3 |
| SHA512 | 863f3783c9c16ed76dbd087296dc27f723e1a531275e010b254525d0a1df081929ac0eee67e53206eab1e73ebbdbf52a65b5b9eb8daae60f817f9e3bb3be344b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\SiteSecurityServiceState.txt
| MD5 | c77f4d4ad0583f65b8a8e078512a0517 |
| SHA1 | e559050ea048af3147145615ae2c2077933ad818 |
| SHA256 | 86558701ff5512a5888a8796f5982b1dc4c8027f2acdd3d38a83342e963ad5aa |
| SHA512 | 41ed4875ed1947ae25bf61ff0573e68459e7bae8b5d0ec8403c3e0d4d1da9fd2089142dfa51da9c76707095965a64ab28fdc3a01b20b9d27039c925a37095ea8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
| MD5 | 8e988923ebb3db2c9cfc2c98ea15fab2 |
| SHA1 | edd3c679c20f6fb8a5cdb0fdf5ce74d54011175e |
| SHA256 | e2dbe68b61578a646ffed60b55d40ffbd39df596abeee11e837d0fa510b5a872 |
| SHA512 | 64d3c1205b0adbe1aa5a7b2557e366fd724edf597feda2228cdc00adc029a16620acbeb7821e36bf646bb4f98f2c414f1ef0b26abd39a0365c288fa8bd4753c6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\favicons.sqlite
| MD5 | f95ab5db7869c518a36bf4635cfe4c31 |
| SHA1 | 7a33f1f9fab391fdeb589335559378f4ff3a400a |
| SHA256 | 451b5091f10c46a872ac0d91580914a4b24d9bd31c45093fb48624c3e2397c5d |
| SHA512 | f51bb380806ab6cda0f20c3abdd11b0ce51587dab2f2481f96a2be5789530a8a63dfabac6f022469d9407d5802610030e97ab991cbedffc0ce8572b8d98de554 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\places.sqlite
| MD5 | 350e44c2261790e188b5f125b3edd642 |
| SHA1 | 5554c06202d98bac4edc0fa14fed602cdfde2e4a |
| SHA256 | 9a2f067e67f69a32f5dc78f12455139f7fcb14733a79f2b0f221995277285b15 |
| SHA512 | 41b4b0affc6ec6a5e16fe1ba2ca8eb87c7ef9d6ad27ee143733a31eb41abcaf10a185593314b56d82ac4b3c0be4dcb70d2d793a47e8b4e9ff24452d646fb3582 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F
| MD5 | dd709f5720efabd598b4b1d7ba311904 |
| SHA1 | e661a7b58b5ccd10ada22736325223f8dc5ad9ee |
| SHA256 | 226aa41fcc7d06d7d885e254a7e81a06716462832598c78f34d7c1f6a4d510ec |
| SHA512 | d127eff93a34fa6662952c9627d041bdd2bceae7f97cad047de234f60165305db752dbccc2f0439a79527fab7d4cf4bb47ca76395cd888877f206ae460f849d7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\protections.sqlite
| MD5 | deeced8825e857ead7ba3784966be7be |
| SHA1 | e72a09807d97d0aeb8baedd537f2489306e25490 |
| SHA256 | b9f022442a1506e592bf51284091a8a7fe17580b165d07e70c06fd6827343a54 |
| SHA512 | 01d303232d6481af322137b44fef6c2a584f0643c48bab2836f9fe3193207015da7f7514fe338500ae4469651e3d9618293858ae507e722198a249257677099e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\b70081d0-287c-4010-8398-40262f4013f9
| MD5 | 9abfc2518922978ee7eedcde9f8d52df |
| SHA1 | 2c1c0844dd1c4f6e9cae1a369422f674c9f2575f |
| SHA256 | f21798fef40e42602eb8b233a8745eb3e9f1ec8e01303aeb8850614020a865eb |
| SHA512 | d1e7b4790328343fb597bcb59872d989b6af423642cfced68cd731c51fac559544ad3e397adfcb0ae36df67a7bc760861d2d9048d321a378790b45c81eb3d906 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\b0f6d4da-19f6-4a6f-b106-a7131c10221c
| MD5 | 59e26aefeaa3c7b2353cc9e4e1416b44 |
| SHA1 | a916bda0ef4cf8f73a519fe92a152f7083daab8e |
| SHA256 | cda874e2645e25fb1ca2a1c29ec71af2e68e6b7018306f24ccbc4b28f0ea0b9d |
| SHA512 | 82e3cd1220a82805b84444af75de5298fa5a3c61d0e5dae0c29c35c9dd3ce39f9e441bbac1990587d9011e9ca86fecff36e7cdbb4d0738eeb869bd8ea70b6065 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 8370c3b787a16995ff59599a25cf02fc |
| SHA1 | 2edb07ed9aa7e5b6371ae9b8bf0066102f4fe101 |
| SHA256 | 0c9a80fcf80e9fdfe1963124ca9b91a082db440163a0adb6dad493e87a1509fa |
| SHA512 | 4c62b62452b4ecb17a44eabb3d843e17db3ed792ce232fd83687b6cfb7848bdd4f0a1b1dca98f1ac4f1821735e8aedca54da4e7252235c3d455e31f34ec581dc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\events\events
| MD5 | 5cdf736f6dfb49030fc574ea0d25311a |
| SHA1 | 1c56d28f475e074ee318e0e803912eb5e45fa99d |
| SHA256 | 8f701f50f0a6ec65a98b090fea77595dda2d2bfae813bedb7b2b2714a8deb5e8 |
| SHA512 | 244d39576db956fd13d8fc86da7821cf474a1c69165aaba53c17853567af7362621269d2f02f9f83cc2c514055832187c7c6d948052c6448ddd6f17e42f31391 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\AlternateServices.txt
| MD5 | 655b2979d389ba5d6396d738ed8e5dbb |
| SHA1 | b90d1c7421ef988770d3688c12f68e651fc46744 |
| SHA256 | 1e739c4b52664620a2d97dd4c09f136d7428fa7260a6e0095476402aed9b70ec |
| SHA512 | 3a200ecb505d427a93b9599ea980fbef9a79da31bc9a9d9f49a65c1400e60e3665ce96f4681f66c1ae3b34f248fba61059ed124cb8101059ea9e849dcb2849a9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++www.file.io\ls\data.sqlite
| MD5 | 9b1d44fe991cf367e5e0611ce06dd6b4 |
| SHA1 | 4c835079bef323be933c825e0dd6b466565e8c8d |
| SHA256 | de863fb8c79f747e17c97b6dc3e508fcd7699ac37c3939cc3fde0a48119afea9 |
| SHA512 | 94959cc89ebbeb530afdf596d156d97709e15fe149bf3bff05504d9f5aedc67ee6d5c0a44c4d277a9ca4cbbfbf1af1dcde122c0f1f163599cb7b7d8ccf0d8747 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\8961C489242227FFE6E7252AE3750BB27DD306D5
| MD5 | a531b6fe09c1bb1bc10a0fd4334b552a |
| SHA1 | 78b4b8b420eb3545e2a88e55376317ad99adccea |
| SHA256 | 11003231bec81eed71deb0c5e865a97c7a3f1d2fa6a73eccae65dbb2c58d9970 |
| SHA512 | 1a991ae743ae3b7800884ecb28d537f2718c7f4919a0b929b5b14e212269440e82389bf8e53ca5141dbf6e506511875562cf1b42152bb26ed450f7b3b9147808 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\203E51E4C8F6E6743E539EDB830E9B28EFDE300F
| MD5 | 2044863b5440096a22ea5008473ef0b9 |
| SHA1 | 678b1dac6dcbc6ad8249901eb7ab3ac9c9b59795 |
| SHA256 | 212703fc9ac17d0bf1d8b29150f8f4b1c604e7809869cca95b49108d32da0f16 |
| SHA512 | 8a41108b82c97a5e0f03ca3976f22907cfd05ae524deaa49579a3e5bdacada349d264944ac5155c42cbf7d3ed6d2c381a0ea9fd6a2100c4dea53c328023397fd |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\98C89EFCFD3AB165388111BF33CC172E634FB373
| MD5 | 523fcc421ebef785da9ab28998f0abda |
| SHA1 | 6ab5e3833dba8968b76a45eb39b56d2be7de8af9 |
| SHA256 | 3d4d205169d4180352d22e91f28f11db4aaf8e1b485eae9eb9808bd7cfc7cd20 |
| SHA512 | 13e021fafa0a14c35a5df094dcac9bfa90aec25bdae5bb8dc51399919b18a1caac2ccd99e10e457be7fbf0d261ee181faa7e05be4f75f8da6346c6968e16da3a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\8EEA6EECA7E75135F48E7ECFAC4B3E168D79BD19
| MD5 | ceb07138fe523490f90ac43914cc5203 |
| SHA1 | bbd079b0eaa2ebe00e9e7a9fb0e78b7b9eab9bd4 |
| SHA256 | 6e44ef2dc958351bc9484d811ac22962b243551c5446a36c5831714218d40106 |
| SHA512 | 870e202cbef638bbb2236eee2df6fe3719ab74f4f2baf43a46147732c42517a27c5f3d379ec6f30edde6ad9dc5063236939e4184fee8c104d4e067f131c03fcf |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\B1530B5EED3D9C00CB0C96ECC1DA093F49E2ABDE
| MD5 | 5d22bb378517beae8dfcfd4802dfd436 |
| SHA1 | 9456f3e93c80c583ff66e7d2943bcec69bdb9c3b |
| SHA256 | 9ecd8ba062c3c8980c454060d6b14c6b882917e18701a838dc9ad039fa35f994 |
| SHA512 | 0c5dde35386ae04b837d8dfb34df2a4abfaf31e44686a8ea62e096c488b9d06184512dc63a58f53d0e7edc76a08d5d110623083c6eab2b955e49710825acc392 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\815E65C28943BFF2C1FD1D7F43F881FED091C3AD
| MD5 | 4b476572456acbcfb04e8025a52a291c |
| SHA1 | d191218a99184042b27e9ecf9a8d7b9b4c80439e |
| SHA256 | d62ae5100f4b7cc3546cc8f5beba93053ce3962d682bbf2cb283fc25b1bd3f7b |
| SHA512 | 89a6caea4f9ca6e0a15c87b88141dd0c50f325ea92bdddc886f8f59096d0b0b2e75e51427bbc1af805e35d7db7169ec0343cd33242375de9c6c279eee7e2b928 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\7A34D85F7E89B903C3262B4668A550CCDC08B849
| MD5 | 64394a4bf9916b1e1d796b5a0ecfc806 |
| SHA1 | 5f0fabcca4ef04a21f8e4ee1e97a6e8e8fc335f2 |
| SHA256 | 51699b82556540c2288c0aa10362b949a8358f8d18212b5ef49f2bd98413102f |
| SHA512 | 106707c698aa43c7f0ec7a52c8566e9045ed5d813b04e897128114b0bd6ca4eb92aedde02acb16201a0e0c673e14d398b60bdb668c82c070942627c72558d9cb |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\59EAF39948A99C5AA172D9B2CDE965B857E5B808
| MD5 | bb9fb848a3b6c48fd22e406d47a39bb5 |
| SHA1 | 0029a1fd088cb2eba1621f87b45b0afbe87e67c7 |
| SHA256 | f8290405dfa228034e3cc6d6dbf83f472cbf0b82a88522702d2bbc230b2a6ad1 |
| SHA512 | da6e216105e2b85cc8eef75e364864ff5f91db88625b2c0a12006559b587c2e0fc763258191f350cca061b6ca14bf4c83b7b7edd08cc86f2ff4272cee949343f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\59FDE416056C8788CCCFDCC4C4CFD46B2487BA9D
| MD5 | 5676b60ae2c933bc6a67542a9fa987d0 |
| SHA1 | 75ee329113d542e60b72e62954cfafecec043092 |
| SHA256 | 6380e4ce64df128fd46f4ccc170ab6062392fe8673e49fa3acda2655e45cd10e |
| SHA512 | 2a285d3d9fb7c9e750fb72b67978ef33c626583d13adc49684637f6ace9485842e8aab0df346804a9c368d3ffd4e936da816b374bd51d40e5e5c2720f3d23f94 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\50EB07D119529411D8B66499B46611FDCD0B2629
| MD5 | dd6861eeced0d583e6ce974823ad5ff8 |
| SHA1 | 6b3bdec1a39bb85db88c2887b33b918ffea903b1 |
| SHA256 | 09b70f1b57a3babe028dc5132e523e3cb55c6e0db436d339fa0d6c7d18636676 |
| SHA512 | 6bc55eee32f16b5e1de5c1a4bccb3a5d87ad9e8cbf8da174e3386441c6c281b7656cab632fe20cdb3c493afb775319ca732f9ca8d90f0104a8561af3ad717d0e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\D01087F158ECEE7DAE51C65C57181DCBADA87D2A
| MD5 | 2a87eedb33fa9fd2e1683ca78d258664 |
| SHA1 | f5a31a7a236c4c81fc3604786f2c6a16a6ec984c |
| SHA256 | f8029f0edf45bdc3724c5815f8eb6f6490119c6700381001976219974e810312 |
| SHA512 | 3ba05e483de99b2e2cc7dfd8507529faf82197b2e4f927f5fb191aff341268b5ec3b0796b063ef3c91d4c605706a0559d47ec4e5864fae343e07e6397e4a692b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\DD2402DB59C865DB35AFEF782F131345F8E077F5
