Analysis Overview
SHA256
35dcb543ce32c17153d4401abc5da15d8c8db7b16d72c6e6dfe993eabcc87f86
Threat Level: Known bad
The file boobee.txt was found to be: Known bad.
Malicious Activity Summary
Rhadamanthys family
Rhadamanthys
Suspicious use of NtCreateUserProcessOtherParentProcess
Drops file in Drivers directory
Downloads MZ/PE file
Sets service image path in registry
Executes dropped EXE
Checks computer location settings
Loads dropped DLL
Legitimate hosting services abused for malware hosting/C2
Checks installed software on the system
Probable phishing domain
Suspicious use of SetThreadContext
Drops file in Windows directory
Subvert Trust Controls: Mark-of-the-Web Bypass
Drops file in Program Files directory
Program crash
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Browser Information Discovery
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Checks SCSI registry key(s)
Modifies registry class
Opens file in notepad (likely ransom note)
Suspicious use of SetWindowsHookEx
Modifies system certificate store
Uses Task Scheduler COM API
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Checks processor information in registry
Suspicious use of WriteProcessMemory
NTFS ADS
Suspicious behavior: LoadsDriver
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-03 14:34
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-03 14:34
Reported
2024-11-03 14:54
Platform
win10ltsc2021-20241023-en
Max time kernel
1200s
Max time network
1153s
Command Line
Signatures
Rhadamanthys
Rhadamanthys family
Suspicious use of NtCreateUserProcessOtherParentProcess
Downloads MZ/PE file
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\Drivers\PROCMON24.SYS | C:\Users\Admin\AppData\Local\Temp\Procmon64.exe | N/A |
| File created | C:\Windows\system32\Drivers\PROCMON24.SYS | C:\Users\Admin\AppData\Local\Temp\Procmon64.exe | N/A |
| File opened for modification | C:\Windows\system32\Drivers\PROCMON24.SYS | C:\Users\Admin\Desktop\Procmon64.exe | N/A |
| File created | C:\Windows\system32\Drivers\PROCMON24.SYS | C:\Users\Admin\Desktop\Procmon64.exe | N/A |
Sets service image path in registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\PROCMON24\ImagePath = "\\??\\C:\\Windows\\system32\\Drivers\\PROCMON24.SYS" | C:\Users\Admin\AppData\Local\Temp\Procmon64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\PROCMON24\ImagePath = "\\??\\C:\\Windows\\system32\\Drivers\\PROCMON24.SYS" | C:\Users\Admin\Desktop\Procmon64.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\Procmon.exe | N/A |
Executes dropped EXE
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Process Hacker 2\ProcessHacker.exe | N/A |
| N/A | N/A | C:\Program Files\Process Hacker 2\ProcessHacker.exe | N/A |
| N/A | N/A | C:\Program Files\Process Hacker 2\ProcessHacker.exe | N/A |
| N/A | N/A | C:\Program Files\Process Hacker 2\ProcessHacker.exe | N/A |
| N/A | N/A | C:\Program Files\Process Hacker 2\ProcessHacker.exe | N/A |
| N/A | N/A | C:\Program Files\Process Hacker 2\ProcessHacker.exe | N/A |
| N/A | N/A | C:\Program Files\Process Hacker 2\ProcessHacker.exe | N/A |
| N/A | N/A | C:\Program Files\Process Hacker 2\ProcessHacker.exe | N/A |
| N/A | N/A | C:\Program Files\Process Hacker 2\ProcessHacker.exe | N/A |
| N/A | N/A | C:\Program Files\Process Hacker 2\ProcessHacker.exe | N/A |
| N/A | N/A | C:\Program Files\Process Hacker 2\ProcessHacker.exe | N/A |
| N/A | N/A | C:\Program Files\Process Hacker 2\ProcessHacker.exe | N/A |
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
Probable phishing domain
| Description | Indicator | Process | Target |
| HTTP URL | https://sourceforge.net/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8dcd282cf82a94ab | N/A | N/A |
Suspicious use of SetThreadContext
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Process Hacker 2\is-DPLLP.tmp | C:\Users\Admin\AppData\Local\Temp\is-JQUAK.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\plugins\is-DQ8LR.tmp | C:\Users\Admin\AppData\Local\Temp\is-JQUAK.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\plugins\is-5V3H8.tmp | C:\Users\Admin\AppData\Local\Temp\is-JQUAK.tmp\processhacker-2.39-setup.tmp | N/A |
| File opened for modification | C:\Program Files\Process Hacker 2\plugins\DotNetTools.dll | C:\Users\Admin\AppData\Local\Temp\is-JQUAK.tmp\processhacker-2.39-setup.tmp | N/A |
| File opened for modification | C:\Program Files\Process Hacker 2\plugins\ExtendedTools.dll | C:\Users\Admin\AppData\Local\Temp\is-JQUAK.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\is-8NFIO.tmp | C:\Users\Admin\AppData\Local\Temp\is-JQUAK.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\x86\plugins\is-DF8D6.tmp | C:\Users\Admin\AppData\Local\Temp\is-JQUAK.tmp\processhacker-2.39-setup.tmp | N/A |
| File opened for modification | C:\Program Files\Process Hacker 2\plugins\ExtendedNotifications.dll | C:\Users\Admin\AppData\Local\Temp\is-JQUAK.tmp\processhacker-2.39-setup.tmp | N/A |
| File opened for modification | C:\Program Files\Process Hacker 2\plugins\HardwareDevices.dll | C:\Users\Admin\AppData\Local\Temp\is-JQUAK.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\is-4ROS5.tmp | C:\Users\Admin\AppData\Local\Temp\is-JQUAK.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\plugins\is-VR85G.tmp | C:\Users\Admin\AppData\Local\Temp\is-JQUAK.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\is-GMF3E.tmp | C:\Users\Admin\AppData\Local\Temp\is-JQUAK.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\x86\is-FAF1L.tmp | C:\Users\Admin\AppData\Local\Temp\is-JQUAK.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\plugins\is-QLO2B.tmp | C:\Users\Admin\AppData\Local\Temp\is-JQUAK.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\is-GJDM2.tmp | C:\Users\Admin\AppData\Local\Temp\is-JQUAK.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\plugins\is-EP98K.tmp | C:\Users\Admin\AppData\Local\Temp\is-JQUAK.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\plugins\is-CNNSS.tmp | C:\Users\Admin\AppData\Local\Temp\is-JQUAK.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\is-KDU1I.tmp | C:\Users\Admin\AppData\Local\Temp\is-JQUAK.tmp\processhacker-2.39-setup.tmp | N/A |
| File opened for modification | C:\Program Files\Process Hacker 2\unins000.dat | C:\Users\Admin\AppData\Local\Temp\is-JQUAK.tmp\processhacker-2.39-setup.tmp | N/A |
| File opened for modification | C:\Program Files\Process Hacker 2\ProcessHacker.exe | C:\Users\Admin\AppData\Local\Temp\is-JQUAK.tmp\processhacker-2.39-setup.tmp | N/A |
| File opened for modification | C:\Program Files\Process Hacker 2\peview.exe | C:\Users\Admin\AppData\Local\Temp\is-JQUAK.tmp\processhacker-2.39-setup.tmp | N/A |
| File opened for modification | C:\Program Files\Process Hacker 2\plugins\WindowExplorer.dll | C:\Users\Admin\AppData\Local\Temp\is-JQUAK.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\is-949FG.tmp | C:\Users\Admin\AppData\Local\Temp\is-JQUAK.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\plugins\is-R6I3C.tmp | C:\Users\Admin\AppData\Local\Temp\is-JQUAK.tmp\processhacker-2.39-setup.tmp | N/A |
| File opened for modification | C:\Program Files\Process Hacker 2\plugins\NetworkTools.dll | C:\Users\Admin\AppData\Local\Temp\is-JQUAK.tmp\processhacker-2.39-setup.tmp | N/A |
| File opened for modification | C:\Program Files\Process Hacker 2\plugins\UserNotes.dll | C:\Users\Admin\AppData\Local\Temp\is-JQUAK.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\unins000.dat | C:\Users\Admin\AppData\Local\Temp\is-JQUAK.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\is-SLJFH.tmp | C:\Users\Admin\AppData\Local\Temp\is-JQUAK.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\is-IO5TG.tmp | C:\Users\Admin\AppData\Local\Temp\is-JQUAK.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\plugins\is-DODU0.tmp | C:\Users\Admin\AppData\Local\Temp\is-JQUAK.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\plugins\is-TD8RC.tmp | C:\Users\Admin\AppData\Local\Temp\is-JQUAK.tmp\processhacker-2.39-setup.tmp | N/A |
| File opened for modification | C:\Program Files\Process Hacker 2\x86\plugins\DotNetTools.dll | C:\Users\Admin\AppData\Local\Temp\is-JQUAK.tmp\processhacker-2.39-setup.tmp | N/A |
| File opened for modification | C:\Program Files\Process Hacker 2\x86\ProcessHacker.exe | C:\Users\Admin\AppData\Local\Temp\is-JQUAK.tmp\processhacker-2.39-setup.tmp | N/A |
| File opened for modification | C:\Program Files\Process Hacker 2\plugins\Updater.dll | C:\Users\Admin\AppData\Local\Temp\is-JQUAK.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\plugins\is-N29EF.tmp | C:\Users\Admin\AppData\Local\Temp\is-JQUAK.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\plugins\is-4PGJF.tmp | C:\Users\Admin\AppData\Local\Temp\is-JQUAK.tmp\processhacker-2.39-setup.tmp | N/A |
| File opened for modification | C:\Program Files\Process Hacker 2\plugins\OnlineChecks.dll | C:\Users\Admin\AppData\Local\Temp\is-JQUAK.tmp\processhacker-2.39-setup.tmp | N/A |
| File opened for modification | C:\Program Files\Process Hacker 2\plugins\SbieSupport.dll | C:\Users\Admin\AppData\Local\Temp\is-JQUAK.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\plugins\is-TL3UB.tmp | C:\Users\Admin\AppData\Local\Temp\is-JQUAK.tmp\processhacker-2.39-setup.tmp | N/A |
| File opened for modification | C:\Program Files\Process Hacker 2\plugins\ExtendedServices.dll | C:\Users\Admin\AppData\Local\Temp\is-JQUAK.tmp\processhacker-2.39-setup.tmp | N/A |
| File opened for modification | C:\Program Files\Process Hacker 2\plugins\ToolStatus.dll | C:\Users\Admin\AppData\Local\Temp\is-JQUAK.tmp\processhacker-2.39-setup.tmp | N/A |
| File created | C:\Program Files\Process Hacker 2\is-ROKOK.tmp | C:\Users\Admin\AppData\Local\Temp\is-JQUAK.tmp\processhacker-2.39-setup.tmp | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\processhacker-2.39-setup.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
Program crash
