Malware Analysis Report

2024-10-18 23:03

Sample ID 241013-mzfvkssfqe
Target New Text Document.txt
SHA256 dd9e3c06246ef0c285d3b180b9000b365392a94cc0f6ae09ed8016d994624735
Tags
888rat defense_evasion discovery infostealer rat trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

dd9e3c06246ef0c285d3b180b9000b365392a94cc0f6ae09ed8016d994624735

Threat Level: Known bad

The file New Text Document.txt was found to be: Known bad.

Malicious Activity Summary

888rat defense_evasion discovery infostealer rat trojan upx

Android 888 RAT payload

888RAT

Loads dropped DLL

ACProtect 1.3x - 1.4x DLL software

Executes dropped EXE

UPX packed file

Drops file in System32 directory

AutoIT Executable

Subvert Trust Controls: Mark-of-the-Web Bypass

Enumerates physical storage devices

Program crash

System Location Discovery: System Language Discovery

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Checks processor information in registry

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Modifies registry key

Opens file in notepad (likely ransom note)

Suspicious behavior: GetForegroundWindowSpam

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Uses Task Scheduler COM API

Suspicious behavior: EnumeratesProcesses

Modifies registry class

NTFS ADS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-13 10:53

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-13 10:53

Reported

2024-10-13 11:14

Platform

win10-20240404-en

Max time kernel

1199s

Max time network

1198s

Command Line

C:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\New Text Document.txt"

Signatures

888RAT

trojan infostealer rat 888rat

Android 888 RAT payload

Description Indicator Process Target
N/A N/A N/A N/A

ACProtect 1.3x - 1.4x DLL software

Description Indicator Process Target
N/A N/A N/A N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\eventvwr.msc C:\Windows\system32\mmc.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File created C:\Users\Admin\Downloads\888RATv1.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\Downloads\888RATv1.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\flagx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\888RATv1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\exe2msi.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\GhostEyeWorm\Stub.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\eventvwr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\888RATv1.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Users\Admin\Desktop\GhostEyeWorm\GhostEyeWorm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Users\Admin\Desktop\GhostEyeWorm\GhostEyeWorm.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Users\Admin\Desktop\GhostEyeWorm\GhostEyeWorm.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Users\Admin\Desktop\GhostEyeWorm\GhostEyeWorm.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\mscfile\shell\open\command C:\Windows\SysWOW64\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Users\Admin\Downloads\888RATv1.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202 C:\Users\Admin\Downloads\888RATv1.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell C:\Users\Admin\Downloads\888RATv1.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance C:\Users\Admin\Downloads\888RATv1.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\mscfile\shell C:\Windows\SysWOW64\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\mscfile\shell\open\command\ = "REG ADD HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 0 /f" C:\Windows\SysWOW64\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}" C:\Users\Admin\Downloads\888RATv1.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202 C:\Users\Admin\Downloads\888RATv1.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 020000000100000000000000ffffffff C:\Users\Admin\Downloads\888RATv1.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\mscfile\shell\open\command C:\Windows\SysWOW64\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Users\Admin\Downloads\888RATv1.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\MRUListEx = ffffffff C:\Users\Admin\Downloads\888RATv1.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9 C:\Users\Admin\Downloads\888RATv1.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Users\Admin\Downloads\888RATv1.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Users\Admin\Downloads\888RATv1.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Users\Admin\Downloads\888RATv1.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Users\Admin\Downloads\888RATv1.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Users\Admin\Downloads\888RATv1.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings C:\Users\Admin\Downloads\888RATv1.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Users\Admin\Downloads\888RATv1.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance C:\Users\Admin\Downloads\888RATv1.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg C:\Users\Admin\Downloads\888RATv1.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Users\Admin\Downloads\888RATv1.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Users\Admin\Downloads\888RATv1.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\NodeSlot = "9" C:\Users\Admin\Downloads\888RATv1.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Users\Admin\Downloads\888RATv1.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Users\Admin\Downloads\888RATv1.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Users\Admin\Downloads\888RATv1.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\mscfile C:\Windows\SysWOW64\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\mscfile\shell\open C:\Windows\SysWOW64\reg.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000020000000300000001000000ffffffff C:\Users\Admin\Downloads\888RATv1.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Users\Admin\Downloads\888RATv1.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Users\Admin\Downloads\888RATv1.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Users\Admin\Downloads\888RATv1.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe110000002eb059e18986da01da395fba5e1ddb01da395fba5e1ddb0114000000 C:\Users\Admin\Downloads\888RATv1.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2 C:\Users\Admin\Downloads\888RATv1.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\SniffedFolderType = "Generic" C:\Users\Admin\Downloads\888RATv1.exe N/A

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\GhostEyeWorm.zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\H-WORMExtendedFullSetup.rar:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\888RATv1.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Windows\system32\mmc.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe N/A
N/A N/A C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe N/A
N/A N/A C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe N/A
N/A N/A C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe N/A
N/A N/A C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe N/A
N/A N/A C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe N/A
N/A N/A C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe N/A
N/A N/A C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe N/A
N/A N/A C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe N/A
N/A N/A C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe N/A
N/A N/A C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe N/A
N/A N/A C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe N/A
N/A N/A C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe N/A
N/A N/A C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe N/A
N/A N/A C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe N/A
N/A N/A C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe N/A
N/A N/A C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe N/A
N/A N/A C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe N/A
N/A N/A C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe N/A
N/A N/A C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe N/A
N/A N/A C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe N/A
N/A N/A C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe N/A
N/A N/A C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe N/A
N/A N/A C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe N/A
N/A N/A C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe N/A
N/A N/A C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe N/A
N/A N/A C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe N/A
N/A N/A C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe N/A
N/A N/A C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe N/A
N/A N/A C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe N/A
N/A N/A C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe N/A
N/A N/A C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe N/A
N/A N/A C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe N/A
N/A N/A C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe N/A
N/A N/A C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe N/A
N/A N/A C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe N/A
N/A N/A C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe N/A
N/A N/A C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe N/A
N/A N/A C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe N/A
N/A N/A C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe N/A
N/A N/A C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe N/A
N/A N/A C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe N/A
N/A N/A C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe N/A
N/A N/A C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe N/A
N/A N/A C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe N/A
N/A N/A C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe N/A
N/A N/A C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe N/A
N/A N/A C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe N/A
N/A N/A C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe N/A
N/A N/A C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe N/A
N/A N/A C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe N/A
N/A N/A C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe N/A
N/A N/A C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe N/A
N/A N/A C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe N/A
N/A N/A C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe N/A
N/A N/A C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe N/A
N/A N/A C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe N/A
N/A N/A C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\GhostEyeWorm\GhostEyeWorm.exe N/A
N/A N/A C:\Users\Admin\Desktop\GhostEyeWorm\GhostEyeWorm.exe N/A
N/A N/A C:\Users\Admin\Desktop\GhostEyeWorm\GhostEyeWorm.exe N/A
N/A N/A C:\Users\Admin\Desktop\GhostEyeWorm\GhostEyeWorm.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Windows\SysWOW64\mmc.exe N/A
N/A N/A C:\Windows\system32\mmc.exe N/A
N/A N/A C:\Windows\system32\mmc.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\exe2msi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\exe2msi.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A
N/A N/A C:\Users\Admin\Downloads\888RATv1.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3264 wrote to memory of 4820 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3264 wrote to memory of 4820 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3264 wrote to memory of 4820 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3264 wrote to memory of 4820 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3264 wrote to memory of 4820 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3264 wrote to memory of 4820 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3264 wrote to memory of 4820 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3264 wrote to memory of 4820 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3264 wrote to memory of 4820 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3264 wrote to memory of 4820 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3264 wrote to memory of 4820 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4820 wrote to memory of 1128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4820 wrote to memory of 1128 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4820 wrote to memory of 2204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4820 wrote to memory of 2204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4820 wrote to memory of 2204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4820 wrote to memory of 2204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4820 wrote to memory of 2204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4820 wrote to memory of 2204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4820 wrote to memory of 2204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4820 wrote to memory of 2204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4820 wrote to memory of 2204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4820 wrote to memory of 2204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4820 wrote to memory of 2204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4820 wrote to memory of 2204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4820 wrote to memory of 2204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4820 wrote to memory of 2204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4820 wrote to memory of 2204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4820 wrote to memory of 2204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4820 wrote to memory of 2204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4820 wrote to memory of 2204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4820 wrote to memory of 2204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4820 wrote to memory of 2204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4820 wrote to memory of 2204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4820 wrote to memory of 2204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4820 wrote to memory of 2204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4820 wrote to memory of 2204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4820 wrote to memory of 2204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4820 wrote to memory of 2204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4820 wrote to memory of 2204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4820 wrote to memory of 2204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4820 wrote to memory of 2204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4820 wrote to memory of 2204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4820 wrote to memory of 2204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4820 wrote to memory of 2204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4820 wrote to memory of 2204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4820 wrote to memory of 2204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4820 wrote to memory of 2204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4820 wrote to memory of 2204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4820 wrote to memory of 2204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4820 wrote to memory of 2204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4820 wrote to memory of 2204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4820 wrote to memory of 2204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4820 wrote to memory of 2204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4820 wrote to memory of 2204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4820 wrote to memory of 2204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4820 wrote to memory of 2204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4820 wrote to memory of 2204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4820 wrote to memory of 2204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4820 wrote to memory of 2204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4820 wrote to memory of 2204 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4820 wrote to memory of 3724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4820 wrote to memory of 3724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4820 wrote to memory of 3724 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\New Text Document.txt"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4820.0.1210647480\482807611" -parentBuildID 20221007134813 -prefsHandle 1712 -prefMapHandle 1704 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {294b74fe-7c12-4a0c-9da3-8b8461de4bb9} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" 1796 2201dad7258 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4820.1.1117328196\945827981" -parentBuildID 20221007134813 -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d36f241a-0387-48f1-9109-22ba9f04ebf3} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" 2148 2200b4de558 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4820.2.647193860\783879050" -childID 1 -isForBrowser -prefsHandle 2780 -prefMapHandle 2800 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {27fe034c-0608-4f96-a402-918a21bf5153} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" 2944 22021a9fa58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4820.3.264969005\1714589584" -childID 2 -isForBrowser -prefsHandle 3104 -prefMapHandle 3196 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e003f55b-daac-499d-b25d-9e421ae12064} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" 3476 2200b46fe58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4820.4.1949571576\366140533" -childID 3 -isForBrowser -prefsHandle 4392 -prefMapHandle 4388 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {03cf93ce-ffb3-4e2b-81cd-378bc302c5b0} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" 4404 220229db958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4820.5.959878769\646164840" -childID 4 -isForBrowser -prefsHandle 4900 -prefMapHandle 4896 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4752cb95-47b6-4fb2-9776-7733c675dd04} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" 4908 220220d9e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4820.6.1072722270\658595649" -childID 5 -isForBrowser -prefsHandle 5036 -prefMapHandle 5040 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5d3d747-7b3a-46b5-ab7b-4de07112bec6} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" 5028 220242e8758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4820.7.471448520\418755416" -childID 6 -isForBrowser -prefsHandle 5236 -prefMapHandle 5240 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b989d0a6-7960-44a2-b5cb-b629e77b0d64} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" 5228 22024465558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4820.8.828254717\1022978632" -childID 7 -isForBrowser -prefsHandle 5632 -prefMapHandle 5628 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {926f0f59-804e-4776-932c-00bd04ec917e} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" 5608 2200b45f258 tab

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\GhostEyeWorm\" -ad -an -ai#7zMap27685:86:7zEvent28264

C:\Users\Admin\Desktop\GhostEyeWorm\GhostEyeWorm.exe

"C:\Users\Admin\Desktop\GhostEyeWorm\GhostEyeWorm.exe"

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\GhostEyeWorm\Password.txt

C:\Windows\system32\werfault.exe

werfault.exe /h /shared Global\93d23ead692e4abc9ec9db123dbdb5b3 /t 4396 /p 4664

C:\Users\Admin\Desktop\GhostEyeWorm\GhostEyeWorm.exe

"C:\Users\Admin\Desktop\GhostEyeWorm\GhostEyeWorm.exe"

C:\Users\Admin\Desktop\GhostEyeWorm\Stub.exe

"C:\Users\Admin\Desktop\GhostEyeWorm\Stub.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1684.0.964366572\1425416255" -parentBuildID 20221007134813 -prefsHandle 1616 -prefMapHandle 1604 -prefsLen 20871 -prefMapSize 233583 -appDir "C:\Program Files\Mozilla Firefox\browser" - {934c2b56-37f6-44ea-8233-193d0e42d29b} 1684 "\\.\pipe\gecko-crash-server-pipe.1684" 1704 2264a104758 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1684.1.962692041\1259035747" -parentBuildID 20221007134813 -prefsHandle 1980 -prefMapHandle 1976 -prefsLen 20916 -prefMapSize 233583 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {59239782-ad3d-4864-8f81-c729bb6612c0} 1684 "\\.\pipe\gecko-crash-server-pipe.1684" 1992 22649b36158 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1684.2.1706631663\1170758467" -childID 1 -isForBrowser -prefsHandle 2664 -prefMapHandle 2612 -prefsLen 21377 -prefMapSize 233583 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {224d8d4e-1f63-4e0e-a8c0-c91531808d33} 1684 "\\.\pipe\gecko-crash-server-pipe.1684" 2732 2264cba2858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1684.3.1610108505\1884671798" -childID 2 -isForBrowser -prefsHandle 3424 -prefMapHandle 3420 -prefsLen 26555 -prefMapSize 233583 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {641f6733-5060-4a3d-9155-d8e3bbb54a33} 1684 "\\.\pipe\gecko-crash-server-pipe.1684" 3120 22637d62558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1684.4.565687661\577867134" -childID 3 -isForBrowser -prefsHandle 3888 -prefMapHandle 3872 -prefsLen 26555 -prefMapSize 233583 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ad3d42c-07d3-4eca-8420-a16a3a91e98f} 1684 "\\.\pipe\gecko-crash-server-pipe.1684" 3064 2264fbea258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1684.5.179392747\1389565152" -childID 4 -isForBrowser -prefsHandle 4360 -prefMapHandle 4412 -prefsLen 26555 -prefMapSize 233583 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e68b6bf-8b82-4a8a-baed-57b814584166} 1684 "\\.\pipe\gecko-crash-server-pipe.1684" 4468 2264d57e858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1684.6.1487693277\1361137843" -childID 5 -isForBrowser -prefsHandle 4592 -prefMapHandle 4596 -prefsLen 26555 -prefMapSize 233583 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {680702f3-082c-414b-875f-220789586764} 1684 "\\.\pipe\gecko-crash-server-pipe.1684" 4584 2264ffb6b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1684.7.2134473520\1033191251" -childID 6 -isForBrowser -prefsHandle 4784 -prefMapHandle 4788 -prefsLen 26555 -prefMapSize 233583 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {61ff9950-9fd0-489e-b5c3-55dbf48dc2a6} 1684 "\\.\pipe\gecko-crash-server-pipe.1684" 4776 2264ffb6558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1684.8.242707924\111488388" -childID 7 -isForBrowser -prefsHandle 5272 -prefMapHandle 5260 -prefsLen 26555 -prefMapSize 233583 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {679f1e4f-501c-4ec7-9c06-dabad87c6e3a} 1684 "\\.\pipe\gecko-crash-server-pipe.1684" 5288 2264a595358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1684.9.887932781\2058615768" -childID 8 -isForBrowser -prefsHandle 5048 -prefMapHandle 4672 -prefsLen 26555 -prefMapSize 233583 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {516b35bb-c31c-4e41-ba61-59b010fc3224} 1684 "\\.\pipe\gecko-crash-server-pipe.1684" 5428 22652653b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1684.10.506735338\1376134095" -childID 9 -isForBrowser -prefsHandle 9412 -prefMapHandle 9620 -prefsLen 26555 -prefMapSize 233583 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f52a7ee2-013b-41fa-8984-7c3ec86e80da} 1684 "\\.\pipe\gecko-crash-server-pipe.1684" 9596 226528aea58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1684.11.1231096372\421033743" -childID 10 -isForBrowser -prefsHandle 9304 -prefMapHandle 9312 -prefsLen 26555 -prefMapSize 233583 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e58377f5-8175-416e-9232-b8e4be42852a} 1684 "\\.\pipe\gecko-crash-server-pipe.1684" 9288 22653303e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1684.12.1998199050\892977203" -childID 11 -isForBrowser -prefsHandle 8960 -prefMapHandle 8956 -prefsLen 26555 -prefMapSize 233583 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9f7cea5-706f-4e98-b5b7-f192fc954030} 1684 "\\.\pipe\gecko-crash-server-pipe.1684" 8972 22653305f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1684.13.1120768716\945740686" -childID 12 -isForBrowser -prefsHandle 5368 -prefMapHandle 7080 -prefsLen 26555 -prefMapSize 233583 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {74078cbc-4b40-4c73-9bcd-6b411066ec56} 1684 "\\.\pipe\gecko-crash-server-pipe.1684" 5360 2264ebd2258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1684.14.1795307149\1562423694" -childID 13 -isForBrowser -prefsHandle 8956 -prefMapHandle 8960 -prefsLen 26555 -prefMapSize 233583 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3fc8fde8-77e9-49ff-9bb9-01c02e111e1c} 1684 "\\.\pipe\gecko-crash-server-pipe.1684" 7060 22653671258 tab

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\H-WORMExtendedFullSetup\" -spe -an -ai#7zMap13992:108:7zEvent21680

C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe

"C:\Users\Admin\Desktop\H-WORMExtendedFullSetup\h-worm.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.0.817531219\628942368" -parentBuildID 20221007134813 -prefsHandle 1604 -prefMapHandle 1580 -prefsLen 20871 -prefMapSize 233583 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6011def6-353d-4cc7-92b0-56b02654781b} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 1684 16ac3bfbc58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.1.1382581633\180558781" -parentBuildID 20221007134813 -prefsHandle 1992 -prefMapHandle 1988 -prefsLen 20916 -prefMapSize 233583 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {20169889-4022-4632-87e3-0405b3781d72} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 2004 16ac3837658 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.2.319401719\982930256" -childID 1 -isForBrowser -prefsHandle 2712 -prefMapHandle 2708 -prefsLen 21377 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4795cf0-f597-420d-a23d-f0291cf6c63c} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 2724 16ac763dc58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.3.166238666\1860584405" -childID 2 -isForBrowser -prefsHandle 3364 -prefMapHandle 3352 -prefsLen 26555 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {589fd5ea-2d77-4db5-8323-1b545a816a45} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 3376 16ac7bf9c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.4.1400903907\5100728" -childID 3 -isForBrowser -prefsHandle 3688 -prefMapHandle 3684 -prefsLen 26555 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {57456534-6a7d-4d67-99ef-79dbce777de2} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 3700 16ac9351158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.5.1933671369\1188431477" -childID 4 -isForBrowser -prefsHandle 4608 -prefMapHandle 4604 -prefsLen 26555 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1e6fe96-f1b1-4f56-9b80-b1f1b3f8bde1} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 4616 16ac9bb7e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.6.2138985439\546555460" -childID 5 -isForBrowser -prefsHandle 4752 -prefMapHandle 4756 -prefsLen 26555 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4964f454-61cd-405f-8ddd-b815eee60f31} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 4836 16ac9dd5f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.7.704669008\1408196619" -childID 6 -isForBrowser -prefsHandle 4980 -prefMapHandle 4984 -prefsLen 26555 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1e30a62-20e5-4939-8712-c1e56d848313} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 4636 16aca352f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.8.352826533\1220514631" -childID 7 -isForBrowser -prefsHandle 4976 -prefMapHandle 5288 -prefsLen 26555 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a2410b33-e166-4717-8c27-587cf236928c} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 4980 16acb011558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.9.855437201\305104144" -childID 8 -isForBrowser -prefsHandle 3728 -prefMapHandle 5772 -prefsLen 27511 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d22b9f33-38a5-4d53-b774-1342b05a11b5} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 5780 16acb7eef58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.10.709571125\1205889922" -childID 9 -isForBrowser -prefsHandle 4976 -prefMapHandle 5816 -prefsLen 27511 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd542a06-9bdf-42de-984b-265340415f51} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 9416 16ace198b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.11.728210075\1380630284" -childID 10 -isForBrowser -prefsHandle 4824 -prefMapHandle 4764 -prefsLen 27511 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1d2b5be-b974-4e01-bacd-d7de63cfa7b7} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 9224 16ace9fc658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.12.1307899658\70270569" -childID 11 -isForBrowser -prefsHandle 4692 -prefMapHandle 4680 -prefsLen 27511 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {94ccaa19-9574-48e2-9e9f-2855dcba952d} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 4716 16acd7b1858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.13.880450750\904918758" -childID 12 -isForBrowser -prefsHandle 9124 -prefMapHandle 9120 -prefsLen 27511 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b20d9766-85ba-4191-ace9-f2978955af0d} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 9132 16acd7b1e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.14.2050026665\109243580" -childID 13 -isForBrowser -prefsHandle 9476 -prefMapHandle 5476 -prefsLen 27511 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e9122799-ae99-4d45-ae16-3bbc15881915} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 8936 16acd7b4858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.15.1450568565\415267199" -childID 14 -isForBrowser -prefsHandle 8752 -prefMapHandle 8748 -prefsLen 27511 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {230f0846-86f2-4a9d-bec0-cf84f22da709} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 5156 16acf095b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.16.1616772812\1937979624" -childID 15 -isForBrowser -prefsHandle 3728 -prefMapHandle 5172 -prefsLen 27511 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e131718f-72cf-4cc4-aa63-0af2cd98fa1a} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 5164 16acf095858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.17.620702363\1345947224" -childID 16 -isForBrowser -prefsHandle 9120 -prefMapHandle 9124 -prefsLen 27511 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3147889a-eb97-4061-814a-c38c61dddb19} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 8624 16acf098858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.18.25954600\328512803" -childID 17 -isForBrowser -prefsHandle 8384 -prefMapHandle 8388 -prefsLen 27511 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e87fc1c-cac4-42a9-8a11-e978ca42a6f8} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 8372 16acdff3058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.19.1097428760\1207853120" -childID 18 -isForBrowser -prefsHandle 8400 -prefMapHandle 8356 -prefsLen 27511 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {35e6b8c2-42dd-418e-b796-ef5b85c999ca} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 9556 16acfa9d658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.20.89344405\1305012685" -childID 19 -isForBrowser -prefsHandle 7888 -prefMapHandle 7892 -prefsLen 27511 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fda3184c-d2da-42cf-899b-788fc24c58c5} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 7900 16acf22eb58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.21.1462992001\1435707601" -childID 20 -isForBrowser -prefsHandle 7952 -prefMapHandle 7948 -prefsLen 27511 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d646ea59-3303-48cb-82db-72d901801a10} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 7772 16acfbfbb58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.22.1930027535\139656821" -childID 21 -isForBrowser -prefsHandle 8356 -prefMapHandle 8096 -prefsLen 27511 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dcb4f3a5-0b3e-4666-a98e-47e5f9cda22e} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 7748 16ad00b2e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.23.2080769625\452180807" -childID 22 -isForBrowser -prefsHandle 7808 -prefMapHandle 7804 -prefsLen 27511 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {55a37b80-9955-4909-9e99-70f6993491ef} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 7992 16ad0d1c158 tab

C:\Users\Admin\Downloads\888RATv1.exe

"C:\Users\Admin\Downloads\888RATv1.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.24.394844633\1377762388" -parentBuildID 20221007134813 -prefsHandle 5392 -prefMapHandle 7696 -prefsLen 27576 -prefMapSize 233583 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa12ab7c-e7c5-4890-934d-b3eb001239dd} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 5784 16ac6f97e58 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.25.672465379\1532206457" -childID 23 -isForBrowser -prefsHandle 7072 -prefMapHandle 7076 -prefsLen 27576 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6bf386dc-8493-4cfc-b8f7-0c087d87fcf4} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 7064 16acde89f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.26.1009467780\511021132" -childID 24 -isForBrowser -prefsHandle 7460 -prefMapHandle 7752 -prefsLen 27576 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b26a6812-8d35-4208-a2c7-6d467a0c1f43} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 7352 16acde88758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.27.327643627\815077557" -childID 25 -isForBrowser -prefsHandle 7952 -prefMapHandle 7288 -prefsLen 27576 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {358c9e3c-b995-426b-8f15-7cda868c261d} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 6908 16acde88a58 tab

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0xf8

C:\Users\Admin\AppData\Local\Temp\flagx.exe

"C:\Users\Admin\AppData\Local\Temp\flagx.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6480 -s 1448

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.28.1092292242\498907405" -childID 26 -isForBrowser -prefsHandle 5644 -prefMapHandle 6668 -prefsLen 27576 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6613fd02-303e-413d-8b6c-40a101af82a4} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 6700 16acfa9ca58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.29.1956565360\1399863997" -childID 27 -isForBrowser -prefsHandle 6472 -prefMapHandle 6364 -prefsLen 27576 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e71f3ff-f217-4df7-add8-3a345b050812} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 6476 16ac9353b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.30.180729965\879946145" -childID 28 -isForBrowser -prefsHandle 6884 -prefMapHandle 6896 -prefsLen 27576 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9fd91a5f-f3c9-437a-a326-13f521d780ab} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 6800 16aca351458 tab

C:\Users\Admin\Downloads\888RATv1.exe

"C:\Users\Admin\Downloads\888RATv1.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c REG ADD HKCU\Software\Classes\mscfile\shell\open\command /t REG_EXPAND_SZ /d "REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 0 /f" /f & eventvwr.exe & REG DELETE HKCU\Software\Classes\mscfile\shell\open\command /f

C:\Windows\SysWOW64\reg.exe

REG ADD HKCU\Software\Classes\mscfile\shell\open\command /t REG_EXPAND_SZ /d "REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 0 /f" /f

C:\Windows\SysWOW64\eventvwr.exe

eventvwr.exe

C:\Windows\SysWOW64\mmc.exe

"C:\Windows\system32\mmc.exe" "C:\Windows\system32\eventvwr.msc"

C:\Windows\SysWOW64\reg.exe

REG DELETE HKCU\Software\Classes\mscfile\shell\open\command /f

C:\Windows\system32\mmc.exe

"C:\Windows\system32\eventvwr.msc" "C:\Windows\system32\eventvwr.msc"

C:\Users\Admin\AppData\Local\Temp\exe2msi.exe

"C:\Users\Admin\AppData\Local\Temp\exe2msi.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.31.966598758\1882104984" -childID 29 -isForBrowser -prefsHandle 3916 -prefMapHandle 4436 -prefsLen 27585 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {14836253-5e92-4512-8106-595b91af8581} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 3924 16ac9443058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.32.749356983\17553031" -childID 30 -isForBrowser -prefsHandle 4412 -prefMapHandle 3940 -prefsLen 27585 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {15f181f3-5926-4ebe-acf0-62ba2827fad7} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 4408 16aca352358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.33.2140521122\310420603" -childID 31 -isForBrowser -prefsHandle 6904 -prefMapHandle 6692 -prefsLen 27585 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {af55b5de-4587-4386-b95f-f3cbcf6a7a7c} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 6836 16acb656558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.34.911014141\713660800" -childID 32 -isForBrowser -prefsHandle 6768 -prefMapHandle 3916 -prefsLen 27585 -prefMapSize 233583 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8eea6db5-5ddf-492d-b2d1-1b9b654a7845} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 6748 16acba79d58 tab