| MD5 | 42711594c57b59e4fb643ea78c89729a |
| SHA1 | dededade8f45427c415c060d7e2553a0308ea447 |
| SHA256 | 29bbf674951cbb911ccbe2db83d607a3dfddbe1b8ac736081aa3771fce1ccc4f |
| SHA512 | 0e23dc165a2303c761c10c3ebd873d7d07c90e02c6475cacf090d9af8546706e6d8bf426ab8e77195931d473af81a8aa38766a12a5bd9acb644aa0049ab525a1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\5622E9C33463F2DA653B3683407AEBF64BC2B1F6
| MD5 | c56f3545d3ab05520ee53e82b239dfe9 |
| SHA1 | d1bd592636b87f8de09d7edffa72104d15f961a3 |
| SHA256 | b81a3be7ee4524071e11107e9c9421d74ce14cbb5b57492497b2c5cec1c6895e |
| SHA512 | bf896351c7bbf7b10f234e2a2956fda0d1a95861130676cf22a93a3f143ea33284aaec8a21006938f3493f98ce29ce3d16de38f7ef9967a0c813d23ce7774598 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\EABE8241ED5825E54B80240507EE5C448D319980
| MD5 | 812a34dae4287fa39542e899bbf9730f |
| SHA1 | d30f662ff1b738925bad054c2147a9ee3fa78c4f |
| SHA256 | f5c1af0b46491e9f7d5de9789d613281a2f572390de1703f3f59fa1da8375c66 |
| SHA512 | fdc75962e600dffdb8b76235311dd26a777df6055c1ee95758428c4ef380f944fa867d1feda2b73ddb62fc35c8b0d91eb9b15d264b039da35f22f2a4c9a59c88 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\405555F802F809D47E002C70DA850F1FA0AF5229
| MD5 | 9e823116f0fa541fce1eb47eb9ff778c |
| SHA1 | 14e460cf9ad7ab9c64298bd9c8296a31b03efde8 |
| SHA256 | c8408c1f6754f6bf4cfbb29355628d264dcdf3b1524b6dfac1b730aabdaaf918 |
| SHA512 | 8c0e3b86a2683a3a6b2ee404c70fda2cef7e540bf87a5a7b3b7c90eb4b43454762d463b2079fc8e651360d1cce0fd6f2215edd82d5dbd171db16bc2e58583dfd |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\142E5FD498B07F9CB27BEFAAAE433F8F4A16655A
| MD5 | 806071ce6fd3a827dc850ed16fd02e57 |
| SHA1 | fb74c4322de50a85308f7c9b091b6ddabbb33d9f |
| SHA256 | 5011e928adaa80a08c5026a35703f6576c59f1899d9bc2d7b1a26fe426692bbd |
| SHA512 | 22231536effdac59e91c7921a8e01d8ca5ab095053c4da9ad9459474d2d5928e8ffe42607018ff579286a72d18a927310dc978f1ecaea11f9996dfb4ad9910ba |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\A30B2D91B0648A01C0E6F24AD2BA315C0CBDAD4B
| MD5 | 9476ad74d1a2d8e05175327fc925b8e9 |
| SHA1 | 2eb5e09541594035dc34c782d489798844933ca0 |
| SHA256 | 52771c918720c90f1a3ed97390c946de5eeca6146842c50839ff629326075346 |
| SHA512 | 6983d8ba1b50061d6857ba122a704d1fac12055abc18e24fd61969d2a553a627a2d6e8bfbb3cfa786443f7f34c03597bef8714c11f3c6b6fc155de72a4e7e5f6 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\AA08766118A0CE10FA26C52E15B47A704F25E26B
| MD5 | 2a794cabaadc0195b6e3f09492bb527b |
| SHA1 | b006ba03f3b4854404d8832d44572a265b6d8b00 |
| SHA256 | c9dd3f06e4e3afc11046f26aaa7d2d466682e3b82ad8ff520a656901237772b5 |
| SHA512 | 1812ba76a08dd3befdb4a5659f7e8b7a1d73de36323e5e011f32cee3803673165868a7592f0a1b2d0049317234dece25798fff5f799709e56806560caf600074 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\16C366F2DF913B073C5CE892DF938A3BDE790D22
| MD5 | 79113db19955d3494c0c8a96c536ce4a |
| SHA1 | 2ded33dc3d6be0a5b01102820488f596b90512fa |
| SHA256 | 24ef3d5b3e6a003a4e9af2503241d79eddc7576b2200c29ce603fbe635e82122 |
| SHA512 | 6228e682a9af29a078c55c1881b827653a9f7c2645156ed9ffdca6f478fdde3bb1201fa4b87532234b0dbb0bcb4e3287802b37fa9ef9cf333b62561010c79a7d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\A0031F16DEE7C74394C65A0DABA19BBC0D2DDCA8
| MD5 | 6ab7cc421b5b2e23a379d9497113c8c3 |
| SHA1 | 9b694724dac73cb64582073a4735fb866d58f27b |
| SHA256 | f42dd14c89be6a0f57b06a2bea3df860dbe63249d173687da4528b058d3533ab |
| SHA512 | d4177ed5063bd71c2d5fb9f57bff2cbffaff11abc552ad9ea3763dfd9aaa578755f6735cc1a3872a65cf72d4069f4b31128a51795a63674c7429ce859b8a531e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\4E7D9DFEA0F9A7F84352BD9B79A1DAD0F64B0675
| MD5 | f90d4bd8ea5545577c89e9eee8231c35 |
| SHA1 | 6f6321c516a923b9471a2d1ce98a03d54aa35083 |
| SHA256 | d076020c8d9944fa04f9879180167a47ac29ffb5d9e2f2bd57a079e7d32debab |
| SHA512 | 8bad45ea92aa7c2540dbd343205b2f98ac208202551b9787047e766b465a26947c7b83796c23311cf5f1c624200fee0f5f8023ea650d790dd2898b46c3596db4 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\DA42CAE2699D0E5E9C2D7BDF1C2F3A2844D2239B
| MD5 | 99482206d56209c76bafa26d852179c4 |
| SHA1 | 846dd5ecc607d9ed81bad184d8d4a199c834e5f1 |
| SHA256 | 2e58abf63893ae3dbec6142cd50966d3265dd6e12b68b81a0888063149d04099 |
| SHA512 | 50a6cb915e10f411b8f7a39d35352d36a4c4eb46560ef1df3ec83e89dec094bb9270d8663a07a3c7e797837a9bdeb1e221ad8ec97ebb9d0f72c03628e2a88070 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\9F962D722190FDA8A36715753C5D31D436634DEC
| MD5 | 13e17421e87c68a78c828cc11d576013 |
| SHA1 | be95e38f696ee550b1565b9325005415f6f92d56 |
| SHA256 | f58b28f53715ba568db9950a82dabc5cdbcb24df3e010846ff46d189d9c8ad6c |
| SHA512 | b4e5b3e137a7f2b15bd2a513b1170ddb6e0840bf13e4c01ccab96649783ccc2ed447f522b2c0d7e5175f99706a57cf45a05fa51d280b9e58f907858754bb9f9e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\1340ABD49C932ACE08A495ABA1DCF23C8D5FEB10
| MD5 | 0e414048daaa1e5d415fa4fc9842f926 |
| SHA1 | b6d1dd5f47cabd281e1def35fb0a732fac1b050a |
| SHA256 | 11a8c1787cbab297f872c1e1696ca2afd869271b802a34f4576875776e21a3f8 |
| SHA512 | 3e10e7ec0cd35a825af2bf89bb0bb2ca65bd0faca101208846ec912cce1495a31097c4a9fc3004d565796aea7dce41bfbd3e1497ae6b537bfe512337bfb4a6ed |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\ECF8701745B454A6C23113C42B7D54D0B2AFE24C
| MD5 | b64f6972932a6f38606cc968815671c1 |
| SHA1 | 2e8b173c94db32f0b49bd1e1c6068881c3a807ff |
| SHA256 | df8d3352addfe5b061104887099d5b87c2ff3b26d6edf66cfce8929292d8b419 |
| SHA512 | fe40fd32dd615593ef72dbccfcfadd555231c8dd42b00fb6bd06bc2312856e802e6a6b2d3f3ebc1aaa3b236624b89b2e9c161823d19febe54ea1ce2608735100 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\12E5947B4266F902244FCFDC92FD330542CCC476
| MD5 | 872fa692258427008d4e5b65487dc0a8 |
| SHA1 | 324874b6e4c490283d18967b9069ca750142ef38 |
| SHA256 | ecffce30dcdf2e1da73f909528c20834daa1a618c556acb5dbc946ef974554fb |
| SHA512 | ba937be24b1153d950ff373b10c8b950c6170976b06f90e37b86c5ebf8a363acb5b6356efdb02c04f6355c04dc6d13f5989b8bbc55a01cd05eead132818f6caa |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 6f1d0e065693467aaf4d67ce9ea52390 |
| SHA1 | 48829a9b1bff1047ab72199813772004c5564205 |
| SHA256 | 9caf64561f02d19e99df24fbc7edb32ed4d0dfb8f563e78ba3a962aa7b67a263 |
| SHA512 | b263f20da46ebe89e4e2df0fc68ff5d0e362f22790a22fd3334ab5844daa8b4f98479e2d527b22f160a9bdcdecb9dd825d2bce78cf9df8b9f7f0a971018da118 |
C:\Users\Admin\Downloads\H-WORMExtendedFullSetup.-YAb_CXs.rar.part
| MD5 | 86c9cfe1047ecda9f19dca5fdeadc8ac |
| SHA1 | 2060d4c656074e90c5468c6701c10040d2b6a991 |
| SHA256 | 3b1df05253adf0b2f93ed7eca29c8afa004e6a2be1b8334b1a80b9eae8b069c9 |
| SHA512 | f2c29727c851d78bc19b200d036393a3308b4bfca1dc429c107affa6ed38e4164d6d8da57cc006b2ec3008c10f8a46c3a4de21739d556e5290a862be4cf087b6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp
| MD5 | 99601438ae1349b653fcd00278943f90 |
| SHA1 | 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9 |
| SHA256 | 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a |
| SHA512 | ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js
| MD5 | c7867ae4fcc1885d46c8d9a75d7be5dd |
| SHA1 | f3d2bd6ea5df7d1027e74b6955aa1215da942916 |
| SHA256 | 5add39b2ae9f3cba3a6f1ffd31848d4629c864ae8f32e53d7a87fead038d3758 |
| SHA512 | 14aaafed5c5b1cb494eede35caee6278a0d1eb7dbf3b87300a0e47e197d0c9340c827182db5c8eeb94c13a0f1be8da2b3d30f71b078189bbdf88cdba305f25e1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp
| MD5 | 65690c43c42921410ec8043e34f09079 |
| SHA1 | 362add4dbd0c978ae222a354a4e8d35563da14b4 |
| SHA256 | 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d |
| SHA512 | c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore.jsonlz4
| MD5 | 391c4300a6d75a5843c6779f43ee6078 |
| SHA1 | af1a65c595890d23e9c67bc9fcf57571dc5c9669 |
| SHA256 | f2bc563a63df1e2041f5d44edab52567cd9f7bfc43ffea5f0ed6a402fc9a0d66 |
| SHA512 | 6c79880715215cc2ca192076bbc7d39506cee1f3dabbf402e17aa3d84e70bd497ab00e3e1d68ebfa33935758903425e0fa2475241211113bf724e90f0d1e96d9 |
memory/5828-828-0x0000000000400000-0x00000000006B8000-memory.dmp
memory/5828-829-0x0000000000400000-0x00000000006B8000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\58cd31bd-66df-43ad-a223-2b5149e7a7c2
| MD5 | 6492a6a49f57fd21a98de5e1e11f0e04 |
| SHA1 | e7acb46f5ee3136cb5680df2dc51e2b276ad6259 |
| SHA256 | 7a0a57983219e8841d0b6a469ad117551c4f7da0b8cb94c754ba68e08378309c |
| SHA512 | d1331f0254c8ca22cc61759157444fc7d11da59953edd92a47414079049ce98d8d265c9aa790110e45ebd57380ea35528484503e7af60fda8978c7c6b6e5664b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\8e9e865b-540c-41f5-a2f2-a807dd63a1a9
| MD5 | f1f184208fb0c0195b76e0724503fb98 |
| SHA1 | 364cc0981fd4ce19bf1479b74aa9ae1266a776bb |
| SHA256 | dfedec2cb145bd9adc864b93033ab4a601c86bc1262c44825696f5b8d68eb49b |
| SHA512 | 3642a20dcaffbda4bf0f4fbfe2c3dbd3285c6ee71b8a85bf5baea8956035228d2c068742878e2dbac8be869d0e42e3b534e1da58862c0341e7926f0f4a9b76c6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 51c74cd12d9228b19bc4c501dafec42c |
| SHA1 | 2b757aee29fc6efc9073c839bce123577a4c6a07 |
| SHA256 | ec50b4d1b8c558fe8d703f6cd6e0ed38535994ffe8b6e408c7d2452c6b5d3897 |
| SHA512 | 4b6d452c391db567dbee5b225e0455895aa38184c021a299975a718a987a54f73b5632e6563b60e9e5ea06784e0ccc1638b483f7925bdcd54a490597bcba7034 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\thumbnails\88ea52cfc6efcfccfda37222221f55c8.png