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\dialer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\dialer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\dialer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-JQUAK.tmp\processhacker-2.39-setup.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\dialer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\dialer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\dialer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\Procmon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\dialer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\dialer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\dialer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\dialer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\processhacker-2.39-setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\dialer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\dialer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\dialer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\dialer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\dialer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\dialer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\dialer.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Process Hacker 2\ProcessHacker.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Process Hacker 2\ProcessHacker.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\ProcMon.Logfile.1\DefaultIcon | C:\Users\Admin\Desktop\Procmon64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\ProcMon.Logfile.1\DefaultIcon\ = "\"C:\\Users\\Admin\\Desktop\\Procmon64.exe\",0" | C:\Users\Admin\Desktop\Procmon64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\ProcMon.Logfile.1\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\Procmon64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\ProcMon.Logfile.1\ = "ProcMon Log File" | C:\Users\Admin\Desktop\Procmon64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\ProcMon.Logfile.1\shell\open\command\ = "\"C:\\Users\\Admin\\Desktop\\Procmon64.exe\" /OpenLog \"%1\"" | C:\Users\Admin\Desktop\Procmon64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\ProcMon.Logfile.1\shell\open\command | C:\Users\Admin\AppData\Local\Temp\Procmon64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\ProcMon.Logfile.1\shell | C:\Users\Admin\AppData\Local\Temp\Procmon64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\ProcMon.Logfile.1\shell\open | C:\Users\Admin\AppData\Local\Temp\Procmon64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\ProcMon.Logfile.1 | C:\Users\Admin\Desktop\Procmon64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\.PML | C:\Users\Admin\AppData\Local\Temp\Procmon64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\ProcMon.Logfile.1 | C:\Users\Admin\AppData\Local\Temp\Procmon64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\ProcMon.Logfile.1\ = "ProcMon Log File" | C:\Users\Admin\AppData\Local\Temp\Procmon64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\.PML\ = "ProcMon.Logfile.1" | C:\Users\Admin\AppData\Local\Temp\Procmon64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\ProcMon.Logfile.1\DefaultIcon\ = "\"C:\\Users\\Admin\\Desktop\\Procmon.exe\",0" | C:\Users\Admin\AppData\Local\Temp\Procmon64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\.PML | C:\Users\Admin\Desktop\Procmon64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\.PML\ = "ProcMon.Logfile.1" | C:\Users\Admin\Desktop\Procmon64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\ProcMon.Logfile.1\shell\open\command | C:\Users\Admin\Desktop\Procmon64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\Desktop\Procmon.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\ProcMon.Logfile.1\shell\open\command\ = "\"C:\\Users\\Admin\\Desktop\\Procmon.exe\" /OpenLog \"%1\"" | C:\Users\Admin\AppData\Local\Temp\Procmon64.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 | C:\Program Files\Process Hacker 2\ProcessHacker.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Program Files\Process Hacker 2\ProcessHacker.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Program Files\Process Hacker 2\ProcessHacker.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\Misha Video.rar:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\ProcessMonitor.zip:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\processhacker-2.39-setup.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Procmon64.exe | N/A |
| N/A | N/A | C:\Program Files\Process Hacker 2\ProcessHacker.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Procmon64.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Procmon64.exe | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\system32\sihost.exe
sihost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\boobee.txt
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1972 -parentBuildID 20240401114208 -prefsHandle 1888 -prefMapHandle 1880 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {97743326-3ae3-4086-b239-8672e3e11a69} 1680 "\\.\pipe\gecko-crash-server-pipe.1680" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2364 -parentBuildID 20240401114208 -prefsHandle 2356 -prefMapHandle 2344 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa99851f-588f-4057-a009-449194cb5879} 1680 "\\.\pipe\gecko-crash-server-pipe.1680" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3288 -childID 1 -isForBrowser -prefsHandle 3240 -prefMapHandle 3236 -prefsLen 23858 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a9f0be9-e5c9-4157-a4c7-19c8df1d5052} 1680 "\\.\pipe\gecko-crash-server-pipe.1680" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3968 -childID 2 -isForBrowser -prefsHandle 3960 -prefMapHandle 3944 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {45501ca5-4a1e-401b-b817-915efc2e8041} 1680 "\\.\pipe\gecko-crash-server-pipe.1680" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4860 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4828 -prefMapHandle 4852 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8764989-a056-48cb-94da-9be20702cf82} 1680 "\\.\pipe\gecko-crash-server-pipe.1680" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5352 -childID 3 -isForBrowser -prefsHandle 5376 -prefMapHandle 5344 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac34c5f2-a3a4-431a-9935-845bff043b32} 1680 "\\.\pipe\gecko-crash-server-pipe.1680" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5512 -childID 4 -isForBrowser -prefsHandle 5520 -prefMapHandle 5524 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1592ed22-a3ab-4b85-b8c6-867119072d7b} 1680 "\\.\pipe\gecko-crash-server-pipe.1680" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5704 -childID 5 -isForBrowser -prefsHandle 5712 -prefMapHandle 5716 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {79aaada9-1f41-4853-9965-f37d7cd32d7f} 1680 "\\.\pipe\gecko-crash-server-pipe.1680" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6236 -childID 6 -isForBrowser -prefsHandle 6220 -prefMapHandle 6224 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c65a60fa-3931-441b-9473-f5ff160b8dbc} 1680 "\\.\pipe\gecko-crash-server-pipe.1680" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2720 -childID 7 -isForBrowser -prefsHandle 4500 -prefMapHandle 3528 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {da860103-5366-4e5a-bcae-3e43259be624} 1680 "\\.\pipe\gecko-crash-server-pipe.1680" tab
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f8 0x458
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap6703:80:7zEvent28020
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\info.txt
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\MacOS\instructions.txt
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap17092:80:7zEvent13002
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3540 -childID 8 -isForBrowser -prefsHandle 6464 -prefMapHandle 3532 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5d044258-2763-4354-bcf7-a6b83e827b29} 1680 "\\.\pipe\gecko-crash-server-pipe.1680" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6196 -childID 9 -isForBrowser -prefsHandle 6464 -prefMapHandle 5748 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {605397ae-01f0-41ad-ac4d-9bd32267dfbe} 1680 "\\.\pipe\gecko-crash-server-pipe.1680" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5556 -childID 10 -isForBrowser -prefsHandle 5216 -prefMapHandle 4608 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d88eed5e-4035-4455-bc45-a4c337135352} 1680 "\\.\pipe\gecko-crash-server-pipe.1680" tab
C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\logo.png"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4860 -childID 11 -isForBrowser -prefsHandle 5344 -prefMapHandle 6732 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b5ebb07c-9224-4c88-8d72-1d007795207e} 1680 "\\.\pipe\gecko-crash-server-pipe.1680" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7388 -childID 12 -isForBrowser -prefsHandle 6748 -prefMapHandle 6504 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ccfb2077-38af-4b95-b7ff-9cfe539708c4} 1680 "\\.\pipe\gecko-crash-server-pipe.1680" tab
C:\Users\Admin\Desktop\2 Video Missha example promouting full hd 1080 view colloboration niv.exe
"C:\Users\Admin\Desktop\2 Video Missha example promouting full hd 1080 view colloboration niv.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7600 -childID 13 -isForBrowser -prefsHandle 7340 -prefMapHandle 6976 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {561ae058-d0b2-4190-99b8-638425508245} 1680 "\\.\pipe\gecko-crash-server-pipe.1680" tab
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\SysWOW64\dialer.exe
"C:\Windows\system32\dialer.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 868 -ip 868
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 868 -s 544
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 868 -ip 868
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 868 -s 552
C:\Users\Admin\Desktop\1 Video Missha example promouting full hd 1080 view colloboration niv.exe
"C:\Users\Admin\Desktop\1 Video Missha example promouting full hd 1080 view colloboration niv.exe"
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\SysWOW64\dialer.exe
"C:\Windows\system32\dialer.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 1720 -ip 1720
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 508
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 1720 -ip 1720
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 504
C:\Users\Admin\Desktop\1 Video Missha example promouting full hd 1080 view colloboration niv.exe
"C:\Users\Admin\Desktop\1 Video Missha example promouting full hd 1080 view colloboration niv.exe"
C:\Users\Admin\Desktop\2 Video Missha example promouting full hd 1080 view colloboration niv.exe