Network

Country Destination Domain Proto
N/A 127.0.0.1:49761 tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 166.188.117.34.in-addr.arpa udp
US 8.8.8.8:53 43.49.25.52.in-addr.arpa udp
N/A 127.0.0.1:49768 tcp
US 8.8.8.8:53 file.io udp
US 45.55.107.24:443 file.io tcp
US 8.8.8.8:53 file.io udp
US 8.8.8.8:53 file.io udp
US 8.8.8.8:53 24.107.55.45.in-addr.arpa udp
US 8.8.8.8:53 www.file.io udp
CZ 65.9.95.24:443 www.file.io tcp
US 8.8.8.8:53 www.file.io udp
US 8.8.8.8:53 www.file.io udp
US 8.8.8.8:53 hb.vntsm.com udp
US 8.8.8.8:53 24.95.9.65.in-addr.arpa udp
GB 79.127.237.132:443 hb.vntsm.com tcp
US 8.8.8.8:53 vmhb.b-cdn.net udp
US 8.8.8.8:53 vmhb.b-cdn.net udp
GB 79.127.237.132:443 hb.vntsm.com tcp
US 8.8.8.8:53 hb.vntsm.io udp
US 8.8.8.8:53 hb-vntsm-com.global.ssl.fastly.net udp
US 151.101.1.194:443 hb-vntsm-com.global.ssl.fastly.net tcp
US 8.8.8.8:53 hb-vntsm-com.global.ssl.fastly.net udp
US 104.22.46.142:443 hb.vntsm.io tcp
US 8.8.8.8:53 hb.vntsm.io.cdn.cloudflare.net udp
US 8.8.8.8:53 hb-vntsm-com.global.ssl.fastly.net udp
US 8.8.8.8:53 hb.vntsm.io.cdn.cloudflare.net udp
US 8.8.8.8:53 132.237.127.79.in-addr.arpa udp
US 8.8.8.8:53 232.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 194.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 142.46.22.104.in-addr.arpa udp
US 45.55.107.24:443 file.io tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 region1.analytics.google.com udp
GB 172.217.169.35:443 www.google.co.uk tcp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 104.26.3.70:443 ad-delivery.net tcp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 ad-delivery.net udp
US 216.239.32.36:443 region1.analytics.google.com udp
GB 172.217.169.35:443 www.google.co.uk udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 cdn.exelator.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
CZ 65.9.98.75:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 d1ykf07e75w7ss.cloudfront.net udp
CZ 65.9.95.83:443 cdn.exelator.com tcp
US 8.8.8.8:53 dfh8hwrwbxm35.cloudfront.net udp
GB 216.58.204.66:443 securepubads.g.doubleclick.net tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 dfh8hwrwbxm35.cloudfront.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 d1ykf07e75w7ss.cloudfront.net udp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
BE 74.125.206.155:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 70.3.26.104.in-addr.arpa udp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 75.98.9.65.in-addr.arpa udp
US 8.8.8.8:53 83.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 mydmp.exelator.com udp
IE 54.78.254.47:443 mydmp.exelator.com tcp
US 8.8.8.8:53 load-euw1.exelator.com udp
BE 74.125.206.155:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 load-euw1.exelator.com udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
GB 172.217.169.78:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 secure.cdn.fastclick.net udp
US 8.8.8.8:53 cdn.hadronid.net udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 www3.l.google.com udp
US 104.22.53.173:443 cdn.hadronid.net tcp
US 8.8.8.8:53 cdn.hadronid.net udp
US 8.8.8.8:53 e4536.g.akamaiedge.net udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 cdn.hadronid.net udp
US 8.8.8.8:53 e4536.g.akamaiedge.net udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 load77.exelator.com udp
US 8.8.8.8:53 onsite-tag-logs.apps.nielsen.com udp
GB 172.217.169.78:443 www3.l.google.com udp
US 8.8.8.8:53 nmcapps-onsite-tag-external-alb-315845598.us-east-1.elb.amazonaws.com udp
US 8.8.8.8:53 1605158521.rsc.cdn77.org udp
US 8.8.8.8:53 nmcapps-onsite-tag-external-alb-315845598.us-east-1.elb.amazonaws.com udp
US 8.8.8.8:53 1605158521.rsc.cdn77.org udp
CZ 65.9.95.29:443 config.aps.amazon-adsystem.com tcp
GB 104.78.175.230:443 e4536.g.akamaiedge.net tcp
US 104.22.52.86:443 cdn.id5-sync.com tcp
GB 104.78.175.230:443 e4536.g.akamaiedge.net tcp
FR 185.93.2.8:443 1605158521.rsc.cdn77.org tcp
US 8.8.8.8:53 id.hadron.ad.gt udp
US 104.22.5.69:443 id.hadron.ad.gt tcp
US 8.8.8.8:53 id.hadron.ad.gt.cdn.cloudflare.net udp
US 8.8.8.8:53 id.hadron.ad.gt.cdn.cloudflare.net udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 142.250.180.1:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 googlehosted.l.googleusercontent.com udp
US 8.8.8.8:53 155.206.125.74.in-addr.arpa udp
US 8.8.8.8:53 47.254.78.54.in-addr.arpa udp
US 8.8.8.8:53 78.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 173.53.22.104.in-addr.arpa udp
US 8.8.8.8:53 230.175.78.104.in-addr.arpa udp
US 8.8.8.8:53 8.2.93.185.in-addr.arpa udp
US 8.8.8.8:53 86.52.22.104.in-addr.arpa udp
US 8.8.8.8:53 29.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 69.5.22.104.in-addr.arpa udp
US 8.8.8.8:53 googlehosted.l.googleusercontent.com udp
US 18.211.59.193:443 nmcapps-onsite-tag-external-alb-315845598.us-east-1.elb.amazonaws.com tcp
US 8.8.8.8:53 a.ad.gt udp
US 8.8.8.8:53 a.ad.gt.cdn.cloudflare.net udp
US 104.22.5.69:443 a.ad.gt.cdn.cloudflare.net tcp
GB 142.250.180.1:443 googlehosted.l.googleusercontent.com udp
US 8.8.8.8:53 a.ad.gt.cdn.cloudflare.net udp
US 8.8.8.8:53 proc.ad.cpe.dotomi.com udp
NL 63.215.202.178:443 proc.ad.cpe.dotomi.com tcp
US 8.8.8.8:53 convex-rr.global.dual.dotomi.weighted.com.akadns.net udp
US 8.8.8.8:53 convex-rr.global.dual.dotomi.weighted.com.akadns.net udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 oa.openxcdn.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
US 8.8.8.8:53 cdn-ima.33across.com udp
US 8.8.8.8:53 p.cpx.to udp
DE 162.19.138.117:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 pub.doubleverify.com udp
US 8.8.8.8:53 secure.quantserve.com udp
DE 162.19.138.118:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 42.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 193.59.211.18.in-addr.arpa udp
US 8.8.8.8:53 178.202.215.63.in-addr.arpa udp
US 34.102.146.192:443 oa.openxcdn.net tcp
US 8.8.8.8:53 cadmus.script.ac udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
IE 52.30.96.33:443 p.cpx.to tcp
US 104.18.23.145:443 cadmus.script.ac tcp
US 8.8.8.8:53 oa.openxcdn.net udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 static.nl3.vip.prod.criteo.net udp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
US 8.8.8.8:53 static.nl3.vip.prod.criteo.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 cdn-ima.33across.com.cdn.cloudflare.net udp
US 8.8.8.8:53 p.cpx.to udp
US 8.8.8.8:53 pub.doubleverify.com.cdn.cloudflare.net udp
US 8.8.8.8:53 p.cpx.to udp
US 8.8.8.8:53 cdn-ima.33across.com.cdn.cloudflare.net udp
US 8.8.8.8:53 pub.doubleverify.com.cdn.cloudflare.net udp
US 34.102.146.192:443 oa.openxcdn.net udp
US 8.8.8.8:53 global.px.quantserve.com udp
US 8.8.8.8:53 cadmus.script.ac udp
CZ 65.9.95.19:443 tags.crwdcntrl.net tcp
NL 178.250.1.3:443 static.nl3.vip.prod.criteo.net tcp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
US 104.18.35.167:443 cdn-ima.33across.com.cdn.cloudflare.net tcp
US 104.18.167.224:443 pub.doubleverify.com.cdn.cloudflare.net tcp
DE 91.228.74.166:443 global.px.quantserve.com tcp
US 8.8.8.8:53 global.px.quantserve.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 cadmus.script.ac udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 i.clean.gg udp
US 8.8.8.8:53 ib.anycast.adnxs.com udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 i.clean.gg udp
US 8.8.8.8:53 ib.anycast.adnxs.com udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 i.clean.gg udp
US 34.95.69.49:443 i.clean.gg tcp
US 34.95.69.49:443 i.clean.gg tcp
US 8.8.8.8:53 d1jvc9b8z3vcjs.cloudfront.net udp
US 8.8.8.8:53 cdn.edkt.io udp
US 8.8.8.8:53 lexicon.33across.com udp
CZ 65.9.9.197:443 d1jvc9b8z3vcjs.cloudfront.net tcp
US 34.96.70.87:443 invstatic101.creativecdn.com udp
US 104.18.167.224:443 pub.doubleverify.com.cdn.cloudflare.net udp
US 34.120.111.33:443 cdn.edkt.io tcp
US 8.8.8.8:53 cdn.edkt.io udp
US 8.8.8.8:53 d1jvc9b8z3vcjs.cloudfront.net udp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 lexicon.33across.com udp
US 8.8.8.8:53 api.rlcdn.com udp
US 8.8.8.8:53 lexicon.33across.com udp
US 8.8.8.8:53 gum.nl3.vip.prod.criteo.com udp
US 8.8.8.8:53 cdn.edkt.io udp
US 8.8.8.8:53 gum.nl3.vip.prod.criteo.com udp
US 8.8.8.8:53 api.rlcdn.com udp
US 8.8.8.8:53 api.rlcdn.com udp
US 8.8.8.8:53 track.venatusmedia.com udp
US 8.8.8.8:53 ex.ingage.tech udp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 apex.go.sonobi.com udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 8.8.8.8:53 prg.smartadserver.com udp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 8.8.8.8:53 elb.the-ozone-project.com udp
IE 52.51.116.85:443 track.venatusmedia.com tcp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 104.18.41.106:443 ex.ingage.tech tcp
US 8.8.8.8:53 prebid.a-mo.net udp
US 104.18.41.106:443 ex.ingage.tech tcp
US 8.8.8.8:53 s.cpx.to udp
US 8.8.8.8:53 track.venatusmedia.com udp
US 8.8.8.8:53 ex.ingage.tech udp
US 8.8.8.8:53 iad-2-apex.go.sonobi.com udp
US 172.64.153.66:443 elb.the-ozone-project.com tcp
IE 52.51.93.160:443 s.cpx.to tcp
US 8.8.8.8:53 track.venatusmedia.com udp
FR 163.5.194.36:443 prebid.a-mo.net tcp
US 8.8.8.8:53 ex.ingage.tech udp
US 8.8.8.8:53 iad-2-apex.go.sonobi.com udp
US 8.8.8.8:53 eu-tlx.3lift.com udp
US 8.8.8.8:53 euw2.smartadserver.com udp
US 8.8.8.8:53 hb-api-fra02.omnitagjs.com udp
US 8.8.8.8:53 192.146.102.34.in-addr.arpa udp
US 8.8.8.8:53 117.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 118.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 33.96.30.52.in-addr.arpa udp
US 8.8.8.8:53 145.23.18.104.in-addr.arpa udp
US 8.8.8.8:53 87.70.96.34.in-addr.arpa udp
US 8.8.8.8:53 167.35.18.104.in-addr.arpa udp
US 8.8.8.8:53 224.167.18.104.in-addr.arpa udp
US 8.8.8.8:53 166.74.228.91.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 19.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 49.69.95.34.in-addr.arpa udp
US 8.8.8.8:53 197.9.9.65.in-addr.arpa udp
US 8.8.8.8:53 33.111.120.34.in-addr.arpa udp
US 8.8.8.8:53 106.41.18.104.in-addr.arpa udp
US 8.8.8.8:53 85.116.51.52.in-addr.arpa udp
US 8.8.8.8:53 66.153.64.172.in-addr.arpa udp
US 8.8.8.8:53 eu-tlx.3lift.com udp
US 8.8.8.8:53 euw2.smartadserver.com udp
US 8.8.8.8:53 hb-api-fra02.omnitagjs.com udp
US 8.8.8.8:53 btlr-eu-central-1.sharethrough.com udp
US 8.8.8.8:53 elb.the-ozone-project.com udp
US 8.8.8.8:53 s.cpx.to udp
US 8.8.8.8:53 btlr-eu-central-1.sharethrough.com udp
US 8.8.8.8:53 elb.the-ozone-project.com udp
US 8.8.8.8:53 hbopenbid-lhrc.pubmnet.com udp
US 8.8.8.8:53 nld-prebid.a-mx.net udp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 8.8.8.8:53 hbopenbid-lhrc.pubmnet.com udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 nld-prebid.a-mx.net udp
US 8.8.8.8:53 secure.adnxs.com udp
US 8.8.8.8:53 image2.pubmatic.com udp
US 8.8.8.8:53 pixel.rubiconproject.net.akadns.net udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 pug-ams-bc.pubmnet.com udp
US 8.8.8.8:53 pixel.rubiconproject.net.akadns.net udp
US 8.8.8.8:53 pug-ams-bc.pubmnet.com udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 104.18.167.224:443 pub.doubleverify.com.cdn.cloudflare.net udp
DE 37.252.171.52:443 secure.adnxs.com tcp
DE 3.78.168.176:443 eu-tlx.3lift.com tcp
US 69.166.1.32:443 iad-2-apex.go.sonobi.com tcp
FR 185.255.84.151:443 hb-api-fra02.omnitagjs.com tcp
FR 51.178.195.209:443 euw2.smartadserver.com tcp
FR 51.178.195.209:443 euw2.smartadserver.com tcp
DE 18.199.220.232:443 btlr.sharethrough.com tcp
DE 18.199.220.232:443 btlr.sharethrough.com tcp
DE 18.199.220.232:443 btlr.sharethrough.com tcp
DE 18.199.220.232:443 btlr.sharethrough.com tcp
GB 185.64.190.77:443 hbopenbid-lhrc.pubmnet.com tcp
NL 69.173.156.148:443 pixel.rubiconproject.net.akadns.net tcp
DE 37.252.172.123:443 secure.adnxs.com tcp
NL 198.47.127.205:443 pug-ams-bc.pubmnet.com tcp
US 8.8.8.8:53 36.194.5.163.in-addr.arpa udp
US 8.8.8.8:53 160.93.51.52.in-addr.arpa udp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 151.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 52.171.252.37.in-addr.arpa udp
US 8.8.8.8:53 232.220.199.18.in-addr.arpa udp
US 8.8.8.8:53 176.168.78.3.in-addr.arpa udp
US 8.8.8.8:53 209.195.178.51.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 148.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 32.1.166.69.in-addr.arpa udp
US 8.8.8.8:53 123.172.252.37.in-addr.arpa udp
US 8.8.8.8:53 205.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 tg1.aniview.com udp
GB 104.82.233.61:443 tg1.aniview.com tcp
US 8.8.8.8:53 e11385.dscd.akamaiedge.net udp
US 8.8.8.8:53 e11385.dscd.akamaiedge.net udp
US 8.8.8.8:53 track4.aniview.com udp
US 8.8.8.8:53 feed.avplayer.com udp
US 8.8.8.8:53 player.avplayer.com udp
US 172.240.45.75:443 track4.aniview.com tcp
US 8.8.8.8:53 track-sc-main-was.aniview.com udp
GB 2.22.249.133:443 feed.avplayer.com tcp
US 8.8.8.8:53 e16009.dscd.akamaiedge.net udp
GB 2.19.117.84:443 player.avplayer.com tcp
US 8.8.8.8:53 a1970.dscd.akamai.net udp
US 8.8.8.8:53 track-sc-main-was.aniview.com udp
US 8.8.8.8:53 e16009.dscd.akamaiedge.net udp
US 8.8.8.8:53 a1970.dscd.akamai.net udp
US 8.8.8.8:53 61.233.82.104.in-addr.arpa udp
US 8.8.8.8:53 133.249.22.2.in-addr.arpa udp
US 8.8.8.8:53 84.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 75.45.240.172.in-addr.arpa udp
US 172.240.45.75:443 track-sc-main-was.aniview.com udp
US 8.8.8.8:53 play.aniview.com udp
GB 104.82.233.61:443 play.aniview.com tcp
US 8.8.8.8:53 content1.avplayer.com udp
GB 2.19.117.107:443 content1.avplayer.com tcp
US 8.8.8.8:53 player.aniview.com udp
GB 2.19.117.107:443 player.aniview.com tcp
US 8.8.8.8:53 prod.tahoe-analytics.publishers.advertising.a2z.com udp
US 8.8.8.8:53 prod.tahoe-analytics.publishers.advertising.a2z.com udp
US 44.237.22.19:443 prod.tahoe-analytics.publishers.advertising.a2z.com tcp
US 44.237.22.19:443 prod.tahoe-analytics.publishers.advertising.a2z.com tcp
US 8.8.8.8:53 prod.tahoe-analytics.publishers.advertising.a2z.com udp
GB 2.19.117.107:443 player.aniview.com udp
US 8.8.8.8:53 a23e679de53defb48171c4c14a757c2c.safeframe.googlesyndication.com udp
US 8.8.8.8:53 107.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 19.22.237.44.in-addr.arpa udp
US 8.8.8.8:53 pagead-googlehosted.l.google.com udp
GB 142.250.180.1:443 pagead-googlehosted.l.google.com tcp
GB 142.250.180.1:443 pagead-googlehosted.l.google.com udp
US 8.8.8.8:53 pagead-googlehosted.l.google.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.187.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.179.228:443 www.google.com udp
US 8.8.8.8:53 228.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 225.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.214.35:80 www.facebook.com tcp
GB 157.240.214.35:443 www.facebook.com tcp
US 8.8.8.8:53 35.214.240.157.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 32.113.50.184.in-addr.arpa udp
GB 157.240.214.35:443 www.facebook.com tcp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 25.173.189.20.in-addr.arpa udp
N/A 127.0.0.1:50308 tcp
N/A 127.0.0.1:50321 tcp
US 45.55.107.24:443 file.io tcp
US 8.8.8.8:53 file.io udp
US 8.8.8.8:53 www.file.io udp
CZ 65.9.95.72:443 www.file.io tcp
US 8.8.8.8:53 www.file.io udp
US 8.8.8.8:53 www.file.io udp
US 8.8.8.8:53 hb.vntsm.com udp
US 8.8.8.8:53 72.95.9.65.in-addr.arpa udp
GB 143.244.38.136:443 hb.vntsm.com tcp
US 8.8.8.8:53 vmhb.b-cdn.net udp
GB 143.244.38.136:443 hb.vntsm.com tcp
US 104.22.46.142:443 hb.vntsm.io.cdn.cloudflare.net tcp
US 8.8.8.8:53 hb-vntsm-com.global.ssl.fastly.net udp
US 8.8.8.8:53 vmhb.b-cdn.net udp
US 8.8.8.8:53 hb-vntsm-com.global.ssl.fastly.net udp
US 151.101.1.194:443 hb-vntsm-com.global.ssl.fastly.net tcp
US 8.8.8.8:53 hb-vntsm-com.global.ssl.fastly.net udp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
GB 172.217.169.78:443 www3.l.google.com udp
US 104.26.3.70:443 ad-delivery.net tcp
US 8.8.8.8:53 136.38.244.143.in-addr.arpa udp
US 45.55.107.24:443 file.io tcp
US 216.239.32.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 www.google.co.uk udp
GB 142.250.180.3:443 www.google.co.uk udp
US 216.239.32.36:443 region1.analytics.google.com tcp
GB 142.250.180.3:443 www.google.co.uk tcp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 cdn.exelator.com udp
US 8.8.8.8:53 p.cpx.to udp
US 8.8.8.8:53 pub.doubleverify.com udp
US 8.8.8.8:53 secure.quantserve.com udp
US 104.18.23.145:443 cadmus.script.ac tcp
US 8.8.8.8:53 ib.anycast.adnxs.com udp
DE 37.252.171.52:443 ib.anycast.adnxs.com tcp
US 35.71.131.137:443 match.adsrvr.org tcp
US 8.8.8.8:53 match.adsrvr.org udp
CZ 65.9.98.75:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 ib.anycast.adnxs.com udp
US 8.8.8.8:53 d1ykf07e75w7ss.cloudfront.net udp
US 104.18.166.224:443 pub.doubleverify.com udp
CZ 65.9.95.67:443 cdn.exelator.com tcp
US 8.8.8.8:53 global.px.quantserve.com udp
IE 34.251.246.210:443 p.cpx.to tcp
US 34.95.69.49:443 i.clean.gg tcp
US 8.8.8.8:53 global.px.quantserve.com udp
US 8.8.8.8:53 dfh8hwrwbxm35.cloudfront.net udp
US 8.8.8.8:53 mydmp.exelator.com udp
US 8.8.8.8:53 d1ykf07e75w7ss.cloudfront.net udp
US 8.8.8.8:53 rules.quantcount.com udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
CZ 65.9.98.75:443 d1ykf07e75w7ss.cloudfront.net tcp
US 8.8.8.8:53 p.cpx.to udp
IE 54.78.254.47:443 mydmp.exelator.com tcp
US 8.8.8.8:53 dfh8hwrwbxm35.cloudfront.net udp
US 8.8.8.8:53 i.clean.gg udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 secure.cdn.fastclick.net udp
US 8.8.8.8:53 p.cpx.to udp
US 8.8.8.8:53 load-euw1.exelator.com udp
US 8.8.8.8:53 d2fashanjl7d9f.cloudfront.net udp
CZ 65.9.98.75:443 d1ykf07e75w7ss.cloudfront.net tcp
US 104.22.53.173:443 cdn.hadronid.net tcp
US 34.120.111.33:443 cdn.edkt.io tcp
US 34.95.69.49:443 i.clean.gg tcp
CZ 65.9.9.197:443 aax.amazon-adsystem.com tcp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 cdn.edkt.io udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 224.166.18.104.in-addr.arpa udp
US 8.8.8.8:53 137.131.71.35.in-addr.arpa udp
US 8.8.8.8:53 210.246.251.34.in-addr.arpa udp
US 8.8.8.8:53 d2fashanjl7d9f.cloudfront.net udp
US 8.8.8.8:53 track.venatusmedia.com udp
IE 34.254.107.188:443 track.venatusmedia.com tcp
US 8.8.8.8:53 lexicon.33across.com udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 e4536.g.akamaiedge.net udp
US 34.95.69.49:443 i.clean.gg udp
US 34.120.111.33:443 cdn.edkt.io udp
US 8.8.8.8:53 d1jvc9b8z3vcjs.cloudfront.net udp
US 8.8.8.8:53 s.cpx.to udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 e4536.g.akamaiedge.net udp
US 8.8.8.8:53 id.hadron.ad.gt udp
US 8.8.8.8:53 d1jvc9b8z3vcjs.cloudfront.net udp
IE 52.30.96.33:443 s.cpx.to tcp
US 8.8.8.8:53 track.venatusmedia.com udp
US 8.8.8.8:53 s.cpx.to udp
US 8.8.8.8:53 track.venatusmedia.com udp
US 8.8.8.8:53 s.cpx.to udp
US 172.67.23.234:443 id.hadron.ad.gt tcp
US 172.67.23.234:443 id.hadron.ad.gt tcp
US 8.8.8.8:53 load77.exelator.com udp
US 8.8.8.8:53 onsite-tag-logs.apps.nielsen.com udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 8.8.8.8:53 nmcapps-onsite-tag-external-alb-315845598.us-east-1.elb.amazonaws.com udp
IE 67.220.226.238:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 8.8.8.8:53 1605158521.rsc.cdn77.org udp
US 8.8.8.8:53 secure.adnxs.com udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 8.8.8.8:53 nmcapps-onsite-tag-external-alb-315845598.us-east-1.elb.amazonaws.com udp
US 8.8.8.8:53 1605158521.rsc.cdn77.org udp
US 34.120.111.33:443 cdn.edkt.io tcp
US 34.120.111.33:443 cdn.edkt.io tcp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 pixel.rubiconproject.net.akadns.net udp
US 8.8.8.8:53 prg.smartadserver.com udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 172.64.153.66:443 elb.the-ozone-project.com tcp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
FR 163.5.194.37:443 prebid.a-mo.net tcp
US 104.18.41.106:443 ex.ingage.tech tcp
US 104.18.41.106:443 ex.ingage.tech tcp
US 8.8.8.8:53 api.edkt.io udp
US 8.8.8.8:53 hbopenbid-lhrc.pubmnet.com udp
US 8.8.8.8:53 elb.the-ozone-project.com udp
US 8.8.8.8:53 api.edkt.io udp
US 8.8.8.8:53 nld-prebid.a-mx.net udp
US 34.120.111.33:443 api.edkt.io udp
US 8.8.8.8:53 euw2.smartadserver.com udp
US 8.8.8.8:53 btlr-eu-central-1.sharethrough.com udp
US 8.8.8.8:53 hb-api-fra02.omnitagjs.com udp
US 104.22.5.69:443 id.hadron.ad.gt tcp
US 8.8.8.8:53 eu-tlx.3lift.com udp
US 8.8.8.8:53 btlr-eu-central-1.sharethrough.com udp
US 8.8.8.8:53 eu-tlx.3lift.com udp
US 3.209.146.58:443 nmcapps-onsite-tag-external-alb-315845598.us-east-1.elb.amazonaws.com tcp
US 8.8.8.8:53 188.107.254.34.in-addr.arpa udp
US 8.8.8.8:53 234.23.67.172.in-addr.arpa udp
US 8.8.8.8:53 238.226.220.67.in-addr.arpa udp
US 8.8.8.8:53 37.194.5.163.in-addr.arpa udp
US 104.18.166.224:443 pub.doubleverify.com udp
CZ 65.9.95.47:443 d2fashanjl7d9f.cloudfront.net tcp
CZ 65.9.95.29:443 config.aps.amazon-adsystem.com tcp
GB 104.78.175.230:443 e4536.g.akamaiedge.net tcp
US 104.22.52.86:443 cdn.id5-sync.com tcp
GB 104.78.175.230:443 e4536.g.akamaiedge.net tcp
US 35.244.193.51:443 lexicon.33across.com tcp
DE 162.19.138.117:443 lb.eu-1-id5-sync.com tcp
NL 69.173.156.148:443 pixel.rubiconproject.net.akadns.net tcp
DE 37.252.171.53:443 secure.adnxs.com tcp
NL 198.47.127.205:443 pug-ams-bc.pubmnet.com tcp
GB 185.64.190.77:443 hbopenbid-lhrc.pubmnet.com tcp
FR 178.32.197.48:443 prg.smartadserver.com tcp
FR 178.32.197.48:443 prg.smartadserver.com tcp
US 69.166.1.32:443 iad-2-apex.go.sonobi.com tcp
DE 3.120.207.148:443 btlr-eu-central-1.sharethrough.com tcp
DE 3.120.207.148:443 btlr-eu-central-1.sharethrough.com tcp
DE 3.120.207.148:443 btlr-eu-central-1.sharethrough.com tcp
DE 3.120.207.148:443 btlr-eu-central-1.sharethrough.com tcp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
DE 3.124.64.248:443 eu-tlx.3lift.com tcp
NL 178.250.1.11:443 gum.nl3.vip.prod.criteo.com tcp
US 8.8.8.8:53 file.io udp
US 8.8.8.8:53 pixel.quantcount.com udp
US 8.8.8.8:53 pixel.quantserve.com udp
US 8.8.8.8:53 csi.gstatic.com udp
US 8.8.8.8:53 file.io udp
DE 91.228.74.244:443 pixel.quantserve.com tcp
CO 172.217.173.35:443 csi.gstatic.com tcp
US 8.8.8.8:53 csi.gstatic.com udp
US 8.8.8.8:53 0459048d4cc096b831b624855fe18694.safeframe.googlesyndication.com udp
US 8.8.8.8:53 csi.gstatic.com udp
GB 142.250.180.1:443 0459048d4cc096b831b624855fe18694.safeframe.googlesyndication.com tcp
GB 142.250.180.1:443 0459048d4cc096b831b624855fe18694.safeframe.googlesyndication.com udp
US 8.8.8.8:53 58.146.209.3.in-addr.arpa udp
US 8.8.8.8:53 51.193.244.35.in-addr.arpa udp
US 8.8.8.8:53 47.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 53.171.252.37.in-addr.arpa udp
US 8.8.8.8:53 48.197.32.178.in-addr.arpa udp
US 8.8.8.8:53 148.207.120.3.in-addr.arpa udp
US 8.8.8.8:53 150.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 248.64.124.3.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 244.74.228.91.in-addr.arpa udp
US 8.8.8.8:53 35.173.217.172.in-addr.arpa udp
US 8.8.8.8:53 tg1.aniview.com udp
CO 172.217.173.35:443 csi.gstatic.com udp
GB 104.82.233.61:443 tg1.aniview.com tcp
US 8.8.8.8:53 e11385.dscd.akamaiedge.net udp
US 8.8.8.8:53 e11385.dscd.akamaiedge.net udp
DE 91.228.74.166:443 pixel.quantserve.com tcp
GB 142.250.187.225:443 tpc.googlesyndication.com udp
US 172.240.45.75:443 track-sc-main-was.aniview.com tcp
US 8.8.8.8:53 track-sc-main-was.aniview.com udp
US 8.8.8.8:53 feed.avplayer.com udp
US 8.8.8.8:53 player.avplayer.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.36:443 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp
GB 2.22.249.147:443 feed.avplayer.com tcp
GB 2.19.117.107:443 player.avplayer.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 e16009.dscd.akamaiedge.net udp
US 8.8.8.8:53 a1970.dscd.akamai.net udp
US 8.8.8.8:53 a1970.dscd.akamai.net udp
US 8.8.8.8:53 e16009.dscd.akamaiedge.net udp
US 172.240.45.75:443 track-sc-main-was.aniview.com udp
US 8.8.8.8:53 36.200.250.142.in-addr.arpa udp
GB 2.19.117.107:443 a1970.dscd.akamai.net tcp
US 8.8.8.8:53 147.249.22.2.in-addr.arpa udp
US 8.8.8.8:53 play.aniview.com udp
GB 104.82.233.61:443 play.aniview.com tcp
US 8.8.8.8:53 content1.avplayer.com udp
GB 2.19.117.107:443 content1.avplayer.com tcp
US 8.8.8.8:53 player.aniview.com udp
GB 2.19.117.84:443 player.aniview.com udp
US 8.8.8.8:53 cdn1.vntsm.com udp
DE 138.199.37.227:443 cdn1.vntsm.com tcp
US 8.8.8.8:53 cdn1-vntsm.b-cdn.net udp
US 8.8.8.8:53 cdn1-vntsm.b-cdn.net udp
US 8.8.8.8:53 227.37.199.138.in-addr.arpa udp
US 8.8.8.8:53 track1.avplayer.com udp
US 8.8.8.8:53 track-sc-main-was.avplayer.com udp
US 8.8.8.8:53 track-sc-main-was.avplayer.com udp
N/A 127.0.0.1:50770 tcp
US 45.55.107.24:443 file.io tcp
US 8.8.8.8:53 file.io udp
US 8.8.8.8:53 www.file.io udp
CZ 65.9.95.21:443 www.file.io tcp
US 8.8.8.8:53 www.file.io udp
US 8.8.8.8:53 www.file.io udp
US 8.8.8.8:53 21.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 hb.vntsm.com udp
GB 79.127.237.132:443 hb.vntsm.com tcp
US 8.8.8.8:53 vmhb.b-cdn.net udp
US 104.22.46.142:443 hb.vntsm.io.cdn.cloudflare.net tcp
US 8.8.8.8:53 hb-vntsm-com.global.ssl.fastly.net udp
US 151.101.193.194:443 hb-vntsm-com.global.ssl.fastly.net tcp
US 8.8.8.8:53 hb-vntsm-com.global.ssl.fastly.net udp
US 8.8.8.8:53 hb-vntsm-com.global.ssl.fastly.net udp
US 216.239.32.36:443 region1.analytics.google.com tcp
GB 142.250.180.3:443 www.google.co.uk tcp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 194.193.101.151.in-addr.arpa udp
US 216.239.32.36:443 region1.analytics.google.com udp
GB 142.250.180.3:443 www.google.co.uk udp
US 104.26.3.70:443 ad-delivery.net tcp
GB 216.58.204.66:443 securepubads.g.doubleclick.net tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
CZ 65.9.98.75:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 d1ykf07e75w7ss.cloudfront.net udp
US 8.8.8.8:53 d1ykf07e75w7ss.cloudfront.net udp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
N/A 127.0.0.1:50776 tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
DE 23.55.161.185:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 185.161.55.23.in-addr.arpa udp
GB 142.250.187.206:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.187.206:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-aigl6nsd.gvt1.com udp
GB 74.125.105.41:443 r4---sn-aigl6nsd.gvt1.com tcp
US 8.8.8.8:53 r4.sn-aigl6nsd.gvt1.com udp
US 8.8.8.8:53 r4.sn-aigl6nsd.gvt1.com udp
GB 74.125.105.41:443 r4.sn-aigl6nsd.gvt1.com udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 41.105.125.74.in-addr.arpa udp
US 8.8.8.8:53 file.io udp
US 45.55.107.24:443 file.io tcp
CZ 65.9.95.21:443 www.file.io tcp
US 8.8.8.8:53 www.file.io udp
US 8.8.8.8:53 hb.vntsm.com udp
US 8.8.8.8:53 vmhb.b-cdn.net udp
GB 79.127.237.132:443 vmhb.b-cdn.net tcp
GB 79.127.237.132:443 vmhb.b-cdn.net tcp
US 8.8.8.8:53 hb.vntsm.io udp
US 8.8.8.8:53 hb-vntsm-com.global.ssl.fastly.net udp
US 8.8.8.8:53 vmhb.b-cdn.net udp
US 151.101.193.194:443 hb-vntsm-com.global.ssl.fastly.net tcp
US 8.8.8.8:53 hb-vntsm-com.global.ssl.fastly.net udp
GB 79.127.237.132:443 vmhb.b-cdn.net tcp
US 8.8.8.8:53 hb.vntsm.io.cdn.cloudflare.net udp
US 8.8.8.8:53 hb-vntsm-com.global.ssl.fastly.net udp
US 8.8.8.8:53 hb.vntsm.io.cdn.cloudflare.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 ad-delivery.net udp
US 172.67.69.19:443 ad-delivery.net tcp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 45.55.107.24:443 file.io tcp
US 8.8.8.8:53 region1.analytics.google.com udp
GB 142.250.180.3:443 www.google.co.uk udp
GB 172.217.169.78:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.169.78:443 www3.l.google.com tcp
US 216.239.34.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 216.239.34.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 19.69.67.172.in-addr.arpa udp
US 8.8.8.8:53 d1ykf07e75w7ss.cloudfront.net udp
US 8.8.8.8:53 cdn.exelator.com udp
US 8.8.8.8:53 p.cpx.to udp
US 8.8.8.8:53 pub.doubleverify.com udp
US 8.8.8.8:53 secure.quantserve.com udp
US 8.8.8.8:53 cadmus.script.ac udp
US 8.8.8.8:53 ib.adnxs.com udp