| MD5 | 52b558ab302976200c679e816790e30d |
| SHA1 | 4158be18925dfa111b5ec6cd3b1e7cf04722a0c4 |
| SHA256 | 058006b42f047bbd719a3a44e100de4774f022fd1ebb75a92726885a0f2ef322 |
| SHA512 | 2ba0d89b7413fc3e98285a9ef207fb2c9f4ce86bc6438797e2808dc28a8fd7aedc4b579acbb411f667a06e96ec6bb91efd1c405d682cd5b6dd850028636c3d4d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | e3cea864cb9575c2ee6b5caa11025dc9 |
| SHA1 | d76936d3629ab6fc838d7c54a7b3ef842ad2955f |
| SHA256 | 49ebe80ea44bc6198aa9a730da25399912314cf87f349bbe47986d189fb4410f |
| SHA512 | 53d84029e5c9eb2924f97765d9478b50414e80710854854aa3622c8f050d200c5d06108a2ee68890970d38c9bb2813fe307b5f0c7de003f1418be7964988380d |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
| MD5 | ab604bdb8e62b30a2649881c022bb101 |
| SHA1 | 18b201f9c5b64597e5d2a42bc90f48d70a587851 |
| SHA256 | 45b594e1b4b73238c3bd8caae08c811cb21e8eb5a8714f2a9afa0c7b3d63bacc |
| SHA512 | 8199a5b6709d5f6b70565a200a8a80e48471143316ccee3411246235112dbc53dff7f1873f2a6c91db95a28eb80982f19d4d405f09895b898c6aa980a9c9ab50 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 7b9e869e17388e8ab0d9aaefa2639c8a |
| SHA1 | 9129a50e3cf1bff85df6c44a3d6ae228e598ee7b |
| SHA256 | d65d379997bcb6670d1687dea75bef40601c3954e04d5d22a3b603f400384cb9 |
| SHA512 | e6f6c09367516b5532a4c57fb940612afe1768bb70991eb11714acc12e122522c09ed844bb2446ff7fd86df179d9dc2dd860ce52a0b7ffa4772ffdae84a92668 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\C342E1BB4D4C93E8F2CD02E59DBF05D47C859D1F
| MD5 | 6d28ed89394ea583f76e879c375b5b5e |
| SHA1 | 750d22d53226849ca67d18f0767f1a64dbb4850e |
| SHA256 | 59c3895eeab02374e79e7e1443dd5351071a41f2f0c691996234e81d98b5da15 |
| SHA512 | ac1eaffc9927f461dd8aab9ad507d5ad7017507cde5e817d90c34c99f16c9c43da9ad687cd8452eb9420367b16854f768bebd8eda28ede6386e922370bc7ed6b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\5F16F031DD611A6B287528CCF66165E10336883A
| MD5 | e89069cb05b9a0a2b6c7b89a98efb832 |
| SHA1 | f386d38c7ec5a5cf79a0cb99f5280cea395ba48a |
| SHA256 | ae0351cd61276feb44429c79c88aecbe0157e5a25d80d1b733b71c6d33e95610 |
| SHA512 | d6068b75efa14d85bf0257e71c8d960adb6e61324ce5017277be26dd23832365ecf487ad93a553dabaaadea535b4276974b18b979c7b9533b5a634ceb7c7a2ef |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\59EAF39948A99C5AA172D9B2CDE965B857E5B808
| MD5 | b1a57856577311d56bba9f0bd818f722 |
| SHA1 | 23aee226427d1d41fe622bccde82fd54a1ace7f4 |
| SHA256 | d9adb0d770eba1212e37b7ea232e6f6927e9b48edc67fbb149219f6abddad9be |
| SHA512 | 380981f9b5c611add69e0a88d0d606a20e6fe04b3936028aaf7cf81d0b989ab0477fdeb3770d2ee07a400dd1e43c91fe61d033e04f744346c41dab4b2ae5487b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\24279
| MD5 | 5a0588768e4ee7635d78b167f9837f9a |
| SHA1 | fbf060318865078f4a0cbdbd703a4e84b152821c |
| SHA256 | 210105687e10fda68fe4ac90b87fe337d0b66632781e0151e2fe4666e4f56640 |
| SHA512 | 02fb4fb124b66c53d6cfee7d48b9944b7177fe8c3284a1be9d966df7a87129e432668a23a8c2726462a03b659043f8de5e6274c31ec8b3a4abdf87b7e7f4b278 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 8662f928a6e58e9d77503626a6d51009 |
| SHA1 | f1637349895fa91b61b2bdad97befed1ccc99833 |
| SHA256 | 2db94d10d7233e59a2ba0fb51602394bf72a55246cb9ce746e7333841b4fa7c8 |
| SHA512 | c82582c77d0623d1e854fb9aae483ede7a259af0a658e00ca85bdabf9237e23b778dba13782c37e019c7ea848c3e11705929fd0e5afab4f2ea8015f9d43dbc42 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\01B9F3AF1783FC1F5B7220762AA3C9E5D8B98E76
| MD5 | 7adc8e88f2a752d81e1b1309583c7bab |
| SHA1 | ccbdc495bb3339fb18641625a207c6dd95173536 |
| SHA256 | 920106d8e164c8989e29f90fb30564c685c105e839bc80f42f3ca86588a833d3 |
| SHA512 | a09046b7f0bd92e203593bd24437aca1e2fa248fd692631bc076aa30d17a9d7e35a805950f2b9e7feb40440a34bc4e0bb3862cdb843541931b52da5c5b6cc738 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | dda669d28efd8dc0d267257fbdde9406 |
| SHA1 | 3e948eea4be432d5a32f6c04e5c5c70bf440dab9 |
| SHA256 | 939da6a8492b4d547fcf498a752aed860a3820884954167d54e284b3c9f6cf19 |
| SHA512 | b6226566100167faf5ae80352afa9605d4093e2f3275f40e6980642037a1056ce2877833639059024aa2e9eb30cdca167ed108d3beadd1ece9465ae65b20ad85 |
C:\Users\Admin\Downloads\888RATv1.exe
| MD5 | 554cd80e1b5fc6c7d296b23e4b400664 |
| SHA1 | 550d2da6068683ae545c3ca8910ec37671764fad |
| SHA256 | 1b6148c640e0d63bfd74b9df003b3214dacf2aa678a7fce1075c25cf033e0e5c |
| SHA512 | 7b3dd3ea1e85dbc66d299ff31891127a5fe8995ac7cc0741896a0593c439677f3734f0b5f925353fe5b1773f24344b1f8c274d4c7eab158566444fd110a4714c |
C:\Users\Admin\AppData\Local\Temp\autBC29.tmp
| MD5 | 29e1d5770184bf45139084bced50d306 |
| SHA1 | 76c953cd86b013c3113f8495b656bd721be55e76 |
| SHA256 | 794987c4069286f797631f936c73b925c663c42d552aeca821106dfc7c7ba307 |
| SHA512 | 7cb3d0788978b6dc5a78f65349366dac3e91b1557efa4f385984bef4940b3ea859f75cfe42c71f6fe445555138f44305531de6a89c5beff4bf9d42001b4348e8 |
memory/6480-1365-0x0000000007F60000-0x000000000801B000-memory.dmp
memory/6480-1367-0x0000000007F60000-0x000000000801B000-memory.dmp
memory/6480-1374-0x0000000074920000-0x0000000074997000-memory.dmp
memory/6480-1376-0x0000000074920000-0x0000000074997000-memory.dmp
memory/6480-1380-0x0000000076BA0000-0x0000000076BC5000-memory.dmp
memory/6480-1379-0x0000000074920000-0x0000000074997000-memory.dmp
memory/6480-1382-0x0000000076BA0000-0x0000000076BC5000-memory.dmp
memory/6480-1375-0x0000000000FB0000-0x0000000003620000-memory.dmp
memory/6480-1378-0x0000000000FB0000-0x0000000003620000-memory.dmp
memory/6480-1387-0x0000000074220000-0x000000007442E000-memory.dmp
memory/6480-1385-0x0000000075430000-0x0000000076778000-memory.dmp
memory/6480-1389-0x00000000770A0000-0x00000000771F9000-memory.dmp
memory/6480-1394-0x0000000074220000-0x000000007442E000-memory.dmp
memory/6480-1392-0x0000000075430000-0x0000000076778000-memory.dmp
memory/6480-1398-0x00000000746C0000-0x00000000747AF000-memory.dmp
memory/6480-1406-0x0000000076BA0000-0x0000000076BC5000-memory.dmp
memory/6480-1403-0x0000000075430000-0x0000000076778000-memory.dmp
memory/6480-1407-0x0000000075210000-0x0000000075356000-memory.dmp
memory/6480-1409-0x00000000746C0000-0x00000000747AF000-memory.dmp
memory/6480-1399-0x0000000075430000-0x0000000076778000-memory.dmp
memory/6480-1413-0x0000000075210000-0x0000000075356000-memory.dmp
memory/6480-1408-0x0000000000FB0000-0x0000000003620000-memory.dmp
memory/6480-1418-0x0000000075430000-0x0000000076778000-memory.dmp
memory/6480-1423-0x0000000073DF0000-0x0000000073E13000-memory.dmp
memory/6480-1428-0x0000000074220000-0x000000007442E000-memory.dmp
memory/6480-1433-0x0000000074220000-0x000000007442E000-memory.dmp
memory/6480-1432-0x0000000074220000-0x000000007442E000-memory.dmp
memory/6480-1429-0x0000000075430000-0x0000000076778000-memory.dmp
memory/6480-1430-0x0000000074220000-0x000000007442E000-memory.dmp
memory/6480-1427-0x0000000075430000-0x0000000076778000-memory.dmp
memory/6480-1422-0x0000000075210000-0x0000000075356000-memory.dmp
memory/6480-1424-0x0000000000FB0000-0x0000000003620000-memory.dmp
memory/6480-1426-0x0000000074220000-0x000000007442E000-memory.dmp
memory/6480-1425-0x0000000075430000-0x0000000076778000-memory.dmp
memory/6480-1421-0x0000000073E70000-0x0000000073EE8000-memory.dmp
memory/6480-1420-0x0000000074220000-0x000000007442E000-memory.dmp
memory/6480-1419-0x00000000750E0000-0x00000000751D1000-memory.dmp
memory/6480-1410-0x0000000075430000-0x0000000076778000-memory.dmp
memory/6480-1417-0x0000000076C60000-0x0000000076CA5000-memory.dmp
memory/6480-1416-0x00000000746C0000-0x00000000747AF000-memory.dmp
memory/6480-1415-0x00000000770A0000-0x00000000771F9000-memory.dmp
memory/6480-1412-0x0000000073E70000-0x0000000073EE8000-memory.dmp
memory/6480-1411-0x0000000074220000-0x000000007442E000-memory.dmp
memory/6480-1397-0x0000000000FB0000-0x0000000003620000-memory.dmp
memory/6480-1405-0x0000000073E70000-0x0000000073EE8000-memory.dmp
memory/6480-1404-0x0000000074220000-0x000000007442E000-memory.dmp
memory/6480-1402-0x00000000746C0000-0x00000000747AF000-memory.dmp
memory/6480-1401-0x0000000073E70000-0x0000000073EE8000-memory.dmp
memory/6480-1400-0x0000000074220000-0x000000007442E000-memory.dmp
memory/6480-1388-0x0000000000FB0000-0x0000000003620000-memory.dmp
memory/6480-1396-0x0000000075210000-0x0000000075356000-memory.dmp
memory/6480-1395-0x0000000073E70000-0x0000000073EE8000-memory.dmp
memory/6480-1393-0x00000000750E0000-0x00000000751D1000-memory.dmp
memory/6480-1381-0x0000000000FB0000-0x0000000003620000-memory.dmp
memory/6480-1391-0x0000000076C60000-0x0000000076CA5000-memory.dmp
memory/6480-1414-0x0000000000FB0000-0x0000000003620000-memory.dmp
memory/6480-1390-0x00000000746C0000-0x00000000747AF000-memory.dmp
memory/6480-1386-0x00000000750E0000-0x00000000751D1000-memory.dmp
memory/6480-1383-0x00000000746C0000-0x00000000747AF000-memory.dmp
memory/6480-1372-0x0000000000FB0000-0x0000000003620000-memory.dmp
memory/6480-1370-0x0000000000FB0000-0x0000000003620000-memory.dmp
memory/6480-1377-0x0000000076BA0000-0x0000000076BC5000-memory.dmp
memory/6480-1373-0x0000000074920000-0x0000000074997000-memory.dmp
memory/6480-1371-0x0000000074920000-0x0000000074997000-memory.dmp
memory/6480-1471-0x0000000007F60000-0x000000000801B000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | edb14d825b370a0c37510df708b69fc1 |