"C:\Users\Admin\Desktop\2 Video Missha example promouting full hd 1080 view colloboration niv.exe"
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\SysWOW64\dialer.exe
"C:\Windows\system32\dialer.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 224 -ip 224
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 224 -s 484
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 224 -ip 224
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 224 -s 476
C:\Users\Admin\Desktop\1 Video Missha example promouting full hd 1080 view colloboration niv.exe
"C:\Users\Admin\Desktop\1 Video Missha example promouting full hd 1080 view colloboration niv.exe"
C:\Users\Admin\Desktop\2 Video Missha example promouting full hd 1080 view colloboration niv.exe
"C:\Users\Admin\Desktop\2 Video Missha example promouting full hd 1080 view colloboration niv.exe"
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\SysWOW64\dialer.exe
"C:\Windows\system32\dialer.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 5776 -ip 5776
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5776 -s 484
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 5776 -ip 5776
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5776 -s 476
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\SysWOW64\dialer.exe
"C:\Windows\system32\dialer.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 4964 -ip 4964
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 512
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 4964 -ip 4964
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 532
C:\Windows\SysWOW64\dialer.exe
"C:\Windows\system32\dialer.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 5072 -ip 5072
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 480
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 5072 -ip 5072
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 476
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3708 -childID 14 -isForBrowser -prefsHandle 5912 -prefMapHandle 7076 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec401e99-ef7e-441d-9b0d-9d9df5933ac5} 1680 "\\.\pipe\gecko-crash-server-pipe.1680" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7512 -childID 15 -isForBrowser -prefsHandle 7516 -prefMapHandle 4860 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c56cec5-dd09-422a-9aca-dd45ae7d67ef} 1680 "\\.\pipe\gecko-crash-server-pipe.1680" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4504 -childID 16 -isForBrowser -prefsHandle 2720 -prefMapHandle 7280 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {957b393a-3a04-46bb-86b3-1c68d5e4973b} 1680 "\\.\pipe\gecko-crash-server-pipe.1680" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5220 -childID 17 -isForBrowser -prefsHandle 5556 -prefMapHandle 7152 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f985afd6-e34b-4d52-9197-ef06ee36a9e7} 1680 "\\.\pipe\gecko-crash-server-pipe.1680" tab
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap11512:86:7zEvent31275
C:\Users\Admin\Desktop\Procmon.exe
"C:\Users\Admin\Desktop\Procmon.exe"
C:\Users\Admin\AppData\Local\Temp\Procmon64.exe
"C:\Users\Admin\AppData\Local\Temp\Procmon64.exe" /originalpath "C:\Users\Admin\Desktop\Procmon.exe"
C:\Users\Admin\Desktop\Procmon64.exe
"C:\Users\Admin\Desktop\Procmon64.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7368 -childID 18 -isForBrowser -prefsHandle 5376 -prefMapHandle 7264 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {30cfe69b-76a6-4327-b41d-c2d33c8e88cd} 1680 "\\.\pipe\gecko-crash-server-pipe.1680" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7216 -childID 19 -isForBrowser -prefsHandle 4672 -prefMapHandle 6592 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3229e9c5-ef52-4666-86ef-2f9c14f0a95f} 1680 "\\.\pipe\gecko-crash-server-pipe.1680" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7340 -childID 20 -isForBrowser -prefsHandle 6592 -prefMapHandle 7064 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd076b55-fbc6-494c-932d-83558a4df83e} 1680 "\\.\pipe\gecko-crash-server-pipe.1680" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7740 -childID 21 -isForBrowser -prefsHandle 7660 -prefMapHandle 7668 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a47ea70-88ba-4fce-9c4f-46197295d5fb} 1680 "\\.\pipe\gecko-crash-server-pipe.1680" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2588 -childID 22 -isForBrowser -prefsHandle 5568 -prefMapHandle 6820 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8e4db0a-5897-48e5-8dd3-5fe4763435da} 1680 "\\.\pipe\gecko-crash-server-pipe.1680" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7120 -childID 23 -isForBrowser -prefsHandle 7080 -prefMapHandle 5268 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2bf8c7d4-d645-4201-a990-456c84e1646e} 1680 "\\.\pipe\gecko-crash-server-pipe.1680" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8556 -childID 24 -isForBrowser -prefsHandle 8596 -prefMapHandle 8580 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {561d18bf-fb24-4850-97a9-e1026a67c1f5} 1680 "\\.\pipe\gecko-crash-server-pipe.1680" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8708 -childID 25 -isForBrowser -prefsHandle 8524 -prefMapHandle 8516 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc25f9be-fb24-4736-8aea-f26bf4601f88} 1680 "\\.\pipe\gecko-crash-server-pipe.1680" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8344 -childID 26 -isForBrowser -prefsHandle 8532 -prefMapHandle 7204 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b93f6bd7-43b9-4516-8b25-cf98663a3173} 1680 "\\.\pipe\gecko-crash-server-pipe.1680" tab
C:\Users\Admin\Downloads\processhacker-2.39-setup.exe
"C:\Users\Admin\Downloads\processhacker-2.39-setup.exe"
C:\Users\Admin\AppData\Local\Temp\is-JQUAK.tmp\processhacker-2.39-setup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-JQUAK.tmp\processhacker-2.39-setup.tmp" /SL5="$504B0,1874675,150016,C:\Users\Admin\Downloads\processhacker-2.39-setup.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8544 -childID 27 -isForBrowser -prefsHandle 8612 -prefMapHandle 7256 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb4ade47-2cfe-4ff3-a29b-1f3c465e453f} 1680 "\\.\pipe\gecko-crash-server-pipe.1680" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7144 -childID 28 -isForBrowser -prefsHandle 8856 -prefMapHandle 5280 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2a079bf-d0c6-42da-a57d-0ec856ab6d5d} 1680 "\\.\pipe\gecko-crash-server-pipe.1680" tab
C:\Program Files\Process Hacker 2\ProcessHacker.exe
"C:\Program Files\Process Hacker 2\ProcessHacker.exe"
C:\Users\Admin\Desktop\1 Video Missha example promouting full hd 1080 view colloboration niv.exe
"C:\Users\Admin\Desktop\1 Video Missha example promouting full hd 1080 view colloboration niv.exe"
C:\Users\Admin\Desktop\2 Video Missha example promouting full hd 1080 view colloboration niv.exe
"C:\Users\Admin\Desktop\2 Video Missha example promouting full hd 1080 view colloboration niv.exe"
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\SysWOW64\dialer.exe
"C:\Windows\system32\dialer.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 2212 -ip 2212
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 484
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 2212 -ip 2212
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 460
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\SysWOW64\dialer.exe
"C:\Windows\system32\dialer.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 896 -ip 896
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 512
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 896 -ip 896
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 520
C:\Users\Admin\Desktop\1 Video Missha example promouting full hd 1080 view colloboration niv.exe
"C:\Users\Admin\Desktop\1 Video Missha example promouting full hd 1080 view colloboration niv.exe"
C:\Users\Admin\Desktop\2 Video Missha example promouting full hd 1080 view colloboration niv.exe
"C:\Users\Admin\Desktop\2 Video Missha example promouting full hd 1080 view colloboration niv.exe"
C:\Users\Admin\Desktop\2 Video Missha example promouting full hd 1080 view colloboration niv.exe
"C:\Users\Admin\Desktop\2 Video Missha example promouting full hd 1080 view colloboration niv.exe"
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\SysWOW64\dialer.exe
"C:\Windows\system32\dialer.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 3252 -ip 3252
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 484
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 3252 -ip 3252
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 476
C:\Windows\SysWOW64\dialer.exe
"C:\Windows\system32\dialer.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 6124 -ip 6124
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6124 -s 476
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 396 -p 6124 -ip 6124
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6124 -s 480
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\SysWOW64\dialer.exe
"C:\Windows\system32\dialer.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 5284 -ip 5284
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5284 -s 484
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 5284 -ip 5284
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5284 -s 508
C:\Users\Admin\Desktop\1 Video Missha example promouting full hd 1080 view colloboration niv.exe
"C:\Users\Admin\Desktop\1 Video Missha example promouting full hd 1080 view colloboration niv.exe"
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\SysWOW64\dialer.exe
"C:\Windows\system32\dialer.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 1740 -ip 1740
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 480
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 1740 -ip 1740
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 456
C:\Users\Admin\Desktop\1 Video Missha example promouting full hd 1080 view colloboration niv.exe
"C:\Users\Admin\Desktop\1 Video Missha example promouting full hd 1080 view colloboration niv.exe"
C:\Users\Admin\Desktop\2 Video Missha example promouting full hd 1080 view colloboration niv.exe
"C:\Users\Admin\Desktop\2 Video Missha example promouting full hd 1080 view colloboration niv.exe"
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\SysWOW64\dialer.exe
"C:\Windows\system32\dialer.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 1516 -ip 1516