CZ 65.9.98.75:443 d1ykf07e75w7ss.cloudfront.net tcp
US 8.8.8.8:53 p.cpx.to udp
CZ 65.9.95.75:443 cdn.exelator.com tcp
US 8.8.8.8:53 dfh8hwrwbxm35.cloudfront.net udp
US 104.18.166.224:443 pub.doubleverify.com udp
US 8.8.8.8:53 pub.doubleverify.com.cdn.cloudflare.net udp
DE 37.252.171.53:443 ib.adnxs.com tcp
DE 91.228.74.166:443 secure.quantserve.com tcp
US 8.8.8.8:53 p.cpx.to udp
US 34.95.69.49:443 i.clean.gg udp
US 8.8.8.8:53 dfh8hwrwbxm35.cloudfront.net udp
US 8.8.8.8:53 rules.quantcount.com udp
US 8.8.8.8:53 pub.doubleverify.com.cdn.cloudflare.net udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 cadmus.script.ac udp
US 8.8.8.8:53 ib.anycast.adnxs.com udp
CZ 65.9.98.75:443 d1ykf07e75w7ss.cloudfront.net tcp
US 34.95.69.49:443 i.clean.gg tcp
US 8.8.8.8:53 global.px.quantserve.com udp
US 8.8.8.8:53 global.px.quantserve.com udp
US 8.8.8.8:53 cadmus.script.ac udp
US 8.8.8.8:53 ib.anycast.adnxs.com udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 i.clean.gg udp
US 8.8.8.8:53 d2fashanjl7d9f.cloudfront.net udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 i.clean.gg udp
CZ 65.9.9.197:443 aax.amazon-adsystem.com tcp
US 8.8.8.8:53 track.venatusmedia.com udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 d2fashanjl7d9f.cloudfront.net udp
US 8.8.8.8:53 d1jvc9b8z3vcjs.cloudfront.net udp
IE 52.51.116.85:443 track.venatusmedia.com tcp
US 8.8.8.8:53 track.venatusmedia.com udp
US 8.8.8.8:53 d1jvc9b8z3vcjs.cloudfront.net udp
US 34.120.111.33:443 api.edkt.io udp
US 8.8.8.8:53 cdn.edkt.io udp
US 8.8.8.8:53 track.venatusmedia.com udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 lexicon.33across.com udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 id5-sync.com udp
US 104.18.166.224:443 pub.doubleverify.com.cdn.cloudflare.net udp
CZ 65.9.95.126:443 d2fashanjl7d9f.cloudfront.net tcp
CZ 65.9.95.29:443 config.aps.amazon-adsystem.com tcp
US 35.244.193.51:443 lexicon.33across.com tcp
NL 178.250.1.11:443 gum.nl3.vip.prod.criteo.com tcp
DE 162.19.138.82:443 id5-sync.com tcp
US 35.71.131.137:443 match.adsrvr.org tcp
NL 178.250.1.11:443 gum.nl3.vip.prod.criteo.com tcp
US 8.8.8.8:53 pixel.quantserve.com udp
DE 91.228.74.244:443 pixel.quantserve.com tcp
US 8.8.8.8:53 secure.cdn.fastclick.net udp
US 8.8.8.8:53 cdn.hadronid.net udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 e4536.g.akamaiedge.net udp
US 172.67.36.110:443 cdn.hadronid.net tcp
US 8.8.8.8:53 cdn.hadronid.net udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 35.244.193.51:443 lexicon.33across.com udp
US 8.8.8.8:53 75.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 82.138.19.162.in-addr.arpa udp
US 34.120.111.33:443 api.edkt.io udp
US 8.8.8.8:53 e4536.g.akamaiedge.net udp
US 8.8.8.8:53 cdn.hadronid.net udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 api.edkt.io udp
US 8.8.8.8:53 nld-prebid.a-mx.net udp
FR 163.5.194.37:443 nld-prebid.a-mx.net tcp
US 8.8.8.8:53 prg.smartadserver.com udp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 8.8.8.8:53 ex.ingage.tech udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 elb.the-ozone-project.com udp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 8.8.8.8:53 nld-prebid.a-mx.net udp
US 172.67.23.234:443 id.hadron.ad.gt tcp
US 8.8.8.8:53 euw2.smartadserver.com udp
US 172.67.23.234:443 id.hadron.ad.gt tcp
US 8.8.8.8:53 id.hadron.ad.gt.cdn.cloudflare.net udp
US 172.64.146.150:443 ex.ingage.tech tcp
US 172.64.146.150:443 ex.ingage.tech tcp
US 8.8.8.8:53 eu-tlx.3lift.com udp
US 172.64.153.66:443 elb.the-ozone-project.com tcp
US 8.8.8.8:53 euw2.smartadserver.com udp
US 8.8.8.8:53 id.hadron.ad.gt.cdn.cloudflare.net udp
US 8.8.8.8:53 s.cpx.to udp
US 8.8.8.8:53 eu-tlx.3lift.com udp
US 8.8.8.8:53 hbopenbid-lhrc.pubmnet.com udp
US 8.8.8.8:53 ex.ingage.tech udp
IE 52.51.93.160:443 s.cpx.to tcp
US 8.8.8.8:53 btlr-eu-central-1.sharethrough.com udp
US 8.8.8.8:53 hbopenbid-lhrc.pubmnet.com udp
US 8.8.8.8:53 ex.ingage.tech udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 8.8.8.8:53 btlr-eu-central-1.sharethrough.com udp
US 8.8.8.8:53 onsite-tag-logs.apps.nielsen.com udp
US 8.8.8.8:53 hb-api-fra02.omnitagjs.com udp
US 8.8.8.8:53 elb.the-ozone-project.com udp
US 8.8.8.8:53 s.cpx.to udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 8.8.8.8:53 elb.the-ozone-project.com udp
US 8.8.8.8:53 s.cpx.to udp
DE 141.95.98.65:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 8.8.8.8:53 5e0d9c2187133a7e1a30190d70516ad3.safeframe.googlesyndication.com udp
US 8.8.8.8:53 nmcapps-onsite-tag-external-alb-315845598.us-east-1.elb.amazonaws.com udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 nmcapps-onsite-tag-external-alb-315845598.us-east-1.elb.amazonaws.com udp
GB 142.250.180.1:443 5e0d9c2187133a7e1a30190d70516ad3.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
GB 142.250.180.1:443 5e0d9c2187133a7e1a30190d70516ad3.safeframe.googlesyndication.com udp
GB 142.250.187.225:443 tpc.googlesyndication.com udp
GB 142.250.200.36:443 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 18.211.59.193:443 nmcapps-onsite-tag-external-alb-315845598.us-east-1.elb.amazonaws.com tcp
US 8.8.8.8:53 150.146.64.172.in-addr.arpa udp
US 8.8.8.8:53 110.36.67.172.in-addr.arpa udp
US 8.8.8.8:53 65.98.95.141.in-addr.arpa udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 tg1.aniview.com udp
GB 104.82.233.61:443 tg1.aniview.com tcp
US 8.8.8.8:53 e11385.dscd.akamaiedge.net udp
US 8.8.8.8:53 e11385.dscd.akamaiedge.net udp
US 8.8.8.8:53 track4.aniview.com udp
US 8.8.8.8:53 feed.avplayer.com udp
US 8.8.8.8:53 player.avplayer.com udp
US 8.8.8.8:53 track-sc-main-was.aniview.com udp
US 172.240.45.75:443 track4.aniview.com tcp
GB 2.22.249.147:443 feed.avplayer.com tcp
US 8.8.8.8:53 e16009.dscd.akamaiedge.net udp
US 8.8.8.8:53 a1970.dscd.akamai.net udp
GB 2.19.117.107:443 a1970.dscd.akamai.net tcp
US 8.8.8.8:53 e16009.dscd.akamaiedge.net udp
US 8.8.8.8:53 a1970.dscd.akamai.net udp
US 8.8.8.8:53 cdn1.vntsm.com udp
DE 185.59.220.199:443 cdn1.vntsm.com tcp
US 8.8.8.8:53 cdn1-vntsm.b-cdn.net udp
US 8.8.8.8:53 cdn1-vntsm.b-cdn.net udp
US 172.240.45.75:443 track4.aniview.com udp
US 8.8.8.8:53 play.aniview.com udp
US 8.8.8.8:53 content1.avplayer.com udp
GB 2.19.117.84:443 content1.avplayer.com tcp
US 8.8.8.8:53 player.aniview.com udp
GB 2.19.117.84:443 player.aniview.com udp
US 8.8.8.8:53 www.file.io udp
US 8.8.8.8:53 www.file.io udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 acdn.adnxs.com udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 8.8.8.8:53 www.file.io udp
GB 23.219.196.188:443 ads.pubmatic.com tcp
US 8.8.8.8:53 e6603.g.akamaiedge.net udp
US 8.8.8.8:53 eb2.3lift.com udp
US 8.8.8.8:53 prod.appnexus.map.fastly.net udp
US 8.8.8.8:53 visitor-fra02.omnitagjs.com udp
US 151.101.129.108:443 prod.appnexus.map.fastly.net tcp
FR 185.255.84.152:443 visitor-fra02.omnitagjs.com tcp
US 8.8.8.8:53 e6603.g.akamaiedge.net udp
US 8.8.8.8:53 visitor-fra02.omnitagjs.com udp
US 8.8.8.8:53 prod.appnexus.map.fastly.net udp
US 13.248.245.213:443 eb2.3lift.com tcp
US 8.8.8.8:53 eu-eb2.3lift.com udp
US 8.8.8.8:53 eu-eb2.3lift.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 108.129.101.151.in-addr.arpa udp
US 8.8.8.8:53 188.196.219.23.in-addr.arpa udp
US 8.8.8.8:53 152.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 213.245.248.13.in-addr.arpa udp
US 8.8.8.8:53 dis.criteo.com udp
US 8.8.8.8:53 ib.anycast.adnxs.com udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 creativecdn.com udp
US 8.8.8.8:53 api-2-0.spot.im udp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 sync.richaudience.com udp
US 8.8.8.8:53 match.prod.bidr.io udp
US 8.8.8.8:53 image8.pubmatic.com udp
US 44.214.164.136:443 api-2-0.spot.im tcp
US 8.8.8.8:53 b1sync.zemanta.com udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 8.8.8.8:53 jadserve.postrelease.com udp
US 8.8.8.8:53 tracker.open-adsyield.com udp
US 8.8.8.8:53 rtb.mfadsrvr.com udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 id.rlcdn.com udp
US 8.8.8.8:53 bttrack.com udp
DE 37.252.171.53:443 ib.anycast.adnxs.com tcp
DE 37.252.171.53:443 ib.anycast.adnxs.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
NL 35.214.136.108:443 x.bidswitch.net tcp
NL 185.184.8.90:443 creativecdn.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
DE 148.251.20.249:443 sync.richaudience.com tcp
IE 34.253.109.63:443 match.prod.bidr.io tcp
US 35.71.131.137:443 match.adsrvr.org tcp
GB 185.64.191.214:443 image8.pubmatic.com tcp
US 50.31.142.31:443 b1sync.zemanta.com tcp
US 8.8.8.8:53 eu-west-1-cs-rtb.openwebmp.com udp
US 8.8.8.8:53 gum.aidemsrv.com udp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
US 8.8.8.8:53 ssc-cms.33across.com udp
US 50.31.142.31:443 b1sync.zemanta.com tcp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
US 8.8.8.8:53 widget.nl3.vip.prod.criteo.com udp
US 172.111.38.86:443 tracker.open-adsyield.com tcp
US 54.157.243.69:443 sync.srv.stackadapt.com tcp
IE 34.251.85.66:443 jadserve.postrelease.com tcp
US 67.202.105.24:443 ssc-cms.33across.com tcp
NL 35.214.199.88:443 rtb.mfadsrvr.com tcp
IE 52.50.94.78:443 ap.lijit.com tcp
US 35.244.174.68:443 id.rlcdn.com tcp
US 192.132.33.69:443 bttrack.com tcp
US 8.8.8.8:53 creativecdn.com udp
US 8.8.8.8:53 widget.nl3.vip.prod.criteo.com udp
US 104.18.7.198:443 gum.aidemsrv.com tcp
GB 23.215.239.190:443 secure-assets.rubiconproject.com tcp
NL 89.149.193.84:443 ssbsync.smartadserver.com tcp
CZ 65.9.95.36:443 eu-west-1-cs-rtb.openwebmp.com tcp
DE 51.89.9.254:443 onetag-sys.com tcp
US 54.147.159.241:443 cs-server-s2s.yellowblue.io tcp
US 8.8.8.8:53 creativecdn.com udp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 k8s-kongow-generalp-4b9a3bfec6-974801183.us-east-1.elb.amazonaws.com udp
NL 35.214.136.108:443 x.bidswitch.net udp
NL 46.228.174.117:443 sync.1rx.io tcp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 sync.richaudience.com udp
US 8.8.8.8:53 match.prod.bidr.io udp
NL 35.214.199.88:443 rtb.mfadsrvr.com udp
US 8.8.8.8:53 eus.rubiconproject.com udp
US 35.244.174.68:443 id.rlcdn.com udp
US 8.8.8.8:53 user-data-eu.bidswitch.net udp
US 8.8.8.8:53 sync.richaudience.com udp
US 8.8.8.8:53 match.prod.bidr.io udp
US 8.8.8.8:53 136.164.214.44.in-addr.arpa udp
US 8.8.8.8:53 214.191.64.185.in-addr.arpa udp
GB 2.17.5.216:443 eus.rubiconproject.com tcp
US 104.18.7.198:443 gum.aidemsrv.com udp
DE 51.89.9.254:443 onetag-sys.com udp
US 8.8.8.8:53 9.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 108.136.214.35.in-addr.arpa udp
US 8.8.8.8:53 249.20.251.148.in-addr.arpa udp
US 8.8.8.8:53 63.109.253.34.in-addr.arpa udp
US 8.8.8.8:53 66.85.251.34.in-addr.arpa udp
US 8.8.8.8:53 68.174.244.35.in-addr.arpa udp
US 8.8.8.8:53 88.199.214.35.in-addr.arpa udp
US 8.8.8.8:53 78.94.50.52.in-addr.arpa udp
US 8.8.8.8:53 69.243.157.54.in-addr.arpa udp
US 8.8.8.8:53 69.33.132.192.in-addr.arpa udp
US 8.8.8.8:53 24.105.202.67.in-addr.arpa udp
US 8.8.8.8:53 190.239.215.23.in-addr.arpa udp
US 8.8.8.8:53 198.7.18.104.in-addr.arpa udp
US 8.8.8.8:53 84.193.149.89.in-addr.arpa udp
US 8.8.8.8:53 254.9.89.51.in-addr.arpa udp
US 8.8.8.8:53 36.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 241.159.147.54.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 user-data-eu.bidswitch.net udp
US 8.8.8.8:53 imagsync-lhrpairbc.pubmatic.com udp
US 8.8.8.8:53 chidc2.outbrain.org udp
US 8.8.8.8:53 imagsync-lhrpairbc.pubmatic.com udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 8.8.8.8:53 qvdt3feo.com udp
US 8.8.8.8:53 dorpat.geo.iponweb.net udp
US 8.8.8.8:53 id.rlcdn.com udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 34.200.40.250:443 qvdt3feo.com tcp
US 8.8.8.8:53 id.rlcdn.com udp
US 8.8.8.8:53 jadserve.postrelease.com.akadns.net udp
US 8.8.8.8:53 dorpat.geo.iponweb.net udp
US 8.8.8.8:53 blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 bttrack.com udp
US 8.8.8.8:53 jadserve.postrelease.com.akadns.net udp
US 8.8.8.8:53 track1.avplayer.com udp
US 8.8.8.8:53 blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 bttrack.com udp
US 8.8.8.8:53 tracker-use.ortb.net udp
US 172.240.45.76:443 track1.avplayer.com tcp
US 8.8.8.8:53 pixel.33across.com udp
US 8.8.8.8:53 gum.aidemsrv.com udp
US 8.8.8.8:53 tracker-use.ortb.net udp
US 8.8.8.8:53 gum.aidemsrv.com udp
US 8.8.8.8:53 e8960.e2.akamaiedge.net udp
US 8.8.8.8:53 ssbsync-euw1.smartadserver.com udp
US 8.8.8.8:53 dckrl2e5yf7xg.cloudfront.net udp
US 8.8.8.8:53 e8960.e2.akamaiedge.net udp
US 8.8.8.8:53 ssbsync-euw1.smartadserver.com udp
US 8.8.8.8:53 dckrl2e5yf7xg.cloudfront.net udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 e8960.b.akamaiedge.net udp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
US 8.8.8.8:53 qvdt3feo.com udp
US 8.8.8.8:53 e8960.b.akamaiedge.net udp
US 8.8.8.8:53 track-sc-main-was.avplayer.com udp
US 8.8.8.8:53 qvdt3feo.com udp
US 172.240.45.76:443 track1.avplayer.com udp
US 8.8.8.8:53 216.5.17.2.in-addr.arpa udp
US 8.8.8.8:53 250.40.200.34.in-addr.arpa udp
US 8.8.8.8:53 76.45.240.172.in-addr.arpa udp
US 8.8.8.8:53 sync.aniview.com udp
US 172.240.45.96:443 sync.aniview.com tcp
US 8.8.8.8:53 sync-sc-main-was.aniview.com udp
US 8.8.8.8:53 sync-sc-main-was.aniview.com udp
US 8.8.8.8:53 support.mozilla.org udp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
US 8.8.8.8:53 96.45.240.172.in-addr.arpa udp
US 8.8.8.8:53 150.216.36.34.in-addr.arpa udp
US 8.8.8.8:53 token.rubiconproject.com udp
NL 69.173.156.148:443 token.rubiconproject.com tcp
US 8.8.8.8:53 pixel.rubiconproject.net.akadns.net udp
NL 69.173.156.148:443 pixel.rubiconproject.net.akadns.net tcp
US 8.8.8.8:53 pixel.rubiconproject.net.akadns.net udp
US 8.8.8.8:53 btlr-eu-central-1.sharethrough.com udp
US 8.8.8.8:53 eu-tlx.3lift.com udp
US 8.8.8.8:53 btlr-eu-central-1.sharethrough.com udp
US 8.8.8.8:53 eu-tlx.3lift.com udp
DE 18.153.93.230:443 btlr.sharethrough.com tcp
DE 18.153.93.230:443 btlr.sharethrough.com tcp
DE 3.124.64.248:443 eu-tlx.3lift.com tcp
FR 217.182.178.224:443 euw2.smartadserver.com tcp
DE 37.252.171.53:443 ib.anycast.adnxs.com tcp
GB 185.64.190.77:443 hbopenbid-lhrc.pubmnet.com tcp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 track.venatusmedia.com udp
US 8.8.8.8:53 cdn.ampproject.org udp
GB 142.250.200.33:443 cdn.ampproject.org tcp
GB 142.250.200.33:443 cdn.ampproject.org tcp
GB 142.250.200.33:443 cdn.ampproject.org tcp
GB 142.250.200.33:443 cdn.ampproject.org tcp
US 8.8.8.8:53 cdn-content.ampproject.org udp
GB 142.250.200.33:443 cdn-content.ampproject.org tcp
US 8.8.8.8:53 cdn-content.ampproject.org udp
US 8.8.8.8:53 230.93.153.18.in-addr.arpa udp
US 8.8.8.8:53 224.178.182.217.in-addr.arpa udp
GB 142.250.200.33:443 cdn-content.ampproject.org udp
US 69.166.1.32:443 iad-2-apex.go.sonobi.com tcp
GB 142.250.200.36:443 www.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.179.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 33.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
US 216.239.34.36:443 region1.analytics.google.com udp
US 216.239.34.36:443 region1.analytics.google.com tcp
DE 37.252.171.53:443 ib.anycast.adnxs.com tcp
US 8.8.8.8:53 eu-tlx.3lift.com udp
DE 18.153.93.230:443 btlr.sharethrough.com tcp
FR 217.182.178.224:443 euw2.smartadserver.com tcp
US 8.8.8.8:53 eu-tlx.3lift.com udp
US 69.166.1.32:443 iad-2-apex.go.sonobi.com tcp
US 8.8.8.8:53 www.file.io udp
US 8.8.8.8:53 www.file.io udp
US 8.8.8.8:53 www.file.io udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 d1jvc9b8z3vcjs.cloudfront.net udp
US 8.8.8.8:53 d1jvc9b8z3vcjs.cloudfront.net udp
US 172.240.45.75:443 track4.aniview.com tcp
US 8.8.8.8:53 go1.aniview.com udp
US 8.8.8.8:53 content1.avplayer.com udp
US 172.240.45.81:443 go1.aniview.com tcp
US 8.8.8.8:53 go1-sc-main-was.aniview.com udp
US 8.8.8.8:53 go1-sc-main-was.aniview.com udp
DE 37.252.171.53:443 ib.anycast.adnxs.com tcp
DE 18.153.93.230:443 btlr.sharethrough.com tcp
FR 217.182.178.224:443 euw2.smartadserver.com tcp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 a1970.dscd.akamai.net udp
US 8.8.8.8:53 eu-tlx.3lift.com udp
US 8.8.8.8:53 eu-tlx.3lift.com udp
US 172.240.45.81:443 go1-sc-main-was.aniview.com udp
NL 89.149.193.84:443 ssbsync-euw1.smartadserver.com tcp
US 8.8.8.8:53 ads.stickyadstv.com udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
DE 51.89.9.254:443 onetag-sys.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
FR 154.54.250.81:443 ads.stickyadstv.com tcp
FR 154.54.250.81:443 ads.stickyadstv.com tcp
US 8.8.8.8:53 user-data-eu.bidswitch.net udp
US 8.8.8.8:53 u.openx.net udp
US 8.8.8.8:53 eus.rubiconproject.com udp
US 8.8.8.8:53 e8960.e2.akamaiedge.net udp
US 8.8.8.8:53 match.sharethrough.com udp
US 8.8.8.8:53 assets.a-mo.net udp
DE 18.195.234.25:443 match.sharethrough.com tcp
US 34.98.64.218:443 u.openx.net tcp
US 8.8.8.8:53 e6603.g.akamaiedge.net udp
US 8.8.8.8:53 user-data-eu.bidswitch.net udp
US 8.8.8.8:53 81.45.240.172.in-addr.arpa udp
US 8.8.8.8:53 e8960.e2.akamaiedge.net udp
US 8.2.110.134:443 cs.krushmedia.com tcp
US 34.98.64.218:443 u.openx.net udp
US 8.8.8.8:53 pixel-eu.rubiconproject.com udp
US 104.19.158.19:443 assets.a-mo.net tcp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 8.8.8.8:53 cs.admanmedia.com udp
US 8.8.8.8:53 t.adx.opera.com udp
US 8.8.8.8:53 ssbsync-global.smartadserver.com udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 eu-west-dual.ads.stickyadstv.com.akadns.net udp
US 8.8.8.8:53 blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com udp
DE 18.195.234.25:443 match.sharethrough.com tcp
DE 162.19.138.82:443 lb.eu-1-id5-sync.com tcp
NL 178.250.1.9:443 widget.nl3.vip.prod.criteo.com tcp
US 8.8.8.8:53 eu-west-dual.ads.stickyadstv.com.akadns.net udp
US 8.8.8.8:53 blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 match-eu-central-1-ecs.sharethrough.com udp
US 80.77.87.162:443 cs.admanmedia.com tcp
US 8.8.8.8:53 match-eu-central-1-ecs.sharethrough.com udp
US 8.8.8.8:53 e8960.b.akamaiedge.net udp
US 8.8.8.8:53 u.openx.net udp
US 8.8.8.8:53 cs.krushmedia.com udp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 8.8.8.8:53 id.a-mx.com udp
US 8.8.8.8:53 rtb.openx.net udp
US 8.8.8.8:53 cm.adform.net udp
US 8.8.8.8:53 ssum.casalemedia.com udp
US 8.8.8.8:53 cs.krushmedia.com udp
US 8.8.8.8:53 u.openx.net udp
US 8.8.8.8:53 e8960.b.akamaiedge.net udp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
GB 216.58.201.98:443 cm.g.doubleclick.net udp
NL 82.145.213.8:443 t.adx.opera.com tcp
FR 51.178.195.213:443 ssbsync-global.smartadserver.com tcp
US 8.8.8.8:53 player.aniview.com udp
US 8.8.8.8:53 s2s.aniview.com udp
US 8.8.8.8:53 optimized-by.rubiconproject.com udp
NL 79.127.227.46:443 id.a-mx.com tcp
US 8.8.8.8:53 assets.a-mo.net.cdn.cloudflare.net udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 pixel.rubiconproject.net.akadns.net udp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
US 35.227.252.103:443 rtb.openx.net tcp
DK 37.157.6.237:443 cm.adform.net tcp
FR 51.178.195.213:443 ssbsync-global.smartadserver.com tcp
GB 216.58.201.98:443 cm.g.doubleclick.net tcp
GB 216.58.201.98:443 cm.g.doubleclick.net tcp
US 104.18.36.155:443 ssum.casalemedia.com tcp
US 35.227.252.103:443 rtb.openx.net udp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 assets.a-mo.net.cdn.cloudflare.net udp
DE 3.127.90.72:443 optimized-by.rubiconproject.com tcp
US 172.240.45.70:443 s2s.aniview.com tcp
US 8.8.8.8:53 ssbsync-euw2.smartadserver.com udp
US 98.82.158.241:443 s.amazon-adsystem.com tcp
US 104.18.36.155:443 ssum.casalemedia.com udp
GB 2.19.117.84:443 player.aniview.com udp
GB 2.19.117.84:443 player.aniview.com tcp
GB 2.19.117.84:443 player.aniview.com tcp
GB 2.19.117.84:443 player.aniview.com tcp
GB 2.19.117.84:443 player.aniview.com tcp
US 8.8.8.8:53 81.250.54.154.in-addr.arpa udp
US 8.8.8.8:53 218.64.98.34.in-addr.arpa udp
US 8.8.8.8:53 134.110.2.8.in-addr.arpa udp
US 8.8.8.8:53 19.158.19.104.in-addr.arpa udp
US 8.8.8.8:53 162.87.77.80.in-addr.arpa udp
US 8.8.8.8:53 sync.a-mo.net udp
US 8.8.8.8:53 pixel-eu.rubiconproject.net.akadns.net udp
US 8.8.8.8:53 pixel-eu.rubiconproject.net.akadns.net udp
FR 163.5.194.30:443 sync.a-mo.net tcp
FR 163.5.194.30:443 sync.a-mo.net tcp
US 8.8.8.8:53 pr-bh.ybp.yahoo.com udp
NL 69.173.156.148:443 pixel-eu.rubiconproject.net.akadns.net tcp
DE 3.127.90.72:443 optimized-by.rubiconproject.com tcp
US 172.240.45.70:443 s2s.aniview.com tcp
US 98.82.158.241:443 s.amazon-adsystem.com tcp
US 8.8.8.8:53 outspot2-ams.adx.opera.com udp
US 8.8.8.8:53 sync.a-mo.net udp
IE 34.249.222.253:443 pr-bh.ybp.yahoo.com tcp
FR 163.5.194.34:443 sync.a-mo.net tcp
US 8.8.8.8:53 outspot2-ams.adx.opera.com udp
US 8.8.8.8:53 8.213.145.82.in-addr.arpa udp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 149.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 213.195.178.51.in-addr.arpa udp
US 8.8.8.8:53 46.227.127.79.in-addr.arpa udp
US 8.8.8.8:53 103.252.227.35.in-addr.arpa udp
US 8.8.8.8:53 237.6.157.37.in-addr.arpa udp
US 8.8.8.8:53 155.36.18.104.in-addr.arpa udp
US 8.8.8.8:53 30.194.5.163.in-addr.arpa udp
US 8.8.8.8:53 72.90.127.3.in-addr.arpa udp
US 8.8.8.8:53 253.222.249.34.in-addr.arpa udp
US 8.8.8.8:53 70.45.240.172.in-addr.arpa udp
US 8.8.8.8:53 241.158.82.98.in-addr.arpa udp
FR 163.5.194.34:443 sync.a-mo.net tcp
US 8.8.8.8:53 cs.admanmedia.com udp
US 8.8.8.8:53 ssbsync-euw2.smartadserver.com udp
US 8.8.8.8:53 cs.admanmedia.com udp
US 8.8.8.8:53 track-eu.adformnet.akadns.net udp
US 8.8.8.8:53 ssum.casalemedia.com udp
US 8.8.8.8:53 track-eu.adformnet.akadns.net udp
US 8.8.8.8:53 ssum.casalemedia.com udp
US 8.8.8.8:53 rtb.openx.net udp
US 8.8.8.8:53 id.a-mx.com udp
US 8.8.8.8:53 rtb.openx.net udp
FR 163.5.194.34:443 sync.a-mo.net tcp
US 8.8.8.8:53 videoproxyservervip-2125505963.eu-central-1.elb.amazonaws.com udp
US 8.8.8.8:53 id.a-mx.com udp
US 8.8.8.8:53 videoproxyservervip-2125505963.eu-central-1.elb.amazonaws.com udp
US 8.8.8.8:53 s2s-sc-main-was.aniview.com udp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 172.240.45.70:443 s2s-sc-main-was.aniview.com udp
US 8.8.8.8:53 s2s-sc-main-was.aniview.com udp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 8.8.8.8:53 34.194.5.163.in-addr.arpa udp
US 8.8.8.8:53 nld-prebid.a-mx.net udp
US 8.8.8.8:53 ds-pr-bh.ybp.gysm.yahoodns.net udp
US 8.8.8.8:53 ds-pr-bh.ybp.gysm.yahoodns.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 25.234.195.18.in-addr.arpa udp
US 8.8.8.8:53 prebid.adnxs.com udp
US 8.8.8.8:53 ow.pubmatic.com udp
NL 185.89.208.11:443 prebid.adnxs.com tcp
GB 185.64.190.84:443 ow.pubmatic.com tcp
US 8.8.8.8:53 ow-lhrc.pubmnet.com udp
US 8.8.8.8:53 ow-lhrc.pubmnet.com udp
US 8.8.8.8:53 xandr-prebid.trafficmanager.net udp
US 8.8.8.8:53 84.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 11.208.89.185.in-addr.arpa udp
US 8.8.8.8:53 targeting.unrulymedia.com udp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
US 8.8.8.8:53 tag.1rx.io udp
US 8.8.8.8:53 tag.1rx.io udp
NL 46.228.174.115:443 tag.1rx.io tcp
US 8.8.8.8:53 prebid-server.rubiconproject.com udp
US 8.8.8.8:53 hb.yellowblue.io udp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
US 8.8.8.8:53 prebid-server-perf-eu.rubiconproject.net.akadns.net udp
CZ 65.9.95.37:443 hb.yellowblue.io tcp
US 8.8.8.8:53 hb.yellowblue.io udp
US 8.8.8.8:53 prebid-server-perf-eu.rubiconproject.net.akadns.net udp
US 8.8.8.8:53 hb.yellowblue.io udp
US 8.8.8.8:53 157.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 150.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 37.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 6898ef8f9599ddd9f3e1c4e7e2306b03.safeframe.googlesyndication.com udp
GB 142.250.180.1:443 6898ef8f9599ddd9f3e1c4e7e2306b03.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 pagead-googlehosted.l.google.com udp
GB 142.250.187.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 pagead-googlehosted.l.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.36:443 www.google.com udp
GB 142.250.180.1:443 pagead-googlehosted.l.google.com udp
US 8.8.8.8:53 imasdk.googleapis.com udp
GB 172.217.169.74:443 imasdk.googleapis.com tcp
US 8.8.8.8:53 imasdk.googleapis.com udp
GB 172.217.169.74:443 imasdk.googleapis.com tcp
US 8.8.8.8:53 imasdk.googleapis.com udp
GB 172.217.169.74:443 imasdk.googleapis.com udp
US 8.8.8.8:53 234.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 s0.2mdn.net udp
US 8.8.8.8:53 s0.2mdn.net udp
GB 216.58.201.102:443 s0.2mdn.net tcp
US 8.8.8.8:53 s0.2mdn.net udp
GB 216.58.201.102:443 s0.2mdn.net udp
US 8.8.8.8:53 102.201.58.216.in-addr.arpa udp
US 69.166.1.32:443 iad-2-apex.go.sonobi.com tcp
DE 37.252.171.53:443 ib.anycast.adnxs.com tcp
FR 217.182.178.224:443 euw2.smartadserver.com tcp
US 8.8.8.8:53 prebid.a-mo.net udp
FR 163.5.194.32:443 prebid.a-mo.net tcp
US 8.8.8.8:53 32.194.5.163.in-addr.arpa udp
US 8.8.8.8:53 equativ-match.dotomi.com udp
US 8.8.8.8:53 bh.contextweb.com udp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
US 8.8.8.8:53 image6.pubmatic.com udp
NL 63.215.202.137:443 equativ-match.dotomi.com tcp
US 8.8.8.8:53 bfp.global.dual.dotomi.weighted.com.akadns.net udp
NL 198.47.127.19:443 image6.pubmatic.com tcp
NL 81.17.55.97:443 rtb-csync.smartadserver.com tcp
US 8.8.8.8:53 pugm-amsfpairbc.pubmnet.com udp
NL 81.17.55.97:443 rtb-csync.smartadserver.com tcp
US 8.8.8.8:53 rtb-csync-euw1.smartadserver.com udp
NL 208.93.169.131:443 bh.contextweb.com tcp
US 8.8.8.8:53 pugm-amsfpairbc.pubmnet.com udp
US 8.8.8.8:53 rtb-csync-euw1.smartadserver.com udp
US 8.8.8.8:53 bfp.global.dual.dotomi.weighted.com.akadns.net udp
US 8.8.8.8:53 am1-direct-bgp.contextweb.com udp
US 8.8.8.8:53 wt.rqtrk.eu udp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 8.8.8.8:53 wt.rqtrk.eu udp
DE 57.129.18.113:443 wt.rqtrk.eu tcp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 8.8.8.8:53 wt.rqtrk.eu udp
US 8.8.8.8:53 19.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 131.169.93.208.in-addr.arpa udp
US 8.8.8.8:53 97.55.17.81.in-addr.arpa udp
US 8.8.8.8:53 file.io udp
US 45.55.107.24:443 file.io tcp
US 8.8.8.8:53 file.io udp
US 8.8.8.8:53 www.file.io udp
US 8.8.8.8:53 www.file.io udp
CZ 65.9.95.24:443 www.file.io tcp
US 8.8.8.8:53 hb.vntsm.com udp
US 8.8.8.8:53 vmhb.b-cdn.net udp
GB 143.244.38.136:443 vmhb.b-cdn.net tcp
US 8.8.8.8:53 vmhb.b-cdn.net udp
US 8.8.8.8:53 hb.vntsm.io udp
US 8.8.8.8:53 hb-vntsm-com.global.ssl.fastly.net udp
US 8.8.8.8:53 hb-vntsm-com.global.ssl.fastly.net udp
US 151.101.193.194:443 hb-vntsm-com.global.ssl.fastly.net tcp
US 104.22.47.142:443 hb.vntsm.io tcp
US 8.8.8.8:53 hb-vntsm-com.global.ssl.fastly.net udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 216.239.32.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 www.google.co.uk udp
GB 142.250.180.3:443 www.google.co.uk udp
US 8.8.8.8:53 www.google.co.uk udp
US 216.239.32.36:443 region1.analytics.google.com tcp
GB 142.250.180.3:443 www.google.co.uk tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
GB 216.58.204.66:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 d1ykf07e75w7ss.cloudfront.net udp
CZ 65.9.98.75:443 d1ykf07e75w7ss.cloudfront.net tcp
US 8.8.8.8:53 142.47.22.104.in-addr.arpa udp
US 8.8.8.8:53 content1.avplayer.com udp
US 8.8.8.8:53 a1970.dscd.akamai.net udp
GB 2.19.117.84:443 a1970.dscd.akamai.net tcp
US 8.8.8.8:53 a1970.dscd.akamai.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 content1.avplayer.com udp
US 8.8.8.8:53 a1970.dscd.akamai.net udp
GB 2.19.117.84:443 a1970.dscd.akamai.net tcp
US 8.8.8.8:53 a1970.dscd.akamai.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 content1.avplayer.com udp
US 8.8.8.8:53 a1970.dscd.akamai.net udp
GB 2.19.117.84:443 a1970.dscd.akamai.net tcp
US 8.8.8.8:53 a1970.dscd.akamai.net udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 216.72.190.35.in-addr.arpa udp
US 8.8.8.8:53 content1.avplayer.com udp
US 8.8.8.8:53 a1970.dscd.akamai.net udp
GB 2.19.117.84:443 a1970.dscd.akamai.net tcp
US 8.8.8.8:53 a1970.dscd.akamai.net udp