| SHA1 | c0aa8a55747783231eb41399f61d4c5edd44c29a |
| SHA256 | 8ada36bdfb449a5f4e459401a8006e21e060b83514a6bbc1cfc038aa2968bfaa |
| SHA512 | 141cebaca80bf3c91e83385ff5981d6de6df0dc8c90c401131df89901a622cda4397ada0f7b53c4516d129754f9d166657857469f1017c845a54e70e357e257c |
C:\Users\Admin\AppData\Local\Temp\Splash8.jpg
| MD5 | a3083356947cdfb053c7c63cec79e85f |
| SHA1 | 81d71adf137d5a8dff56843250578bb68333ba9a |
| SHA256 | 3e290e256bf19f56b233c42f19397807a83bde6cc792d6ea2f6c615cfc92ec1d |
| SHA512 | 820ac1ca3472f2356c7ad3c7443a431eea3f710679e6467f47ee8918e7c206767ff99401ced14dd3d012d930b1aad3225b9f9e1a7a9ee4303a8b204f05fdf766 |
C:\Users\Admin\AppData\Local\Temp\Bx\2.gif
| MD5 | a7e869f972c21eb387017d9bbe3c2e5e |
| SHA1 | da538e98ac3100ff9020ca658f917a7dbe8d7bfd |
| SHA256 | d9ad0cd825f5697af57111f18d7bc31058546b007b8790fa70fc654220956dd2 |
| SHA512 | b70577b9968c3287afcc09f47a04e345f4f9b4dce1b54e48478fd36a77b56741ed417b034c1e104e51bd69ba14c96d9f3ac61aa0ef6c3d85beba797339dece1b |
C:\Users\Admin\AppData\Local\Temp\Bx\3.gif
| MD5 | 17bc240dbaa9d457e5fd0caf93399510 |
| SHA1 | 182de7dfb35ab0fc307912b3288978b7f8695ddf |
| SHA256 | dce48fb63b0ccff6559c5a1dd5b17d110604664622e99cd1316dc2b56a109bde |
| SHA512 | fd66b8ab8744c733be016f649c31376483602b5161937e8711a1b6f1ac883de7cf64de2febcd67a5dabc19e31ca264282420b8eb157fced1b2c2156c82124671 |
C:\Users\Admin\AppData\Local\Temp\Bx\4.gif
| MD5 | ace31c8058733258b12f62cccb4cc16c |
| SHA1 | 229ab621903d16b117e9a727d90200627aa688af |
| SHA256 | d1dab0a7dd576eaf36ccc31df5410ecbd74088259d55cd88dd590aa460da3a48 |
| SHA512 | e0b9e96321bec0fd7a55ec978780cacfbcf0a6ec3bb49070192edeb497f4adfb56fd5d06c76cd9030e8dff0ad0fecbacd720c4876981656b09931bdce1c6b29f |
C:\Users\Admin\AppData\Local\Temp\Bx\5.gif
| MD5 | 85cc7a9f711973e60c066b9ca334ac08 |
| SHA1 | 295e1018384520a069565aaddcf5456da22fe83d |
| SHA256 | 27491317469683de3a12165bef1aba1f88f2a9ad41f0a05f06db31cf8ce9d3bf |
| SHA512 | 5cab1478e19f19c3d73350d9147a7ad0fa663302cbb4a0ae9b0a35e8b7d1b4831a21ac7e1d2409a6176b8a1932c62e6022a9d1ec895067be98e59777d80675d5 |
C:\Users\Admin\AppData\Local\Temp\Bx\7.gif
| MD5 | 6b9da0ac03436f5fe357ff5a1e0d9564 |
| SHA1 | 4b99a325ec75105183e819234bcd1276958ed6d1 |
| SHA256 | 5637aa5063b88b356df923023758f533d461a5d220ccd43da55cdc76c23f040e |
| SHA512 | c2dfacfe4398e74a54749774ca9a33c5d7fb2e70d1ac4da85e735ecd50612750e0e2058fa538c61b77fb04c6645f1a8f5e83f09d18bb0261c1ebb67c9fe305c5 |
C:\Users\Admin\AppData\Local\Temp\Bx\6.gif
| MD5 | 832766bfef0d1d41ae1336be835178a1 |
| SHA1 | 79672fcdf220bed918880d9126f6c62b9fba7ca7 |
| SHA256 | 12ad633b83e678c5186b75873656e97f415a16d5bd8e6398ddb154a32457269c |
| SHA512 | 4caf582ea948c09d582301241f23734c9ca8ac28fd8af0e823b12ffa669bf062057f9995c944fd64b8d0297225309a355390aee3ebcb47c18be0f180c6faaca9 |
C:\Users\Admin\AppData\Local\Temp\icox\36.ico
| MD5 | c4cd96de1d10d0552871b55ac4707b6d |
| SHA1 | 96be2355dc753f29000311a61c26ab69ea2e3921 |
| SHA256 | b17d4c6c518eceaabc152332bbe5b137b4e19bcc6c507e6a3f32bfc39954e5d8 |
| SHA512 | e0477fd4241025735d70e9d47c5253962070a4a3ddf220e3d6a60ef3ff45d909b560ef096a174b5e91152e428b507b75e5d69d3971b7a58a79e93b5a3ec0a780 |
C:\Users\Admin\AppData\Local\Temp\icox\80.ico
| MD5 | f9fe137002c22ba62664a4c99e35a73c |
| SHA1 | 58571e623a7dda5297e03cc0abb6e1b34f0a2497 |
| SHA256 | 3fcfb91b9546e9dd1932bf18e54a67c5504ab68a3850dbb5bc9eb53000f43380 |
| SHA512 | fb205269df9b951e5019f9a12e02a6eadaff9dd751efd27e132a5c958831a4fdac8fccc6894697f2a5467e4df89e2716784f2386741aaa99e68220de2b666b90 |
C:\Users\Admin\AppData\Local\Temp\mon.jpg
| MD5 | 699d216dffc6fcf9c9632f39e9a93e2e |
| SHA1 | 989e891f4458e8ea73a9f451a600e2d6e8f79101 |
| SHA256 | c461f31b53fb9f28b27c1bad136917bf9522c54b0cc633c5e4f33f5473735ee6 |
| SHA512 | 2e04e842254de746e56a24aa1eacc99c27a13719e6df4f2b73aaf571001a669fbcdd08488547ee53ad164ca43ec5afc34934a97418d02f7234b97d5ddfdbac19 |
C:\Users\Admin\AppData\Local\Temp\apkx\s.exe
| MD5 | d4f1d16301f4a3a80f991d86794642f2 |
| SHA1 | 3d9f91a1ed30ea64b9e0a93df159bfdb518d8bd1 |
| SHA256 | bb04689a20c7b5738aff072f8836e8b678a1092bd6c129ba2af0d4dece2a95a5 |
| SHA512 | 5ca8e6d8502c77c98138b687758c4e445a9b126d71465c3209a4a98704757cd10654aa47c851841788af9d540208d4b91a0f761e7ad7487badd5c5c81b9032bb |
C:\Users\Admin\AppData\Local\Temp\apkx\apktool.jar
| MD5 | a15507953bd9b89c2d6570f46fb1f774 |
| SHA1 | 261a8e68c72b0ebf70894c40b3c35176a66d86fe |
| SHA256 | 0e543660bf2d16fe7c543d4034ef505a6ddccb883416c8aa68d1a1d779b057f2 |
| SHA512 | eb519a94a4aecc1358f4a1cc84e03c772d8b59edf8b5e37956a756f0cc2673c5d9d976ad6796543db74cf187763077b4bbcd0519e7f7be845c0e9874d4862353 |
C:\Users\Admin\AppData\Local\Temp\apkx\888.jks
| MD5 | 0d67688bd3cb817c9a81b1982e6db3ac |
| SHA1 | a47bcd0cb4abba424acfbb4f08151c4fbcc77471 |
| SHA256 | 5f732ae6f5cacbb888710af908fedd7f3c7d5d962bd8abff74950debe493cf3c |
| SHA512 | 8c97956498b313291775cb7d55ce5be8cb27986bfb6289b3735da9dc6aea66785ed09c84f46c7981cb6f1fd9669c1177e1beaf76871e71dc44b54077e2c02658 |
C:\Users\Admin\AppData\Local\Temp\Main8.jpg
| MD5 | be12433f18ba620b882a4ac59576b913 |
| SHA1 | 8d3cf7097c9a4b923023ca00e469aa320093cfa6 |
| SHA256 | 3063484738ad7a2bbdf86a1aaa48228a23dcb99c5fdbb1e873ff7ff6d09907bb |
| SHA512 | 89cae3ab2b080782eec1f0390ca797d8852954f1ddffa8b57df5d1b38b44c709f913065bccddcbe0adab6f8e017e1e9c3604a3573fb932f406005e60cbcd6a97 |
C:\Users\Admin\AppData\Local\Temp\upx.exe
| MD5 | 308f709a8f01371a6dd088a793e65a5f |
| SHA1 | a07c073d807ab0119b090821ee29edaae481e530 |
| SHA256 | c0f9faffdf14ab2c853880457be19a237b10f8986755f184ecfe21670076cb35 |
| SHA512 | c107f1af768d533d02fb82ae2ed5c126c63b53b11a2e5a5bbf45e396cb7796ca4e7984ce969b487ad38d817f4d4366e7953fb555b279aa019ffb5d1bbba57e28 |
C:\Users\Admin\AppData\Local\Temp\Aboutx.jpg
| MD5 | ae9d8596a266886b5ed9fe0d006a89ae |
| SHA1 | ddf3d9e8fe1e77f28c2b56d739fc0e52fb2f042f |
| SHA256 | 80127e62d02beb810174845ba32105a38d7dbf6c131e40f8ee92d157ff95128d |
| SHA512 | 0dc0be20ca9b9e49096113d0834a19ccd8ebca48d180da433a49a078d8cbfb74b7f96e14f84911a64f04bcbec14bdda4a399ca9686d362c270d76d150f20a145 |
C:\Users\Admin\AppData\Local\Temp\icox\61.ico
| MD5 | a986050b0dc3726b03127f0405441e95 |
| SHA1 | 7733b22c904676ab13b1a8d73b923ccb15a369ed |
| SHA256 | 8d1eed864978dd5a37aa704253600d4e5a82c03a6474f16692d94d238a70fb30 |
| SHA512 | 9befb84ae6d7b8ff1bd41946b17cfe0d6243c3832e2e99099078842c5607ae3a795e7ac6bf1ff79114b888304a762e283a5711f11e90e6dc0b0bc8a80df777ba |
C:\Users\Admin\AppData\Local\Temp\icox\62.ico
| MD5 | 0be1810b0568e320a711f787c7717c93 |
| SHA1 | 1a243000b73902858b358c3b377b1dca79d18abb |
| SHA256 | fe359602b7c45bae344b35ea49c7f5ca9c7da92f87deb1d92f7a89c0e24913dd |
| SHA512 | 85f525279f86a8f6f210bbda1ce5dd963284a08de9540f10dee1c28c55ac72a021c7b5d2f0f72c5a12cf25cf0dac66485b62c7272d043ad026e2009c3e649fdb |
C:\Users\Admin\AppData\Local\Temp\icox\52.ico
| MD5 | 9a63511b684da100ead73971c7632d4b |
| SHA1 | 3018d2fc9f9a56f56b9bc2cbf3f930130bd5ef88 |
| SHA256 | 791718ab76ba77cbb501cc06f982c097c156a6b74ba7c642d097fdc7cd2d9669 |
| SHA512 | 690e59afaa678cc05bd93638cebf2b6ccb1723c2cec7063caa381f26077387b93dc5ac8af8f9a98487f6af1560d6bac3d23bb526c834b3698405a25ea1b8c6b9 |
C:\Users\Admin\AppData\Local\Temp\icox\exe.ico
| MD5 | 3cb36b157c3da407f8aefc6eade6820f |
| SHA1 | 8215b8c59e39e564dd63d98f1b6b6d3921c1535f |
| SHA256 | 6e4475a4a0c2914c6fcfd60f331247cf3c9a13d21247a9da6d960480e82c948b |
| SHA512 | b8008845d42477d22484c5e92a739193feae961babeef3645b5cdeb527f8c9b0533af1811797f59abeeaeee2639a049af5f7b9aaf25c1fbcbca22f8be199fdad |
C:\Users\Admin\AppData\Local\Temp\icox\27.ico
| MD5 | 23452ed2954152c992316fd596f8fcd1 |
| SHA1 | 08946c99e6fc343158e27ac3a1324874d39612ef |
| SHA256 | 5fa66f6d1ae8f959b539253d13b016b7c2ec7c41d1eed15bdad5e68fe2e09861 |
| SHA512 | f6459931dbc47f6b425e85c1c76ce9bc6f38a17a0a9a2fbc4218384f016826c3a11ac1ace29888bdece1c3b517f569c3d392c3df2e07db9f039fbedda3f26255 |
C:\Users\Admin\AppData\Local\Temp\icox\8.ico
| MD5 | f4917a049ed0c3385b9af0b271fef0e8 |
| SHA1 | e675b9e76eac2a59f211065194bc6ffc2c7d3ff3 |
| SHA256 | 7d4d44ff75d99ce917377e425604526511288a441ff3975c0a662a665d99fbb8 |
| SHA512 | c315c2b6ffc153faf4c956e7ff800848b41cae04388fa9f6b6cedeff0de5f4a114fa7a4ab7494e07eaf3cc03a49e724753ad77b1c3cbb28e293ebb5bbd249142 |
C:\Users\Admin\AppData\Local\Temp\icox\69.ico
| MD5 | dfc285b1a87eeab5d86fff315ed03607 |
| SHA1 | d6109e6b401eda9a985c30d956b4e16fc06a694e |
| SHA256 | 843aa0d8103255ae9fcaafed32a2b163598897b6326b88fb7590a3547d4b7b32 |
| SHA512 | 17a3603ed14b0668b18f2bccf243a2a23f3b5932852b50b436222aa2beb2b10b501a06591f2d4973260ee04c077cc439aeba79f3acb49f4d7b4fa0033e297a9f |
C:\Users\Admin\AppData\Local\Temp\icox\x4.ico
| MD5 | a2cf8e93439bf7ff686e33dac3790bb0 |
| SHA1 | 4977d5270658f12711741fa5af933648aaf8a3a0 |
| SHA256 | 12cd3748f68f6c6e0dac83b193660036e51da487c0f88caef45ad82da77eb018 |
| SHA512 | 796346600322927e98095393b5f38cafeda5310195b85d23f7db2bbc914497c03eb9d03346d68623fe2d0e5e59d092960f07030a0b175264bdd0696bf8e81a2d |
C:\Users\Admin\AppData\Local\Temp\icox\22.ico
| MD5 | afea44624f7eb2f9453b6b9ec2f53a73 |
| SHA1 | 3328e8e06dfa0370d0aef2ecf3e3eed3d3e1ff57 |
| SHA256 | 405470d50d362375b3171cb7417d714d5484512e3851cafe39ecf0ba7b8a2e7c |
| SHA512 | 3b77bea76381a34bee063cb9fbfe66d187dde6781a877d0219c4a90e490c326c4539842c0e34d449201a9ebbdfec4f9b91f8fd28871c3118ae1c1153da104e85 |