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 348
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 1516 -ip 1516
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 480
C:\Windows\SysWOW64\dialer.exe
"C:\Windows\system32\dialer.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 4732 -ip 4732
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 480
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 4732 -ip 4732
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 476
C:\Users\Admin\Desktop\1 Video Missha example promouting full hd 1080 view colloboration niv.exe
"C:\Users\Admin\Desktop\1 Video Missha example promouting full hd 1080 view colloboration niv.exe"
C:\Users\Admin\Desktop\2 Video Missha example promouting full hd 1080 view colloboration niv.exe
"C:\Users\Admin\Desktop\2 Video Missha example promouting full hd 1080 view colloboration niv.exe"
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\SysWOW64\dialer.exe
"C:\Windows\system32\dialer.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 5028 -ip 5028
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 480
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 5028 -ip 5028
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 476
C:\Windows\SysWOW64\dialer.exe
"C:\Windows\system32\dialer.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 5916 -ip 5916
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5916 -s 484
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 5916 -ip 5916
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5916 -s 348
C:\Users\Admin\Desktop\1 Video Missha example promouting full hd 1080 view colloboration niv.exe
"C:\Users\Admin\Desktop\1 Video Missha example promouting full hd 1080 view colloboration niv.exe"
C:\Users\Admin\Desktop\2 Video Missha example promouting full hd 1080 view colloboration niv.exe
"C:\Users\Admin\Desktop\2 Video Missha example promouting full hd 1080 view colloboration niv.exe"
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\SysWOW64\dialer.exe
"C:\Windows\system32\dialer.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 4228 -ip 4228
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 208
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 4228 -ip 4228
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 480
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | checkappexec.microsoft.com | udp |
| GB | 51.11.108.188:443 | checkappexec.microsoft.com | tcp |
| US | 8.8.8.8:53 | 188.108.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.197.79.204.in-addr.arpa | udp |
| N/A | 127.0.0.1:49786 | tcp | |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 140.230.185.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.121.117.34.in-addr.arpa | udp |
| N/A | 127.0.0.1:49796 | tcp | |
| US | 8.8.8.8:53 | mega.nz | udp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| US | 8.8.8.8:53 | mega.nz | udp |
| US | 8.8.8.8:53 | mega.nz | udp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| NL | 66.203.127.13:443 | eu.static.mega.co.nz | tcp |
| NL | 66.203.127.13:443 | eu.static.mega.co.nz | tcp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| US | 8.8.8.8:53 | 13.127.203.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.145.216.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.api.mega.co.nz | udp |
| LU | 66.203.125.15:443 | g.api.mega.co.nz | tcp |
| LU | 66.203.125.15:443 | g.api.mega.co.nz | tcp |
| US | 8.8.8.8:53 | lu.api.mega.co.nz | udp |
| US | 8.8.8.8:53 | lu.api.mega.co.nz | udp |
| US | 8.8.8.8:53 | 15.125.203.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| US | 8.8.8.8:53 | gfs302n113.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs208n139.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs204n146.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs270n121.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs214n139.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs262n333.userstorage.mega.co.nz | udp |
| CA | 162.208.16.23:443 | gfs302n113.userstorage.mega.co.nz | tcp |
| CA | 162.208.16.23:443 | gfs302n113.userstorage.mega.co.nz | tcp |
| CA | 162.208.16.23:443 | gfs302n113.userstorage.mega.co.nz | tcp |
| CA | 162.208.16.23:443 | gfs302n113.userstorage.mega.co.nz | tcp |
| US | 8.8.8.8:53 | gfs302n113.userstorage.mega.co.nz | udp |
| NL | 185.206.24.74:443 | gfs204n146.userstorage.mega.co.nz | tcp |
| NL | 185.206.24.74:443 | gfs204n146.userstorage.mega.co.nz | tcp |
| NL | 185.206.24.74:443 | gfs204n146.userstorage.mega.co.nz | tcp |
| NL | 185.206.24.74:443 | gfs204n146.userstorage.mega.co.nz | tcp |
| US | 8.8.8.8:53 | gfs204n146.userstorage.mega.co.nz | udp |
| DE | 94.24.36.43:443 | gfs262n333.userstorage.mega.co.nz | tcp |
| DE | 94.24.36.43:443 | gfs262n333.userstorage.mega.co.nz | tcp |
| DE | 94.24.36.43:443 | gfs262n333.userstorage.mega.co.nz | tcp |
| DE | 94.24.36.43:443 | gfs262n333.userstorage.mega.co.nz | tcp |
| US | 8.8.8.8:53 | gfs262n333.userstorage.mega.co.nz | udp |
| FR | 185.206.26.49:443 | gfs208n139.userstorage.mega.co.nz | tcp |
| FR | 185.206.26.49:443 | gfs208n139.userstorage.mega.co.nz | tcp |
| FR | 185.206.26.49:443 | gfs208n139.userstorage.mega.co.nz | tcp |
| FR | 185.206.26.49:443 | gfs208n139.userstorage.mega.co.nz | tcp |
| US | 8.8.8.8:53 | gfs208n139.userstorage.mega.co.nz | udp |
| LU | 89.44.168.181:443 | gfs270n121.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.181:443 | gfs270n121.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.181:443 | gfs270n121.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.181:443 | gfs270n121.userstorage.mega.co.nz | tcp |
| ES | 185.206.27.49:443 | gfs214n139.userstorage.mega.co.nz | tcp |
| ES | 185.206.27.49:443 | gfs214n139.userstorage.mega.co.nz | tcp |
| ES | 185.206.27.49:443 | gfs214n139.userstorage.mega.co.nz | tcp |
| ES | 185.206.27.49:443 | gfs214n139.userstorage.mega.co.nz | tcp |
| US | 8.8.8.8:53 | gfs270n121.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs214n139.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs204n146.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs262n333.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs302n113.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs214n139.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs270n121.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs208n139.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | 74.24.206.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.168.44.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.36.24.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.27.206.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.26.206.185.in-addr.arpa | udp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| US | 8.8.8.8:53 | 23.16.208.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | 216.72.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| DE | 23.55.161.185:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r3.sn-4g5ednd7.gvt1.com | udp |
| DE | 74.125.162.104:443 | r3.sn-4g5ednd7.gvt1.com | tcp |
| US | 8.8.8.8:53 | r3.sn-4g5ednd7.gvt1.com | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.162.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.161.55.23.in-addr.arpa | udp |
| DE | 74.125.162.104:443 | r3.sn-4g5ednd7.gvt1.com | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 4.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| GB | 216.58.204.81:443 | csp.withgoogle.com | tcp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| GB | 216.58.201.106:443 | ogads-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| GB | 216.58.201.106:443 | ogads-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| GB | 216.58.204.81:443 | csp.withgoogle.com | udp |
| GB | 216.58.201.106:443 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 172.217.16.238:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 172.217.16.238:443 | consent.google.com | udp |
| US | 8.8.8.8:53 | www.virustotal.com | udp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 8.8.8.8:53 | ghs-svc-https-c46.ghs-ssl.googlehosted.com | udp |
| US | 74.125.34.46:443 | ghs-svc-https-c46.ghs-ssl.googlehosted.com | tcp |
| US | 8.8.8.8:53 | ghs-svc-https-c46.ghs-ssl.googlehosted.com | udp |
| US | 8.8.8.8:53 | 46.34.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| GB | 142.250.187.195:443 | www.recaptcha.net | tcp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| GB | 142.250.187.195:443 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | recaptcha.net | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| GB | 142.250.200.3:443 | recaptcha.net | tcp |
| US | 8.8.8.8:53 | recaptcha.net | udp |
| US | 8.8.8.8:53 | recaptcha.net | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| GB | 142.250.200.3:443 | recaptcha.net | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ghs-svc-https-c46.ghs-ssl.googlehosted.com | udp |
| US | 8.8.8.8:53 | ghs-svc-https-c46.ghs-ssl.googlehosted.com | udp |
| US | 8.8.8.8:53 | 167.57.26.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mega.nz | udp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| US | 8.8.8.8:53 | mega.nz | udp |
| US | 8.8.8.8:53 | mega.nz | udp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| LU | 66.203.124.37:443 | eu.static.mega.co.nz | tcp |
| LU | 66.203.124.37:443 | eu.static.mega.co.nz | tcp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| US | 8.8.8.8:53 | 5.144.216.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.124.203.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.api.mega.co.nz | udp |
| LU | 66.203.125.13:443 | g.api.mega.co.nz | tcp |
| LU | 66.203.125.13:443 | g.api.mega.co.nz | tcp |
| US | 8.8.8.8:53 | lu.api.mega.co.nz | udp |
| US | 8.8.8.8:53 | 13.125.203.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| GB | 142.250.180.3:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | id.google.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| GB | 216.58.204.81:443 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| GB | 216.58.204.81:443 | csp.withgoogle.com | tcp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| GB | 142.250.180.3:443 | id.google.com | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| GB | 216.58.201.106:443 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.200.22:443 | i.ytimg.com | tcp |