Files

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\0ffac2b6-b6bd-46da-b8cd-eda9e8fc1b8f

MD5 331797bdc948c085ce32d9e0d07cd825
SHA1 58dab2f93458a260e75229a0f64b3d2cb47452ed
SHA256 1d7c5f952c5c40f7d84dd571c60e01c6504358eac3046ba07852aac81453a2d5
SHA512 3688236787acd0995a43fc6bba5899d388966b6dd4101361a09a5bcbd67c4044175517020be95c602cd1868d13d2f55629e9bfe5a3873949b507c4b5a46ef0c8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\c3502d9e-7542-49da-b0b6-27503800d6ca

MD5 bff400581458b1b429a3e4e61135b3b1
SHA1 ce30c6c5335c9198e57cc203068c54dba0a9b356
SHA256 81324a10a5db23d33b4052e0c7e675979892da799b3b3b9e148e246102b42f6f
SHA512 1c3eb6c0e2b6479471116c8fcd0ecc73c8da00d34ab49e98efbee2c1327624efad638c54564043f7257cce40f5938575f8e273ecbcf489fd686d3f01a629ff29

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin

MD5 3175171efe61fe3fc3c5a182c8c12f1c
SHA1 581b1cdf05f76657dc66ef4024aee549384f54d4
SHA256 0ee9b79bc59f7f90b97aa76316386f8e3d394abb1848497d6e7f7210aed08945
SHA512 01575ff9921b75ccdae5d707bf008665ff0c6c93645f9ec6e35504f527cab861190dbe70a6cb310339cde5cc4d480f31cb7f3c7bfd271e672f229f6af587d0c5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 e7d901ad03d22078f4c42ecc83c3bd45
SHA1 13ffe2ced2026e6b99c39a96d006c7832a72ba17
SHA256 fddee54013f830a84e74dce5679f6e4c3c71b4c5c51ecdf58bcef7e27eba4f17
SHA512 8e7373116183db845f03c74e28effbe85b53c6c109f0a1a867fc4daa2944c099846644c5b6ecfa6408091d097a08b3f1b8cedcbeffbdcfaa14147f6b76663ec9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js

MD5 c989e59d272bed28f687a382edfe24e4
SHA1 e254084ca5667bef3f83a9b90a368c403eae1aca
SHA256 53df4b0ca2bbd6baf301d70e5be6c2dd4201cbe16f98aaeaeae775c5ceeec949
SHA512 fcc885d9101f4d5a0f1e1eb87727a4c6b49875ad0caf98ce75529550624db7c52d4c8f9f13ab696f81076145d21b33a1988b588e02714d693456074f75322c3c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

MD5 cc32d054e712504a857196bf907091a3
SHA1 8a984bd371a5634b42a396f021b293414ac5519a
SHA256 357212ff8c07dd8db8d87881e595bc9ffc9739df0b9a10b2187ada7cbf94d00c
SHA512 d2f0470aae9d88ae18827e7c2497291939cd790f5f1aaab90b5a0efe0e11245e0f633b5e12bb77eb922be00100c493e9f17a18d8eac3902be46877b2ad0f3849

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 006bbd1acdddcdf23af44fda7eca74d5
SHA1 78b775fd8021497ea8741a6e5ff2f0b4a2691ef3
SHA256 63888802a012f3a17369ff0e2d0943b258d58d45ae12e9ecc2de650b66ff9bff
SHA512 a9d4f6de0fc4aef29b7b76bdfd881bc96405f34beee4b51ae290fa658ebd35fefcf67003f28e7454bde1f99b9c108762c21baeaa30b776d8763671077a5ce9da

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\21688

MD5 71bd14d34dc361c8656b82c3b92853be
SHA1 1028da4fba2ce60982cae69e1c488d21f3ac520e
SHA256 624d270d448af14abdb5e5f39f90be23931c7c45e7e765bc3eda462232b1b1d5
SHA512 2d79e794d65d0bc7f3810b22fad32a1531f78b4d736ea14188b229d2b3d49bc5c170d7a45477910c96d5a02abaa2de3fdf1e8e737ba9da17434634894a49c335

C:\Users\Admin\Downloads\GhostEyeWorm.JYEEXGm6.zip.part

MD5 c98130b77eb64a0eeffe1e2e3088892d
SHA1 edbb07ce7cdf26c23db6da44cd730f1c72855c50
SHA256 04148d67f85f70a8b2c3c531b54950c1f00dbcebf3ee4c7760e04b31d1ecb5d2
SHA512 120d7de0e71ebe4891a4d014a770907ffe1d34a2c05e10fea44f677681e709184c36d97292476367177020526c8707efee02499213b3010e72c1c11f296b585d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore.jsonlz4

MD5 97493df3b87817c4bfb28cf8f0011726
SHA1 8702a609f3ea4de8223fc9a684b67ef73b450497
SHA256 bf684cbf0893b3bf7662695fe58fc516a91ea990677c53f758ee6c0513ccc3bd
SHA512 e00bda6e07f1a3bcb80603aa8da1c163aacd3d9e1bc20e207ced3b22669fa4a14e6a69f3bcf42cee9a9d409b2f89a9c374ceaec2a651747d35ebdbbafb697084

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

MD5 1da49226eaf7151129ed658d3b1e10f8
SHA1 3c3a578f2a2d60deeda4babccf36a5d84d0b986a
SHA256 403affcfcf4df4f72d58d3f45b7d0691abef8708882201773e8f9f65b25ff3c5
SHA512 58229757ccbe84bb8b0021f1529b76ccb42753590ff5aee0eba53c2687bc27204bc1c48d532757d176db483afa238c268f38bea4297d8dd86e822cab5d636e8a

C:\Users\Admin\Desktop\GhostEyeWorm\GhostEyeWorm.exe

MD5 e36c8c6d6a9f1df626db78481258597c
SHA1 574af51bd4f9c242cebbf1626234309489260290
SHA256 837ebab1fad28d2abf5aa873999ce6c8b55d70f99f18f8bebeea5478ee677df8
SHA512 96ed6a1a134907290ba91efe861855608fe82132233d12cdd09b7bb63447dd6ae8eed86c4845231226479b0c33fe66195a61a0cb1018a1bfa89c7fda730edad5

memory/4664-425-0x0000000000850000-0x000000000096C000-memory.dmp

memory/4664-426-0x000000001B430000-0x000000001B4F2000-memory.dmp

C:\Users\Admin\Desktop\GhostEyeWorm\33

MD5 ed8bf55cfce5f58d887523daeed9544c
SHA1 20bc855d5991965ca821c0af512115c8d230fbc1
SHA256 42b71241c2eaae200ec275db63da65d6c98db58c9e63b9150e0f52e08834ca3d
SHA512 2077b2ea7fef5c02405f8749e8d4a4e997ff3d977e190267100e1ba09ae376be76835725b551ca037a4c2b4fd259474cb9c7e31cf48eaccfb80dd5a7e5eca850

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_1D3FEAC48A65656E96E3BD618D58D1B0

MD5 f2435f0dcde0f4a225fc8942d342d812
SHA1 5947589f49473483a5eca506fbdeac2018df7305
SHA256 792ee5c5b9b5d509de298aa690417c25c0ca143040dabad48f91cb1350706161
SHA512 cfef70bf9211cd55c68ffd30294d8b237e177efa16ddf20b73df91a21d62c201251f6cac984b0ab1f730c138ce692deae5d881bea4e2cf3e483f9b426e153057

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_1D3FEAC48A65656E96E3BD618D58D1B0

MD5 e80c98f1c8006619e9549240076797bb
SHA1 3d936cbd5f29204a72e5b57b06ecdd7d873fedf8
SHA256 3d19e5dc2a085e96293233a771a387a726ff483f9b18e88053210f37bf0d195a
SHA512 4870960f771fb486153de5b51a2133d7b5de8511b69092dcefbbab701fb3d975ff3452f29f6161c9f10a57940b3cdb366af29386d20a7e266122346aba95438a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 dc5241fe685e093263f44de9ad416b62
SHA1 ef2be338c719f3d13037952928e49fc49f4bdc33
SHA256 7d58f67d5e6df8482bf76f8e31de9801ad369ab6fb8baef6dee589703ab462f3
SHA512 b244739b386cc84685d2c4c9c18d2f06905954067220824c154da0e674cc48539748b7cbac00cacca5151447b0cf7e5bc306dffc3f10631f13df224727d46e23

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 889ff3c049a7b96702c129a605b529fb
SHA1 4d1792704b8e4e2177584d8971811abea3eb8fed
SHA256 84c6cd256d2b75ccd8f7f6bf8147d9c963765a372d5b216d9ee3ccd2bfe65ec2
SHA512 61dacac99375249d70d10a5b462e0a0e2870efe9fc69b3e53eb2d46ad0e139740973deb0c6a12cf2f8f4fbcb5b1134fcc563b54f5602afdabd11cfdad1159e47

C:\Users\Admin\Desktop\GhostEyeWorm\Stub.exe

MD5 54b1c45da8980b32759042e2c3c78dfb
SHA1 11e8bc2db98786c69e5dadf53d00ff3ee03d64f8
SHA256 9d5efce48ed68dcb4caaa7fbecaf47ce2cab0a023afc6ceed682d1d532823773
SHA512 73169989b97a032fe923272fbe4bc27be77e491d125b360120fc1e02419d99f807b1f62a3edaff85ebfd16e9c240ec295be9431cfe4d6c353f0cf0dbeec4d2ac