C:\Users\Admin\AppData\Local\Temp\icox\30.ico
| MD5 | 00efdcb61d18bcd85ae33afbf330eb9f |
| SHA1 | 940bfe080dbafe393b71d60089adc7803daed922 |
| SHA256 | 806bee7f8ad004f2d375a7dfdaa3ad8f0bfd016e59bb0356d8375ee6a839c0a4 |
| SHA512 | ae359cb42f7d4091725d361a7301b69af1c43d51804ed23b6958a8d16136c9b6c2c47629080d678b4162eccfe16ae842a383a563db69ee272f29de9c77202fb4 |
C:\Users\Admin\AppData\Local\Temp\icox\79.ico
| MD5 | 39200104289093a7c0d1462530613933 |
| SHA1 | 268f46733c1b518a291b2ce2034b7f1846a25cf7 |
| SHA256 | 1ce9584f5c6f79e543f48591ec566a8724f4caf1bc5e32d5cd20a98365781451 |
| SHA512 | 37d3b8967790210d2171ed3dbe34ee2c8bb76bd2fe4409cfe60386786633cb66d461038338a1d1a75a1d7dd5f740391b8dd0442d4f273b8b8676e1860e0924c0 |
C:\Users\Admin\AppData\Local\Temp\icox\75.ico
| MD5 | d57da262695076830f6395b102ad4102 |
| SHA1 | 220b336e64f61b6650688bb93bc3fec3e0278f4d |
| SHA256 | bb8acb038b05068e89426cc9b991fbb3358a54d5bb87dbe5f7e83afb0d9ad210 |
| SHA512 | 5673145fc8b1130a2e46db056fc132a06b27bb9768f39aac783166aa73a0d8ae3c1eddad93539459ef258b8d096f31faa64ccd118994eac7fdac7ccdacffd91e |
C:\Users\Admin\AppData\Local\Temp\icox\85.ico
| MD5 | f63fb17cf8391c8c53f47b785d4125ca |
| SHA1 | a5ba41a7de8130161d25b1aebe3e220429ad1e30 |
| SHA256 | 0be7a9e0cf4686d98a72c2b8ed3c2e54dd6c68e12548b44138762761d0eb9d59 |
| SHA512 | 2101e81828c0cd1cd804a3624148cfbabf6d166b16c7a00c05a2d3a21d50006547e7b5932723f1192a2b512a7f9dcff0c3d85deb89d2ce76782f450752afa4cf |
C:\Users\Admin\AppData\Local\Temp\icox\70.ico
| MD5 | fa0d74fffc254482b4553fa2d111b3b7 |
| SHA1 | f2ce14bec9b253beb7ee8012cef970deb46d8216 |
| SHA256 | afa2256aa1212114ace2c70a9b0e1ff84da142c757e323f5fd0a5508aa3e3b8f |
| SHA512 | 4e60c1efdcf49922527e535ea0e84ee7e75886964fcba57498bb2a279a9e2142649fd7d12d91c0d51569687a12365ca56e321f4b44b4e0b4474c221408a2f9ac |
C:\Users\Admin\AppData\Local\Temp\icox\72.ico
| MD5 | 8566949030e30531d4acb964d9d1376c |
| SHA1 | caec7df69c07db41f601b61fa30b0260c8013f99 |
| SHA256 | b61b3f9c5224a4274cde2f0683e5107898fcf383c248692e5a04f751f4ea13b5 |
| SHA512 | 98a782d6c4fd7cca8c7207a2869eab37b866d90cf7fbbe416a8e3323563ea11c1497e9af4f177f9d088554c282ed1584cb4c35eda494914e8277609fd69f1f37 |
C:\Users\Admin\AppData\Local\Temp\icox\74.ico
| MD5 | 567e9e57f178f8959d88a357cae20da4 |
| SHA1 | e32625c2df235f1f3b588397191cb76c58c8381e |
| SHA256 | 81855740e3f4c3c034916cec19a3c5808bcb76e68a1b33b29a3efbb2d6d10ee3 |
| SHA512 | e759d42081677d937b075350f7e0b7f9c83be0377bb46f64e372af1431e5e56212433cd83bd36e8516043bc42b22bf3360b8fdc6b28e61022e1a75e7a187582a |
C:\Users\Admin\AppData\Local\Temp\icox\81.ico
| MD5 | d45339514602ad87c9e582f131730080 |
| SHA1 | e2d6a0312cc98d0b330d977c4051a2acafad821a |
| SHA256 | df5a2955a48547c74e347733e355e6ad7aabd82ad0596e558ea4feddc7c2e4f1 |
| SHA512 | e56d1d17e69cf4705d7465172bcf45b0b8c215d743a2b87f954a2d6d54173a68edba20d57a314980d48fd2b83213a276b7614735f1dd1e4c94ffec40ae652f73 |
C:\Users\Admin\AppData\Local\Temp\icox\18.ico
| MD5 | 9e8f148a6207da9b2d021c6ee4fce7ac |
| SHA1 | 3c064e658b6214a8a52eedd3858541b234400f69 |
| SHA256 | 9ee6f6474c7e137317db8a8c0bd0e4f653d389e70c723fe5e1d945db66d1e89f |
| SHA512 | 8abac3c718ec0bee1f7cefbfb9b938c253e07b075d7b6ccb06ff5b7a0d2af5063bff90bbad8893550b112532d77a4d6eb44bb35f806aec702a61384711bee544 |
C:\Users\Admin\AppData\Local\Temp\icox\83.ico
| MD5 | 0b41d185c29c196257fd9848d649ada9 |
| SHA1 | 3759eeef35bfd5239ff4433f9e28bf1796908296 |
| SHA256 | 89ae74aafb3113eaa740dcf7e95d33a472de490b3126fae4e0f1ae3e411f1c38 |
| SHA512 | 0c36beadf47814be04a3b1c6a309ef0d887209bf6f2c5b8e2bd54401e4fb1ef8ad7dc7819448087b2456bc53abdd2741a4e6eb1ccc21ba6d59527c822d4d0a88 |
C:\Users\Admin\AppData\Local\Temp\icox\82.ico
| MD5 | f55b31601fcde22392b015233eebf147 |
| SHA1 | 1f42ebefea0e5745f9e1da288b10dfa36d6d8151 |
| SHA256 | 71efc4f26e90149a7934befe3f2345ae880ff6ab335b2c7710a88f89fb210a2f |
| SHA512 | a214bf41a368fca41310f37381bb62f6e323d1882730bdfecc9145e67b07031bc3530795085cfe6fd78836a72b9236d4676018c8ba5091e766c7360f3a487cf8 |
C:\Users\Admin\AppData\Local\Temp\icox\3.ico
| MD5 | fc6e520f9e572ef81a72be6561c7842c |
| SHA1 | c1e693470595ea0d086ccb41febde6ca1be84375 |
| SHA256 | d74305927c5b8b88d023730075e6d37e8b14dda705dfe4bf3d6aa01bdd658cf1 |
| SHA512 | 824d517ca1df64f21f5e2434652730980cd9d3b78a9f5cc7ab75c8df1243c6aac2c3da09aa297f1b1dfa6f2d056b1e380ff350879f0c41b325ef94bcb7140600 |
C:\Users\Admin\AppData\Local\Temp\icox\5.ico
| MD5 | cdee018e88b7a515827c9b7c0afe9c3f |
| SHA1 | ac81088c72f8a0b9ef14b3f5f86a61b70a28cc9d |
| SHA256 | b8eedd84108576669b3ebe1af006a39dbe7b932a5cfdcb4eed8e1028464da24d |
| SHA512 | bd2ec838514cd61f2cda60c94f835543184ffe29985cafcc6887d57061613986c7e2901d20fdda5ce608b8baf25708bbe3abe0e52142565397893e382255ad4e |
C:\Users\Admin\AppData\Local\Temp\icox\88.ico
| MD5 | b402b6e244d9a766c49a08750270ceac |
| SHA1 | 116a1b35e92684451adf2658fb6b80f96349fd96 |
| SHA256 | f56712fc6dbcd3b05c60ba6cff058ce2eba5b7133bee4b8281f24bd218d09f8f |
| SHA512 | 4e9eb2e7612a40d936b5736ba2cb36d0cf1786d76a6b20d760ca43863250e675c2d5016a2fc5da224f8fa59e8d46e80510b36c91632fa5c9a0bad7a68616ff83 |
C:\Users\Admin\AppData\Local\Temp\icox\37.ico
| MD5 | 39d9cfc0221855651e742f2bcb26fe38 |
| SHA1 | 2052654637a1b4dc55e8d5dcf22907fca5a03b62 |
| SHA256 | 77efcc37b21363ebe53395abf0b2d96f25e346562a533fc8ba91aca9bb5ffc90 |
| SHA512 | 84e0cd74b20ab3382dc1c64d824941e5d087209aabfa362bbdc2ad2284766ed0d5099660daaa5fc8ca8cbc13be763f5ed438a1d9967461e3ac1bb87d436f3d49 |
C:\Users\Admin\AppData\Local\Temp\icox\x2.ico
| MD5 | 3f06f7efe574f18cd3ee1d2964d5c1ba |
| SHA1 | 111f9616730d4dcdb2be6c989759004965eb10e3 |
| SHA256 | 590d2da2e475cab3bad9b888e75a0232de51671d0c38de904fa46cead48fb5a4 |
| SHA512 | b3d44decfc72b6d50f18fbc4e3c30c75e26f95818ccd6e7ab28b54945e5f37c6836db0fe00e750c2ecbe1fd8b94cfeb986fbd2ca1281f1aa9dba718d4c7f1ea1 |
C:\Users\Admin\AppData\Local\Temp\icox\96.ico
| MD5 | f75d69d2b846f427d1ab7cba86a8528a |
| SHA1 | 972a889d3f6024ec730991699e500982f810f7a8 |
| SHA256 | ca9cffc2c572f6c2ee5a95ef6fe3b1cb908c58fc84e89e02586556a9c819ab60 |
| SHA512 | f0392110f46dba3b39e3e12eb6193edd901105c722884cf7a9bbde6656d90d0c325978f4d588f13e2bcf13c5317d7ecd9e55baeb59e09472342d3eb910066f5b |
C:\Users\Admin\AppData\Local\Temp\icox\7.ico
| MD5 | 01ab95f8f1124d0708f95020c19748b1 |
| SHA1 | aac1978ca6b678215d4d8e92177e0aef64bd5805 |
| SHA256 | d6fc0ca45f6952907b58eb2a9e2b9614e32d9530f6b74c55a2bf24d8be385983 |
| SHA512 | f059a7737df8750cb6c73d9fe43c823f227497f2cc92a1a67e2e7f2f123b63cf9ce5d0a0db763f1547c5e37687537b5823a32e62e751b4a867a2e77b022ca5ca |
C:\Users\Admin\AppData\Local\Temp\icox\87.ico
| MD5 | 9e3bbd859c1e3127c53b9749b0a6f5b1 |
| SHA1 | bb73e1d6a0868e7cb20fbfe66a3286d21cb07b8f |
| SHA256 | 4d6fbae7d0ee12f43f03316f530afb45c41bfa20c2dab6f0c83f6c9d225f564c |
| SHA512 | c7ed2d9042e853f5e049a6d8ad3ab8bce2753c8945e264805a2b58ac47e98cde778e4653831ec94446ad2ba5ea80699732c0931ebd0168f92b7b96b7d9398f56 |
C:\Users\Admin\AppData\Local\Temp\icox\71.ico
| MD5 | b1fb08da4416f0a48272952262e8d5c2 |
| SHA1 | 9bde59aa32712557c2b70a5a228775b0bdae599e |
| SHA256 | 18e0afd483870931f32ba40118bd17dfdb5d0d54b031bfe5619fe186a9901382 |
| SHA512 | c4e1b78d38d6ebe0f1c90722d6a48c2c0541a46296839498e3c4444cef887f0bc9ca23503352f7a4ef8beef87b2fbf1f3ffe7fae9ce7ac279f221134e7e46dc4 |
C:\Users\Admin\AppData\Local\Temp\icox\73.ico
| MD5 | 10cc2f45ea9d7206a12e6f6868448318 |
| SHA1 | be91d669b06d896b624df10adf685de373b4cb15 |
| SHA256 | a7c16e60bc89163e6af4e9a35daa578fa79aa403d3b0e7365de6e4a7b20de814 |
| SHA512 | 812aec11e9276602c82bb1b63b72476e5cf0dee709c8ae1e58b546c90c334aa20b0aa832878b34f2f071395d22b8230ccc279dd501cdcccc6624799c33571b3e |
C:\Users\Admin\AppData\Local\Temp\icox\14.ico
| MD5 | f0e4fc7c06d5fa1583cac2f0deb12224 |
| SHA1 | aa49e00fb539c8e779f2c872be5dea336dd0c31b |
| SHA256 | 4ab4a23dcea8f8761457943efb361ae40f0b6eee0704169bb0126e919b43735a |
| SHA512 | 4caebf7376ae66c3ce366f23858240754ade53e1934519e1bfd5e9c6cfa0dcd5eba5a534e785d1a88e616da5d6d29e40ded9fe48ed2714ae0dbdd43de37b722c |
C:\Users\Admin\AppData\Local\Temp\icox\17.ico
| MD5 | 0ade9d66c7ba89e6350a416b2fdf7454 |
| SHA1 | beac7451257203f22c19c73ac99a26cdccd2f69a |
| SHA256 | c72124fb97774910357433a7eedbeffeff9dda4f0d2c331cd27e6d65f20e4f6b |
| SHA512 | f4d1d153e0ae3b7b7fc2f34f9fc68ed0e0886aec81aff0aa19ed75e91987e15f08d05753e43c399e58578c8d65c4f91af762b2ff7e869d9a7533476ad0d5ff7c |
C:\Users\Admin\AppData\Local\Temp\icox\21.ico
| MD5 | b270c6b3559e9274874cdf2b7b727da1 |
| SHA1 | 16358c1e8054ed87a7fe7f82a2af6bff2da15e2e |
| SHA256 | 0a8c24a630aae926f191cd020254b31858b907d91b5804733f01dc60177b629f |
| SHA512 | b1ddde9843e2af20fd66e2e6e9517dfc9f7f4cb5b4fba7b371747bfb60eec261c3a9508c6e12b06db46f78e4ab23d0faba62a056c6ed794c7f17b238e6d80c60 |
C:\Users\Admin\AppData\Local\Temp\icox\1.ico
| MD5 | 2cce963c91af1bdf27cc3b9eb7190cdb |
| SHA1 | f62000f632e809a3be8de80550c8d4c540b3b39d |
| SHA256 | 968f03693dd26755217820c00c5e73c77b204c87acd36f99292679837f25ddda |
| SHA512 | 044dc595fad2aa0fc09b05fd12a6194b2776fcbe8b5ad1985b1a42519e0df7f09cf3c37f51ec20887ccb022ebea7361ba852faa58f6d9d664886935ba007a0b1 |
C:\Users\Admin\AppData\Local\Temp\icox\2.ico
| MD5 | ba4990532d8489be0bb210d34c0935ac |
| SHA1 | d5b6c32dfe1f2e5ba1de266d69869c9377042080 |
| SHA256 | 87f6558c9a45d6dab4db091861f4226a2efebefeda5c15271259adb2f82f1ed1 |
| SHA512 | 19a0bb35762fbf9b6e06f4145eb02028ce396a6eec4c8067e40e3b407393c66555a5278a10151d30d318bb82b02764e4fda1269823cee80026d01793c8431ce0 |