| GB | 142.250.200.22:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.200.22:443 | i.ytimg.com | tcp |
| GB | 142.250.200.22:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | 2.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | learn.microsoft.com | udp |
| GB | 216.58.201.106:443 | ogads-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 2.22.5.214:443 | learn.microsoft.com | tcp |
| US | 8.8.8.8:53 | e13636.dscb.akamaiedge.net | udp |
| GB | 2.22.5.214:443 | e13636.dscb.akamaiedge.net | tcp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | e13636.dscb.akamaiedge.net | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | 214.5.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 13.107.246.65:443 | js.monitor.azure.com | tcp |
| US | 8.8.8.8:53 | s-part-0037.t-0009.t-msedge.net | udp |
| US | 13.107.246.65:443 | s-part-0037.t-0009.t-msedge.net | tcp |
| US | 8.8.8.8:53 | s-part-0037.t-0009.t-msedge.net | udp |
| US | 13.107.246.65:443 | s-part-0037.t-0009.t-msedge.net | tcp |
| US | 8.8.8.8:53 | 65.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 20.189.173.26:443 | browser.events.data.microsoft.com | tcp |
| US | 20.189.173.26:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | onedscolprdwus19.westus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | onedscolprdwus19.westus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | 26.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 8.8.8.8:53 | onedscolprdneu12.northeurope.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | onedscolprdneu12.northeurope.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 185.199.111.133:443 | camo.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 154.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | onedscolprdneu12.northeurope.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | download.sysinternals.com | udp |
| US | 152.199.19.160:443 | download.sysinternals.com | tcp |
| US | 152.199.19.160:443 | download.sysinternals.com | tcp |
| US | 8.8.8.8:53 | cs22.wpc.v0cdn.net | udp |
| US | 8.8.8.8:53 | onedscolprdneu12.northeurope.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | cs22.wpc.v0cdn.net | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 8.8.8.8:53 | onedscolprdwus22.westus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | onedscolprdwus22.westus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 8.8.8.8:53 | onedscolprdcus06.centralus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | onedscolprdcus06.centralus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | id.google.com | udp |
| GB | 216.58.204.81:443 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| GB | 142.250.187.195:443 | id.google.com | udp |
| GB | 142.250.187.195:443 | id.google.com | tcp |
| GB | 216.58.201.106:443 | ogads-pa.googleapis.com | udp |
| GB | 216.58.201.106:443 | ogads-pa.googleapis.com | tcp |
| GB | 142.250.187.195:443 | id.google.com | tcp |
| GB | 142.250.187.195:443 | id.google.com | tcp |
| GB | 216.58.201.106:443 | ogads-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | processhacker.sourceforge.io | udp |
| US | 172.64.150.83:443 | processhacker.sourceforge.io | tcp |
| US | 8.8.8.8:53 | prwebsecure.sourceforge.io.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | 83.150.64.172.in-addr.arpa | udp |
| US | 172.64.150.83:443 | processhacker.sourceforge.io | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | sourceforge.net | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 172.64.150.145:443 | sourceforge.net | tcp |
| US | 8.8.8.8:53 | sourceforge.net | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | sourceforge.net | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | udp |
| US | 172.64.150.145:443 | sourceforge.net | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 145.150.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 172.64.150.145:443 | sourceforge.net | tcp |
| US | 172.64.150.145:443 | sourceforge.net | tcp |
| US | 172.64.150.145:443 | sourceforge.net | udp |
| US | 8.8.8.8:53 | challenges.cloudflare.com | udp |
| US | 104.18.94.41:443 | challenges.cloudflare.com | tcp |
| US | 8.8.8.8:53 | challenges.cloudflare.com | udp |
| US | 8.8.8.8:53 | challenges.cloudflare.com | udp |
| US | 104.18.94.41:443 | challenges.cloudflare.com | udp |
| US | 104.18.94.41:443 | challenges.cloudflare.com | tcp |
| US | 8.8.8.8:53 | 41.94.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.fsdn.com | udp |
| US | 104.18.40.209:443 | a.fsdn.com | tcp |
| US | 104.18.40.209:443 | a.fsdn.com | tcp |
| US | 104.18.40.209:443 | a.fsdn.com | tcp |
| US | 104.18.40.209:443 | a.fsdn.com | tcp |
| US | 104.18.40.209:443 | a.fsdn.com | tcp |
| US | 104.18.40.209:443 | a.fsdn.com | tcp |
| US | 104.18.40.209:443 | a.fsdn.com | tcp |
| US | 104.18.40.209:443 | a.fsdn.com | tcp |
| US | 8.8.8.8:53 | a.fsdn.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | a.fsdn.com.cdn.cloudflare.net | udp |
| US | 104.18.40.209:443 | a.fsdn.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | d.delivery.consentmanager.net | udp |
| US | 8.8.8.8:53 | cdn.consentmanager.net | udp |
| DE | 87.230.98.76:443 | d.delivery.consentmanager.net | tcp |
| US | 8.8.8.8:53 | d.delivery.consentmanager.net | udp |
| GB | 89.187.167.39:443 | cdn.consentmanager.net | tcp |
| US | 8.8.8.8:53 | 1376624012.rsc.cdn77.org | udp |
| US | 8.8.8.8:53 | d.delivery.consentmanager.net | udp |
| US | 8.8.8.8:53 | c.sf-syn.com | udp |
| US | 8.8.8.8:53 | 1376624012.rsc.cdn77.org | udp |
| US | 8.8.8.8:53 | c.sf-syn.com | udp |
| US | 104.18.33.97:443 | c.sf-syn.com | tcp |
| US | 8.8.8.8:53 | c.sf-syn.com | udp |
| US | 104.18.33.97:443 | c.sf-syn.com | udp |
| US | 8.8.8.8:53 | 209.40.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.98.230.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.167.187.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.33.18.104.in-addr.arpa | udp |
| DE | 87.230.98.76:443 | d.delivery.consentmanager.net | tcp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | analytics.slashdotmedia.com | udp |
| US | 8.8.8.8:53 | j.6sc.co | udp |
| US | 8.8.8.8:53 | ml314.com | udp |
| US | 216.105.38.9:443 | analytics.slashdotmedia.com | tcp |
| US | 8.8.8.8:53 | analytics.slashdotmedia.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | ml314.com | udp |
| US | 8.8.8.8:53 | e212585.b.akamaiedge.net | udp |
| US | 8.8.8.8:53 | analytics.slashdotmedia.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | ml314.com | udp |
| US | 8.8.8.8:53 | e212585.b.akamaiedge.net | udp |
| US | 104.22.74.216:443 | btloader.com | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| GB | 2.16.34.66:443 | e212585.b.akamaiedge.net | tcp |
| US | 34.117.77.79:443 | ml314.com | tcp |
| US | 34.117.77.79:443 | ml314.com | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | 9.38.105.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.74.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.34.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.77.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | dpm.demdex.net | udp |
| US | 8.8.8.8:53 | idsync.rlcdn.com | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | ps.eyeota.net | udp |
| US | 8.8.8.8:53 | b.6sc.co | udp |
| US | 8.8.8.8:53 | c.6sc.co | udp |
| US | 8.8.8.8:53 | ipv6.6sc.co | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | idsync.rlcdn.com | udp |
| US | 8.8.8.8:53 | dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | ib.anycast.adnxs.com | udp |
| GB | 2.16.34.66:443 | ipv6.6sc.co | tcp |
| GB | 2.16.34.152:443 | ipv6.6sc.co | tcp |
| US | 8.8.8.8:53 | e212585.dscb.akamaiedge.net | udp |
| US | 8.8.8.8:53 | ps.eyeota.net | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | idsync.rlcdn.com | udp |
| US | 8.8.8.8:53 | dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | ib.anycast.adnxs.com | udp |
| US | 8.8.8.8:53 | e212585.dscb.akamaiedge.net | udp |
| US | 8.8.8.8:53 | ps.eyeota.net | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| IE | 54.170.25.213:443 | dpm.demdex.net | tcp |
| US | 35.244.174.68:443 | idsync.rlcdn.com | tcp |
| US | 3.33.220.150:443 | match.adsrvr.org | tcp |
| NL | 185.89.210.180:443 | ib.adnxs.com | tcp |
| DE | 3.125.70.222:443 | ps.eyeota.net | tcp |
| GB | 2.16.34.66:443 | e212585.dscb.akamaiedge.net | tcp |
| GB | 2.16.34.66:443 | e212585.dscb.akamaiedge.net | tcp |
| US | 35.244.174.68:443 | idsync.rlcdn.com | udp |
| US | 8.8.8.8:53 | 90275cf3bf55170aab19e9f67b1aa022.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | pagead-googlehosted.l.google.com | udp |
| GB | 216.58.213.1:443 | pagead-googlehosted.l.google.com | tcp |
| US | 8.8.8.8:53 | pagead-googlehosted.l.google.com | udp |
| US | 8.8.8.8:53 | 70.3.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.34.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.174.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.220.33.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.25.170.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.70.125.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 216.58.213.1:443 | pagead-googlehosted.l.google.com | udp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.169.33:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 33.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| US | 8.8.8.8:53 | cdn-content.ampproject.org | udp |
| GB | 142.250.180.1:443 | cdn-content.ampproject.org | tcp |
| GB | 142.250.180.1:443 | cdn-content.ampproject.org | tcp |
| GB | 142.250.180.1:443 | cdn-content.ampproject.org | tcp |
| US | 8.8.8.8:53 | cdn-content.ampproject.org | udp |
| GB | 142.250.180.1:443 | cdn-content.ampproject.org | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.180.1:443 | cdn-content.ampproject.org | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | downloads.sourceforge.net | udp |
| US | 204.68.111.105:443 | downloads.sourceforge.net | tcp |
| US | 8.8.8.8:53 | downloads.sourceforge.net | udp |
| US | 8.8.8.8:53 | downloads.sourceforge.net | udp |
| US | 8.8.8.8:53 | 105.111.68.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | netix.dl.sourceforge.net | udp |
| BG | 87.121.121.2:443 | netix.dl.sourceforge.net | tcp |
| US | 8.8.8.8:53 | netix.dl.sourceforge.net | udp |
| US | 8.8.8.8:53 | netix.dl.sourceforge.net | udp |
| US | 8.8.8.8:53 | 2.121.121.87.in-addr.arpa | udp |
