Analysis Overview
Threat Level: Known bad
The file https://duckduckgo.com/ was found to be: Known bad.
Malicious Activity Summary
Modifies security service
Creates new service(s)
Downloads MZ/PE file
Sets service image path in registry
Drops file in Drivers directory
Stops running service(s)
Command and Scripting Interpreter: PowerShell
Boot or Logon Autostart Execution: Active Setup
Checks BIOS information in registry
Loads dropped DLL
Reads user/profile data of local email clients
Indicator Removal: Clear Windows Event Logs
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Modifies system executable filetype association
Power Settings
Checks installed software on the system
Detected potential entity reuse from brand GOOGLE.
Suspicious use of SetThreadContext
Drops file in System32 directory
Enumerates processes with tasklist
Drops file in Program Files directory
Subvert Trust Controls: Mark-of-the-Web Bypass
Drops file in Windows directory
Launches sc.exe
Program crash
Enumerates physical storage devices
Browser Information Discovery
System Location Discovery: System Language Discovery
Modifies data under HKEY_USERS
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of UnmapMainImage
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Checks processor information in registry
Suspicious use of FindShellTrayWindow
Modifies registry class
Uses Task Scheduler COM API
Modifies Internet Explorer settings
NTFS ADS
Suspicious use of SetWindowsHookEx
Opens file in notepad (likely ransom note)
Modifies system certificate store
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2025-02-04 21:14
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2025-02-04 21:14
Reported
2025-02-04 21:29
Platform
win7-20240903-en
Max time kernel
691s
Max time network
878s
Command Line
Signatures
Modifies security service
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\MpsSvc\Parameters\PortKeywords\DHCP\Collection | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\MpsSvc\Parameters\PortKeywords\DHCP | C:\Windows\System32\svchost.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\MpsSvc\Parameters\PortKeywords\DHCP\Collection = 22020100 | C:\Windows\System32\svchost.exe | N/A |
Boot or Logon Autostart Execution: Active Setup
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Creates new service(s)
Downloads MZ/PE file
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\drivers\etc\hosts | C:\Users\Admin\AppData\Local\Temp\Rar$EXb1868.13896.rartemp\Fix.exe | N/A |
| File created | C:\Windows\system32\drivers\etc\hosts | C:\ProgramData\WindowsServices\WindowsAutHost | N/A |
| File created | C:\Windows\system32\drivers\etc\hosts | C:\Users\Admin\Desktop\Fix.exe | N/A |
| File created | C:\Windows\system32\drivers\etc\hosts | C:\ProgramData\WindowsServices\WindowsAutHost | N/A |
Sets service image path in registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WindowsAutHost\ImagePath = "C:\\ProgramData\\WindowsServices\\WindowsAutHost" | C:\Windows\system32\services.exe | N/A |
Stops running service(s)
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Indicator Removal: Clear Windows Event Logs
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\Winevt\Logs\Microsoft-Windows-Known Folders API Service.evtx | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\System32\Winevt\Logs\Microsoft-Windows-Audio%4Operational.evtx | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\System32\Winevt\Logs\Microsoft-Windows-Audio%4CaptureMonitor.evtx | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\System32\Winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\System32\Winevt\Logs\Setup.evtx | C:\Windows\System32\svchost.exe | N/A |
Loads dropped DLL
Modifies system executable filetype association
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}" | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA} | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\ | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32 | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA} | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\ | C:\Program Files\WinRAR\uninstall.exe | N/A |
Reads user/profile data of local email clients
Checks installed software on the system
Power Settings
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
Detected potential entity reuse from brand GOOGLE.