C:\Users\Admin\AppData\Local\Temp\icox\20.ico
| MD5 | f1c4fb2bf221f8effb42ac9bea78c8fc |
| SHA1 | 8323c98cf293c118f8403cec7ac23c6715e4b1d0 |
| SHA256 | c82a653cb26b89eb4828b08e2d5175e42cf5e3506acc6a7b366e2f79fccd9ee6 |
| SHA512 | 85d72f5dbade808e886dcf94f95de01da9cc8fcb09b0c97ebe14a2ed4357f5f10905c9045cd11f7c6ff13f4d4952527c97b867e112a5194c0c095370e4d7b3f7 |
C:\Users\Admin\AppData\Local\Temp\icox\93.ico
| MD5 | dbb8770a5496b12ca3afafd819de52a7 |
| SHA1 | 815f448926955d3830be5956a3a9fcbf1c0b0d69 |
| SHA256 | 80a9699f1fe5e676059b2bf0ebbcc4426b520ae1f312b964ed07c3cb082f954e |
| SHA512 | ebb9efaeeafbf90c1f9b082d5ecb82742e45023bf7814aec4e91df1570e216b1727aeb9906b8e555bbf06d4b79e5680fbb64dd4ed0e26f3315e897891e1358a3 |
C:\Users\Admin\AppData\Local\Temp\icox\11.ico
| MD5 | a999bd85d73b4b4581350ff5f6c28d84 |
| SHA1 | 0dc32cbe11badb57ea39f434f43ab035a432daad |
| SHA256 | 6418f9a87c22029f8bbd6690d30bf845e5852d3a2ff2cf7b72ed3e34def8b25a |
| SHA512 | 882738cbd3437d9d965c2a6ef1db1ed8081742f9a042611cdc85d84b39beac4d90f7cd853b54e509b0c5411bbc032e3869601bb908eebf8bbb535a562cf5d6c7 |
C:\Users\Admin\AppData\Local\Temp\icox\29.ico
| MD5 | 6cc5d6ce7ab7ff9e60bf41b0c744d500 |
| SHA1 | 26db6f3d7e25e1bb87a1b4b30334cce64bf65a8e |
| SHA256 | f9d2910ccf7968e7b90ade1f86011f5185f8f3830daa99f8fa7420410196e76a |
| SHA512 | bc302189c7697841b3ab745939f7b0a032cb2f02c79d6309a8f1fd505583009a413a800a35f9313bdfd2d1d06b81829e171d9f0f126c22ec002c4e76b63337ea |
C:\Users\Admin\AppData\Local\Temp\icox\68.ico
| MD5 | 43d833c221ddb26977eee5ece969aa00 |
| SHA1 | 2a97892e86cd024bed8d34a477b2bbaeb70acab6 |
| SHA256 | 52d6acfd37e8b9921d704084d4f369f9d6e0cce27af0dc4c1319a8c09c210888 |
| SHA512 | cb1667798dd72df007d64b716cf11e163eb17e7dce86f8b22554cd161c8a333ffd7965d723c7c0ed6f7ea5b0dd1ccffc39a103af2a68fc50114240489615f687 |
C:\Users\Admin\AppData\Local\Temp\icox\92.ico
| MD5 | 8800a0755029187e2442a01e5bee0cb7 |
| SHA1 | 617e250e9ee33034932a0a11c491ec0d1f224394 |
| SHA256 | 9c9a9b3396e6f63a1d59c18d1c088732ae67f91d6a2c57940cb0ba672d2989ff |
| SHA512 | d290a8a489107732ac4922aed790f9570a68fda24cc7beb60543d2653319f9c16cf3f7d4ccc81693d8829498cb266cb2625fe29282aaf2d5716f98e7068bbc37 |
C:\Users\Admin\AppData\Local\Temp\icox\95.ico
| MD5 | e483e8487915ffeafb6a691e6fe07cf9 |
| SHA1 | febec3520f07fcc548b842601c595cfb795ab034 |
| SHA256 | 4bf3ee92f1fafc32912ea3795fac35853f540ceb5cf2a4f3d59228a4574547d8 |
| SHA512 | c610147fa0cf3f71fec7231d2bee7c67c925b82c7a6c31b6596c84bd4f801d155f814670195208245ac8d5890e86b5f0627f6ce95de26bd013aaf16b7d13cfed |
C:\Users\Admin\AppData\Local\Temp\icox\94.ico
| MD5 | bc0b79816dda82e0ed2bbe06651a76b0 |
| SHA1 | 8638f9b95bbd211f079c806171d635ba5e6159c5 |
| SHA256 | e0ab73553d95bea92db70d6459df69d1ed61808725c58a5c448a53ba9a0684d4 |
| SHA512 | 9efeaf1094da3b8b4c853e1b651725ad7310502c2808a09f09182e3eb4fca16c7d20144c5530cb637ca39bdc1bdf4711222b32aabb5b12c8a260a143ad75ab85 |
C:\Users\Admin\AppData\Local\Temp\icox\55.ico
| MD5 | 1fc8308ca52fd830995567b90ba112f4 |
| SHA1 | f82f49df02b99942fcaaf79ec4a4bb2b5309d4c5 |
| SHA256 | 133401f235f341ff052da8abcb125b41295345a88fa56b9ff3b1f941155ba153 |
| SHA512 | 33af3eda2b2810c1079c9b37e785a4d8b47273bd7472948577dca4b0ea356c03f0bca5ddd72405dc92e5e4c52cdbf120825c99f72b9fe96e3aaac1a612e0ba21 |
C:\Users\Admin\AppData\Local\Temp\icox\4.ico
| MD5 | cce930dd59860fa4db3a5f63f4f45afb |
| SHA1 | a8ac28a7e703c22b992dc25c39e912476febd8f7 |
| SHA256 | 6c5588c1d2fd9b34ed6e5dc485b3786087de2d7fe9deff7736862683c788dd9b |
| SHA512 | 9ae642a63f2b22602c74a59ac3b9f3706486f2c60bf5d470c9168a6b7058f2274d3f9adbe5ae974e697a2bb24eb932e815f4d3c3b53a6cf29590e97aa3313483 |
C:\Users\Admin\AppData\Local\Temp\icox\47.ico
| MD5 | f4bfb77838fb8388dba66858ccd8e9b3 |
| SHA1 | ec3ca9049faed0518e6b3df35699559501fb7fda |
| SHA256 | 5efa36fc642eeb5e4b692534edfa52eaab507587c538be69cbaefe1eba66a813 |
| SHA512 | 4eb81b34d5d6f78201b24e0209058e77a3bb7128672a4bbfae4e3448fe2c0032289ff672ef716e0b0ff86364c911ce62e82d8aeb63f1c66c91b468f3359e0ffb |
C:\Users\Admin\AppData\Local\Temp\icox\44.ico
| MD5 | dd3188d0832993f9464981bc1fbc366f |
| SHA1 | 2da1ec19dc08d8c721a37c5f76026c507299df1c |
| SHA256 | bf6b25dfab9426188ee4263fd7f005af9e29edb43df9e4166e1aa4740e1fda45 |
| SHA512 | cec86d2399b3d5016fdfb79e63747263b5ec647b9afaead76894bbe51ce2ab40891c30eeafbbd023dee3774d9b57286bcb373a45d7c64941178de6302b94c6cb |
C:\Users\Admin\AppData\Local\Temp\icox\45.ico
| MD5 | 6d66960cf90befdfce9a60aa826b9f11 |
| SHA1 | 93756b6464cb7231fdcbfcd8bacc34da153a888e |
| SHA256 | 522deaa2513c30200f2ca182b45e797abe5d0eded9805b0f7183fdcdddcf5359 |
| SHA512 | 84b534e50c8460bcacad4d1603c18f3c0f64dadb7a345bd11a54d5035181d6bf19c57461a21dba28876fe2aa748fe505866a9aebab8548d52c6fb1d8b03a06b9 |
C:\Users\Admin\AppData\Local\Temp\icox\46.ico
| MD5 | 6f1573c8ede4580db8f1e23662808095 |
| SHA1 | 6d31617f2d7fb78ad8361c10fe4d4756b8e6f533 |
| SHA256 | 3965c31108363543029c7b79c4b5176ff733a94ddb6b48461b3589dccba77ba6 |
| SHA512 | 329c9495c836f26e867509a1c6438640142c11349ee2db31bbaf04452e3c8959d93199a660076111dcd84301d5dfc4f4177129112292f7862ec41e1acf3d9eb7 |
C:\Users\Admin\AppData\Local\Temp\icox\x1.ico
| MD5 | 1bd029fd57aa9c8d9dc3baf7301d1376 |
| SHA1 | d423b9518ddccd82251f9c26167ebe4be2c79e7c |
| SHA256 | 9e1af26da4e40f63234805c06f5b5d5f13c03cf919ed37b4eadb90a1ad42870a |
| SHA512 | 9a211622bb63230f3206cdf30c12933988815e5a0b8f3a70def062a5d0f5928e86c7f7a08aacef442e1269ab507920021d21ec022085443631e7ec721c2f0b4e |
C:\Users\Admin\AppData\Local\Temp\icox\64.ico
| MD5 | 4b38d493840e82e4777feb9a925d797f |
| SHA1 | 231fe445d61b140db744bd917c6be032a6848795 |
| SHA256 | 890f2ce86ab7ce8f2201a0e05f54e41dad65f2c80c100f790b6d2f99a08c92b4 |
| SHA512 | 8fa04e7b270f067432af71b77b8a2098f24ec5925d4a2ef46c8bd2776f038bbcb935531b1d388dadcba380710640e51b2168d6b25d5f81ba385e3dc86fcc5178 |
C:\Users\Admin\AppData\Local\Temp\icox\65.ico
| MD5 | e6092bb7d5992b698beb1978f02f7c8c |
| SHA1 | 21395c0f1fcc2789b766d753bda8a03c08446813 |
| SHA256 | b923708c670d4a672ac9b73398e57b68f444f0dfb050cfda3f08f045aa97823d |
| SHA512 | 9d15ee7dfe09320021a21532237e7876036a5b36843dfd19086c89dbac7e1fc4f140b0a1a0ab3b1b0a5175585955074fdbb85094e64b1d51877bbd10156dc6b9 |
C:\Users\Admin\AppData\Local\Temp\icox\59.ico
| MD5 | a4a6b8fa8d63d476685aaee78e55cdbf |
| SHA1 | 7508b141fbacb36a55a336a3bcc987a85afcf6eb |
| SHA256 | ee13114152787e5a2e1c11ba20d3a76d9032e370ac35cb301186342538f7619b |
| SHA512 | 4702881ebf38f247504abcdade35a2dd6f39cef14c84b2cfc6d6a465e122f661d55e2ceba7192f4e5d41696ff07fbf109ed1cfdb28e25f73a4da3326c81156fc |
C:\Users\Admin\AppData\Local\Temp\icox\67.ico
| MD5 | 7ac0c793bde899b9f59f7b99b24c3822 |
| SHA1 | 54d8104382640d71223b00da5d7bb4eb8ca3312a |
| SHA256 | 2acb86cb98c9bd49e83e06c895fb8b2e93b5e279bd58c4b0e572b3a11f1455e4 |
| SHA512 | 132edba42e7ea58787467021a541706ac189a291d655344320f4d1f588ccc225a2d0a591643b06b4fb746e58ac59ff886fb1ad333f56ac806e18b9beec02bcac |
C:\Users\Admin\AppData\Local\Temp\icox\51.ico
| MD5 | 3520df2b7b2e6766cc05a6d341f7ae2a |
| SHA1 | 80d8e0b8d513712475947e28fd9f75bbea7947fa |
| SHA256 | a032d215a08c42cf3fed8b88913ae71378693b79b1b134f8421e44c33e3c7d25 |
| SHA512 | 5b401eeab091c090cc827a04fa3961b1f6eee2fc6e2096f74033c7f9f948c1d04a07d07c5e393a5f141e6768bedc095463e61f6194478171873d55ae647c6953 |
C:\Users\Admin\AppData\Local\Temp\icox\53.ico
| MD5 | 1b49a30bdce7494acc607a88251cff6e |
| SHA1 | b3cbef4d7671685fc6186d71d43d7fd4c0b0e9c1 |
| SHA256 | b9e9ff4722a010c0be28f355f91e76b810dfa6114f3a3e4eaed0cdf6139918f5 |
| SHA512 | cc331dfbdc2a7fc14d92d6db39da99f18ab06c8d089ad3f3b5ba988f688e23b399e18b37b22f06d303ea5cab0fbdd91322ac0a276374d7abd238051479731d18 |
C:\Users\Admin\AppData\Local\Temp\icox\13.ico
| MD5 | e186984b9709033d8157fe3241b0cd84 |
| SHA1 | 115b80e319843e28f5b64bd6a41e37e42bd1a650 |
| SHA256 | e5199e77a3ae5f6958e3a332cc05a466be89ff2d9b16566f09ae8ed5ff49b7b5 |
| SHA512 | fc58640f6429f2227cd3b7f4e762a7146f05dfdedbab1beab8a73e4e134a19be2e97d4b7c17608012c8e280f11999726eb40426d6e27952767444d15afd439d8 |
C:\Users\Admin\AppData\Local\Temp\icox\32.ico
| MD5 | fb1997a04d345db40d29c96407221f48 |
| SHA1 | c47ab72c484d746a059d0702244cee8c9080db11 |
| SHA256 | ebf7061edf66129c8e7979c65bbbb05e56d36c74c18516bd72eb1cd76ed2e5ea |
| SHA512 | bc2aa3d188a6532de703370e6593dd3ea04b2d064bfc1633bec4efdc578a58a88df7426f46e5abe6e4b4a993a419460c652d8927ea19721b20f0a2290217332b |
C:\Users\Admin\AppData\Local\Temp\icox\25.ico
| MD5 | 56e15d3955dd24e0d2bf19dbd9972c49 |
| SHA1 | 157e1e2b405f83bcc0e269a2945dc44c884e815c |
| SHA256 | d8aa0847deec7252e01f511eb718f4ebfac993e4b08bd072041e238d53c80021 |
| SHA512 | 6412dfd8d67da02c02cacdd995b9f9ed2b43ee471de577041b5a06fe99b7e887af918c8c1cb3258668f1dd33ef7b5d5e0da1082d444666e1148f77888ac42203 |
C:\Users\Admin\AppData\Local\Temp\8x.ico
| MD5 | 041b82f3926211e086c61bd86354eb51 |
| SHA1 | 96a8054dfaa8a4204dcf315f7a85cb85c1f87466 |
| SHA256 | 0c3330ef74e12e2005b2e4b6abcd7f35b53b4a21389a28330360ae1c7f2a0474 |
| SHA512 | 245c55584a141e6e51dbc08ca645fb720e26b1751f224f793893427b6a871eeb903ee8b7a70a4bc5e360d8cdf0cb70c1c22d0f3416b98ecc5b6fd21131cfd567 |
C:\Users\Admin\AppData\Local\Temp\icox\12.ico
| MD5 | 95625cab932069ebf696637038e31f7d |
| SHA1 | a749037165a050bba2a84bb233ce34ca653ce297 |
| SHA256 | 8dcbe83961dc51cbfa57b3d2db33054b20ebe94c74eaf89b617fea421846baf6 |