| US | 104.18.40.209:443 | a.fsdn.com.cdn.cloudflare.net | tcp |
| DE | 87.230.98.76:443 | d.delivery.consentmanager.net | tcp |
| US | 8.8.8.8:53 | d.delivery.consentmanager.net | udp |
| GB | 2.16.34.66:443 | e212585.dscb.akamaiedge.net | tcp |
| US | 8.8.8.8:53 | e212585.b.akamaiedge.net | udp |
| US | 8.8.8.8:53 | snap.licdn.com | udp |
| US | 8.8.8.8:53 | a1916.dscg2.akamai.net | udp |
| US | 8.8.8.8:53 | a1916.dscg2.akamai.net | udp |
| DE | 2.19.11.122:443 | a1916.dscg2.akamai.net | tcp |
| US | 8.8.8.8:53 | f3b7f027d76f639d27bfaca2f6c15634.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | px.ads.linkedin.com | udp |
| GB | 216.58.213.1:443 | f3b7f027d76f639d27bfaca2f6c15634.safeframe.googlesyndication.com | tcp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| US | 8.8.8.8:53 | l-0005.l-msedge.net | udp |
| GB | 216.58.213.1:443 | f3b7f027d76f639d27bfaca2f6c15634.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | l-0005.l-msedge.net | udp |
| US | 8.8.8.8:53 | 122.11.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.42.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wj32.org | udp |
| US | 162.243.25.33:443 | wj32.org | tcp |
| US | 8.8.8.8:53 | processhacker.sourceforge.net | udp |
| US | 172.64.150.145:80 | processhacker.sourceforge.net | tcp |
| US | 172.64.150.145:443 | processhacker.sourceforge.net | tcp |
| US | 172.64.150.83:443 | processhacker.sourceforge.io | tcp |
| US | 8.8.8.8:53 | 1.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.243.107.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.94.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.40.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.74.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.3.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.220.33.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.111.68.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 8.8.8.8:53 | onedscolprdcus16.centralus.cloudapp.azure.com | udp |
| US | 52.182.143.213:443 | onedscolprdcus16.centralus.cloudapp.azure.com | tcp |
| US | 8.8.8.8:53 | onedscolprdcus16.centralus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.143.182.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\datareporting\glean\pending_pings\85c0e6b7-f943-47bf-b649-fd575499d9bc
| MD5 | 2a67ae2bb066032e72cb37397776d94c |
| SHA1 | d3b68425e25817bed6ae2b78ea889bed9c300730 |
| SHA256 | c306b419705cc130174b7eeb4f049007c4b6445c512edc2bd846275dc4b51e0f |
| SHA512 | 040f94f36d2d0f38f4ff9efd4cf5d2af8806ec80c60023046c60d2944dfc9f65fc83e8673366a3fa410ee18d65c849f7e48cefade31dba177e3aeec5843bfc8d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\datareporting\glean\pending_pings\ce3bc226-3450-40f6-a414-96c89ac70256
| MD5 | c76e3fa036cb67fbc0aa268c6d80a9dd |
| SHA1 | 9d37e22eaa27f62d8388387a8502ea8aafcc91c6 |
| SHA256 | 2149c8c770818464d0e548e506848a567c5aad29b76ac58cd1b7bc89baa59ae7 |
| SHA512 | 814c0cba40a39a8c838b38f41e9c30a171187649abd2b8a6c2a91a94ac6528f11ab84a80f80ce8e5043975add068fe3de5beacc99f801f4e8f940e3680f2b978 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\datareporting\glean\pending_pings\2283a9fc-91e5-44cc-be37-a68cd5fe525a
| MD5 | 78784cc8fc72006a31f595c5eb9fd78e |
| SHA1 | 0e984b0eff857278aa38a6ac212e4b07897d4bb6 |
| SHA256 | 910af1b81c189ba2c93fe15743c02e2e579a2a19270d95a230ad5308c45f90eb |
| SHA512 | 8eb14ef6d959d908c7217d64084dfd6dae364a3676d93a0c9b2f5472532afbc265c0f983c67dcd8c919322b6158f1323d6d494e5957058578eaf10c07e17e30b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | efcdf94e9d6e1526507ede035f4b831f |
| SHA1 | 9f043a45dab9f44c9239a461836381fb22b509f9 |
| SHA256 | c96b3c61520129f7a6899c459549df7d86ecaffa2bbd3312729e66ed20fc02cc |
| SHA512 | fecef6bff7ea9823672ebda2203566aa122bbe599c92155fb1d0e97ce181022137b55add2b413aadaa2eeca89d5393041fbbc5de40f6a96cb95b645a596ea862 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 9e3f76f7e13a702d50e9eda039fa2e50 |
| SHA1 | 0026baf4c7ff5db65fb96a27e1c64f35e797c80e |
| SHA256 | 436db702e88362920d2782e97d9c4b7a965daa8945d15f85cb944f674dbaa8b7 |
| SHA512 | b48128ef8550b7e12cf09817544ac2429c88415a4f3a87b2cb8d40c6b09c518b40401d77a1ba29cb9f2e0689ae9e48c21c080b7288d997de1bf319cd0e39b035 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\prefs.js
| MD5 | a100c407b79b61ba699b3c3b104f21a7 |
| SHA1 | f8eab58146953cf180796a76a9b3942e1d8d058d |
| SHA256 | 27a39c7f86ca0544cc3c6b796cbaefe62be1553d6f3299c1dcd848f97f7bc089 |
| SHA512 | 7e4e54c8ee9d4cc7ccf8d52964ae1fe4d00e375bcb02f7d5d828f6e164a2d01cd2bd9a679090e5f685081987b03a8ad841ba532afd190a0b7b4e49fe176f7c00 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\storage\default\https+++mega.nz\cache\morgue\66\{6881ee85-50d2-43c3-9d99-889a9e61b942}.final
| MD5 | 3efa9abd92666265dd81c4f4311a96f9 |
| SHA1 | 41b6b716d67b93555e444cd453f3c6e3f8c9522c |
| SHA256 | 5066b1841e8877db31312ef3af86f9bc9234c95071119e025764f45241a4e2e7 |
| SHA512 | 5961950f077501608a0f2975e7f69c483eeacc4eec4ac77fd650cc1131609501f87819f93ed23aa508a90426156abf038a859fac4112d2d4435bbb634027cd6c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\storage\default\https+++mega.nz\idb\3713173747_s_edmban.sqlite
| MD5 | 2e2b8477ebb5cf5b621aaef5b478b715 |
| SHA1 | 74c4c008e99d5f7a0f55d071276a7f46ca42f71d |
| SHA256 | ba2e48f74764339ed12d59a9085a46fbddb8fa8a2fa5e73bd91960ff03a42d0c |
| SHA512 | c8c8586137a9d65e7d0d2270e329de463565af16604e49eb1382687343e3361fd44b1b8434fc1123ae03d1aeed7c6dc35e17ed5abe7bf47f5f1009a85a846fc5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 15ded9fc23c75572c2eb4868ce879b33 |
| SHA1 | c9390bcd2c7ac0726cfde5402c8b684e25e3893a |
| SHA256 | c9c8ad6169867b82c6b74ace9ebb5e4368124821df34d2223714d75a4fcf6e70 |
| SHA512 | 9256af202705af7de875e374cbf8726269e690b1c3b9edc95fddfa7ed5cb5161419be0d0b15d9b28f85dbfe17b933f6f72a0fbf1da2e67b4bf7bfd056392d197 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\prefs-1.js
| MD5 | 83bb31288b16390a60930c6bf7224c61 |
| SHA1 | 7bf3c54cfa7bb44a02a225114857c54c5eb8ca28 |
| SHA256 | c768c52f60a6fa6be780f2d871ccb070302b7e2b5108fafa5fc3478c6dddc4f6 |
| SHA512 | f7b1b5ec234d665d07654d262275117be094e9ee0e231fd81fc11d20cdb50b9772483023f8e2518f011a16d44738025761d3edbe829f9b51613055c1cbda7529 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\AlternateServices.bin
| MD5 | 86415766758c6867fabd26409f7e1103 |
| SHA1 | aaf6baea47b4d1b871e87e375e44506551b2bf8a |
| SHA256 | bb3cdda091f3793c2d12fec034d21cb895ad2e25c9e1b3d9388bd45a38a0986e |
| SHA512 | 47ec140766ceb037f0b1615d33b94ecc7b062dc448806aef3cc8122fa688cd5500bc1670def120cec558fff1c8f3e04a221f036fc6e5161f64509988d0cb4e69 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 5fed14c7fbec2d90db31c66457ef1486 |
| SHA1 | 6a126ac507dd7871d257e60e0873257109a62a09 |
| SHA256 | 385694655eaccca7b2f8a0b512b2cb558bd4a5d1a4a237fb81ebb660472a0099 |
| SHA512 | 410d26c30ec88e01aa1dd8bd36d74222602848edcf7f038044c11175c57cf97696b4243d38f2520670b818fc0a4866f9f4a66f1fb97c931b972e067597f5c62d |
C:\Users\Admin\Desktop\info.txt
| MD5 | dbe5d4bc9d3108d88253a132728f66f6 |
| SHA1 | c84ce29e50152cbd89b9d94a300274a99b11f09c |
| SHA256 | b78994027dee73ba47f6311cd364bbd320c20d6058ca852ba72dddcec7728354 |
| SHA512 | d0459b1ef99bf1433f51df24c907787440b49ea9c33f7d405f822b2b7dc538b08b7a0b1d541f7c93173457bacdf9aaaabf0e9087902568b5bdcb3d05e1d57db4 |
C:\Users\Admin\Desktop\Contract Missha.html
| MD5 | 91e913aceefadf8cd7b9f0fa2069401e |
| SHA1 | 2bc4c5a228f6193de3b0b562bf23ac2d2b4c8aa2 |
| SHA256 | 52b1906a7dbcea34c0dc900095984d3b00190cbc3e1e5f48e8efc44f23af3fd8 |
| SHA512 | b6629887cbfb9cefc30d5158fc01abb47682949ec0a2bb6cfb00ae18a9427a2a507ff54d45c3fef87c9becacaf9bc90cc51b119405fe9acc1a4c4ce1e7fc5d1f |
C:\Users\Admin\Desktop\logo.png
| MD5 | 9acefc5b8ae72c8ef5cacde426efde6d |
| SHA1 | 9ef3d93c17a9cf3448a432f46ccb93132e8d5bc4 |
| SHA256 | ad02285ad9342d05e3efd0dc3eb40267efc89930d6d7f480c7ccbc8f0360ca80 |
| SHA512 | 358cbd54aade8e0e89280ad76825f7617eabbb6e491b40101269ed27aef70b5fdb838d5051eefa3c59cf4fabe0ee9468164be8a96bda0f7fc7fbe6b5e3e6a7d9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 0f44c9640277abe082de3dc464457565 |
| SHA1 | e3f56ece4dce946412c4b2eff7ec0c456b575b9f |
| SHA256 | 05e88fdd808294688575806f004a1ff576c5a21c56f121223bc6e4ba95d98846 |
| SHA512 | 5b715c0cf2e6c35633ebeadfce3f3fc88ba0552773f59d3f38fa51bdf9f6c3af436b53861d21718798dede6aa62d2103e061493837af4390298cbe14f1ba52ee |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\storage\default\https+++www.virustotal.com\cache\morgue\99\{dd8c65b1-75fc-4378-a9b6-d9be778e0763}.final
| MD5 | 3bd181fab15a3ff79f4ec6203e8c11d8 |
| SHA1 | ce265e4838dec0ab068ef5f3db78dbc0dc00a1e0 |
| SHA256 | dda66a6bf5e20e27e7738723bb7db889b624066c7b4063b4398c401ec674902b |
| SHA512 | da8824488efa0247f01c7532b52d42f29f2cc27f57b76c505b829c7eab0877ec1b9875f7d3d60e2b135199f2ec19ed829baf7f380337b485658201148700c728 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\serviceworker-1.txt
| MD5 | a289d72038983aa2a35a211ff4b39fd7 |
| SHA1 | 2dfd899ef5c5d659ca57156234c6d95477a77847 |
| SHA256 | 855b2b58d7cb22b3745cafe6a4a07e04ddb5195df52f41e0a6b122cc4163ac6e |
| SHA512 | df32ea374705c33e124ee7fe3359246bb92c03e350066d9a45877aec199b3acd2874e7613fd1202fe02655ce94bdd33670434bb782ce8e5994a2cb9d99e7a226 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\serviceworker.txt
| MD5 | 1485ac39a6ae858ecc09b0a9890ce862 |
| SHA1 | a78678757bf88cc98198fe8c8729806b10676a5e |
| SHA256 | 06e4caeb7bf82e184a255e840687c59a757021a80507078fab8832bcc5528267 |
| SHA512 | dcf76c8adcb5cd27b7cd7d46c354ba21d1f9d9f60fc137bca8b991810d0bc9527a3161e600297f763ecce626eaf363fca5da69fdd8dea3e8af5dbe7fe4a21726 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 7c62b2d3f51d293041a115ad9ad0062c |
| SHA1 | e8094e60e693005de1a135140ec838d2de530705 |
| SHA256 | 6e05e8ecc605f495cb3e5b5df8ac2aee90c00ee6818c083cc61428c3966edb30 |
| SHA512 | c565ba2384494b3f10c5b9e67dd7d3a8918869fd0874063bf7b2c7e9817f214495305e98561a06a170b505eb42bcea886ae54d719dfea305b40c9eac9a4ba7c6 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hohja4eo.default-release\cache2\doomed\10003
| MD5 | 5d8df8cac01818558eb647bfef1ae235 |
| SHA1 | 03fa115d42f0814cc58e68bc5b9aeb759bec5b56 |
| SHA256 | c755985c79b986e5001dd7e10062bdde7f9702511e878d0666e08540dbad3c9d |
| SHA512 | 5961eed67f54e8ebdb0ee45c833b3b0b9a82895d3d93e188415faf5e239984a94b1bb49479ba54ac1ad1580dfa778fc5e158b23df57591234e229595df4ecfac |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\sessionstore-backups\recovery.baklz4