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js

MD5 5296c81f158fa10f6f06dedeeb80f2e9
SHA1 2a8fc8d36150654a3ad24724c65f7d92e78d8fa9
SHA256 589a77996b27b2eb0ed90616b5f08e67f45c300c18378cc0137211995f0f3e88
SHA512 e1e511784ac01d9ec5181a89eb0dd0a19dedb77cdf8346e32f7c31fa72d6fc43bd586b14da167e12258914ba9ad40cab9e65e5e3a85be4fd45d100588c256865

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\startupCache\scriptCache.bin

MD5 ae5a4548cda41b7d6ace48080e63cf86
SHA1 b058868aa0730cfb99c5e71eeb72603b611a5662
SHA256 a1d2edb4f8178b9f285eebf5ba4c50a1edcaf2e9372039777cb7b161fe8a99b9
SHA512 8a4fb3c7206dc7d5a272cfa59d5c83200f66b4dfecb48e2f4033498d58581c95d4f43bc2a5c52f1ac314b2dbcd5eb0170233011d5d526cae04a0317ed29208af

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\xulstore.json

MD5 58e240288763218d12bf235d34e5aee2
SHA1 89135494b57f590011c09668dec3b90d2c5ee9ae
SHA256 615f80e71dfde24711e7fefc1b7959f7592c5e5cf9ad0f3aecb4235b93187176
SHA512 caed2638902987aead199e73cffb90881bf245bbb616cb38c46b281d4aaaa54dc20a54e9bfe17a8d6e68847394c113fb7606e94b64f44ab0b52bf7846f26e936

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\startupCache\urlCache.bin

MD5 fa7717c30226b22964a956170efd4ce4
SHA1 eccdc9c53757cb3b6fec814605250d59aef8174e
SHA256 1770f6f02d6382d8949c68bf6ed7ae2a6d772dc9fe590b65db5b05ba8e3bd5eb
SHA512 76010ce78a31ec0f534af5ab0d0d311517ec46d0cf27a89866813bc46a19d33cd29fcb7474e03882db05490719a63dd0c3602b3d4387a13ee869c7b3c12ebcdc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\permissions.sqlite

MD5 7826e29d8a520be121c61525f31563c1
SHA1 1d82c4d5c2e3fe10e71187f231878cc851fdbf6a
SHA256 8f6ece8f6c89793194dffba01173bde701f993104a4ab0a521afc92a63172842
SHA512 fc7c238b5d9eaee7e31e1cf2f7cdf6ebb350a683f2d6b8b1ba84fb7f793ab26529fe9c58f62105aa2c85d68c7d4a44fe396e08670b7187d3a3a67f14cd8c1034

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json

MD5 6b77a9f779399e95d1cee931a2c8f8ff
SHA1 826efd4feb0d50fcce5696111af7c811b81adcd9
SHA256 3a0285c8233ef0324b269f7291094e19fd9b77259f9419861ad796f7e9c979f3
SHA512 ef537c75fab8e86483ac03cc0d2feaf41575e35f54b95669a26bf6dfbf58021dc9a5bbe54d9537b55da3fbb0e0262adf6c5efd4394faaec81a31604533afec4f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cookies.sqlite

MD5 8d1ae19c58e1ad1e11e0bb3b4b8e22d7
SHA1 f3d4780a1bd1efe7aa471d7a14bd70e88dfeca83
SHA256 2dac47ee078d9fff5748a9df66609b4c17e5718da45123d4636c416e16223b3a
SHA512 80741bdd23ffc2425220fe274e502ffbc55412b555762a48717ba170e0da05135b596de286812a6c06e1e0c1a53d221634d0507d6b8d57ed7a71d5b25ef675a8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage.sqlite

MD5 4767b15e5a76dc43c2a8afd267208363
SHA1 29c01978de97b269a5b22cbf063f4340548b596f
SHA256 b5f14babf9ba38cc84fd5fad292d8e2c72095a4bdfaf2428a87469fb5e7a5e68
SHA512 8ee525e2ad1611df8da7be3fae3e98a928e2c425e7275ebab07d715d30a045bdc32588cbd06b27db98880d5135beaa57f199e9053ce33b5215ee9584f4990cb4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cert9.db

MD5 11b4208aa83f5df1ea8a254134645073
SHA1 c15fd68ff18dcf682de397d9b9749cb47c488f0a
SHA256 2aa45ebe80a6b8aa3404690115f9e3b70d7c03783deaedad0c68f8cbfc9c24e3
SHA512 863f3783c9c16ed76dbd087296dc27f723e1a531275e010b254525d0a1df081929ac0eee67e53206eab1e73ebbdbf52a65b5b9eb8daae60f817f9e3bb3be344b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\SiteSecurityServiceState.txt

MD5 c77f4d4ad0583f65b8a8e078512a0517
SHA1 e559050ea048af3147145615ae2c2077933ad818
SHA256 86558701ff5512a5888a8796f5982b1dc4c8027f2acdd3d38a83342e963ad5aa
SHA512 41ed4875ed1947ae25bf61ff0573e68459e7bae8b5d0ec8403c3e0d4d1da9fd2089142dfa51da9c76707095965a64ab28fdc3a01b20b9d27039c925a37095ea8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

MD5 8e988923ebb3db2c9cfc2c98ea15fab2
SHA1 edd3c679c20f6fb8a5cdb0fdf5ce74d54011175e
SHA256 e2dbe68b61578a646ffed60b55d40ffbd39df596abeee11e837d0fa510b5a872
SHA512 64d3c1205b0adbe1aa5a7b2557e366fd724edf597feda2228cdc00adc029a16620acbeb7821e36bf646bb4f98f2c414f1ef0b26abd39a0365c288fa8bd4753c6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\favicons.sqlite

MD5 f95ab5db7869c518a36bf4635cfe4c31
SHA1 7a33f1f9fab391fdeb589335559378f4ff3a400a
SHA256 451b5091f10c46a872ac0d91580914a4b24d9bd31c45093fb48624c3e2397c5d
SHA512 f51bb380806ab6cda0f20c3abdd11b0ce51587dab2f2481f96a2be5789530a8a63dfabac6f022469d9407d5802610030e97ab991cbedffc0ce8572b8d98de554

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\places.sqlite

MD5 350e44c2261790e188b5f125b3edd642
SHA1 5554c06202d98bac4edc0fa14fed602cdfde2e4a
SHA256 9a2f067e67f69a32f5dc78f12455139f7fcb14733a79f2b0f221995277285b15
SHA512 41b4b0affc6ec6a5e16fe1ba2ca8eb87c7ef9d6ad27ee143733a31eb41abcaf10a185593314b56d82ac4b3c0be4dcb70d2d793a47e8b4e9ff24452d646fb3582

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

MD5 dd709f5720efabd598b4b1d7ba311904
SHA1 e661a7b58b5ccd10ada22736325223f8dc5ad9ee
SHA256 226aa41fcc7d06d7d885e254a7e81a06716462832598c78f34d7c1f6a4d510ec
SHA512 d127eff93a34fa6662952c9627d041bdd2bceae7f97cad047de234f60165305db752dbccc2f0439a79527fab7d4cf4bb47ca76395cd888877f206ae460f849d7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\protections.sqlite

MD5 deeced8825e857ead7ba3784966be7be
SHA1 e72a09807d97d0aeb8baedd537f2489306e25490
SHA256 b9f022442a1506e592bf51284091a8a7fe17580b165d07e70c06fd6827343a54
SHA512 01d303232d6481af322137b44fef6c2a584f0643c48bab2836f9fe3193207015da7f7514fe338500ae4469651e3d9618293858ae507e722198a249257677099e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\b70081d0-287c-4010-8398-40262f4013f9

MD5 9abfc2518922978ee7eedcde9f8d52df
SHA1 2c1c0844dd1c4f6e9cae1a369422f674c9f2575f
SHA256 f21798fef40e42602eb8b233a8745eb3e9f1ec8e01303aeb8850614020a865eb
SHA512 d1e7b4790328343fb597bcb59872d989b6af423642cfced68cd731c51fac559544ad3e397adfcb0ae36df67a7bc760861d2d9048d321a378790b45c81eb3d906

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\b0f6d4da-19f6-4a6f-b106-a7131c10221c

MD5 59e26aefeaa3c7b2353cc9e4e1416b44
SHA1 a916bda0ef4cf8f73a519fe92a152f7083daab8e
SHA256 cda874e2645e25fb1ca2a1c29ec71af2e68e6b7018306f24ccbc4b28f0ea0b9d
SHA512 82e3cd1220a82805b84444af75de5298fa5a3c61d0e5dae0c29c35c9dd3ce39f9e441bbac1990587d9011e9ca86fecff36e7cdbb4d0738eeb869bd8ea70b6065

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin

MD5 8370c3b787a16995ff59599a25cf02fc
SHA1 2edb07ed9aa7e5b6371ae9b8bf0066102f4fe101
SHA256 0c9a80fcf80e9fdfe1963124ca9b91a082db440163a0adb6dad493e87a1509fa
SHA512 4c62b62452b4ecb17a44eabb3d843e17db3ed792ce232fd83687b6cfb7848bdd4f0a1b1dca98f1ac4f1821735e8aedca54da4e7252235c3d455e31f34ec581dc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\events\events

MD5 5cdf736f6dfb49030fc574ea0d25311a
SHA1 1c56d28f475e074ee318e0e803912eb5e45fa99d
SHA256 8f701f50f0a6ec65a98b090fea77595dda2d2bfae813bedb7b2b2714a8deb5e8
SHA512 244d39576db956fd13d8fc86da7821cf474a1c69165aaba53c17853567af7362621269d2f02f9f83cc2c514055832187c7c6d948052c6448ddd6f17e42f31391

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\AlternateServices.txt

MD5 655b2979d389ba5d6396d738ed8e5dbb
SHA1 b90d1c7421ef988770d3688c12f68e651fc46744
SHA256 1e739c4b52664620a2d97dd4c09f136d7428fa7260a6e0095476402aed9b70ec
SHA512 3a200ecb505d427a93b9599ea980fbef9a79da31bc9a9d9f49a65c1400e60e3665ce96f4681f66c1ae3b34f248fba61059ed124cb8101059ea9e849dcb2849a9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++www.file.io\ls\data.sqlite

MD5 9b1d44fe991cf367e5e0611ce06dd6b4
SHA1 4c835079bef323be933c825e0dd6b466565e8c8d
SHA256 de863fb8c79f747e17c97b6dc3e508fcd7699ac37c3939cc3fde0a48119afea9
SHA512 94959cc89ebbeb530afdf596d156d97709e15fe149bf3bff05504d9f5aedc67ee6d5c0a44c4d277a9ca4cbbfbf1af1dcde122c0f1f163599cb7b7d8ccf0d8747

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\8961C489242227FFE6E7252AE3750BB27DD306D5

MD5 a531b6fe09c1bb1bc10a0fd4334b552a
SHA1 78b4b8b420eb3545e2a88e55376317ad99adccea
SHA256 11003231bec81eed71deb0c5e865a97c7a3f1d2fa6a73eccae65dbb2c58d9970
SHA512 1a991ae743ae3b7800884ecb28d537f2718c7f4919a0b929b5b14e212269440e82389bf8e53ca5141dbf6e506511875562cf1b42152bb26ed450f7b3b9147808

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\203E51E4C8F6E6743E539EDB830E9B28EFDE300F

MD5 2044863b5440096a22ea5008473ef0b9
SHA1 678b1dac6dcbc6ad8249901eb7ab3ac9c9b59795
SHA256 212703fc9ac17d0bf1d8b29150f8f4b1c604e7809869cca95b49108d32da0f16
SHA512 8a41108b82c97a5e0f03ca3976f22907cfd05ae524deaa49579a3e5bdacada349d264944ac5155c42cbf7d3ed6d2c381a0ea9fd6a2100c4dea53c328023397fd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\98C89EFCFD3AB165388111BF33CC172E634FB373

MD5 523fcc421ebef785da9ab28998f0abda
SHA1 6ab5e3833dba8968b76a45eb39b56d2be7de8af9
SHA256 3d4d205169d4180352d22e91f28f11db4aaf8e1b485eae9eb9808bd7cfc7cd20
SHA512 13e021fafa0a14c35a5df094dcac9bfa90aec25bdae5bb8dc51399919b18a1caac2ccd99e10e457be7fbf0d261ee181faa7e05be4f75f8da6346c6968e16da3a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\8EEA6EECA7E75135F48E7ECFAC4B3E168D79BD19

MD5 ceb07138fe523490f90ac43914cc5203
SHA1 bbd079b0eaa2ebe00e9e7a9fb0e78b7b9eab9bd4
SHA256 6e44ef2dc958351bc9484d811ac22962b243551c5446a36c5831714218d40106
SHA512 870e202cbef638bbb2236eee2df6fe3719ab74f4f2baf43a46147732c42517a27c5f3d379ec6f30edde6ad9dc5063236939e4184fee8c104d4e067f131c03fcf

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\B1530B5EED3D9C00CB0C96ECC1DA093F49E2ABDE

MD5 5d22bb378517beae8dfcfd4802dfd436
SHA1 9456f3e93c80c583ff66e7d2943bcec69bdb9c3b
SHA256 9ecd8ba062c3c8980c454060d6b14c6b882917e18701a838dc9ad039fa35f994
SHA512 0c5dde35386ae04b837d8dfb34df2a4abfaf31e44686a8ea62e096c488b9d06184512dc63a58f53d0e7edc76a08d5d110623083c6eab2b955e49710825acc392

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\815E65C28943BFF2C1FD1D7F43F881FED091C3AD

MD5 4b476572456acbcfb04e8025a52a291c
SHA1 d191218a99184042b27e9ecf9a8d7b9b4c80439e
SHA256 d62ae5100f4b7cc3546cc8f5beba93053ce3962d682bbf2cb283fc25b1bd3f7b
SHA512 89a6caea4f9ca6e0a15c87b88141dd0c50f325ea92bdddc886f8f59096d0b0b2e75e51427bbc1af805e35d7db7169ec0343cd33242375de9c6c279eee7e2b928

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\7A34D85F7E89B903C3262B4668A550CCDC08B849

MD5 64394a4bf9916b1e1d796b5a0ecfc806
SHA1 5f0fabcca4ef04a21f8e4ee1e97a6e8e8fc335f2
SHA256 51699b82556540c2288c0aa10362b949a8358f8d18212b5ef49f2bd98413102f
SHA512 106707c698aa43c7f0ec7a52c8566e9045ed5d813b04e897128114b0bd6ca4eb92aedde02acb16201a0e0c673e14d398b60bdb668c82c070942627c72558d9cb

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\59EAF39948A99C5AA172D9B2CDE965B857E5B808

MD5 bb9fb848a3b6c48fd22e406d47a39bb5
SHA1 0029a1fd088cb2eba1621f87b45b0afbe87e67c7
SHA256 f8290405dfa228034e3cc6d6dbf83f472cbf0b82a88522702d2bbc230b2a6ad1
SHA512 da6e216105e2b85cc8eef75e364864ff5f91db88625b2c0a12006559b587c2e0fc763258191f350cca061b6ca14bf4c83b7b7edd08cc86f2ff4272cee949343f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\59FDE416056C8788CCCFDCC4C4CFD46B2487BA9D

MD5 5676b60ae2c933bc6a67542a9fa987d0
SHA1 75ee329113d542e60b72e62954cfafecec043092
SHA256 6380e4ce64df128fd46f4ccc170ab6062392fe8673e49fa3acda2655e45cd10e
SHA512 2a285d3d9fb7c9e750fb72b67978ef33c626583d13adc49684637f6ace9485842e8aab0df346804a9c368d3ffd4e936da816b374bd51d40e5e5c2720f3d23f94

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\50EB07D119529411D8B66499B46611FDCD0B2629

MD5 dd6861eeced0d583e6ce974823ad5ff8
SHA1 6b3bdec1a39bb85db88c2887b33b918ffea903b1
SHA256 09b70f1b57a3babe028dc5132e523e3cb55c6e0db436d339fa0d6c7d18636676
SHA512 6bc55eee32f16b5e1de5c1a4bccb3a5d87ad9e8cbf8da174e3386441c6c281b7656cab632fe20cdb3c493afb775319ca732f9ca8d90f0104a8561af3ad717d0e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\D01087F158ECEE7DAE51C65C57181DCBADA87D2A

MD5 2a87eedb33fa9fd2e1683ca78d258664
SHA1 f5a31a7a236c4c81fc3604786f2c6a16a6ec984c
SHA256 f8029f0edf45bdc3724c5815f8eb6f6490119c6700381001976219974e810312
SHA512 3ba05e483de99b2e2cc7dfd8507529faf82197b2e4f927f5fb191aff341268b5ec3b0796b063ef3c91d4c605706a0559d47ec4e5864fae343e07e6397e4a692b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\DD2402DB59C865DB35AFEF782F131345F8E077F5

MD5 42711594c57b59e4fb643ea78c89729a
SHA1 dededade8f45427c415c060d7e2553a0308ea447
SHA256 29bbf674951cbb911ccbe2db83d607a3dfddbe1b8ac736081aa3771fce1ccc4f
SHA512 0e23dc165a2303c761c10c3ebd873d7d07c90e02c6475cacf090d9af8546706e6d8bf426ab8e77195931d473af81a8aa38766a12a5bd9acb644aa0049ab525a1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\5622E9C33463F2DA653B3683407AEBF64BC2B1F6

MD5 c56f3545d3ab05520ee53e82b239dfe9
SHA1 d1bd592636b87f8de09d7edffa72104d15f961a3
SHA256 b81a3be7ee4524071e11107e9c9421d74ce14cbb5b57492497b2c5cec1c6895e
SHA512 bf896351c7bbf7b10f234e2a2956fda0d1a95861130676cf22a93a3f143ea33284aaec8a21006938f3493f98ce29ce3d16de38f7ef9967a0c813d23ce7774598

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\EABE8241ED5825E54B80240507EE5C448D319980

MD5 812a34dae4287fa39542e899bbf9730f
SHA1 d30f662ff1b738925bad054c2147a9ee3fa78c4f
SHA256 f5c1af0b46491e9f7d5de9789d613281a2f572390de1703f3f59fa1da8375c66
SHA512 fdc75962e600dffdb8b76235311dd26a777df6055c1ee95758428c4ef380f944fa867d1feda2b73ddb62fc35c8b0d91eb9b15d264b039da35f22f2a4c9a59c88

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\405555F802F809D47E002C70DA850F1FA0AF5229

MD5 9e823116f0fa541fce1eb47eb9ff778c
SHA1 14e460cf9ad7ab9c64298bd9c8296a31b03efde8
SHA256 c8408c1f6754f6bf4cfbb29355628d264dcdf3b1524b6dfac1b730aabdaaf918
SHA512 8c0e3b86a2683a3a6b2ee404c70fda2cef7e540bf87a5a7b3b7c90eb4b43454762d463b2079fc8e651360d1cce0fd6f2215edd82d5dbd171db16bc2e58583dfd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\142E5FD498B07F9CB27BEFAAAE433F8F4A16655A

MD5 806071ce6fd3a827dc850ed16fd02e57
SHA1 fb74c4322de50a85308f7c9b091b6ddabbb33d9f
SHA256 5011e928adaa80a08c5026a35703f6576c59f1899d9bc2d7b1a26fe426692bbd
SHA512 22231536effdac59e91c7921a8e01d8ca5ab095053c4da9ad9459474d2d5928e8ffe42607018ff579286a72d18a927310dc978f1ecaea11f9996dfb4ad9910ba

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\A30B2D91B0648A01C0E6F24AD2BA315C0CBDAD4B

MD5 9476ad74d1a2d8e05175327fc925b8e9
SHA1 2eb5e09541594035dc34c782d489798844933ca0
SHA256 52771c918720c90f1a3ed97390c946de5eeca6146842c50839ff629326075346
SHA512 6983d8ba1b50061d6857ba122a704d1fac12055abc18e24fd61969d2a553a627a2d6e8bfbb3cfa786443f7f34c03597bef8714c11f3c6b6fc155de72a4e7e5f6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\AA08766118A0CE10FA26C52E15B47A704F25E26B

MD5 2a794cabaadc0195b6e3f09492bb527b
SHA1 b006ba03f3b4854404d8832d44572a265b6d8b00
SHA256 c9dd3f06e4e3afc11046f26aaa7d2d466682e3b82ad8ff520a656901237772b5
SHA512 1812ba76a08dd3befdb4a5659f7e8b7a1d73de36323e5e011f32cee3803673165868a7592f0a1b2d0049317234dece25798fff5f799709e56806560caf600074

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\16C366F2DF913B073C5CE892DF938A3BDE790D22

MD5 79113db19955d3494c0c8a96c536ce4a
SHA1 2ded33dc3d6be0a5b01102820488f596b90512fa
SHA256 24ef3d5b3e6a003a4e9af2503241d79eddc7576b2200c29ce603fbe635e82122
SHA512 6228e682a9af29a078c55c1881b827653a9f7c2645156ed9ffdca6f478fdde3bb1201fa4b87532234b0dbb0bcb4e3287802b37fa9ef9cf333b62561010c79a7d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\A0031F16DEE7C74394C65A0DABA19BBC0D2DDCA8

MD5 6ab7cc421b5b2e23a379d9497113c8c3
SHA1 9b694724dac73cb64582073a4735fb866d58f27b
SHA256 f42dd14c89be6a0f57b06a2bea3df860dbe63249d173687da4528b058d3533ab
SHA512 d4177ed5063bd71c2d5fb9f57bff2cbffaff11abc552ad9ea3763dfd9aaa578755f6735cc1a3872a65cf72d4069f4b31128a51795a63674c7429ce859b8a531e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\4E7D9DFEA0F9A7F84352BD9B79A1DAD0F64B0675

MD5 f90d4bd8ea5545577c89e9eee8231c35
SHA1 6f6321c516a923b9471a2d1ce98a03d54aa35083
SHA256 d076020c8d9944fa04f9879180167a47ac29ffb5d9e2f2bd57a079e7d32debab
SHA512 8bad45ea92aa7c2540dbd343205b2f98ac208202551b9787047e766b465a26947c7b83796c23311cf5f1c624200fee0f5f8023ea650d790dd2898b46c3596db4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\DA42CAE2699D0E5E9C2D7BDF1C2F3A2844D2239B

MD5 99482206d56209c76bafa26d852179c4
SHA1 846dd5ecc607d9ed81bad184d8d4a199c834e5f1
SHA256 2e58abf63893ae3dbec6142cd50966d3265dd6e12b68b81a0888063149d04099
SHA512 50a6cb915e10f411b8f7a39d35352d36a4c4eb46560ef1df3ec83e89dec094bb9270d8663a07a3c7e797837a9bdeb1e221ad8ec97ebb9d0f72c03628e2a88070

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\9F962D722190FDA8A36715753C5D31D436634DEC

MD5 13e17421e87c68a78c828cc11d576013
SHA1 be95e38f696ee550b1565b9325005415f6f92d56
SHA256 f58b28f53715ba568db9950a82dabc5cdbcb24df3e010846ff46d189d9c8ad6c
SHA512 b4e5b3e137a7f2b15bd2a513b1170ddb6e0840bf13e4c01ccab96649783ccc2ed447f522b2c0d7e5175f99706a57cf45a05fa51d280b9e58f907858754bb9f9e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\1340ABD49C932ACE08A495ABA1DCF23C8D5FEB10

MD5 0e414048daaa1e5d415fa4fc9842f926
SHA1 b6d1dd5f47cabd281e1def35fb0a732fac1b050a
SHA256 11a8c1787cbab297f872c1e1696ca2afd869271b802a34f4576875776e21a3f8
SHA512 3e10e7ec0cd35a825af2bf89bb0bb2ca65bd0faca101208846ec912cce1495a31097c4a9fc3004d565796aea7dce41bfbd3e1497ae6b537bfe512337bfb4a6ed

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\ECF8701745B454A6C23113C42B7D54D0B2AFE24C

MD5 b64f6972932a6f38606cc968815671c1
SHA1 2e8b173c94db32f0b49bd1e1c6068881c3a807ff
SHA256 df8d3352addfe5b061104887099d5b87c2ff3b26d6edf66cfce8929292d8b419
SHA512 fe40fd32dd615593ef72dbccfcfadd555231c8dd42b00fb6bd06bc2312856e802e6a6b2d3f3ebc1aaa3b236624b89b2e9c161823d19febe54ea1ce2608735100

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\12E5947B4266F902244FCFDC92FD330542CCC476

MD5 872fa692258427008d4e5b65487dc0a8
SHA1 324874b6e4c490283d18967b9069ca750142ef38
SHA256 ecffce30dcdf2e1da73f909528c20834daa1a618c556acb5dbc946ef974554fb
SHA512 ba937be24b1153d950ff373b10c8b950c6170976b06f90e37b86c5ebf8a363acb5b6356efdb02c04f6355c04dc6d13f5989b8bbc55a01cd05eead132818f6caa

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 6f1d0e065693467aaf4d67ce9ea52390
SHA1 48829a9b1bff1047ab72199813772004c5564205
SHA256 9caf64561f02d19e99df24fbc7edb32ed4d0dfb8f563e78ba3a962aa7b67a263
SHA512 b263f20da46ebe89e4e2df0fc68ff5d0e362f22790a22fd3334ab5844daa8b4f98479e2d527b22f160a9bdcdecb9dd825d2bce78cf9df8b9f7f0a971018da118

C:\Users\Admin\Downloads\H-WORMExtendedFullSetup.-YAb_CXs.rar.part

MD5 86c9cfe1047ecda9f19dca5fdeadc8ac
SHA1 2060d4c656074e90c5468c6701c10040d2b6a991
SHA256 3b1df05253adf0b2f93ed7eca29c8afa004e6a2be1b8334b1a80b9eae8b069c9
SHA512 f2c29727c851d78bc19b200d036393a3308b4bfca1dc429c107affa6ed38e4164d6d8da57cc006b2ec3008c10f8a46c3a4de21739d556e5290a862be4cf087b6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js

MD5 c7867ae4fcc1885d46c8d9a75d7be5dd
SHA1 f3d2bd6ea5df7d1027e74b6955aa1215da942916
SHA256 5add39b2ae9f3cba3a6f1ffd31848d4629c864ae8f32e53d7a87fead038d3758
SHA512 14aaafed5c5b1cb494eede35caee6278a0d1eb7dbf3b87300a0e47e197d0c9340c827182db5c8eeb94c13a0f1be8da2b3d30f71b078189bbdf88cdba305f25e1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore.jsonlz4

MD5 391c4300a6d75a5843c6779f43ee6078
SHA1 af1a65c595890d23e9c67bc9fcf57571dc5c9669
SHA256 f2bc563a63df1e2041f5d44edab52567cd9f7bfc43ffea5f0ed6a402fc9a0d66
SHA512 6c79880715215cc2ca192076bbc7d39506cee1f3dabbf402e17aa3d84e70bd497ab00e3e1d68ebfa33935758903425e0fa2475241211113bf724e90f0d1e96d9

memory/5828-828-0x0000000000400000-0x00000000006B8000-memory.dmp

memory/5828-829-0x0000000000400000-0x00000000006B8000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\58cd31bd-66df-43ad-a223-2b5149e7a7c2