| SHA512 | 30ffab34e9c5ae067f90b1b6fb0f0cde48273961512857e9a75f4e94e03f70d8199644a2f1b59db2a9024c9803c50136a636745b7f3fe5a9894d51248e6dbb96 |
C:\Users\Admin\AppData\Local\Temp\icox\19.ico
| MD5 | 4a605bd93fd0ed348c447b930bbac289 |
| SHA1 | c9436ac203ca8f97c7d9be75392fe3bb9c4c2da0 |
| SHA256 | b59611fe0cf976ce2a3a9a2c7e89c3ec6df02b6889e522a6bbd6ef38813411c7 |
| SHA512 | 868f78856a5130b9ee2d86de7f23b135579010dce6ccf099b180bafc460cd21f4c376a726e1cbc8e533618bb8383ea3031acfcd6c975a37437dc31cb2b40658c |
C:\Users\Admin\AppData\Local\Temp\icox\6.ico
| MD5 | 22b8248bdbb230f02d5c9af9eb1e98ab |
| SHA1 | 5eca3727009430f070e47894577740bc2f04bb57 |
| SHA256 | 8ccc40814a816100e24c4467f0357b199daf0d5328511e3f5ba81f64f4f2bd8e |
| SHA512 | 30dd9ea4e12c406579904d4fc6011322d108e7124408d10b269a89f4683d0043920a6697c5b55fd1e687d0fad9f51929d5637d16bcdab6ac2aecdc256ae93804 |
C:\Users\Admin\AppData\Local\Temp\icox\86.ico
| MD5 | 9af4316b05ca14a4ba71c029f28b272f |
| SHA1 | 5269794965b61fd79e3d0dde5cbdccca0619bfd9 |
| SHA256 | 3988873279af5a6999c22bc50af504afe767dc0d975e1d67007e6e98f77317b2 |
| SHA512 | ba33593e56c06784aa6af51622323ee2736c653bd40e419d8a60ce6d26392cc2c9733f95c13bcde5d1201cad5efe8e3ef27c0a91c5e40e1307ad2f03737795c5 |
C:\Users\Admin\AppData\Local\Temp\icox\15.ico
| MD5 | 311d930c6095cec5a4d422f18cfb10bb |
| SHA1 | fdcf23a1867870dae072bf6b996e04f1417a0abb |
| SHA256 | 7c9fdaa0ef85c6816863a96446854aa92f9db5a48f217f67f165400e867ecc7b |
| SHA512 | 0c396c6da02f53deb1539e1997a82c583c84e4359f32c964221c7116dbbd32d5f6b833a28eddc09fab9fdd1240ca6dbd7adba93d341c49d2a2327c1f061796df |
C:\Users\Admin\AppData\Local\Temp\icox\16.ico
| MD5 | bbbca8e90d2634e88934179890c20403 |
| SHA1 | e131a2f709f872c4eee29431bab59454fead7451 |
| SHA256 | 19c7ab3095cc81f5b45b9eb7ce8c032560c2d67be377ef5001755147595eff59 |
| SHA512 | f3d0a29182f799733e144454bcd3d5836d9def5b05681b03af1fde2f1531a2bd1b3ecef2719c789f8fb6a4eade4b87e5f7b34c602b373c88b2f75c61113e7e7b |
C:\Users\Admin\AppData\Local\Temp\icox\x3.ico
| MD5 | b4a3b86f4df8d2ff2d0f9b16d3462a5d |
| SHA1 | 6dda305a43068512e46cbdcbec5a588594ef17d9 |
| SHA256 | 5dc135360443fbeb8cade2d1a5e545666062a46b3aa883d2df772b4bd1eb25f4 |
| SHA512 | a6daee4b40e2b0a97780bb89074bd536a6ea4c119cfef4fb2c4e3a5772dbfcc15a3b8601067add1c06567e3b4e3f00241e7945bf442d205ab05eb282e750a5bf |
C:\Users\Admin\AppData\Local\Temp\icox\Andx.ico
| MD5 | 8810d0a8065e21b947907d708a5d210c |
| SHA1 | 6af89730e51c89350e3d96dd3f1cbdf610221760 |
| SHA256 | bf5fffbe199e40280b4569b753b321e9791ceac63caeee295b18f83cead87ebc |
| SHA512 | 769d19826613a60afa602dd5f96f77921ae294e672944d452cb5b57d9b5c641010e6bbf81504c8638d9bb121343c720382e6ede88e569cf8fbae79fe47aa0649 |
C:\Users\Admin\AppData\Local\Temp\icox\Winx.ico
| MD5 | b2e99782b3e89bdcbd7bf3f3e22d5a83 |
| SHA1 | 95bb305232814fe142738306add8cb48bb9b2331 |
| SHA256 | 5e9573e14190f0a87312ccc08d34f53238cd3e9def5e5c1e117173378ed657d5 |
| SHA512 | 19661144ee0f84ffc4736296fe005b75ea1507dbcceb9d3a0572c455eb145dceda90b3d89d64f754717a25d59a5f462dc8a1afd56b1554e094b83e3ac0e7b685 |
C:\Users\Admin\AppData\Local\Temp\icox\x5.ico
| MD5 | 79112c4db794989d2a80f404d4cfad49 |
| SHA1 | c6ed3bbb79370ffbdee239399604e9caf6078a75 |
| SHA256 | fb86dc6167356f37d176a4fa9b82857cf8dbb07ac30760ca5eab70abd6ee99fb |
| SHA512 | 81b3b7a56941ca6371f158d720dbc08469d125c10ce697fc8fa8b1bfbb4a51e4ce0fd6fbfd6b0c14bd3c1340e4f9c47ba60c7cf1f2e493803057e6e2df87aaa3 |
C:\Users\Admin\AppData\Local\Temp\icox\84.ico
| MD5 | fedc5e01214302cbf6214e534bf8501f |
| SHA1 | 8a9a11816feb70a1de1a805bca6576e40b141d36 |
| SHA256 | bae2c2ffab1f786cc71713c16979619a0483bdadb70d15ee9cc1499a24b38ebb |
| SHA512 | dbde154bb577a8d4f697151814b7209d052b5d4a6933aced1ac8cb1f4f55dc830299f185589840e9fe4c3e8fe3212c780158a609aa8d7ece82cb3a471cdeb933 |
C:\Users\Admin\AppData\Local\Temp\icox\54.ico
| MD5 | 961b8ba2720ac1975dba55f2b42669c1 |
| SHA1 | 948db30b21365f71227d9d44871fe5e7ad2524b0 |
| SHA256 | 92b59a3ee236d2bf4ec4029fee6a3ead16e70cc2c64fde75f16a2e7a4bb03e49 |
| SHA512 | ceed52b88466a18f59a44dd89578446b66a8175778b1065a4f1e04a6676718dad8f3805faf6c2e17aa2b4c291b9b0bee37c3cfe1252bf0d6d179517fc9dc7194 |
C:\Users\Admin\AppData\Local\Temp\icox\conn.ico
| MD5 | 24b174ab2c06008d08d97095cf451825 |
| SHA1 | ed2bff7f92b52086eb2c7d3619fed1235e09249f |
| SHA256 | 5fe6fb8c6c919d7f47d25b25633349d07d9462abbccefa7f795182fc6da29245 |
| SHA512 | a30f1751e9dbf984799cea90f65e329b42a7fd22cecfc8ef2c8a26e94391b972b7c1bc54edbbdb0e4b1741e12b1c4e5140f5edc31fda47987eeda9105304aca5 |
C:\Users\Admin\AppData\Local\Temp\icox\clos.ico
| MD5 | c2d6fe84307f5c51146f110351fdd0ed |
| SHA1 | 767c22dfe807ef0f35df25b926e2942984f63633 |
| SHA256 | 775bc82a4595259d3cf0208a21b7fcea362678a6ee83d9225a45cfd076393812 |
| SHA512 | e15ab6f3965bd8367c0767b62019005304045aa423051d7a7de0f9547894b8ad15be1dfb19f47fee9897405722079d7b1927651948da6232061f29240b233975 |
C:\Users\Admin\AppData\Local\Temp\icox\x6.ico
| MD5 | e5287a2b0a9d7966fd05e4292c7959f8 |
| SHA1 | 620c0634ec7e110fb0d36ce64b0e2ec8ced893c5 |
| SHA256 | 0361794ee6867fdd69b6ba575f08cbb90106fe95ba748c625b3e591274e3fec4 |
| SHA512 | 1fa3dd1d83de04acbac12b25e820a11f92c49c7ce1e33d07a538d44bfc4a28c1a11ca882519dd0183d9c240b7420143ca9483bc4c085b4199961ea83187c46a4 |
C:\Users\Admin\AppData\Local\Temp\icox\x7.ico
| MD5 | 6925e91880f2cd365845875ce6a37748 |
| SHA1 | a94488a5f9f2139fbebd5e4d751c43dfeeea7834 |
| SHA256 | 8863daefa37b15b7e0e461b4cc3cbac881624e9d60011e1fce0ce2eff63a7425 |
| SHA512 | 142794117aaf6f25925fe4fb4bc5c937d0b12dd41d4867700b6ea8398af3a85d3148a71a668f32cfd230a87c231358113146527946301b42923cec43a58a8fbf |
C:\Users\Admin\AppData\Local\Temp\icox\60.ico
| MD5 | 1e2f8337310abec7e1697b11fa5b5c45 |
| SHA1 | 27b42e545cc953aef27891d15a795d0240fd01b1 |
| SHA256 | 6e7bc8640eb3c9abe2812315ce0856b25c92867db899e402034190ba276d7c40 |
| SHA512 | d0bfbf88c30308f1f5aa14d3560ca39fca1b37b6671052963dd5044a709c8cadffdaedfb67657a1f5bb790ab3d4ade9033a905e1b5b4447d4a5f37a96b3516ee |
C:\Users\Admin\AppData\Local\Temp\icox\90.ico
| MD5 | a66aeab5ee034f37db661e257d7c22c3 |
| SHA1 | 2261b9522f0f188880d7ea676ee8294046ef2ce1 |
| SHA256 | a3cb4787eb264362bb3f81f6d517dba368b61dd64fdac8386403e9f4b0688561 |
| SHA512 | b084ae6df9744a9c1ef76132b0f08388f0e6b922ae2867b5baae08613419534db109c1670cf7af87a5b3afe665a2e8e5c616e9ec7afb7c677d79d613380a8d21 |
C:\Users\Admin\AppData\Local\Temp\icox\89.ico
| MD5 | 02f52d1e96c7e481e11a77e88360add4 |
| SHA1 | bfd1d9fa850e9785e0b1d5ec47982d7867112085 |
| SHA256 | e0348427f75643ccddd6b574a2dce0ccc187b6128d41d80e61457855943af155 |
| SHA512 | 82c88c6766826480268fa1dbdf642f5776a9b5e9a9b52f40abe8292db1e258d1e35806cf4043259e3cc02a4b81fb0684e429a171247ba22b9908837cbfc0aec0 |
C:\Users\Admin\AppData\Local\Temp\icox\63.ico
| MD5 | 0c8a3110c46b7cda78cbffd904137f19 |
| SHA1 | bbe31e7d31c8bf3b9a2c0f3309e0bfc0310fa4d4 |
| SHA256 | 6fa04c6bd615974e6b1bef2a28e3c077e5a153ecaa5c7baedc306d8fefaec0cb |
| SHA512 | d1533870a6817c3e666bce7e365626726d38c4273dec83b558d910e0a8e496b2cf83e45c4cdd77866de4470a3d1ecf354877637cbf395ba95b5adbe2cca73a66 |
C:\Users\Admin\AppData\Local\Temp\flagx\--.png
| MD5 | a1abca128c38ecc703b6290890f1e44d |
| SHA1 | f83b3a31175bda3035ff62f11452d6bbc597140a |
| SHA256 | 799755f26c6c9e1909d44ae07e87d22f8e3fdb3540c59a981d87ecdf3ed01aec |
| SHA512 | bd1697bc8126f700449c97e4479701c7520e59a0ce12851eafd5c2340775688233b64c01946c0168edcdec6050c44d388c7610401bda0f066ec403ee758f16a5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\20573
| MD5 | 92595de28e93246d9eb252c0ec1ce388 |
| SHA1 | ef1d4f60d000fd96b84828353b7fbfd0d3a1f366 |
| SHA256 | 5e0a6a86f9b88b1b20822a0dba17f2f935ec8c6ba7f5fa79f02741198cde0e8e |
| SHA512 | 72b929e535c2813c4042d89795dff3497945ae02c1629ad6b47d8cba8575c3e16e1451d64a4905aaefbafe415ce4a06d5640616b424ebc6eb7f9c5883d549412 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\A0031F16DEE7C74394C65A0DABA19BBC0D2DDCA8
| MD5 | 1b6becdbccc3a4acfbc2c1a1e61c11b6 |
| SHA1 | 990485f640af80d7dd3b4edcdb1c1f189192cb7d |
| SHA256 | 9c987f315dde7392a7bb8131c066500149c7ba824e87df6b2906eb3d660277fa |
| SHA512 | 1718f35eef48d794f4bb2115aad6c68baf94d65eb492a8fcf47900bb8a9a6b79298ccf2f59c3596c72c719857ab1b3fac54a1bd513b42c7cc00a56b6a1ba9691 |
memory/6480-3532-0x0000000007F60000-0x000000000801B000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 807cb0c87c0352950b32f00f1b91aea8 |
| SHA1 | 3d9004a61ecb3edb3ee069a9f08c9c5cddd8f47a |
| SHA256 | 0380cbad31a3e2d56031c7bc88f9a73c906faced100a7c1784892eee19eaacf4 |
| SHA512 | 5eaec1db891e367bc65bde26b9ec2d2de41048264d9e62e3042b66f49d5acec889406e2724ace2b1fb98afa9cb836b610d15cbb30a8fc0203d0a83830b419cb8 |
C:\Users\Admin\AppData\Local\Temp\qmbfpnl
| MD5 | cfe43c7d3f68b237f110deb58cebfe50 |
| SHA1 | 634e7bd159679865d11fc4dc02362a95ff74b1a7 |
| SHA256 | 04d4355a401c00daa6cda197bf4af180014426ecba2cd878ab07e8510088314b |
| SHA512 | ef40d2169a90145829231cdf9c2eb5443ec43bf08e1ff81b1bcd93cf3bfab36edaef01d4359425b2c957fe4c2940af87b579be380dfad465c83ba2401c1a9c53 |
memory/7596-3590-0x0000000008060000-0x000000000811B000-memory.dmp
memory/7596-3591-0x0000000008060000-0x000000000811B000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 3223cc7da36bf1a1bace26c2ebc35d54 |
| SHA1 | 18b14ab2974051029d62fa3aec107f3ddf449635 |
| SHA256 | e074a23076db91bbf18c2222b339172655e2bcc94b8682e4573d38d530725820 |