| MD5 | ce8d909e74981489d8314714d5f39162 |
| SHA1 | 78c31b8ff8b899d6da2fe78eb82d4ecf3ef16b5f |
| SHA256 | 8b61016e0e83954b9bd69f6edc55d1dcd75005b855c197d8c4c308ceb0b8b6eb |
| SHA512 | 47dc1bcdbccfb4a932189bec3c6ad11f3c6d1d95a00cde39e250ae774c160bd3615dac92b58bd90a0610bd9ce77ca878009aca2b1db22152b2f2869417cbf496 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hohja4eo.default-release\cache2\doomed\13262
| MD5 | 88e1f34fc56db1a818fad3b27dc1ccf9 |
| SHA1 | 377d86c29f6c72883d6c502e4de4c3470ba4d92a |
| SHA256 | 9fed36d5a9c671cf61a28f2e935b31624d139adaef817923fe836d8f3d7c7ea2 |
| SHA512 | d1b28e5a12ac6b08da3228aeacd515c5e48dce8abc0b70b4c51734e5902f0a135ddfd73721377454fe68af49c15422482c9a695a0e451a1b414f9732ad2377f3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\sessionstore-backups\recovery.baklz4
| MD5 | bc6d8fc4ab2891d30543589f9bcbf242 |
| SHA1 | cf4da1d820817a80f29756e68e4cc21648cac6d7 |
| SHA256 | 07c8cd061c2fe447126a1266fff552a5a9e6a25646d6b7032a231fa9a15541ee |
| SHA512 | f8e9c0df4bfa1a54657ce7b2a3260625e52c6f4867c3b81f6a2ee8b5798a3f5127f5f4cb3e82f60627b4337d9a82b8f08125941a433a9ae52a82ec876115c7ef |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hohja4eo.default-release\cache2\doomed\11145
| MD5 | 3c2dde73c321978357a5f5d14997e73d |
| SHA1 | e25f25fad7b37f87d92df50405967f5b2ce199fb |
| SHA256 | 47df647410c6d8a532df8212adfdabf6ba11e7b2f2b2f75a8742b5bcbdb94839 |
| SHA512 | 9e684c0a2b331c95642a9d4e46d3522652a093f27729ab3c10f59f93338d43172bd273fa403b94516ecc677c55b4bfc8b603ceb04a236f7f3b9ef4f47ac131b0 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hohja4eo.default-release\cache2\doomed\14759
| MD5 | 9c7889e25520eed030852b73154afa4f |
| SHA1 | 3c712b262c69da51315597f0fa7482c789343a5f |
| SHA256 | d00294c4fbe2ed5208d294c8e9f4c1c9f2e7506631bcbee10b1adebc7c7314e4 |
| SHA512 | 08507a96b3b7a352c89ae25bf0bf45ad92fab01b1971b9c77d4bd850ba8715a855d502279b599960b3a8fdb4356d49b64cfc89c8b53ad77d4c515f010fef7b81 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hohja4eo.default-release\cache2\doomed\29740
| MD5 | 883985f611682eecade694958f354f42 |
| SHA1 | b65c65ad9f49d0593063a5e56fefed358d314b7d |
| SHA256 | 6fae0a08ccdc1a099a439c29567dd033b893576f85b3c88c52b3db8526efc941 |
| SHA512 | be205a61aef6960fb359e1bd2bbb86ce3b6fa674b7edc980ca3c4da111ff95022611b4c96be924576d56a5a3ef42f9db2e07c7870eb4fb59893f071801774d1f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hohja4eo.default-release\cache2\doomed\28955
| MD5 | 95a3e26cb602bcc0564a7340e187930e |
| SHA1 | b849db675f4629b5d922a3b01bba4e2d440a10cf |
| SHA256 | ceecf74dc03c23329a8e27369995d7c397277a03d2ae70b49f28769cc0bb44ed |
| SHA512 | 56fb456bb7ea314ec536448a8ab5888bca81c5138be01b6f2a7b8fc32aed8a7d3eb87a74d6250342b0af0005923902bdebbb93432e9c34fdaa6741be480cf9ca |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\sessionstore-backups\recovery.baklz4
| MD5 | e1c92a41d45d1372f6d10c9b871180e7 |
| SHA1 | bbed64b0d86e2b083aa134f52a8d257b088cc05a |
| SHA256 | fd8f4966022fa2695ae3e13dc408f0948d6529b6e726578f9d1e44fa0f3139f0 |
| SHA512 | 767a5ba242e6b3c1b0f48fa254fbf248194329bcb7f1b2db611fa7023dfc49a0db76349b8da36733027970c613c8a95d23292f677eab0519e39793ef960104e3 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 3c9f9520f80705babbb849818759dfa0 |
| SHA1 | 8b22ed21f5d26c85402079ae4a678bf77be9c984 |
| SHA256 | 786b8797b0761ebe646b295aa7c57f07f55bfcf1f9f1aa19054682183d5016fb |
| SHA512 | f2cab3656c0760fdb38f8eaff33dd44bb4f555d01b0f71fc490748609e6ab3847d107d14b3bc6bc109952e0cca8e2e9ce59d51edfb5742714c703922b479077b |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 5b04f0db2e3acb955c036a0b038062e5 |
| SHA1 | 08dffd4ef448668e4ac2157fd215338c6bee774a |
| SHA256 | ba40f5c2e06b1a841bcf31b21360f6164804c057ec71c6791e64d0973b05fda4 |
| SHA512 | 679cdf8d13b628132750393f7195bd2fb07ccfd6a95743e021a6b704bc2ea31f6e98cf7bd426810a9fe3d0854c458f0a0ce3ab2ac94529e0dea979ba306c71d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\sessionstore-backups\recovery.baklz4
| MD5 | bd01770b48e859c21e5f5af8c417661c |
| SHA1 | 5e42c59d497fc06da5e78874c812e93e52ba7308 |
| SHA256 | efef7801c1b554abedc5733af09bb8411577fdf951798d1013d692f8ef0e0ac7 |
| SHA512 | 9db29f8d935146caac5e5ad713f898fda739482d488e6d6e9ec07d4c903b6ffa09a29f2ae15e615681e6acff528cf938ad428039f5348ff6eb57996750e59dc8 |
memory/5504-1180-0x00007FF682BA0000-0x00007FF683BA0000-memory.dmp
memory/4364-1183-0x000002D66BE90000-0x000002D66BE91000-memory.dmp
memory/4364-1184-0x000002D66BE90000-0x000002D66BE91000-memory.dmp
memory/4364-1185-0x000002D66BE90000-0x000002D66BE91000-memory.dmp
memory/4364-1189-0x000002D66BE90000-0x000002D66BE91000-memory.dmp
memory/4364-1194-0x000002D66BE90000-0x000002D66BE91000-memory.dmp
memory/4364-1195-0x000002D66BE90000-0x000002D66BE91000-memory.dmp
memory/4364-1193-0x000002D66BE90000-0x000002D66BE91000-memory.dmp
memory/4364-1192-0x000002D66BE90000-0x000002D66BE91000-memory.dmp
memory/4364-1191-0x000002D66BE90000-0x000002D66BE91000-memory.dmp
memory/4364-1190-0x000002D66BE90000-0x000002D66BE91000-memory.dmp
memory/868-1201-0x0000000000190000-0x00000000001FD000-memory.dmp
memory/868-1203-0x0000000000190000-0x00000000001FD000-memory.dmp
memory/868-1204-0x00000000034E0000-0x00000000038E0000-memory.dmp
memory/868-1205-0x00000000034E0000-0x00000000038E0000-memory.dmp
memory/868-1206-0x00007FFDCD6F0000-0x00007FFDCD8E8000-memory.dmp
memory/868-1208-0x00000000761F0000-0x000000007642A000-memory.dmp
memory/5208-1209-0x0000000000820000-0x0000000000829000-memory.dmp
memory/5208-1211-0x00000000026C0000-0x0000000002AC0000-memory.dmp
memory/5208-1214-0x00000000761F0000-0x000000007642A000-memory.dmp
memory/5208-1212-0x00007FFDCD6F0000-0x00007FFDCD8E8000-memory.dmp
memory/1716-1216-0x00007FF6CA410000-0x00007FF6CB410000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 5deb60c6003427365762869143044b18 |
| SHA1 | ec6a6686812087d05c54d63c5b60269fae805b08 |
| SHA256 | 87ccdc57e1efe65abceceef90a3afed1a22026877336494c0efdfdea68112d29 |
| SHA512 | 50c23a6c31022bfdce5c6845304e737969234c06be2535955086fce0c954721ea74103fde5d9d71872be6e419d759afd0f27f73202ccdb1999c5a1668c2869c0 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 805035867be2f2a6bbcb312dceea07a1 |
| SHA1 | 1ce3fb50d4b2baf50fa44a13b94a14c1d1dd5504 |
| SHA256 | dc19f89c3c4d8bd1cf5c773b8ed2513238f21f8fba58436608226c66a90c4397 |
| SHA512 | 5a20f932145768eb8c594e7285af0e1be9c666671b08e36cdc03c53d1d14d3f2b1cb05d2c62354d7074f29873c03f6052fe870af579ca16045f3c7d7a3b1753a |
memory/1720-1239-0x0000000000C60000-0x0000000000CCD000-memory.dmp
memory/1720-1240-0x0000000000C60000-0x0000000000CCD000-memory.dmp
memory/1720-1243-0x0000000003E30000-0x0000000004230000-memory.dmp
memory/1720-1244-0x00007FFDCD6F0000-0x00007FFDCD8E8000-memory.dmp
memory/1720-1246-0x00000000761F0000-0x000000007642A000-memory.dmp
memory/4168-1249-0x00000000026F0000-0x0000000002AF0000-memory.dmp
memory/4168-1250-0x00007FFDCD6F0000-0x00007FFDCD8E8000-memory.dmp
memory/4168-1252-0x00000000761F0000-0x000000007642A000-memory.dmp
memory/224-1276-0x0000000000120000-0x000000000018D000-memory.dmp
memory/224-1277-0x0000000000120000-0x000000000018D000-memory.dmp
memory/224-1280-0x00000000032B0000-0x00000000036B0000-memory.dmp
memory/224-1282-0x00007FFDCD6F0000-0x00007FFDCD8E8000-memory.dmp
memory/224-1284-0x00000000761F0000-0x000000007642A000-memory.dmp
memory/5488-1287-0x00000000023D0000-0x00000000027D0000-memory.dmp
memory/5488-1288-0x00007FFDCD6F0000-0x00007FFDCD8E8000-memory.dmp
memory/5488-1290-0x00000000761F0000-0x000000007642A000-memory.dmp
\??\PIPE\wkssvc
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/5776-1296-0x0000000000B00000-0x0000000000B6D000-memory.dmp
memory/5776-1297-0x0000000000B00000-0x0000000000B6D000-memory.dmp
memory/5776-1300-0x0000000003920000-0x0000000003D20000-memory.dmp
memory/5776-1303-0x00000000761F0000-0x000000007642A000-memory.dmp
memory/5776-1301-0x00007FFDCD6F0000-0x00007FFDCD8E8000-memory.dmp
memory/5476-1306-0x0000000002410000-0x0000000002810000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\AlternateServices.bin
| MD5 | d36479b26c890ba41b21f824a7fc44b6 |
| SHA1 | 34d18b7d8ed3b126fd9f0e9a8e3834ecf89b6d98 |
| SHA256 | 18ebd4aa6623d0165c57b85fcba066e93e5b633ef76ff23728e73e995dfff28f |
| SHA512 | 913dad8024797580ea63dff2515a458c558cbcfe89416e986605e73cb5314cbd7fc6271b31b3770b02625156ce6365c613b9ea40df387e622fbc1107f7afc0d8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 1a5a9821eada1bc55ec9d1fc613bdb0a |
| SHA1 | b073835f33751ebcc7c3a82f6c6d32d9e5eba8aa |
| SHA256 | 092fb72e92c12cad899c32ef735837ee58a21b7f8d68b0ef6980e457a02a2584 |
| SHA512 | 318f5e6960ae81fa45138ce030faa4a51ea77096e516508ab8961680771f45857a335b5884e50515ba251d12342a5f8bd8f31d0f2286a951a275686a30b693e6 |
C:\Users\Admin\Downloads\ProcessMonitor.Q_a_rhg5.zip.part
| MD5 | 213d09599b9761a8e78c20b3f8072636 |
| SHA1 | 815ae249e5dc5bcdd8576ff29d3ec39e20c761f7 |
| SHA256 | d4ed579fdc1957fde0124dd41efd8d72af0529254984bfa5a3864ecd8b539252 |
| SHA512 | f656e128fcb0269946cfa03adc5392676c17b18f309e0476b2153fe545e4d92641e7849b94743e84fce39366b0b72f04e725b7922ccf513deaba8aef833ad971 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 815cacf50419cea7a10901597ec42b1b |
| SHA1 | bcfb2c33ce7e05933a6094e42ce23d2c0d449aed |
| SHA256 | 0d9065e141d925cb9306966d0432f639e746a8efc59e0aa76011ba1898162566 |
| SHA512 | d0eb0734973f853c599e3f6462d15c2ad4f47dd6cd14d9a09665e019793116a9667ce144e0d49387f54dcfd1316ef687bd609d3de0ea261c335377c067ddde48 |
C:\Users\Admin\Desktop\Procmon.exe
| MD5 | c3e77b6959cc68baee9825c84dc41d9c |
| SHA1 | bc18a67ad4057dd36f896a4d411b8fc5b06e5b2f |
| SHA256 | 3b7ea4318c3c1508701102cf966f650e04f28d29938f85d74ec0ec2528657b6e |
| SHA512 | f825521149f4e771c9f51abaa4fa956258a5393754ec7422692dc0c24c120ed9f103dd3953b47b7bb331dd4095b3e97b95fb35c4dfe03ce39574ba4b39b76d7d |
C:\Users\Admin\AppData\Local\Temp\Procmon64.exe
| MD5 | 223b222ce387a7f446d49a1ee9b572bb |
| SHA1 | 8ed888a02861142e5eb576385568c2ba0ddd8589 |
| SHA256 | 3e15995894f38b2eead95f7ff714585471f34f3af3d8f50a7f83344781502468 |
| SHA512 | 037b4787af5fb129a3b1e0ac9565e59d5a55ef26ccf93bc9adf685c08422071ee0d0eb4667cd2ce0d725c7dea0209c1d7d48baf58cd18dfb58de35bf7feef1a2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 6a0bff7ba31f13252cbbf793939a4a54 |
| SHA1 | f4c4c1b16c5164606e4c2cf1bdf522c545b4bd58 |