MD5 6492a6a49f57fd21a98de5e1e11f0e04
SHA1 e7acb46f5ee3136cb5680df2dc51e2b276ad6259
SHA256 7a0a57983219e8841d0b6a469ad117551c4f7da0b8cb94c754ba68e08378309c
SHA512 d1331f0254c8ca22cc61759157444fc7d11da59953edd92a47414079049ce98d8d265c9aa790110e45ebd57380ea35528484503e7af60fda8978c7c6b6e5664b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\8e9e865b-540c-41f5-a2f2-a807dd63a1a9

MD5 f1f184208fb0c0195b76e0724503fb98
SHA1 364cc0981fd4ce19bf1479b74aa9ae1266a776bb
SHA256 dfedec2cb145bd9adc864b93033ab4a601c86bc1262c44825696f5b8d68eb49b
SHA512 3642a20dcaffbda4bf0f4fbfe2c3dbd3285c6ee71b8a85bf5baea8956035228d2c068742878e2dbac8be869d0e42e3b534e1da58862c0341e7926f0f4a9b76c6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin

MD5 51c74cd12d9228b19bc4c501dafec42c
SHA1 2b757aee29fc6efc9073c839bce123577a4c6a07
SHA256 ec50b4d1b8c558fe8d703f6cd6e0ed38535994ffe8b6e408c7d2452c6b5d3897
SHA512 4b6d452c391db567dbee5b225e0455895aa38184c021a299975a718a987a54f73b5632e6563b60e9e5ea06784e0ccc1638b483f7925bdcd54a490597bcba7034

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\thumbnails\88ea52cfc6efcfccfda37222221f55c8.png

MD5 52b558ab302976200c679e816790e30d
SHA1 4158be18925dfa111b5ec6cd3b1e7cf04722a0c4
SHA256 058006b42f047bbd719a3a44e100de4774f022fd1ebb75a92726885a0f2ef322
SHA512 2ba0d89b7413fc3e98285a9ef207fb2c9f4ce86bc6438797e2808dc28a8fd7aedc4b579acbb411f667a06e96ec6bb91efd1c405d682cd5b6dd850028636c3d4d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 e3cea864cb9575c2ee6b5caa11025dc9
SHA1 d76936d3629ab6fc838d7c54a7b3ef842ad2955f
SHA256 49ebe80ea44bc6198aa9a730da25399912314cf87f349bbe47986d189fb4410f
SHA512 53d84029e5c9eb2924f97765d9478b50414e80710854854aa3622c8f050d200c5d06108a2ee68890970d38c9bb2813fe307b5f0c7de003f1418be7964988380d

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

MD5 ab604bdb8e62b30a2649881c022bb101
SHA1 18b201f9c5b64597e5d2a42bc90f48d70a587851
SHA256 45b594e1b4b73238c3bd8caae08c811cb21e8eb5a8714f2a9afa0c7b3d63bacc
SHA512 8199a5b6709d5f6b70565a200a8a80e48471143316ccee3411246235112dbc53dff7f1873f2a6c91db95a28eb80982f19d4d405f09895b898c6aa980a9c9ab50

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 7b9e869e17388e8ab0d9aaefa2639c8a
SHA1 9129a50e3cf1bff85df6c44a3d6ae228e598ee7b
SHA256 d65d379997bcb6670d1687dea75bef40601c3954e04d5d22a3b603f400384cb9
SHA512 e6f6c09367516b5532a4c57fb940612afe1768bb70991eb11714acc12e122522c09ed844bb2446ff7fd86df179d9dc2dd860ce52a0b7ffa4772ffdae84a92668

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\C342E1BB4D4C93E8F2CD02E59DBF05D47C859D1F

MD5 6d28ed89394ea583f76e879c375b5b5e
SHA1 750d22d53226849ca67d18f0767f1a64dbb4850e
SHA256 59c3895eeab02374e79e7e1443dd5351071a41f2f0c691996234e81d98b5da15
SHA512 ac1eaffc9927f461dd8aab9ad507d5ad7017507cde5e817d90c34c99f16c9c43da9ad687cd8452eb9420367b16854f768bebd8eda28ede6386e922370bc7ed6b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\5F16F031DD611A6B287528CCF66165E10336883A

MD5 e89069cb05b9a0a2b6c7b89a98efb832
SHA1 f386d38c7ec5a5cf79a0cb99f5280cea395ba48a
SHA256 ae0351cd61276feb44429c79c88aecbe0157e5a25d80d1b733b71c6d33e95610
SHA512 d6068b75efa14d85bf0257e71c8d960adb6e61324ce5017277be26dd23832365ecf487ad93a553dabaaadea535b4276974b18b979c7b9533b5a634ceb7c7a2ef

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\59EAF39948A99C5AA172D9B2CDE965B857E5B808

MD5 b1a57856577311d56bba9f0bd818f722
SHA1 23aee226427d1d41fe622bccde82fd54a1ace7f4
SHA256 d9adb0d770eba1212e37b7ea232e6f6927e9b48edc67fbb149219f6abddad9be
SHA512 380981f9b5c611add69e0a88d0d606a20e6fe04b3936028aaf7cf81d0b989ab0477fdeb3770d2ee07a400dd1e43c91fe61d033e04f744346c41dab4b2ae5487b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\24279

MD5 5a0588768e4ee7635d78b167f9837f9a
SHA1 fbf060318865078f4a0cbdbd703a4e84b152821c
SHA256 210105687e10fda68fe4ac90b87fe337d0b66632781e0151e2fe4666e4f56640
SHA512 02fb4fb124b66c53d6cfee7d48b9944b7177fe8c3284a1be9d966df7a87129e432668a23a8c2726462a03b659043f8de5e6274c31ec8b3a4abdf87b7e7f4b278

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 8662f928a6e58e9d77503626a6d51009
SHA1 f1637349895fa91b61b2bdad97befed1ccc99833
SHA256 2db94d10d7233e59a2ba0fb51602394bf72a55246cb9ce746e7333841b4fa7c8
SHA512 c82582c77d0623d1e854fb9aae483ede7a259af0a658e00ca85bdabf9237e23b778dba13782c37e019c7ea848c3e11705929fd0e5afab4f2ea8015f9d43dbc42

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\01B9F3AF1783FC1F5B7220762AA3C9E5D8B98E76

MD5 7adc8e88f2a752d81e1b1309583c7bab
SHA1 ccbdc495bb3339fb18641625a207c6dd95173536
SHA256 920106d8e164c8989e29f90fb30564c685c105e839bc80f42f3ca86588a833d3
SHA512 a09046b7f0bd92e203593bd24437aca1e2fa248fd692631bc076aa30d17a9d7e35a805950f2b9e7feb40440a34bc4e0bb3862cdb843541931b52da5c5b6cc738

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 dda669d28efd8dc0d267257fbdde9406
SHA1 3e948eea4be432d5a32f6c04e5c5c70bf440dab9
SHA256 939da6a8492b4d547fcf498a752aed860a3820884954167d54e284b3c9f6cf19
SHA512 b6226566100167faf5ae80352afa9605d4093e2f3275f40e6980642037a1056ce2877833639059024aa2e9eb30cdca167ed108d3beadd1ece9465ae65b20ad85

C:\Users\Admin\Downloads\888RATv1.exe

MD5 554cd80e1b5fc6c7d296b23e4b400664
SHA1 550d2da6068683ae545c3ca8910ec37671764fad
SHA256 1b6148c640e0d63bfd74b9df003b3214dacf2aa678a7fce1075c25cf033e0e5c
SHA512 7b3dd3ea1e85dbc66d299ff31891127a5fe8995ac7cc0741896a0593c439677f3734f0b5f925353fe5b1773f24344b1f8c274d4c7eab158566444fd110a4714c

C:\Users\Admin\AppData\Local\Temp\autBC29.tmp

MD5 29e1d5770184bf45139084bced50d306
SHA1 76c953cd86b013c3113f8495b656bd721be55e76
SHA256 794987c4069286f797631f936c73b925c663c42d552aeca821106dfc7c7ba307
SHA512 7cb3d0788978b6dc5a78f65349366dac3e91b1557efa4f385984bef4940b3ea859f75cfe42c71f6fe445555138f44305531de6a89c5beff4bf9d42001b4348e8

memory/6480-1365-0x0000000007F60000-0x000000000801B000-memory.dmp

memory/6480-1367-0x0000000007F60000-0x000000000801B000-memory.dmp

memory/6480-1374-0x0000000074920000-0x0000000074997000-memory.dmp

memory/6480-1376-0x0000000074920000-0x0000000074997000-memory.dmp

memory/6480-1380-0x0000000076BA0000-0x0000000076BC5000-memory.dmp

memory/6480-1379-0x0000000074920000-0x0000000074997000-memory.dmp

memory/6480-1382-0x0000000076BA0000-0x0000000076BC5000-memory.dmp

memory/6480-1375-0x0000000000FB0000-0x0000000003620000-memory.dmp

memory/6480-1378-0x0000000000FB0000-0x0000000003620000-memory.dmp

memory/6480-1387-0x0000000074220000-0x000000007442E000-memory.dmp

memory/6480-1385-0x0000000075430000-0x0000000076778000-memory.dmp

memory/6480-1389-0x00000000770A0000-0x00000000771F9000-memory.dmp

memory/6480-1394-0x0000000074220000-0x000000007442E000-memory.dmp

memory/6480-1392-0x0000000075430000-0x0000000076778000-memory.dmp

memory/6480-1398-0x00000000746C0000-0x00000000747AF000-memory.dmp

memory/6480-1406-0x0000000076BA0000-0x0000000076BC5000-memory.dmp

memory/6480-1403-0x0000000075430000-0x0000000076778000-memory.dmp

memory/6480-1407-0x0000000075210000-0x0000000075356000-memory.dmp

memory/6480-1409-0x00000000746C0000-0x00000000747AF000-memory.dmp

memory/6480-1399-0x0000000075430000-0x0000000076778000-memory.dmp

memory/6480-1413-0x0000000075210000-0x0000000075356000-memory.dmp

memory/6480-1408-0x0000000000FB0000-0x0000000003620000-memory.dmp

memory/6480-1418-0x0000000075430000-0x0000000076778000-memory.dmp

memory/6480-1423-0x0000000073DF0000-0x0000000073E13000-memory.dmp

memory/6480-1428-0x0000000074220000-0x000000007442E000-memory.dmp

memory/6480-1433-0x0000000074220000-0x000000007442E000-memory.dmp

memory/6480-1432-0x0000000074220000-0x000000007442E000-memory.dmp

memory/6480-1429-0x0000000075430000-0x0000000076778000-memory.dmp

memory/6480-1430-0x0000000074220000-0x000000007442E000-memory.dmp

memory/6480-1427-0x0000000075430000-0x0000000076778000-memory.dmp

memory/6480-1422-0x0000000075210000-0x0000000075356000-memory.dmp

memory/6480-1424-0x0000000000FB0000-0x0000000003620000-memory.dmp

memory/6480-1426-0x0000000074220000-0x000000007442E000-memory.dmp

memory/6480-1425-0x0000000075430000-0x0000000076778000-memory.dmp

memory/6480-1421-0x0000000073E70000-0x0000000073EE8000-memory.dmp

memory/6480-1420-0x0000000074220000-0x000000007442E000-memory.dmp

memory/6480-1419-0x00000000750E0000-0x00000000751D1000-memory.dmp

memory/6480-1410-0x0000000075430000-0x0000000076778000-memory.dmp

memory/6480-1417-0x0000000076C60000-0x0000000076CA5000-memory.dmp

memory/6480-1416-0x00000000746C0000-0x00000000747AF000-memory.dmp

memory/6480-1415-0x00000000770A0000-0x00000000771F9000-memory.dmp

memory/6480-1412-0x0000000073E70000-0x0000000073EE8000-memory.dmp

memory/6480-1411-0x0000000074220000-0x000000007442E000-memory.dmp

memory/6480-1397-0x0000000000FB0000-0x0000000003620000-memory.dmp

memory/6480-1405-0x0000000073E70000-0x0000000073EE8000-memory.dmp

memory/6480-1404-0x0000000074220000-0x000000007442E000-memory.dmp

memory/6480-1402-0x00000000746C0000-0x00000000747AF000-memory.dmp

memory/6480-1401-0x0000000073E70000-0x0000000073EE8000-memory.dmp

memory/6480-1400-0x0000000074220000-0x000000007442E000-memory.dmp

memory/6480-1388-0x0000000000FB0000-0x0000000003620000-memory.dmp

memory/6480-1396-0x0000000075210000-0x0000000075356000-memory.dmp

memory/6480-1395-0x0000000073E70000-0x0000000073EE8000-memory.dmp

memory/6480-1393-0x00000000750E0000-0x00000000751D1000-memory.dmp

memory/6480-1381-0x0000000000FB0000-0x0000000003620000-memory.dmp

memory/6480-1391-0x0000000076C60000-0x0000000076CA5000-memory.dmp

memory/6480-1414-0x0000000000FB0000-0x0000000003620000-memory.dmp

memory/6480-1390-0x00000000746C0000-0x00000000747AF000-memory.dmp

memory/6480-1386-0x00000000750E0000-0x00000000751D1000-memory.dmp

memory/6480-1383-0x00000000746C0000-0x00000000747AF000-memory.dmp

memory/6480-1372-0x0000000000FB0000-0x0000000003620000-memory.dmp

memory/6480-1370-0x0000000000FB0000-0x0000000003620000-memory.dmp

memory/6480-1377-0x0000000076BA0000-0x0000000076BC5000-memory.dmp

memory/6480-1373-0x0000000074920000-0x0000000074997000-memory.dmp

memory/6480-1371-0x0000000074920000-0x0000000074997000-memory.dmp

memory/6480-1471-0x0000000007F60000-0x000000000801B000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 edb14d825b370a0c37510df708b69fc1
SHA1 c0aa8a55747783231eb41399f61d4c5edd44c29a
SHA256 8ada36bdfb449a5f4e459401a8006e21e060b83514a6bbc1cfc038aa2968bfaa
SHA512 141cebaca80bf3c91e83385ff5981d6de6df0dc8c90c401131df89901a622cda4397ada0f7b53c4516d129754f9d166657857469f1017c845a54e70e357e257c

C:\Users\Admin\AppData\Local\Temp\Splash8.jpg

MD5 a3083356947cdfb053c7c63cec79e85f
SHA1 81d71adf137d5a8dff56843250578bb68333ba9a
SHA256 3e290e256bf19f56b233c42f19397807a83bde6cc792d6ea2f6c615cfc92ec1d
SHA512 820ac1ca3472f2356c7ad3c7443a431eea3f710679e6467f47ee8918e7c206767ff99401ced14dd3d012d930b1aad3225b9f9e1a7a9ee4303a8b204f05fdf766

C:\Users\Admin\AppData\Local\Temp\Bx\2.gif

MD5 a7e869f972c21eb387017d9bbe3c2e5e
SHA1 da538e98ac3100ff9020ca658f917a7dbe8d7bfd
SHA256 d9ad0cd825f5697af57111f18d7bc31058546b007b8790fa70fc654220956dd2
SHA512 b70577b9968c3287afcc09f47a04e345f4f9b4dce1b54e48478fd36a77b56741ed417b034c1e104e51bd69ba14c96d9f3ac61aa0ef6c3d85beba797339dece1b

C:\Users\Admin\AppData\Local\Temp\Bx\3.gif

MD5 17bc240dbaa9d457e5fd0caf93399510
SHA1 182de7dfb35ab0fc307912b3288978b7f8695ddf
SHA256 dce48fb63b0ccff6559c5a1dd5b17d110604664622e99cd1316dc2b56a109bde
SHA512 fd66b8ab8744c733be016f649c31376483602b5161937e8711a1b6f1ac883de7cf64de2febcd67a5dabc19e31ca264282420b8eb157fced1b2c2156c82124671

C:\Users\Admin\AppData\Local\Temp\Bx\4.gif

MD5 ace31c8058733258b12f62cccb4cc16c
SHA1 229ab621903d16b117e9a727d90200627aa688af
SHA256 d1dab0a7dd576eaf36ccc31df5410ecbd74088259d55cd88dd590aa460da3a48
SHA512 e0b9e96321bec0fd7a55ec978780cacfbcf0a6ec3bb49070192edeb497f4adfb56fd5d06c76cd9030e8dff0ad0fecbacd720c4876981656b09931bdce1c6b29f

C:\Users\Admin\AppData\Local\Temp\Bx\5.gif

MD5 85cc7a9f711973e60c066b9ca334ac08
SHA1 295e1018384520a069565aaddcf5456da22fe83d
SHA256 27491317469683de3a12165bef1aba1f88f2a9ad41f0a05f06db31cf8ce9d3bf
SHA512 5cab1478e19f19c3d73350d9147a7ad0fa663302cbb4a0ae9b0a35e8b7d1b4831a21ac7e1d2409a6176b8a1932c62e6022a9d1ec895067be98e59777d80675d5

C:\Users\Admin\AppData\Local\Temp\Bx\7.gif

MD5 6b9da0ac03436f5fe357ff5a1e0d9564
SHA1 4b99a325ec75105183e819234bcd1276958ed6d1
SHA256 5637aa5063b88b356df923023758f533d461a5d220ccd43da55cdc76c23f040e
SHA512 c2dfacfe4398e74a54749774ca9a33c5d7fb2e70d1ac4da85e735ecd50612750e0e2058fa538c61b77fb04c6645f1a8f5e83f09d18bb0261c1ebb67c9fe305c5

C:\Users\Admin\AppData\Local\Temp\Bx\6.gif

MD5 832766bfef0d1d41ae1336be835178a1
SHA1 79672fcdf220bed918880d9126f6c62b9fba7ca7
SHA256 12ad633b83e678c5186b75873656e97f415a16d5bd8e6398ddb154a32457269c
SHA512 4caf582ea948c09d582301241f23734c9ca8ac28fd8af0e823b12ffa669bf062057f9995c944fd64b8d0297225309a355390aee3ebcb47c18be0f180c6faaca9

C:\Users\Admin\AppData\Local\Temp\icox\36.ico

MD5 c4cd96de1d10d0552871b55ac4707b6d
SHA1 96be2355dc753f29000311a61c26ab69ea2e3921
SHA256 b17d4c6c518eceaabc152332bbe5b137b4e19bcc6c507e6a3f32bfc39954e5d8
SHA512 e0477fd4241025735d70e9d47c5253962070a4a3ddf220e3d6a60ef3ff45d909b560ef096a174b5e91152e428b507b75e5d69d3971b7a58a79e93b5a3ec0a780

C:\Users\Admin\AppData\Local\Temp\icox\80.ico

MD5 f9fe137002c22ba62664a4c99e35a73c
SHA1 58571e623a7dda5297e03cc0abb6e1b34f0a2497
SHA256 3fcfb91b9546e9dd1932bf18e54a67c5504ab68a3850dbb5bc9eb53000f43380
SHA512 fb205269df9b951e5019f9a12e02a6eadaff9dd751efd27e132a5c958831a4fdac8fccc6894697f2a5467e4df89e2716784f2386741aaa99e68220de2b666b90

C:\Users\Admin\AppData\Local\Temp\mon.jpg

MD5 699d216dffc6fcf9c9632f39e9a93e2e
SHA1 989e891f4458e8ea73a9f451a600e2d6e8f79101
SHA256 c461f31b53fb9f28b27c1bad136917bf9522c54b0cc633c5e4f33f5473735ee6
SHA512 2e04e842254de746e56a24aa1eacc99c27a13719e6df4f2b73aaf571001a669fbcdd08488547ee53ad164ca43ec5afc34934a97418d02f7234b97d5ddfdbac19

C:\Users\Admin\AppData\Local\Temp\apkx\s.exe

MD5 d4f1d16301f4a3a80f991d86794642f2
SHA1 3d9f91a1ed30ea64b9e0a93df159bfdb518d8bd1
SHA256 bb04689a20c7b5738aff072f8836e8b678a1092bd6c129ba2af0d4dece2a95a5
SHA512 5ca8e6d8502c77c98138b687758c4e445a9b126d71465c3209a4a98704757cd10654aa47c851841788af9d540208d4b91a0f761e7ad7487badd5c5c81b9032bb

C:\Users\Admin\AppData\Local\Temp\apkx\apktool.jar

MD5 a15507953bd9b89c2d6570f46fb1f774
SHA1 261a8e68c72b0ebf70894c40b3c35176a66d86fe
SHA256 0e543660bf2d16fe7c543d4034ef505a6ddccb883416c8aa68d1a1d779b057f2
SHA512 eb519a94a4aecc1358f4a1cc84e03c772d8b59edf8b5e37956a756f0cc2673c5d9d976ad6796543db74cf187763077b4bbcd0519e7f7be845c0e9874d4862353

C:\Users\Admin\AppData\Local\Temp\apkx\888.jks

MD5 0d67688bd3cb817c9a81b1982e6db3ac
SHA1 a47bcd0cb4abba424acfbb4f08151c4fbcc77471
SHA256 5f732ae6f5cacbb888710af908fedd7f3c7d5d962bd8abff74950debe493cf3c
SHA512 8c97956498b313291775cb7d55ce5be8cb27986bfb6289b3735da9dc6aea66785ed09c84f46c7981cb6f1fd9669c1177e1beaf76871e71dc44b54077e2c02658

C:\Users\Admin\AppData\Local\Temp\Main8.jpg

MD5 be12433f18ba620b882a4ac59576b913
SHA1 8d3cf7097c9a4b923023ca00e469aa320093cfa6
SHA256 3063484738ad7a2bbdf86a1aaa48228a23dcb99c5fdbb1e873ff7ff6d09907bb
SHA512 89cae3ab2b080782eec1f0390ca797d8852954f1ddffa8b57df5d1b38b44c709f913065bccddcbe0adab6f8e017e1e9c3604a3573fb932f406005e60cbcd6a97

C:\Users\Admin\AppData\Local\Temp\upx.exe

MD5 308f709a8f01371a6dd088a793e65a5f
SHA1 a07c073d807ab0119b090821ee29edaae481e530
SHA256 c0f9faffdf14ab2c853880457be19a237b10f8986755f184ecfe21670076cb35
SHA512 c107f1af768d533d02fb82ae2ed5c126c63b53b11a2e5a5bbf45e396cb7796ca4e7984ce969b487ad38d817f4d4366e7953fb555b279aa019ffb5d1bbba57e28

C:\Users\Admin\AppData\Local\Temp\Aboutx.jpg

MD5 ae9d8596a266886b5ed9fe0d006a89ae
SHA1 ddf3d9e8fe1e77f28c2b56d739fc0e52fb2f042f
SHA256 80127e62d02beb810174845ba32105a38d7dbf6c131e40f8ee92d157ff95128d
SHA512 0dc0be20ca9b9e49096113d0834a19ccd8ebca48d180da433a49a078d8cbfb74b7f96e14f84911a64f04bcbec14bdda4a399ca9686d362c270d76d150f20a145

C:\Users\Admin\AppData\Local\Temp\icox\61.ico

MD5 a986050b0dc3726b03127f0405441e95
SHA1 7733b22c904676ab13b1a8d73b923ccb15a369ed
SHA256 8d1eed864978dd5a37aa704253600d4e5a82c03a6474f16692d94d238a70fb30
SHA512 9befb84ae6d7b8ff1bd41946b17cfe0d6243c3832e2e99099078842c5607ae3a795e7ac6bf1ff79114b888304a762e283a5711f11e90e6dc0b0bc8a80df777ba

C:\Users\Admin\AppData\Local\Temp\icox\62.ico

MD5 0be1810b0568e320a711f787c7717c93
SHA1 1a243000b73902858b358c3b377b1dca79d18abb
SHA256 fe359602b7c45bae344b35ea49c7f5ca9c7da92f87deb1d92f7a89c0e24913dd
SHA512 85f525279f86a8f6f210bbda1ce5dd963284a08de9540f10dee1c28c55ac72a021c7b5d2f0f72c5a12cf25cf0dac66485b62c7272d043ad026e2009c3e649fdb

C:\Users\Admin\AppData\Local\Temp\icox\52.ico

MD5 9a63511b684da100ead73971c7632d4b
SHA1 3018d2fc9f9a56f56b9bc2cbf3f930130bd5ef88
SHA256 791718ab76ba77cbb501cc06f982c097c156a6b74ba7c642d097fdc7cd2d9669
SHA512 690e59afaa678cc05bd93638cebf2b6ccb1723c2cec7063caa381f26077387b93dc5ac8af8f9a98487f6af1560d6bac3d23bb526c834b3698405a25ea1b8c6b9

C:\Users\Admin\AppData\Local\Temp\icox\exe.ico

MD5 3cb36b157c3da407f8aefc6eade6820f
SHA1 8215b8c59e39e564dd63d98f1b6b6d3921c1535f
SHA256 6e4475a4a0c2914c6fcfd60f331247cf3c9a13d21247a9da6d960480e82c948b
SHA512 b8008845d42477d22484c5e92a739193feae961babeef3645b5cdeb527f8c9b0533af1811797f59abeeaeee2639a049af5f7b9aaf25c1fbcbca22f8be199fdad

C:\Users\Admin\AppData\Local\Temp\icox\27.ico

MD5 23452ed2954152c992316fd596f8fcd1
SHA1 08946c99e6fc343158e27ac3a1324874d39612ef
SHA256 5fa66f6d1ae8f959b539253d13b016b7c2ec7c41d1eed15bdad5e68fe2e09861
SHA512 f6459931dbc47f6b425e85c1c76ce9bc6f38a17a0a9a2fbc4218384f016826c3a11ac1ace29888bdece1c3b517f569c3d392c3df2e07db9f039fbedda3f26255

C:\Users\Admin\AppData\Local\Temp\icox\8.ico

MD5 f4917a049ed0c3385b9af0b271fef0e8
SHA1 e675b9e76eac2a59f211065194bc6ffc2c7d3ff3
SHA256 7d4d44ff75d99ce917377e425604526511288a441ff3975c0a662a665d99fbb8
SHA512 c315c2b6ffc153faf4c956e7ff800848b41cae04388fa9f6b6cedeff0de5f4a114fa7a4ab7494e07eaf3cc03a49e724753ad77b1c3cbb28e293ebb5bbd249142

C:\Users\Admin\AppData\Local\Temp\icox\69.ico

MD5 dfc285b1a87eeab5d86fff315ed03607
SHA1 d6109e6b401eda9a985c30d956b4e16fc06a694e
SHA256 843aa0d8103255ae9fcaafed32a2b163598897b6326b88fb7590a3547d4b7b32
SHA512 17a3603ed14b0668b18f2bccf243a2a23f3b5932852b50b436222aa2beb2b10b501a06591f2d4973260ee04c077cc439aeba79f3acb49f4d7b4fa0033e297a9f

C:\Users\Admin\AppData\Local\Temp\icox\x4.ico

MD5 a2cf8e93439bf7ff686e33dac3790bb0
SHA1 4977d5270658f12711741fa5af933648aaf8a3a0
SHA256 12cd3748f68f6c6e0dac83b193660036e51da487c0f88caef45ad82da77eb018
SHA512 796346600322927e98095393b5f38cafeda5310195b85d23f7db2bbc914497c03eb9d03346d68623fe2d0e5e59d092960f07030a0b175264bdd0696bf8e81a2d

C:\Users\Admin\AppData\Local\Temp\icox\22.ico

MD5 afea44624f7eb2f9453b6b9ec2f53a73
SHA1 3328e8e06dfa0370d0aef2ecf3e3eed3d3e1ff57
SHA256 405470d50d362375b3171cb7417d714d5484512e3851cafe39ecf0ba7b8a2e7c
SHA512 3b77bea76381a34bee063cb9fbfe66d187dde6781a877d0219c4a90e490c326c4539842c0e34d449201a9ebbdfec4f9b91f8fd28871c3118ae1c1153da104e85