| SHA512 | f50d3e40d7cf172564aec634695b43f060e071b8d1699c9e040d6924785f95c66c1fc056fa114ab6a7b4bcf4ed68336f956652341b42924ba1b514fb3f7745dc |
memory/7596-3824-0x0000000008060000-0x000000000811B000-memory.dmp
memory/7596-3825-0x0000000008060000-0x000000000811B000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
| MD5 | c4a9eec94092059b48d5242fbdc43f49 |
| SHA1 | 8cae71109106eccd751b7676ef002a4d9adf909b |
| SHA256 | bfc77b2f3439c7031a0f02cb4f2b8b8c728d90f0ccc755ed87fe7fc4736a8224 |
| SHA512 | e5aa2ed543bc30ee212e205ec56da65a9fa7cdd01827b6ec1e8893033e8830c39b643888bfe507cde2ae08af55c96caecef1db3be45904ce5ed123cfd6efd45d |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\PJ01GOKQIJ9J3X3XXMTU.temp
| MD5 | b9fa87fd74d43773538cb563e1e1366b |
| SHA1 | d1384a9b8f72187b84b59258835dca08808da83c |
| SHA256 | 551f7375729770273c49c5cb2201217cd809ae14dce08b57a18c3be617e013bd |
| SHA512 | 5128af8ae642f4a789416dbbd5e4d04229e43cac135860bcfb520254e7201daa5f581e780aa2be3cbb5333478cc1cedc5abeab248d6690eedcb2ffadc73bd9c1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
| MD5 | 17ab1d0fbc10fcacaab73eb0cf113bcb |
| SHA1 | b14a77a3e342f33215b601dcedde98f9381ec4b3 |
| SHA256 | 4fa8d462ba014835bc13de944e635f81a1d234050e2edcedcfb11c0a159ab888 |
| SHA512 | 370f7a7da3b1f6bbd527ebf2149bc8fcbc31165f527d69db471eb1f4691c4025953cf3036ea26e8e1a507b8fbf7f61179522bff34c1b552197bf4a82cbeed069 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\D01087F158ECEE7DAE51C65C57181DCBADA87D2A
| MD5 | 695a7c74c8a3f1578561bc235c82c946 |
| SHA1 | 69bd44429d86eec21fc5c72338ce9a84a3831011 |
| SHA256 | 33b5b6021fe9024668f3c2eee555ef798c76ea39e61505a3e4ecbc6025566739 |
| SHA512 | d72fecb1bfcaee1b82c926762ec76fbf299a7094396d1fbff2865f8df21a89cfb40c9e0b927622df23e3ef878a1c6cbf5f4b982ddcbae3aabff6d5dd2cb882dd |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\7A34D85F7E89B903C3262B4668A550CCDC08B849
| MD5 | 4d4d5848116472438193073508ef6e53 |
| SHA1 | 6c1a70576b448b5c00a8fc7801f75c4473f2736f |
| SHA256 | 80a998c4966f3f17f0405e8ad3790f24dcdf9f7458ed4225b45a345aa0ed3c4c |
| SHA512 | 285ab6f9900cec4b82dbf8b9465d433fa1e552e4e9ce785c9bb12bb41dc243c5ced7b1e0986822dcbaf10528d5356c2cdcbd1787f9c71e1c85a73c45a46668a1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\AA08766118A0CE10FA26C52E15B47A704F25E26B
| MD5 | 0514663c9cbab1075f8675d8d5d94fb9 |
| SHA1 | 022c7de8aec5136225ccae2556c163c352b1e337 |
| SHA256 | fe5e2965e50132928782f28d8ecb1d657bb745220547e1b048d4752977e1c6b4 |
| SHA512 | 4284dd07e83531b3592c1393aee709daa058c79b2e7cff71ed152d57d12cb2f4221c58b5cab859e6afdb7bb36545ba6903bdfae5981534d9e967d106c7f6bd3b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\broadcast-listeners.json
| MD5 | 72c95709e1a3b27919e13d28bbe8e8a2 |
| SHA1 | 00892decbee63d627057730bfc0c6a4f13099ee4 |
| SHA256 | 9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa |
| SHA512 | 613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\1340ABD49C932ACE08A495ABA1DCF23C8D5FEB10
| MD5 | a9962503d110db26c7a2fd4331a9bafc |
| SHA1 | 45dee34106559f76808fc75c1e8af5c7a174abb0 |
| SHA256 | 08a410d5561ad99ea8dc0099dca69f0f98756330badd54a3d33de727d054600d |
| SHA512 | 86409e5aadd0e77569a2ba1ef873b779041212e844b54f137316c23683eb9a0d6febd92179c1913341b0828be8cb69b7360434313e51814fd30a38cfe4c3d64f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\EEB2370CEE30E369D98AE132D1A967262A1148EC
| MD5 | 4fcc1c35490d0c0ea6e6f74b9d7cd797 |
| SHA1 | 01a5002c28681314c5e1a85cb7e2231d24372089 |
| SHA256 | f1929c2313fe3a507a283c0800263811718b464348fd0bbd5f025fdc7076a1d7 |
| SHA512 | a994b9883179154e83f4bae1601fe33b8a611e078cf06e0b394a45f5f888e09879aee8469ca610ae39a65131eb10da996f9fb462a38f3a7e98279f139b121378 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\A8EC9870D6D866924E4C11D690A6244EB15594FB
| MD5 | af8c9c5bca4666a7a3022f77a7bbead9 |
| SHA1 | 7717863280e2f2675858953fc535b05a450127b3 |
| SHA256 | 9282e122e5d9b784d03d4f6b83901a6dd2726b4b06cf85fa72fe284730c9f021 |
| SHA512 | 497b69cfaecd91fa5361fb7faabcc385a23d5108d0b1b941bcbfea9ba0e04478ce6af7fcc1bc8e05796a6f559116519450838cbc8b562c5fd95668e368d59cfe |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\DA42CAE2699D0E5E9C2D7BDF1C2F3A2844D2239B
| MD5 | a4f313d8a2dfab7a2438cd88006384b8 |
| SHA1 | 959d8989182a8746ab2ed559f45c34e47fe1864d |
| SHA256 | ed478d1b465f8d36763077c042920223fc8626caea084c514823e3257ae25ace |
| SHA512 | 66b95cd82d4887afd05290d67b033d7f18dc450dec7153091ed51e579b491af336a3ad93ab40aa43344f5332bbb8de50b9209d60bb301b9cd0d7a5ce2bb64a38 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\97A11F2E865479807B0667E7E789F785331EFDA8
| MD5 | 79f89eb66893c9534e8b3415d5ee4874 |
| SHA1 | 36e29a8eacb25d93cbf37c5f3fd748de719cf336 |
| SHA256 | d3b02297dbb2d2c0a2cb968638c1ba7fb83e394298adbf7eeceec7966655388a |
| SHA512 | 1a24350831552f9ecbfbcd4071a75e7c76f540944f5b1c78e740d8bc9b34c319b4759136aa6ecd2d1d5b88a3c175d4f8e6186abcc63ddc2ba1dcef0e40833d86 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\8D83C6512812C98991407FCEDFDC6DCD3B7E0BBA
| MD5 | e8f4c64e9b336ec25b8152be19ffb3d9 |
| SHA1 | 71d3a6032951777027cfe870dc054ac8c0880424 |
| SHA256 | fb875d74c6c3e59f4f8cea46f1c5e0faa84f737d847c818f398c6ca61a046544 |
| SHA512 | c41d87eab6f15e9da99a9298c88fb2ac1dcee5dbfbf744e6afde6c301c4c4da89706e3271f507d78682aac87def7f1cf8b468d081abbdc2aee9b84cb305e8d52 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\32E57B38AB655224D23CE28F4E41A8185F01A24C
| MD5 | 8960e9d97f24697f6f1f105c6f5d61f9 |
| SHA1 | 5607f35efef46c2693c9c9761d2c9572280f9d4e |
| SHA256 | 41c4ede4c30fc8b2e4946374615ebfb183e84fb154023cd392a5428894e47953 |
| SHA512 | c243f25336c0317870b56e0e25efa9f2a6a9cde9c119a3562652edc3c5bd52b70f16a48c66d5f8186f6a54f2341c3b9ebca2704c62c4ee389aea3d5ec87054f8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\38F25A6466A392CE2E3C9D661C026E9951B4EB18
| MD5 | 9937613a936453b9068c25ee27a64739 |
| SHA1 | 5c11f55cfac78f4b3ef61213c9a770a269c1a8ca |
| SHA256 | 71fb77908310d80cd38c808cf854718ef994ec5bffd103dce884f01348485aa6 |
| SHA512 | 8ec3ecd47962705c87def7bc241c2d951536af25d62966cc209e9ddc52f42adc6f9f2cef2aa04af11031dea6aec7f6eb077328ab5462392abd9a3eccd609050b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\D331785DE7D4EB5EF2380660BBA809E547871CA4
| MD5 | b91d462c2838ebdcd2c19da6cb9a002e |
| SHA1 | 72e137d2781e2102b2b329899ca2a47fa2aaace9 |
| SHA256 | f1ff7327e6ac69dca2903e5cbc40c135180f1e8708861c6e0e832a5a76076096 |
| SHA512 | 6a95b5c61c6192551fb39d3b0dbab5a761e9ed5c001b505737593766386fb07303632c7875fda18fc1014f54a24ba312e94e5cead825ffdf0e1cf48a19c6202b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\targeting.snapshot.json
| MD5 | 65afdb11224c65c5cfc9a509e911360c |
| SHA1 | 94b40243d7f8d9c541b797d7e2f160e625618fdd |
| SHA256 | efc1bf6f4cbaa322afea04ca7ec20268677830e607e704920c86c39fafd29ae1 |
| SHA512 | c98f7c9a90865a53458e06e14787bace396f0cae1ef808187cf52152e0193686a4b382e8b1c449e56daffa1d654c6ecdaea20f70bc7aabf02895345226f775df |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\xulstore.json
| MD5 | 66c23c3b9306330314a63e5a3b9fe1e8 |
| SHA1 | 6ebac49b976c44d999445f8f7f8831a3d4ba7143 |
| SHA256 | 7ede81189e4d7c7a6d503cb0df11bbcf801631296382712ac58794bd5c194ab8 |
| SHA512 | 075879724bd81f580984ac025694200df329cdb0d45843fc5a795395bfc5a92c7f41b10e1735ec9f63cb1047d1cc1d5c8cf2de7db77b5d6719e4a4c10adf8856 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\68938D81755CE5CEA3C7253C7F6571A63970C787
| MD5 | f21b285f3caabfa02d393d1d59ddb4f8 |
| SHA1 | d77b694595273616d624cdc8786291c5b4c3a06e |
| SHA256 | 7535625d34f54d6d0b532a06f6915dc49c5b90c0b3fa6182bf0ae6d8f3dbc119 |
| SHA512 | 7c5be2aed708f5f42da75726ef928a1b9e59241299ec64610e8a4855adf269b94a32d0566cd3c6683569150fc9f32f4e97f1b548dfaab1816668fd98a93495a5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\bookmarkbackups\bookmarks-2024-10-13_11_+ftwiIQfjYtrlniJNZ3V4g==.jsonlz4
| MD5 | 5454384ec38638981ce5e67157b8f07d |
| SHA1 | 20da940d1b48d7c555b5f7d050fcc26b9fcaa217 |
| SHA256 | faa28431b2b70bce1f1552ef63266622ee731b9a30a3b314c9b6d6e0bdc07e11 |
| SHA512 | 5526c70002b23f106dbb494742fce905cba27979f8bf8f2a92832232fb34b6bf873043f0b54f88567250f358e5fdd93438f5211318ee303ad71615ea85d1f2f6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\SiteSecurityServiceState.txt
| MD5 | 701d4197039f4a6faf5c25bba19f475d |
| SHA1 | f3b1ab4d997fa6b41392c07684f67406e18217d0 |
| SHA256 | 2b73daafad4e4f1854e24cdfa45c42dd4b4a39867e1a2094b38dbd84ca27237a |
| SHA512 | 42132f94e99499afa0b00a662975b979f77af04b4468c19d6fca2ec6f368d5559c9f43379549ed85d2f0ee0c19310a7e491176271ab223cef701397531ab78e7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\AlternateServices.txt
| MD5 | 359bc07a5d4a46ad5f0672cd586334d9 |
| SHA1 | 2e419d1cdd38cf15c395ba3d2cb8a6e1c3be5df8 |
| SHA256 | a6e65cb83fa058e0aacf1223b1f32973bf79e5f6f8c90d0c22114f393788e832 |
| SHA512 | 3fd8186eb772c84f94c7bbd6ba2f38a9224b815f10b51703a1d9c1c069b471f77730e7cce59d04f4f1a1b3cdfb96cf9120574630683f2f4e9487a3e1ec450c91 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\AlternateServices-1.txt
| MD5 | 8fe337f550f7f82c410fc7fd12c39c3c |
| SHA1 | 65cf3ab332570c7412fb3df78adea363a2b4f632 |
| SHA256 | 782244daa451b7f479aeaa5167162314c2b2e457738ca1de8345c60b6b681f23 |
| SHA512 | ecdd70cb95996a3112a4e9577a4050481f78f0ba4b67bb83669d6aa6ef65b9c42846ae0c9f708c6933a7403e6f98a19ab108a7682d2b7a83ca49fb4f7ebb3b70 |