| SHA256 | d0fcfec79145a7a04d407bca4e17d290ebb2d135c3417209bd7414c0c5795e96 |
| SHA512 | cdb2ddc40df21075445681465bf041879d84679eeda744592167396cb9ab24415e01b1af480533213a0d8c0d869a7fad37904516914a09f80e946d74caded320 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hohja4eo.default-release\cache2\entries\5B23235D54208C34AFF88FC6F18585FD8A8F8FAD
| MD5 | e3d1eb9d81ea9f39d37a5bbfaa970640 |
| SHA1 | aece1982acd1a637ff57aaac0da6053da5709609 |
| SHA256 | d34ff0757b2836d6832f2827bd015f0ea6bab078667eb623af2067e011272b8e |
| SHA512 | 99f582c88e892e78119e027b13d0cfc028b39105c53073ed563c38394c54d2d0e9e016c5901745004a3c753a778a109a8f77294e86ae63945df4eee603811dbe |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 46ee27e5e9ec40e83f86b0fb85c3dcc7 |
| SHA1 | 872537c8b975d379a1e97e7efd54a58ce9f9c312 |
| SHA256 | d8578ba96cfb73c03f17e42806bd53291519672c5784c7d405c0d7711f2825a6 |
| SHA512 | 2e437c3621353b6b06bb38eb893fae6fa8cfa727bf46de060ef42c4702769af11d9eba0a9cec3519c96f1d811e3e8d6a7ab4655557edfe41c59ff4510b7fd667 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 7295622c39c6bbfd3cb4c22506fd057a |
| SHA1 | 30add10550382e27882657bcb529f5c637235eab |
| SHA256 | f965c75ac9092db26a76e7d5d819d923abb2f667a454abf0bfa14742d956d97c |
| SHA512 | a5951c8260d506912e54fb0fa02fce732c468f54fdca8e39b4e97dee3216ce8a464b4147cd4132f3945b2a7009f7925482ce01fedfa07406da1018bc81f6b048 |
C:\Users\Admin\Downloads\processhacker-2.7PoVSm9l.39-setup.exe.part
| MD5 | 54daad58cce5003bee58b28a4f465f49 |
| SHA1 | 162b08b0b11827cc024e6b2eed5887ec86339baa |
| SHA256 | 28042dd4a92a0033b8f1d419b9e989c5b8e32d1d2d881f5c8251d58ce35b9063 |
| SHA512 | 8330de722c8800ff64c6b9ea16a4ff7416915cd883e128650c47e5cb446dd3aaa2a9ba5c4ecda781d243be7fb437b054bbcf942ea714479e6cc3cef932390829 |
C:\Users\Admin\AppData\Local\Temp\is-JQUAK.tmp\processhacker-2.39-setup.tmp
| MD5 | 1c96ed29e0136825e06f037bf10b2419 |
| SHA1 | b74a55279474253639bebf9c92f10f947145ff30 |
| SHA256 | b10cf8cdf541ca0dd6df79e66fb4b0854dcac717aba034ba0c4961bff92fd021 |
| SHA512 | 0e74854d9de4e3944b2cff9b5de7eb19fdec1fee6c9576cae6cd81741adf84eac421cb743b1df30183f645ffe849357b6a85b5be8d7f6e2efe289bbe4573e177 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 69d4158fad0458299178a2655a32d8de |
| SHA1 | 50aee443586a5c83b9e4d07326fd700daf28dadb |
| SHA256 | e1bee425b42ccfdb03ed67772115824ae3f9bf5b32381119569eb005774cfa3d |
| SHA512 | add8762c36a923d0614398f74a7fca824cdebfb16ec0d38e2ce9e1327d5cbe22b82c51a247ae02c800f8e7f72129f52c81d7bb26c9c7455a9a60389da663f9e6 |
C:\Program Files\Process Hacker 2\ProcessHacker.exe
| MD5 | b365af317ae730a67c936f21432b9c71 |
| SHA1 | a0bdfac3ce1880b32ff9b696458327ce352e3b1d |
| SHA256 | bd2c2cf0631d881ed382817afcce2b093f4e412ffb170a719e2762f250abfea4 |
| SHA512 | cc3359e16c6fe905a9e176a87acf4c4ed5e22c29bfca11949799caf8442e00ec0d1679b3d8754dbc3e313528d3e8e82c0ec1941e2c3530b48229c1cb337f6b8b |
C:\Program Files\Process Hacker 2\plugins\ExtendedNotifications.dll
| MD5 | be4dc4d2d1d05001ab0bb2bb8659bfad |
| SHA1 | c0ed9e375b447b61c07c0b00c93bb81c87bcfc2e |
| SHA256 | 61e8cd8de80a5c0d7ced280fe04ad8387a846a7bf2ee51bcbba96b971c7c1795 |
| SHA512 | 31389e268fe3bf1175fa3c251ca026f77dc59361b8425c9826f31d18c5174e6de68c6092aef187f2bd2c92d89b3093a660b2fe6189af369293c1117c856b5cdf |
C:\Program Files\Process Hacker 2\plugins\ExtendedServices.dll
| MD5 | 4858bdb7731bf0b46b247a1f01f4a282 |
| SHA1 | de2f9cbcec1e1fa891d9693fb3cadfdd4cfe1f60 |
| SHA256 | 5ae7c0972fd4e4c4ae14c0103602ca854377fefcbccd86fa68cfc5a6d1f99f60 |
| SHA512 | 41b39560e15d620733ca29dc37f55a939a653f99686ac86643ccc67fbb807ad95d1996b867319d98506f3b8a30772fff3c3317bbcc205987f48031923f674d9a |
C:\Program Files\Process Hacker 2\plugins\HardwareDevices.dll
| MD5 | a46c8bb886e0b9290e5dbc6ca524d61f |
| SHA1 | cfc1b93dc894b27477fc760dfcfb944cb849cb48 |
| SHA256 | acd49f2aa36d4efb9c4949e2d3cc2bd7aee384c2ced7aa9e66063da4150fcb00 |
| SHA512 | 5a4d2e0fa7a1a14bc4c94a0c144bfbfcef1ecabe4dc15f668605d27f37f531934778f53e7377bab0ff83531732dc15e9fc40b16f2d1f7e925429681bd5bdca73 |
C:\Program Files\Process Hacker 2\plugins\OnlineChecks.dll
| MD5 | 12c25fb356e51c3fd81d2d422a66be89 |
| SHA1 | 7cc763f8dc889a4ec463aaba38f6e6f65dbdbb8c |
| SHA256 | 7336d66588bbcfea63351a2eb7c8d83bbd49b5d959ba56a94b1fe2e905a5b5de |
| SHA512 | 927d785d03c1ee44b5e784b35a09168978b652f37fb73a1a2eeecd3583c28595fb030e8c1f87ab9a20beac4622775777820d1a2ad7219ba8b9ae8b6fbc4568a0 |
C:\Program Files\Process Hacker 2\plugins\Updater.dll
| MD5 | 6976b57c6391f54dbd2828a45ca81100 |
| SHA1 | a8c312a56ede6f4852c34c316c01080762aa5498 |
| SHA256 | 0c11cdc3765ffb53ba9707b6f99ec17ae4f7334578a935ba7bcbbc9c7bdeed2e |
| SHA512 | 54d8b39457f516d921bb907615ff60a46b6031e1444a443c9657e06d78c9fb0f637ae4756bb7b884e4dca2f55902372ad4ddba1d020abe02e0a381702ae270cc |
C:\Program Files\Process Hacker 2\plugins\WindowExplorer.dll
| MD5 | 0e8d04159c075f0048b89270d22d2dbb |
| SHA1 | d0fa2367d329909b6c9efcb3cc2c2902d8cf9b22 |
| SHA256 | 282696487ea5dc781788d5d8477b977f72b7c70f201c2af0cfe7e1a9fd8d749a |
| SHA512 | 56440f3feddc124574debfe3789e14d908982d4d8e9516f42fab7db7bcecdd3badd2f75e005016a7b9d87a00d5646b8df722bae8fba3932198babbe5335cf197 |
C:\Program Files\Process Hacker 2\plugins\UserNotes.dll
| MD5 | e48c789c425f966f5e5ee3187934174f |
| SHA1 | 96f85a86a56cbf55ebd547039eb1f8b0db9d9d8d |
| SHA256 | fc9d0d0482c63ab7f238bc157c3c0fed97951ccf2d2e45be45c06c426c72cb52 |
| SHA512 | efdb42e4a1993ee6aa5c0c525bd58316d6c92fbc5cebbc3a66a26e2cf0c69fe68d19bc9313656ad1d38c4aef33131924684e226f88ef920e0e2cd607054a857c |
C:\Program Files\Process Hacker 2\plugins\ToolStatus.dll
| MD5 | 3788efff135f8b17a179d02334d505e6 |
| SHA1 | d6c965ba09b626d7d157372756ea1ec52a43f6b7 |
| SHA256 | 5713d40dec146dbc819230daefe1b886fa6d6f6dbd619301bb8899562195cbab |
| SHA512 | 215d6c3665323901d41ae5151908c4e084a04a1558617016f0788194304e066410b92943bd6c119339727037ee02cfda893b9baf5603b2870d9fc5ae0c77ca7e |
C:\Program Files\Process Hacker 2\plugins\SbieSupport.dll
| MD5 | 37cbfa73883e7e361d3fa67c16d0f003 |
| SHA1 | ffa24756cdc37dfd24dc97ba7a42d0399e59960a |
| SHA256 | 57c56f7b312dc1f759e6ad039aac3f36ce5130d259eb9faad77239083398308b |
| SHA512 | 6e0bfab9ff44f580f302cabd06fc537a9e24432effd94b50ab696b35f57a61772072b7f9045a9e99fa4bf3bc316f43ea25ab6c87517242e7957eb86575203bed |
C:\Program Files\Process Hacker 2\plugins\NetworkTools.dll
| MD5 | d6bed1d6fdbed480e32fdd2dd4c13352 |
| SHA1 | 544567d030a19e779629eed65d2334827dcda141 |
| SHA256 | 476aa6af14dd0b268786e32543b9a6917a298d4d90e1015dac6fb2b522cf5d2e |
| SHA512 | 89362a7b675651f44649f0ea231f039e0b91aba9f84c91545f15e187c6cbd07bbf3648a4e232dfe5122cf5636e67c458f4f7dab49ed4de3f3a303aa396c41d1c |
C:\Program Files\Process Hacker 2\plugins\ExtendedTools.dll
| MD5 | bc61e6fb02fbbfe16fb43cc9f4e949f1 |
| SHA1 | 307543fcef62c6f8c037e197703446fcb543424a |
| SHA256 | f2805e0f81513641a440f1a21057a664961c22192cb33fca3870362c8f872d87 |
| SHA512 | 0bbfe53e1dd933a3080d9775ad890fcbd73f9820885efa6b69e9664261249f34eaae3870f74de8511734fc9a0114f36e1bfc529a032d303a8e3e583e37a506c6 |
C:\Program Files\Process Hacker 2\plugins\DotNetTools.dll
| MD5 | b16ce8ba8e7f0ee83ec1d49f2d0af0a7 |
| SHA1 | cdf17a7beb537853fae6214d028754ce98e2e860 |
| SHA256 | b4cc0280e2caa0335361172cb7d673f745defc78299ded808426ffbc2458e4d9 |
| SHA512 | 32de59c95d1690f4221b236376e282c8be1bb7f5d567592b935dcd798b36b80e86da81741c5845fa280386f75f6eafc9bbd41035362984150b134d24aede61eb |
C:\Program Files\Process Hacker 2\ProcessHacker.sig
| MD5 | 2ccb4420d40893846e1f88a2e82834da |
| SHA1 | ef29efec7e3e0616948f9fe1fd016e43b6c971de |
| SHA256 | 519c2c2ca0caf00db5b3eb2b79dfe42e6128161c13aeb4b4d8b86fbffc67e3d4 |
| SHA512 | b2a000b33d4a9b2e886208fc78aeb3a986f7bd379fb6910da9f6577603aa6e8237cb552eabca70445f37b427419beeff0b061090cb952331b8db322ce2e58bc6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 8fe2e228bfc5b9d6a70ed910f6df8bf4 |
| SHA1 | 2f3b663c2ce26eef122f0589ce811838f4f21055 |
| SHA256 | c9c6fe892195559ce9ae2b99eab9017b412031d9c76d405cec39087361605a88 |
| SHA512 | b7514dce99775ce090205364c62078cfb527982a8a25bfd2cec4de882f24dda189c1e14e3a45f37cf7034b84bc4338dc2dbfe64618d411f596385eb542ee4281 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\sessionstore-backups\recovery.baklz4
| MD5 | dd30552ebaf93841997a3442174818c6 |
| SHA1 | 9dc2b8f7ed8b05dc139d4c988175788aa3f76c72 |
| SHA256 | a5dd8e74c986a0233331ab2652c0474e0c654e758e542d283c38b250ddfe2128 |
| SHA512 | 20bf042773e25e66583f41818dabe1ee71d1272f35bd1b550a2cc5dd79e054f19f65f4c2acae8ffe26c7950b15e51dca94f7731445cc2b1ca74142af77066be1 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 177c7154e7854e63fc20cb414f92e0fb |
| SHA1 | 30c2d4bf7daa91fcc72f2b0536407a060aabd2ba |
| SHA256 | ea6c230a7b53d5f345ae9a048f739574acd953faedd4f67bee616d3d6f14ae6c |
| SHA512 | 0bf8925d0f34e2427ad0b03f963e8a611b49be5b74810c70c848b7aa84b4287989644b3cc681f5a22761413ff06d3348774b9680c51ff83e75bb91af82fe9e88 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 67287c62dfc01805e4f17841a62b3d52 |
| SHA1 | 1837268c7af6c4297a06bc6d6e7eb161d7ae2760 |
| SHA256 | 30c3643c31702bda343b0efbfae8f1157137a361127b7413f27f4533c2e8a0e0 |
| SHA512 | 5095714be3c443d92124eb06ac1707ede7c74ca4931a4f5dfc077d3fe5b4a2fb314aecdeaf83dbb35f3418aeb60b8ebc3e3730094c8a917fec052918e63f56b3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\datareporting\glean\pending_pings\e370a6ff-25f7-4aea-b448-6c66404d416b
| MD5 | c6a3524f370c63b65139cf0aadb32caa |
| SHA1 | 8c041fa3ae84126ff20d600d1d943d0f44c2bf71 |
| SHA256 | e2b51f2d5362d8908ae30f0d08a3dd1ca368aeaa30cf83ed8ba6cbc06235226d |
| SHA512 | a700e4d96e114722e5744a4c5dc09622d41e7476c460cfc652f2d4e193ee64dbd029962c1f74970f83b81d898119665c711f3d44af667449a52de2cb30c02103 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | ff3cb7b20dca826a5bc379ff9b8a063c |
| SHA1 | fae25d23feeb28e5f32adcea024a57f23b17d057 |
| SHA256 | 76ba4388ebeb612c3650ae07b7e85d148e19f4b3a4b5d55f2f0acd8ffe1719cc |
| SHA512 | b8fd86e952f8ce0a655f1e6351a5bcbae5917749d2d50adcdd747b49bb8441d439f24569abdaa8e6352fddbb97ba3cf8c6df2e4f1a9c755fd60d13f42f1c9c53 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\prefs-1.js
| MD5 | 74909a59866ae0c4159fdddb0ee5b151 |
| SHA1 | d493de9b9de96509963273e7326097619229fb01 |
| SHA256 | 83767f0c63cdee0b31de95b146acc7bc6e2cd696cc33fa4a15dc66fd940c980a |
| SHA512 | 65c7cfcbc728da963fd9df564c128e57ac81b4d2477ac8ec88bdba27cc91a965c06ee14278f308c6f020c27bec165d6f5cab831c2620a2c787e4ac2e2a62e70d |