C:\Users\Admin\AppData\Local\Temp\icox\30.ico

MD5 00efdcb61d18bcd85ae33afbf330eb9f
SHA1 940bfe080dbafe393b71d60089adc7803daed922
SHA256 806bee7f8ad004f2d375a7dfdaa3ad8f0bfd016e59bb0356d8375ee6a839c0a4
SHA512 ae359cb42f7d4091725d361a7301b69af1c43d51804ed23b6958a8d16136c9b6c2c47629080d678b4162eccfe16ae842a383a563db69ee272f29de9c77202fb4

C:\Users\Admin\AppData\Local\Temp\icox\79.ico

MD5 39200104289093a7c0d1462530613933
SHA1 268f46733c1b518a291b2ce2034b7f1846a25cf7
SHA256 1ce9584f5c6f79e543f48591ec566a8724f4caf1bc5e32d5cd20a98365781451
SHA512 37d3b8967790210d2171ed3dbe34ee2c8bb76bd2fe4409cfe60386786633cb66d461038338a1d1a75a1d7dd5f740391b8dd0442d4f273b8b8676e1860e0924c0

C:\Users\Admin\AppData\Local\Temp\icox\75.ico

MD5 d57da262695076830f6395b102ad4102
SHA1 220b336e64f61b6650688bb93bc3fec3e0278f4d
SHA256 bb8acb038b05068e89426cc9b991fbb3358a54d5bb87dbe5f7e83afb0d9ad210
SHA512 5673145fc8b1130a2e46db056fc132a06b27bb9768f39aac783166aa73a0d8ae3c1eddad93539459ef258b8d096f31faa64ccd118994eac7fdac7ccdacffd91e

C:\Users\Admin\AppData\Local\Temp\icox\85.ico

MD5 f63fb17cf8391c8c53f47b785d4125ca
SHA1 a5ba41a7de8130161d25b1aebe3e220429ad1e30
SHA256 0be7a9e0cf4686d98a72c2b8ed3c2e54dd6c68e12548b44138762761d0eb9d59
SHA512 2101e81828c0cd1cd804a3624148cfbabf6d166b16c7a00c05a2d3a21d50006547e7b5932723f1192a2b512a7f9dcff0c3d85deb89d2ce76782f450752afa4cf

C:\Users\Admin\AppData\Local\Temp\icox\70.ico

MD5 fa0d74fffc254482b4553fa2d111b3b7
SHA1 f2ce14bec9b253beb7ee8012cef970deb46d8216
SHA256 afa2256aa1212114ace2c70a9b0e1ff84da142c757e323f5fd0a5508aa3e3b8f
SHA512 4e60c1efdcf49922527e535ea0e84ee7e75886964fcba57498bb2a279a9e2142649fd7d12d91c0d51569687a12365ca56e321f4b44b4e0b4474c221408a2f9ac

C:\Users\Admin\AppData\Local\Temp\icox\72.ico

MD5 8566949030e30531d4acb964d9d1376c
SHA1 caec7df69c07db41f601b61fa30b0260c8013f99
SHA256 b61b3f9c5224a4274cde2f0683e5107898fcf383c248692e5a04f751f4ea13b5
SHA512 98a782d6c4fd7cca8c7207a2869eab37b866d90cf7fbbe416a8e3323563ea11c1497e9af4f177f9d088554c282ed1584cb4c35eda494914e8277609fd69f1f37

C:\Users\Admin\AppData\Local\Temp\icox\74.ico

MD5 567e9e57f178f8959d88a357cae20da4
SHA1 e32625c2df235f1f3b588397191cb76c58c8381e
SHA256 81855740e3f4c3c034916cec19a3c5808bcb76e68a1b33b29a3efbb2d6d10ee3
SHA512 e759d42081677d937b075350f7e0b7f9c83be0377bb46f64e372af1431e5e56212433cd83bd36e8516043bc42b22bf3360b8fdc6b28e61022e1a75e7a187582a

C:\Users\Admin\AppData\Local\Temp\icox\81.ico

MD5 d45339514602ad87c9e582f131730080
SHA1 e2d6a0312cc98d0b330d977c4051a2acafad821a
SHA256 df5a2955a48547c74e347733e355e6ad7aabd82ad0596e558ea4feddc7c2e4f1
SHA512 e56d1d17e69cf4705d7465172bcf45b0b8c215d743a2b87f954a2d6d54173a68edba20d57a314980d48fd2b83213a276b7614735f1dd1e4c94ffec40ae652f73

C:\Users\Admin\AppData\Local\Temp\icox\18.ico

MD5 9e8f148a6207da9b2d021c6ee4fce7ac
SHA1 3c064e658b6214a8a52eedd3858541b234400f69
SHA256 9ee6f6474c7e137317db8a8c0bd0e4f653d389e70c723fe5e1d945db66d1e89f
SHA512 8abac3c718ec0bee1f7cefbfb9b938c253e07b075d7b6ccb06ff5b7a0d2af5063bff90bbad8893550b112532d77a4d6eb44bb35f806aec702a61384711bee544

C:\Users\Admin\AppData\Local\Temp\icox\83.ico

MD5 0b41d185c29c196257fd9848d649ada9
SHA1 3759eeef35bfd5239ff4433f9e28bf1796908296
SHA256 89ae74aafb3113eaa740dcf7e95d33a472de490b3126fae4e0f1ae3e411f1c38
SHA512 0c36beadf47814be04a3b1c6a309ef0d887209bf6f2c5b8e2bd54401e4fb1ef8ad7dc7819448087b2456bc53abdd2741a4e6eb1ccc21ba6d59527c822d4d0a88

C:\Users\Admin\AppData\Local\Temp\icox\82.ico

MD5 f55b31601fcde22392b015233eebf147
SHA1 1f42ebefea0e5745f9e1da288b10dfa36d6d8151
SHA256 71efc4f26e90149a7934befe3f2345ae880ff6ab335b2c7710a88f89fb210a2f
SHA512 a214bf41a368fca41310f37381bb62f6e323d1882730bdfecc9145e67b07031bc3530795085cfe6fd78836a72b9236d4676018c8ba5091e766c7360f3a487cf8

C:\Users\Admin\AppData\Local\Temp\icox\3.ico

MD5 fc6e520f9e572ef81a72be6561c7842c
SHA1 c1e693470595ea0d086ccb41febde6ca1be84375
SHA256 d74305927c5b8b88d023730075e6d37e8b14dda705dfe4bf3d6aa01bdd658cf1
SHA512 824d517ca1df64f21f5e2434652730980cd9d3b78a9f5cc7ab75c8df1243c6aac2c3da09aa297f1b1dfa6f2d056b1e380ff350879f0c41b325ef94bcb7140600

C:\Users\Admin\AppData\Local\Temp\icox\5.ico

MD5 cdee018e88b7a515827c9b7c0afe9c3f
SHA1 ac81088c72f8a0b9ef14b3f5f86a61b70a28cc9d
SHA256 b8eedd84108576669b3ebe1af006a39dbe7b932a5cfdcb4eed8e1028464da24d
SHA512 bd2ec838514cd61f2cda60c94f835543184ffe29985cafcc6887d57061613986c7e2901d20fdda5ce608b8baf25708bbe3abe0e52142565397893e382255ad4e

C:\Users\Admin\AppData\Local\Temp\icox\88.ico

MD5 b402b6e244d9a766c49a08750270ceac
SHA1 116a1b35e92684451adf2658fb6b80f96349fd96
SHA256 f56712fc6dbcd3b05c60ba6cff058ce2eba5b7133bee4b8281f24bd218d09f8f
SHA512 4e9eb2e7612a40d936b5736ba2cb36d0cf1786d76a6b20d760ca43863250e675c2d5016a2fc5da224f8fa59e8d46e80510b36c91632fa5c9a0bad7a68616ff83

C:\Users\Admin\AppData\Local\Temp\icox\37.ico

MD5 39d9cfc0221855651e742f2bcb26fe38
SHA1 2052654637a1b4dc55e8d5dcf22907fca5a03b62
SHA256 77efcc37b21363ebe53395abf0b2d96f25e346562a533fc8ba91aca9bb5ffc90
SHA512 84e0cd74b20ab3382dc1c64d824941e5d087209aabfa362bbdc2ad2284766ed0d5099660daaa5fc8ca8cbc13be763f5ed438a1d9967461e3ac1bb87d436f3d49

C:\Users\Admin\AppData\Local\Temp\icox\x2.ico

MD5 3f06f7efe574f18cd3ee1d2964d5c1ba
SHA1 111f9616730d4dcdb2be6c989759004965eb10e3
SHA256 590d2da2e475cab3bad9b888e75a0232de51671d0c38de904fa46cead48fb5a4
SHA512 b3d44decfc72b6d50f18fbc4e3c30c75e26f95818ccd6e7ab28b54945e5f37c6836db0fe00e750c2ecbe1fd8b94cfeb986fbd2ca1281f1aa9dba718d4c7f1ea1

C:\Users\Admin\AppData\Local\Temp\icox\96.ico

MD5 f75d69d2b846f427d1ab7cba86a8528a
SHA1 972a889d3f6024ec730991699e500982f810f7a8
SHA256 ca9cffc2c572f6c2ee5a95ef6fe3b1cb908c58fc84e89e02586556a9c819ab60
SHA512 f0392110f46dba3b39e3e12eb6193edd901105c722884cf7a9bbde6656d90d0c325978f4d588f13e2bcf13c5317d7ecd9e55baeb59e09472342d3eb910066f5b

C:\Users\Admin\AppData\Local\Temp\icox\7.ico

MD5 01ab95f8f1124d0708f95020c19748b1
SHA1 aac1978ca6b678215d4d8e92177e0aef64bd5805
SHA256 d6fc0ca45f6952907b58eb2a9e2b9614e32d9530f6b74c55a2bf24d8be385983
SHA512 f059a7737df8750cb6c73d9fe43c823f227497f2cc92a1a67e2e7f2f123b63cf9ce5d0a0db763f1547c5e37687537b5823a32e62e751b4a867a2e77b022ca5ca

C:\Users\Admin\AppData\Local\Temp\icox\87.ico

MD5 9e3bbd859c1e3127c53b9749b0a6f5b1
SHA1 bb73e1d6a0868e7cb20fbfe66a3286d21cb07b8f
SHA256 4d6fbae7d0ee12f43f03316f530afb45c41bfa20c2dab6f0c83f6c9d225f564c
SHA512 c7ed2d9042e853f5e049a6d8ad3ab8bce2753c8945e264805a2b58ac47e98cde778e4653831ec94446ad2ba5ea80699732c0931ebd0168f92b7b96b7d9398f56

C:\Users\Admin\AppData\Local\Temp\icox\71.ico

MD5 b1fb08da4416f0a48272952262e8d5c2
SHA1 9bde59aa32712557c2b70a5a228775b0bdae599e
SHA256 18e0afd483870931f32ba40118bd17dfdb5d0d54b031bfe5619fe186a9901382
SHA512 c4e1b78d38d6ebe0f1c90722d6a48c2c0541a46296839498e3c4444cef887f0bc9ca23503352f7a4ef8beef87b2fbf1f3ffe7fae9ce7ac279f221134e7e46dc4

C:\Users\Admin\AppData\Local\Temp\icox\73.ico

MD5 10cc2f45ea9d7206a12e6f6868448318
SHA1 be91d669b06d896b624df10adf685de373b4cb15
SHA256 a7c16e60bc89163e6af4e9a35daa578fa79aa403d3b0e7365de6e4a7b20de814
SHA512 812aec11e9276602c82bb1b63b72476e5cf0dee709c8ae1e58b546c90c334aa20b0aa832878b34f2f071395d22b8230ccc279dd501cdcccc6624799c33571b3e

C:\Users\Admin\AppData\Local\Temp\icox\14.ico

MD5 f0e4fc7c06d5fa1583cac2f0deb12224
SHA1 aa49e00fb539c8e779f2c872be5dea336dd0c31b
SHA256 4ab4a23dcea8f8761457943efb361ae40f0b6eee0704169bb0126e919b43735a
SHA512 4caebf7376ae66c3ce366f23858240754ade53e1934519e1bfd5e9c6cfa0dcd5eba5a534e785d1a88e616da5d6d29e40ded9fe48ed2714ae0dbdd43de37b722c

C:\Users\Admin\AppData\Local\Temp\icox\17.ico

MD5 0ade9d66c7ba89e6350a416b2fdf7454
SHA1 beac7451257203f22c19c73ac99a26cdccd2f69a
SHA256 c72124fb97774910357433a7eedbeffeff9dda4f0d2c331cd27e6d65f20e4f6b
SHA512 f4d1d153e0ae3b7b7fc2f34f9fc68ed0e0886aec81aff0aa19ed75e91987e15f08d05753e43c399e58578c8d65c4f91af762b2ff7e869d9a7533476ad0d5ff7c

C:\Users\Admin\AppData\Local\Temp\icox\21.ico

MD5 b270c6b3559e9274874cdf2b7b727da1
SHA1 16358c1e8054ed87a7fe7f82a2af6bff2da15e2e
SHA256 0a8c24a630aae926f191cd020254b31858b907d91b5804733f01dc60177b629f
SHA512 b1ddde9843e2af20fd66e2e6e9517dfc9f7f4cb5b4fba7b371747bfb60eec261c3a9508c6e12b06db46f78e4ab23d0faba62a056c6ed794c7f17b238e6d80c60

C:\Users\Admin\AppData\Local\Temp\icox\1.ico

MD5 2cce963c91af1bdf27cc3b9eb7190cdb
SHA1 f62000f632e809a3be8de80550c8d4c540b3b39d
SHA256 968f03693dd26755217820c00c5e73c77b204c87acd36f99292679837f25ddda
SHA512 044dc595fad2aa0fc09b05fd12a6194b2776fcbe8b5ad1985b1a42519e0df7f09cf3c37f51ec20887ccb022ebea7361ba852faa58f6d9d664886935ba007a0b1

C:\Users\Admin\AppData\Local\Temp\icox\2.ico

MD5 ba4990532d8489be0bb210d34c0935ac
SHA1 d5b6c32dfe1f2e5ba1de266d69869c9377042080
SHA256 87f6558c9a45d6dab4db091861f4226a2efebefeda5c15271259adb2f82f1ed1
SHA512 19a0bb35762fbf9b6e06f4145eb02028ce396a6eec4c8067e40e3b407393c66555a5278a10151d30d318bb82b02764e4fda1269823cee80026d01793c8431ce0

C:\Users\Admin\AppData\Local\Temp\icox\20.ico

MD5 f1c4fb2bf221f8effb42ac9bea78c8fc
SHA1 8323c98cf293c118f8403cec7ac23c6715e4b1d0
SHA256 c82a653cb26b89eb4828b08e2d5175e42cf5e3506acc6a7b366e2f79fccd9ee6
SHA512 85d72f5dbade808e886dcf94f95de01da9cc8fcb09b0c97ebe14a2ed4357f5f10905c9045cd11f7c6ff13f4d4952527c97b867e112a5194c0c095370e4d7b3f7

C:\Users\Admin\AppData\Local\Temp\icox\93.ico

MD5 dbb8770a5496b12ca3afafd819de52a7
SHA1 815f448926955d3830be5956a3a9fcbf1c0b0d69
SHA256 80a9699f1fe5e676059b2bf0ebbcc4426b520ae1f312b964ed07c3cb082f954e
SHA512 ebb9efaeeafbf90c1f9b082d5ecb82742e45023bf7814aec4e91df1570e216b1727aeb9906b8e555bbf06d4b79e5680fbb64dd4ed0e26f3315e897891e1358a3

C:\Users\Admin\AppData\Local\Temp\icox\11.ico

MD5 a999bd85d73b4b4581350ff5f6c28d84
SHA1 0dc32cbe11badb57ea39f434f43ab035a432daad
SHA256 6418f9a87c22029f8bbd6690d30bf845e5852d3a2ff2cf7b72ed3e34def8b25a
SHA512 882738cbd3437d9d965c2a6ef1db1ed8081742f9a042611cdc85d84b39beac4d90f7cd853b54e509b0c5411bbc032e3869601bb908eebf8bbb535a562cf5d6c7

C:\Users\Admin\AppData\Local\Temp\icox\29.ico

MD5 6cc5d6ce7ab7ff9e60bf41b0c744d500
SHA1 26db6f3d7e25e1bb87a1b4b30334cce64bf65a8e
SHA256 f9d2910ccf7968e7b90ade1f86011f5185f8f3830daa99f8fa7420410196e76a
SHA512 bc302189c7697841b3ab745939f7b0a032cb2f02c79d6309a8f1fd505583009a413a800a35f9313bdfd2d1d06b81829e171d9f0f126c22ec002c4e76b63337ea

C:\Users\Admin\AppData\Local\Temp\icox\68.ico

MD5 43d833c221ddb26977eee5ece969aa00
SHA1 2a97892e86cd024bed8d34a477b2bbaeb70acab6
SHA256 52d6acfd37e8b9921d704084d4f369f9d6e0cce27af0dc4c1319a8c09c210888
SHA512 cb1667798dd72df007d64b716cf11e163eb17e7dce86f8b22554cd161c8a333ffd7965d723c7c0ed6f7ea5b0dd1ccffc39a103af2a68fc50114240489615f687

C:\Users\Admin\AppData\Local\Temp\icox\92.ico

MD5 8800a0755029187e2442a01e5bee0cb7
SHA1 617e250e9ee33034932a0a11c491ec0d1f224394
SHA256 9c9a9b3396e6f63a1d59c18d1c088732ae67f91d6a2c57940cb0ba672d2989ff
SHA512 d290a8a489107732ac4922aed790f9570a68fda24cc7beb60543d2653319f9c16cf3f7d4ccc81693d8829498cb266cb2625fe29282aaf2d5716f98e7068bbc37

C:\Users\Admin\AppData\Local\Temp\icox\95.ico

MD5 e483e8487915ffeafb6a691e6fe07cf9
SHA1 febec3520f07fcc548b842601c595cfb795ab034
SHA256 4bf3ee92f1fafc32912ea3795fac35853f540ceb5cf2a4f3d59228a4574547d8
SHA512 c610147fa0cf3f71fec7231d2bee7c67c925b82c7a6c31b6596c84bd4f801d155f814670195208245ac8d5890e86b5f0627f6ce95de26bd013aaf16b7d13cfed

C:\Users\Admin\AppData\Local\Temp\icox\94.ico

MD5 bc0b79816dda82e0ed2bbe06651a76b0
SHA1 8638f9b95bbd211f079c806171d635ba5e6159c5
SHA256 e0ab73553d95bea92db70d6459df69d1ed61808725c58a5c448a53ba9a0684d4
SHA512 9efeaf1094da3b8b4c853e1b651725ad7310502c2808a09f09182e3eb4fca16c7d20144c5530cb637ca39bdc1bdf4711222b32aabb5b12c8a260a143ad75ab85

C:\Users\Admin\AppData\Local\Temp\icox\55.ico

MD5 1fc8308ca52fd830995567b90ba112f4
SHA1 f82f49df02b99942fcaaf79ec4a4bb2b5309d4c5
SHA256 133401f235f341ff052da8abcb125b41295345a88fa56b9ff3b1f941155ba153
SHA512 33af3eda2b2810c1079c9b37e785a4d8b47273bd7472948577dca4b0ea356c03f0bca5ddd72405dc92e5e4c52cdbf120825c99f72b9fe96e3aaac1a612e0ba21

C:\Users\Admin\AppData\Local\Temp\icox\4.ico

MD5 cce930dd59860fa4db3a5f63f4f45afb
SHA1 a8ac28a7e703c22b992dc25c39e912476febd8f7
SHA256 6c5588c1d2fd9b34ed6e5dc485b3786087de2d7fe9deff7736862683c788dd9b
SHA512 9ae642a63f2b22602c74a59ac3b9f3706486f2c60bf5d470c9168a6b7058f2274d3f9adbe5ae974e697a2bb24eb932e815f4d3c3b53a6cf29590e97aa3313483

C:\Users\Admin\AppData\Local\Temp\icox\47.ico

MD5 f4bfb77838fb8388dba66858ccd8e9b3
SHA1 ec3ca9049faed0518e6b3df35699559501fb7fda
SHA256 5efa36fc642eeb5e4b692534edfa52eaab507587c538be69cbaefe1eba66a813
SHA512 4eb81b34d5d6f78201b24e0209058e77a3bb7128672a4bbfae4e3448fe2c0032289ff672ef716e0b0ff86364c911ce62e82d8aeb63f1c66c91b468f3359e0ffb

C:\Users\Admin\AppData\Local\Temp\icox\44.ico

MD5 dd3188d0832993f9464981bc1fbc366f
SHA1 2da1ec19dc08d8c721a37c5f76026c507299df1c
SHA256 bf6b25dfab9426188ee4263fd7f005af9e29edb43df9e4166e1aa4740e1fda45
SHA512 cec86d2399b3d5016fdfb79e63747263b5ec647b9afaead76894bbe51ce2ab40891c30eeafbbd023dee3774d9b57286bcb373a45d7c64941178de6302b94c6cb

C:\Users\Admin\AppData\Local\Temp\icox\45.ico

MD5 6d66960cf90befdfce9a60aa826b9f11
SHA1 93756b6464cb7231fdcbfcd8bacc34da153a888e
SHA256 522deaa2513c30200f2ca182b45e797abe5d0eded9805b0f7183fdcdddcf5359
SHA512 84b534e50c8460bcacad4d1603c18f3c0f64dadb7a345bd11a54d5035181d6bf19c57461a21dba28876fe2aa748fe505866a9aebab8548d52c6fb1d8b03a06b9

C:\Users\Admin\AppData\Local\Temp\icox\46.ico

MD5 6f1573c8ede4580db8f1e23662808095
SHA1 6d31617f2d7fb78ad8361c10fe4d4756b8e6f533
SHA256 3965c31108363543029c7b79c4b5176ff733a94ddb6b48461b3589dccba77ba6
SHA512 329c9495c836f26e867509a1c6438640142c11349ee2db31bbaf04452e3c8959d93199a660076111dcd84301d5dfc4f4177129112292f7862ec41e1acf3d9eb7

C:\Users\Admin\AppData\Local\Temp\icox\x1.ico

MD5 1bd029fd57aa9c8d9dc3baf7301d1376
SHA1 d423b9518ddccd82251f9c26167ebe4be2c79e7c
SHA256 9e1af26da4e40f63234805c06f5b5d5f13c03cf919ed37b4eadb90a1ad42870a
SHA512 9a211622bb63230f3206cdf30c12933988815e5a0b8f3a70def062a5d0f5928e86c7f7a08aacef442e1269ab507920021d21ec022085443631e7ec721c2f0b4e

C:\Users\Admin\AppData\Local\Temp\icox\64.ico

MD5 4b38d493840e82e4777feb9a925d797f
SHA1 231fe445d61b140db744bd917c6be032a6848795
SHA256 890f2ce86ab7ce8f2201a0e05f54e41dad65f2c80c100f790b6d2f99a08c92b4
SHA512 8fa04e7b270f067432af71b77b8a2098f24ec5925d4a2ef46c8bd2776f038bbcb935531b1d388dadcba380710640e51b2168d6b25d5f81ba385e3dc86fcc5178

C:\Users\Admin\AppData\Local\Temp\icox\65.ico

MD5 e6092bb7d5992b698beb1978f02f7c8c
SHA1 21395c0f1fcc2789b766d753bda8a03c08446813
SHA256 b923708c670d4a672ac9b73398e57b68f444f0dfb050cfda3f08f045aa97823d
SHA512 9d15ee7dfe09320021a21532237e7876036a5b36843dfd19086c89dbac7e1fc4f140b0a1a0ab3b1b0a5175585955074fdbb85094e64b1d51877bbd10156dc6b9

C:\Users\Admin\AppData\Local\Temp\icox\59.ico

MD5 a4a6b8fa8d63d476685aaee78e55cdbf
SHA1 7508b141fbacb36a55a336a3bcc987a85afcf6eb
SHA256 ee13114152787e5a2e1c11ba20d3a76d9032e370ac35cb301186342538f7619b
SHA512 4702881ebf38f247504abcdade35a2dd6f39cef14c84b2cfc6d6a465e122f661d55e2ceba7192f4e5d41696ff07fbf109ed1cfdb28e25f73a4da3326c81156fc

C:\Users\Admin\AppData\Local\Temp\icox\67.ico

MD5 7ac0c793bde899b9f59f7b99b24c3822
SHA1 54d8104382640d71223b00da5d7bb4eb8ca3312a
SHA256 2acb86cb98c9bd49e83e06c895fb8b2e93b5e279bd58c4b0e572b3a11f1455e4
SHA512 132edba42e7ea58787467021a541706ac189a291d655344320f4d1f588ccc225a2d0a591643b06b4fb746e58ac59ff886fb1ad333f56ac806e18b9beec02bcac

C:\Users\Admin\AppData\Local\Temp\icox\51.ico

MD5 3520df2b7b2e6766cc05a6d341f7ae2a
SHA1 80d8e0b8d513712475947e28fd9f75bbea7947fa
SHA256 a032d215a08c42cf3fed8b88913ae71378693b79b1b134f8421e44c33e3c7d25
SHA512 5b401eeab091c090cc827a04fa3961b1f6eee2fc6e2096f74033c7f9f948c1d04a07d07c5e393a5f141e6768bedc095463e61f6194478171873d55ae647c6953

C:\Users\Admin\AppData\Local\Temp\icox\53.ico

MD5 1b49a30bdce7494acc607a88251cff6e
SHA1 b3cbef4d7671685fc6186d71d43d7fd4c0b0e9c1
SHA256 b9e9ff4722a010c0be28f355f91e76b810dfa6114f3a3e4eaed0cdf6139918f5
SHA512 cc331dfbdc2a7fc14d92d6db39da99f18ab06c8d089ad3f3b5ba988f688e23b399e18b37b22f06d303ea5cab0fbdd91322ac0a276374d7abd238051479731d18

C:\Users\Admin\AppData\Local\Temp\icox\13.ico

MD5 e186984b9709033d8157fe3241b0cd84
SHA1 115b80e319843e28f5b64bd6a41e37e42bd1a650
SHA256 e5199e77a3ae5f6958e3a332cc05a466be89ff2d9b16566f09ae8ed5ff49b7b5
SHA512 fc58640f6429f2227cd3b7f4e762a7146f05dfdedbab1beab8a73e4e134a19be2e97d4b7c17608012c8e280f11999726eb40426d6e27952767444d15afd439d8

C:\Users\Admin\AppData\Local\Temp\icox\32.ico

MD5 fb1997a04d345db40d29c96407221f48
SHA1 c47ab72c484d746a059d0702244cee8c9080db11
SHA256 ebf7061edf66129c8e7979c65bbbb05e56d36c74c18516bd72eb1cd76ed2e5ea
SHA512 bc2aa3d188a6532de703370e6593dd3ea04b2d064bfc1633bec4efdc578a58a88df7426f46e5abe6e4b4a993a419460c652d8927ea19721b20f0a2290217332b

C:\Users\Admin\AppData\Local\Temp\icox\25.ico

MD5 56e15d3955dd24e0d2bf19dbd9972c49
SHA1 157e1e2b405f83bcc0e269a2945dc44c884e815c
SHA256 d8aa0847deec7252e01f511eb718f4ebfac993e4b08bd072041e238d53c80021
SHA512 6412dfd8d67da02c02cacdd995b9f9ed2b43ee471de577041b5a06fe99b7e887af918c8c1cb3258668f1dd33ef7b5d5e0da1082d444666e1148f77888ac42203

C:\Users\Admin\AppData\Local\Temp\8x.ico

MD5 041b82f3926211e086c61bd86354eb51
SHA1 96a8054dfaa8a4204dcf315f7a85cb85c1f87466
SHA256 0c3330ef74e12e2005b2e4b6abcd7f35b53b4a21389a28330360ae1c7f2a0474
SHA512 245c55584a141e6e51dbc08ca645fb720e26b1751f224f793893427b6a871eeb903ee8b7a70a4bc5e360d8cdf0cb70c1c22d0f3416b98ecc5b6fd21131cfd567

C:\Users\Admin\AppData\Local\Temp\icox\12.ico

MD5 95625cab932069ebf696637038e31f7d
SHA1 a749037165a050bba2a84bb233ce34ca653ce297
SHA256 8dcbe83961dc51cbfa57b3d2db33054b20ebe94c74eaf89b617fea421846baf6
SHA512 30ffab34e9c5ae067f90b1b6fb0f0cde48273961512857e9a75f4e94e03f70d8199644a2f1b59db2a9024c9803c50136a636745b7f3fe5a9894d51248e6dbb96

C:\Users\Admin\AppData\Local\Temp\icox\19.ico

MD5 4a605bd93fd0ed348c447b930bbac289
SHA1 c9436ac203ca8f97c7d9be75392fe3bb9c4c2da0
SHA256 b59611fe0cf976ce2a3a9a2c7e89c3ec6df02b6889e522a6bbd6ef38813411c7
SHA512 868f78856a5130b9ee2d86de7f23b135579010dce6ccf099b180bafc460cd21f4c376a726e1cbc8e533618bb8383ea3031acfcd6c975a37437dc31cb2b40658c

C:\Users\Admin\AppData\Local\Temp\icox\6.ico

MD5 22b8248bdbb230f02d5c9af9eb1e98ab
SHA1 5eca3727009430f070e47894577740bc2f04bb57
SHA256 8ccc40814a816100e24c4467f0357b199daf0d5328511e3f5ba81f64f4f2bd8e
SHA512 30dd9ea4e12c406579904d4fc6011322d108e7124408d10b269a89f4683d0043920a6697c5b55fd1e687d0fad9f51929d5637d16bcdab6ac2aecdc256ae93804

C:\Users\Admin\AppData\Local\Temp\icox\86.ico

MD5 9af4316b05ca14a4ba71c029f28b272f
SHA1 5269794965b61fd79e3d0dde5cbdccca0619bfd9
SHA256 3988873279af5a6999c22bc50af504afe767dc0d975e1d67007e6e98f77317b2
SHA512 ba33593e56c06784aa6af51622323ee2736c653bd40e419d8a60ce6d26392cc2c9733f95c13bcde5d1201cad5efe8e3ef27c0a91c5e40e1307ad2f03737795c5

C:\Users\Admin\AppData\Local\Temp\icox\15.ico

MD5 311d930c6095cec5a4d422f18cfb10bb
SHA1 fdcf23a1867870dae072bf6b996e04f1417a0abb
SHA256 7c9fdaa0ef85c6816863a96446854aa92f9db5a48f217f67f165400e867ecc7b
SHA512 0c396c6da02f53deb1539e1997a82c583c84e4359f32c964221c7116dbbd32d5f6b833a28eddc09fab9fdd1240ca6dbd7adba93d341c49d2a2327c1f061796df

C:\Users\Admin\AppData\Local\Temp\icox\16.ico

MD5 bbbca8e90d2634e88934179890c20403
SHA1 e131a2f709f872c4eee29431bab59454fead7451
SHA256 19c7ab3095cc81f5b45b9eb7ce8c032560c2d67be377ef5001755147595eff59
SHA512 f3d0a29182f799733e144454bcd3d5836d9def5b05681b03af1fde2f1531a2bd1b3ecef2719c789f8fb6a4eade4b87e5f7b34c602b373c88b2f75c61113e7e7b

C:\Users\Admin\AppData\Local\Temp\icox\x3.ico

MD5 b4a3b86f4df8d2ff2d0f9b16d3462a5d
SHA1 6dda305a43068512e46cbdcbec5a588594ef17d9
SHA256 5dc135360443fbeb8cade2d1a5e545666062a46b3aa883d2df772b4bd1eb25f4
SHA512 a6daee4b40e2b0a97780bb89074bd536a6ea4c119cfef4fb2c4e3a5772dbfcc15a3b8601067add1c06567e3b4e3f00241e7945bf442d205ab05eb282e750a5bf

C:\Users\Admin\AppData\Local\Temp\icox\Andx.ico

MD5 8810d0a8065e21b947907d708a5d210c
SHA1 6af89730e51c89350e3d96dd3f1cbdf610221760
SHA256 bf5fffbe199e40280b4569b753b321e9791ceac63caeee295b18f83cead87ebc
SHA512 769d19826613a60afa602dd5f96f77921ae294e672944d452cb5b57d9b5c641010e6bbf81504c8638d9bb121343c720382e6ede88e569cf8fbae79fe47aa0649

C:\Users\Admin\AppData\Local\Temp\icox\Winx.ico

MD5 b2e99782b3e89bdcbd7bf3f3e22d5a83
SHA1 95bb305232814fe142738306add8cb48bb9b2331
SHA256 5e9573e14190f0a87312ccc08d34f53238cd3e9def5e5c1e117173378ed657d5
SHA512 19661144ee0f84ffc4736296fe005b75ea1507dbcceb9d3a0572c455eb145dceda90b3d89d64f754717a25d59a5f462dc8a1afd56b1554e094b83e3ac0e7b685

C:\Users\Admin\AppData\Local\Temp\icox\x5.ico

MD5 79112c4db794989d2a80f404d4cfad49
SHA1 c6ed3bbb79370ffbdee239399604e9caf6078a75
SHA256 fb86dc6167356f37d176a4fa9b82857cf8dbb07ac30760ca5eab70abd6ee99fb
SHA512 81b3b7a56941ca6371f158d720dbc08469d125c10ce697fc8fa8b1bfbb4a51e4ce0fd6fbfd6b0c14bd3c1340e4f9c47ba60c7cf1f2e493803057e6e2df87aaa3

C:\Users\Admin\AppData\Local\Temp\icox\84.ico

MD5 fedc5e01214302cbf6214e534bf8501f
SHA1 8a9a11816feb70a1de1a805bca6576e40b141d36
SHA256 bae2c2ffab1f786cc71713c16979619a0483bdadb70d15ee9cc1499a24b38ebb
SHA512 dbde154bb577a8d4f697151814b7209d052b5d4a6933aced1ac8cb1f4f55dc830299f185589840e9fe4c3e8fe3212c780158a609aa8d7ece82cb3a471cdeb933

C:\Users\Admin\AppData\Local\Temp\icox\54.ico

MD5 961b8ba2720ac1975dba55f2b42669c1
SHA1 948db30b21365f71227d9d44871fe5e7ad2524b0
SHA256 92b59a3ee236d2bf4ec4029fee6a3ead16e70cc2c64fde75f16a2e7a4bb03e49
SHA512 ceed52b88466a18f59a44dd89578446b66a8175778b1065a4f1e04a6676718dad8f3805faf6c2e17aa2b4c291b9b0bee37c3cfe1252bf0d6d179517fc9dc7194

C:\Users\Admin\AppData\Local\Temp\icox\conn.ico

MD5 24b174ab2c06008d08d97095cf451825
SHA1 ed2bff7f92b52086eb2c7d3619fed1235e09249f
SHA256 5fe6fb8c6c919d7f47d25b25633349d07d9462abbccefa7f795182fc6da29245
SHA512 a30f1751e9dbf984799cea90f65e329b42a7fd22cecfc8ef2c8a26e94391b972b7c1bc54edbbdb0e4b1741e12b1c4e5140f5edc31fda47987eeda9105304aca5

C:\Users\Admin\AppData\Local\Temp\icox\clos.ico

MD5 c2d6fe84307f5c51146f110351fdd0ed
SHA1 767c22dfe807ef0f35df25b926e2942984f63633
SHA256 775bc82a4595259d3cf0208a21b7fcea362678a6ee83d9225a45cfd076393812
SHA512 e15ab6f3965bd8367c0767b62019005304045aa423051d7a7de0f9547894b8ad15be1dfb19f47fee9897405722079d7b1927651948da6232061f29240b233975

C:\Users\Admin\AppData\Local\Temp\icox\x6.ico

MD5 e5287a2b0a9d7966fd05e4292c7959f8
SHA1 620c0634ec7e110fb0d36ce64b0e2ec8ced893c5
SHA256 0361794ee6867fdd69b6ba575f08cbb90106fe95ba748c625b3e591274e3fec4
SHA512 1fa3dd1d83de04acbac12b25e820a11f92c49c7ce1e33d07a538d44bfc4a28c1a11ca882519dd0183d9c240b7420143ca9483bc4c085b4199961ea83187c46a4

C:\Users\Admin\AppData\Local\Temp\icox\x7.ico

MD5 6925e91880f2cd365845875ce6a37748
SHA1 a94488a5f9f2139fbebd5e4d751c43dfeeea7834
SHA256 8863daefa37b15b7e0e461b4cc3cbac881624e9d60011e1fce0ce2eff63a7425
SHA512 142794117aaf6f25925fe4fb4bc5c937d0b12dd41d4867700b6ea8398af3a85d3148a71a668f32cfd230a87c231358113146527946301b42923cec43a58a8fbf

C:\Users\Admin\AppData\Local\Temp\icox\60.ico

MD5 1e2f8337310abec7e1697b11fa5b5c45
SHA1 27b42e545cc953aef27891d15a795d0240fd01b1
SHA256 6e7bc8640eb3c9abe2812315ce0856b25c92867db899e402034190ba276d7c40
SHA512 d0bfbf88c30308f1f5aa14d3560ca39fca1b37b6671052963dd5044a709c8cadffdaedfb67657a1f5bb790ab3d4ade9033a905e1b5b4447d4a5f37a96b3516ee

C:\Users\Admin\AppData\Local\Temp\icox\90.ico

MD5 a66aeab5ee034f37db661e257d7c22c3
SHA1 2261b9522f0f188880d7ea676ee8294046ef2ce1
SHA256 a3cb4787eb264362bb3f81f6d517dba368b61dd64fdac8386403e9f4b0688561
SHA512 b084ae6df9744a9c1ef76132b0f08388f0e6b922ae2867b5baae08613419534db109c1670cf7af87a5b3afe665a2e8e5c616e9ec7afb7c677d79d613380a8d21

C:\Users\Admin\AppData\Local\Temp\icox\89.ico

MD5 02f52d1e96c7e481e11a77e88360add4
SHA1 bfd1d9fa850e9785e0b1d5ec47982d7867112085
SHA256 e0348427f75643ccddd6b574a2dce0ccc187b6128d41d80e61457855943af155
SHA512 82c88c6766826480268fa1dbdf642f5776a9b5e9a9b52f40abe8292db1e258d1e35806cf4043259e3cc02a4b81fb0684e429a171247ba22b9908837cbfc0aec0

C:\Users\Admin\AppData\Local\Temp\icox\63.ico

MD5 0c8a3110c46b7cda78cbffd904137f19
SHA1 bbe31e7d31c8bf3b9a2c0f3309e0bfc0310fa4d4
SHA256 6fa04c6bd615974e6b1bef2a28e3c077e5a153ecaa5c7baedc306d8fefaec0cb
SHA512 d1533870a6817c3e666bce7e365626726d38c4273dec83b558d910e0a8e496b2cf83e45c4cdd77866de4470a3d1ecf354877637cbf395ba95b5adbe2cca73a66

C:\Users\Admin\AppData\Local\Temp\flagx\--.png

MD5 a1abca128c38ecc703b6290890f1e44d
SHA1 f83b3a31175bda3035ff62f11452d6bbc597140a
SHA256 799755f26c6c9e1909d44ae07e87d22f8e3fdb3540c59a981d87ecdf3ed01aec
SHA512 bd1697bc8126f700449c97e4479701c7520e59a0ce12851eafd5c2340775688233b64c01946c0168edcdec6050c44d388c7610401bda0f066ec403ee758f16a5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\20573

MD5 92595de28e93246d9eb252c0ec1ce388
SHA1 ef1d4f60d000fd96b84828353b7fbfd0d3a1f366
SHA256 5e0a6a86f9b88b1b20822a0dba17f2f935ec8c6ba7f5fa79f02741198cde0e8e
SHA512 72b929e535c2813c4042d89795dff3497945ae02c1629ad6b47d8cba8575c3e16e1451d64a4905aaefbafe415ce4a06d5640616b424ebc6eb7f9c5883d549412

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\A0031F16DEE7C74394C65A0DABA19BBC0D2DDCA8

MD5 1b6becdbccc3a4acfbc2c1a1e61c11b6
SHA1 990485f640af80d7dd3b4edcdb1c1f189192cb7d
SHA256 9c987f315dde7392a7bb8131c066500149c7ba824e87df6b2906eb3d660277fa
SHA512 1718f35eef48d794f4bb2115aad6c68baf94d65eb492a8fcf47900bb8a9a6b79298ccf2f59c3596c72c719857ab1b3fac54a1bd513b42c7cc00a56b6a1ba9691

memory/6480-3532-0x0000000007F60000-0x000000000801B000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 807cb0c87c0352950b32f00f1b91aea8
SHA1 3d9004a61ecb3edb3ee069a9f08c9c5cddd8f47a
SHA256 0380cbad31a3e2d56031c7bc88f9a73c906faced100a7c1784892eee19eaacf4
SHA512 5eaec1db891e367bc65bde26b9ec2d2de41048264d9e62e3042b66f49d5acec889406e2724ace2b1fb98afa9cb836b610d15cbb30a8fc0203d0a83830b419cb8

C:\Users\Admin\AppData\Local\Temp\qmbfpnl

MD5 cfe43c7d3f68b237f110deb58cebfe50
SHA1 634e7bd159679865d11fc4dc02362a95ff74b1a7
SHA256 04d4355a401c00daa6cda197bf4af180014426ecba2cd878ab07e8510088314b
SHA512 ef40d2169a90145829231cdf9c2eb5443ec43bf08e1ff81b1bcd93cf3bfab36edaef01d4359425b2c957fe4c2940af87b579be380dfad465c83ba2401c1a9c53

memory/7596-3590-0x0000000008060000-0x000000000811B000-memory.dmp

memory/7596-3591-0x0000000008060000-0x000000000811B000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 3223cc7da36bf1a1bace26c2ebc35d54
SHA1 18b14ab2974051029d62fa3aec107f3ddf449635
SHA256 e074a23076db91bbf18c2222b339172655e2bcc94b8682e4573d38d530725820
SHA512 f50d3e40d7cf172564aec634695b43f060e071b8d1699c9e040d6924785f95c66c1fc056fa114ab6a7b4bcf4ed68336f956652341b42924ba1b514fb3f7745dc

memory/7596-3824-0x0000000008060000-0x000000000811B000-memory.dmp

memory/7596-3825-0x0000000008060000-0x000000000811B000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

MD5 c4a9eec94092059b48d5242fbdc43f49
SHA1 8cae71109106eccd751b7676ef002a4d9adf909b
SHA256 bfc77b2f3439c7031a0f02cb4f2b8b8c728d90f0ccc755ed87fe7fc4736a8224
SHA512 e5aa2ed543bc30ee212e205ec56da65a9fa7cdd01827b6ec1e8893033e8830c39b643888bfe507cde2ae08af55c96caecef1db3be45904ce5ed123cfd6efd45d

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\PJ01GOKQIJ9J3X3XXMTU.temp

MD5 b9fa87fd74d43773538cb563e1e1366b
SHA1 d1384a9b8f72187b84b59258835dca08808da83c
SHA256 551f7375729770273c49c5cb2201217cd809ae14dce08b57a18c3be617e013bd
SHA512 5128af8ae642f4a789416dbbd5e4d04229e43cac135860bcfb520254e7201daa5f581e780aa2be3cbb5333478cc1cedc5abeab248d6690eedcb2ffadc73bd9c1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

MD5 17ab1d0fbc10fcacaab73eb0cf113bcb
SHA1 b14a77a3e342f33215b601dcedde98f9381ec4b3
SHA256 4fa8d462ba014835bc13de944e635f81a1d234050e2edcedcfb11c0a159ab888
SHA512 370f7a7da3b1f6bbd527ebf2149bc8fcbc31165f527d69db471eb1f4691c4025953cf3036ea26e8e1a507b8fbf7f61179522bff34c1b552197bf4a82cbeed069

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\D01087F158ECEE7DAE51C65C57181DCBADA87D2A

MD5 695a7c74c8a3f1578561bc235c82c946
SHA1 69bd44429d86eec21fc5c72338ce9a84a3831011
SHA256 33b5b6021fe9024668f3c2eee555ef798c76ea39e61505a3e4ecbc6025566739
SHA512 d72fecb1bfcaee1b82c926762ec76fbf299a7094396d1fbff2865f8df21a89cfb40c9e0b927622df23e3ef878a1c6cbf5f4b982ddcbae3aabff6d5dd2cb882dd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\7A34D85F7E89B903C3262B4668A550CCDC08B849

MD5 4d4d5848116472438193073508ef6e53
SHA1 6c1a70576b448b5c00a8fc7801f75c4473f2736f
SHA256 80a998c4966f3f17f0405e8ad3790f24dcdf9f7458ed4225b45a345aa0ed3c4c
SHA512 285ab6f9900cec4b82dbf8b9465d433fa1e552e4e9ce785c9bb12bb41dc243c5ced7b1e0986822dcbaf10528d5356c2cdcbd1787f9c71e1c85a73c45a46668a1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\AA08766118A0CE10FA26C52E15B47A704F25E26B

MD5 0514663c9cbab1075f8675d8d5d94fb9
SHA1 022c7de8aec5136225ccae2556c163c352b1e337
SHA256 fe5e2965e50132928782f28d8ecb1d657bb745220547e1b048d4752977e1c6b4
SHA512 4284dd07e83531b3592c1393aee709daa058c79b2e7cff71ed152d57d12cb2f4221c58b5cab859e6afdb7bb36545ba6903bdfae5981534d9e967d106c7f6bd3b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\broadcast-listeners.json

MD5 72c95709e1a3b27919e13d28bbe8e8a2
SHA1 00892decbee63d627057730bfc0c6a4f13099ee4
SHA256 9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa
SHA512 613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\1340ABD49C932ACE08A495ABA1DCF23C8D5FEB10

MD5 a9962503d110db26c7a2fd4331a9bafc
SHA1 45dee34106559f76808fc75c1e8af5c7a174abb0
SHA256 08a410d5561ad99ea8dc0099dca69f0f98756330badd54a3d33de727d054600d
SHA512 86409e5aadd0e77569a2ba1ef873b779041212e844b54f137316c23683eb9a0d6febd92179c1913341b0828be8cb69b7360434313e51814fd30a38cfe4c3d64f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\EEB2370CEE30E369D98AE132D1A967262A1148EC

MD5 4fcc1c35490d0c0ea6e6f74b9d7cd797
SHA1 01a5002c28681314c5e1a85cb7e2231d24372089
SHA256 f1929c2313fe3a507a283c0800263811718b464348fd0bbd5f025fdc7076a1d7
SHA512 a994b9883179154e83f4bae1601fe33b8a611e078cf06e0b394a45f5f888e09879aee8469ca610ae39a65131eb10da996f9fb462a38f3a7e98279f139b121378

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\A8EC9870D6D866924E4C11D690A6244EB15594FB

MD5 af8c9c5bca4666a7a3022f77a7bbead9
SHA1 7717863280e2f2675858953fc535b05a450127b3
SHA256 9282e122e5d9b784d03d4f6b83901a6dd2726b4b06cf85fa72fe284730c9f021
SHA512 497b69cfaecd91fa5361fb7faabcc385a23d5108d0b1b941bcbfea9ba0e04478ce6af7fcc1bc8e05796a6f559116519450838cbc8b562c5fd95668e368d59cfe

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\DA42CAE2699D0E5E9C2D7BDF1C2F3A2844D2239B

MD5 a4f313d8a2dfab7a2438cd88006384b8
SHA1 959d8989182a8746ab2ed559f45c34e47fe1864d
SHA256 ed478d1b465f8d36763077c042920223fc8626caea084c514823e3257ae25ace
SHA512 66b95cd82d4887afd05290d67b033d7f18dc450dec7153091ed51e579b491af336a3ad93ab40aa43344f5332bbb8de50b9209d60bb301b9cd0d7a5ce2bb64a38

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\97A11F2E865479807B0667E7E789F785331EFDA8

MD5 79f89eb66893c9534e8b3415d5ee4874
SHA1 36e29a8eacb25d93cbf37c5f3fd748de719cf336
SHA256 d3b02297dbb2d2c0a2cb968638c1ba7fb83e394298adbf7eeceec7966655388a
SHA512 1a24350831552f9ecbfbcd4071a75e7c76f540944f5b1c78e740d8bc9b34c319b4759136aa6ecd2d1d5b88a3c175d4f8e6186abcc63ddc2ba1dcef0e40833d86

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\8D83C6512812C98991407FCEDFDC6DCD3B7E0BBA

MD5 e8f4c64e9b336ec25b8152be19ffb3d9
SHA1 71d3a6032951777027cfe870dc054ac8c0880424
SHA256 fb875d74c6c3e59f4f8cea46f1c5e0faa84f737d847c818f398c6ca61a046544
SHA512 c41d87eab6f15e9da99a9298c88fb2ac1dcee5dbfbf744e6afde6c301c4c4da89706e3271f507d78682aac87def7f1cf8b468d081abbdc2aee9b84cb305e8d52

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\32E57B38AB655224D23CE28F4E41A8185F01A24C

MD5 8960e9d97f24697f6f1f105c6f5d61f9
SHA1 5607f35efef46c2693c9c9761d2c9572280f9d4e
SHA256 41c4ede4c30fc8b2e4946374615ebfb183e84fb154023cd392a5428894e47953
SHA512 c243f25336c0317870b56e0e25efa9f2a6a9cde9c119a3562652edc3c5bd52b70f16a48c66d5f8186f6a54f2341c3b9ebca2704c62c4ee389aea3d5ec87054f8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\38F25A6466A392CE2E3C9D661C026E9951B4EB18

MD5 9937613a936453b9068c25ee27a64739
SHA1 5c11f55cfac78f4b3ef61213c9a770a269c1a8ca
SHA256 71fb77908310d80cd38c808cf854718ef994ec5bffd103dce884f01348485aa6
SHA512 8ec3ecd47962705c87def7bc241c2d951536af25d62966cc209e9ddc52f42adc6f9f2cef2aa04af11031dea6aec7f6eb077328ab5462392abd9a3eccd609050b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\D331785DE7D4EB5EF2380660BBA809E547871CA4

MD5 b91d462c2838ebdcd2c19da6cb9a002e
SHA1 72e137d2781e2102b2b329899ca2a47fa2aaace9
SHA256 f1ff7327e6ac69dca2903e5cbc40c135180f1e8708861c6e0e832a5a76076096
SHA512 6a95b5c61c6192551fb39d3b0dbab5a761e9ed5c001b505737593766386fb07303632c7875fda18fc1014f54a24ba312e94e5cead825ffdf0e1cf48a19c6202b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\targeting.snapshot.json

MD5 65afdb11224c65c5cfc9a509e911360c
SHA1 94b40243d7f8d9c541b797d7e2f160e625618fdd
SHA256 efc1bf6f4cbaa322afea04ca7ec20268677830e607e704920c86c39fafd29ae1
SHA512 c98f7c9a90865a53458e06e14787bace396f0cae1ef808187cf52152e0193686a4b382e8b1c449e56daffa1d654c6ecdaea20f70bc7aabf02895345226f775df

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\xulstore.json

MD5 66c23c3b9306330314a63e5a3b9fe1e8
SHA1 6ebac49b976c44d999445f8f7f8831a3d4ba7143
SHA256 7ede81189e4d7c7a6d503cb0df11bbcf801631296382712ac58794bd5c194ab8
SHA512 075879724bd81f580984ac025694200df329cdb0d45843fc5a795395bfc5a92c7f41b10e1735ec9f63cb1047d1cc1d5c8cf2de7db77b5d6719e4a4c10adf8856

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\68938D81755CE5CEA3C7253C7F6571A63970C787

MD5 f21b285f3caabfa02d393d1d59ddb4f8
SHA1 d77b694595273616d624cdc8786291c5b4c3a06e
SHA256 7535625d34f54d6d0b532a06f6915dc49c5b90c0b3fa6182bf0ae6d8f3dbc119
SHA512 7c5be2aed708f5f42da75726ef928a1b9e59241299ec64610e8a4855adf269b94a32d0566cd3c6683569150fc9f32f4e97f1b548dfaab1816668fd98a93495a5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\bookmarkbackups\bookmarks-2024-10-13_11_+ftwiIQfjYtrlniJNZ3V4g==.jsonlz4

MD5 5454384ec38638981ce5e67157b8f07d
SHA1 20da940d1b48d7c555b5f7d050fcc26b9fcaa217
SHA256 faa28431b2b70bce1f1552ef63266622ee731b9a30a3b314c9b6d6e0bdc07e11
SHA512 5526c70002b23f106dbb494742fce905cba27979f8bf8f2a92832232fb34b6bf873043f0b54f88567250f358e5fdd93438f5211318ee303ad71615ea85d1f2f6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\SiteSecurityServiceState.txt

MD5 701d4197039f4a6faf5c25bba19f475d
SHA1 f3b1ab4d997fa6b41392c07684f67406e18217d0
SHA256 2b73daafad4e4f1854e24cdfa45c42dd4b4a39867e1a2094b38dbd84ca27237a
SHA512 42132f94e99499afa0b00a662975b979f77af04b4468c19d6fca2ec6f368d5559c9f43379549ed85d2f0ee0c19310a7e491176271ab223cef701397531ab78e7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\AlternateServices.txt

MD5 359bc07a5d4a46ad5f0672cd586334d9
SHA1 2e419d1cdd38cf15c395ba3d2cb8a6e1c3be5df8
SHA256 a6e65cb83fa058e0aacf1223b1f32973bf79e5f6f8c90d0c22114f393788e832
SHA512 3fd8186eb772c84f94c7bbd6ba2f38a9224b815f10b51703a1d9c1c069b471f77730e7cce59d04f4f1a1b3cdfb96cf9120574630683f2f4e9487a3e1ec450c91

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\AlternateServices-1.txt

MD5 8fe337f550f7f82c410fc7fd12c39c3c
SHA1 65cf3ab332570c7412fb3df78adea363a2b4f632
SHA256 782244daa451b7f479aeaa5167162314c2b2e457738ca1de8345c60b6b681f23
SHA512 ecdd70cb95996a3112a4e9577a4050481f78f0ba4b67bb83669d6aa6ef65b9c42846ae0c9f708c6933a7403e6f98a19ab108a7682d2b7a83ca49fb4f7ebb3b70