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\System32\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\system32\MRT.exe | C:\Users\Admin\Desktop\Fix.exe | N/A |
| File opened for modification | C:\Windows\System32\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File created | C:\Windows\System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask | C:\Windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\MRT.exe | C:\Users\Admin\AppData\Local\Temp\Rar$EXb1868.13896.rartemp\Fix.exe | N/A |
| File opened for modification | C:\Windows\system32\MRT.exe | C:\ProgramData\WindowsServices\WindowsAutHost | N/A |
| File opened for modification | C:\Windows\system32\MRT.exe | C:\ProgramData\WindowsServices\WindowsAutHost | N/A |
| File opened for modification | C:\Windows\System32\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Enumerates processes with tasklist
Suspicious use of SetThreadContext
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\WinRAR\ReadMe.txt | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| File opened for modification | C:\Program Files\WinRAR\Rar.txt | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| File created | C:\Program Files\WinRAR\RarFiles.lst | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| File created | C:\Program Files\WinRAR\Rar.exe | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| File opened for modification | C:\Program Files\WinRAR\RarExtInstaller.exe | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| File created | C:\Program Files\WinRAR\WinCon.SFX | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| File opened for modification | C:\Program Files\WinRAR\License.txt | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| File created | C:\Program Files\WinRAR\UnRAR.exe | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| File opened for modification | C:\Program Files\WinRAR\RarFiles.lst | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| File opened for modification | C:\Program Files\WinRAR\RarExt32.dll | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| File created | C:\Program Files\WinRAR\Default.SFX | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| File opened for modification | C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-32.png | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| File created | C:\Program Files\WinRAR\Rar.txt | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| File opened for modification | C:\Program Files\WinRAR\Uninstall.lst | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| File opened for modification | C:\Program Files\WinRAR\Descript.ion | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| File created | C:\Program Files\WinRAR\Uninstall.lst | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| File opened for modification | C:\Program Files\WinRAR\Rar.exe | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| File opened for modification | C:\Program Files\WinRAR\UnRAR.exe | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| File created | C:\Program Files\WinRAR\Zip.SFX | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| File created | C:\Program Files\WinRAR\Resources.pri | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| File created | C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-48.png | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| File created | C:\Program Files\WinRAR\7zxa.dll | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| File opened for modification | C:\Program Files\WinRAR\7zxa.dll | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| File opened for modification | C:\Program Files\WinRAR\Zip.SFX | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| File opened for modification | C:\Program Files\WinRAR\WinRAR.chm | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| File opened for modification | C:\Program Files\WinRAR\Uninstall.exe | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| File created | C:\Program Files\WinRAR\Default32.SFX | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| File opened for modification | C:\Program Files\WinRAR\WinCon.SFX | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| File created | C:\Program Files\WinRAR\zipnew.dat | C:\Program Files\WinRAR\uninstall.exe | N/A |
| File opened for modification | C:\Program Files\WinRAR\WhatsNew.txt | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| File created | C:\Program Files\WinRAR\Order.htm | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| File created | C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-32.png | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| File created | C:\Program Files\WinRAR\__tmp_rar_sfx_access_check_259485604 | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| File created | C:\Program Files\WinRAR\Descript.ion | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| File opened for modification | C:\Program Files\WinRAR\ReadMe.txt | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| File created | C:\Program Files\WinRAR\WhatsNew.txt | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| File created | C:\Program Files\WinRAR\RarExtPackage.msix | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| File created | C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-64.png | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| File created | C:\Program Files\WinRAR\RarExt32.dll | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| File opened for modification | C:\Program Files\WinRAR\RarExtPackage.msix | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| File opened for modification | C:\Program Files\WinRAR\WinCon32.SFX | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| File created | C:\Program Files\WinRAR\WinRAR.chm | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| File created | C:\Program Files\WinRAR\License.txt | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| File opened for modification | C:\Program Files\WinRAR\Order.htm | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| File opened for modification | C:\Program Files\WinRAR\Default32.SFX | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| File created | C:\Program Files\WinRAR\Uninstall.exe | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| File opened for modification | C:\Program Files\WinRAR\RarExt.dll | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| File created | C:\Program Files\WinRAR\Zip32.SFX | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| File created | C:\Program Files\WinRAR\rarnew.dat | C:\Program Files\WinRAR\uninstall.exe | N/A |
| File opened for modification | C:\Program Files\WinRAR | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| File created | C:\Program Files\WinRAR\RarExt.dll | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| File created | C:\Program Files\WinRAR\WinCon32.SFX | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| File opened for modification | C:\Program Files\WinRAR\Zip32.SFX | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| File opened for modification | C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-48.png | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| File created | C:\Program Files\WinRAR\RarExtInstaller.exe | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| File opened for modification | C:\Program Files\WinRAR\Default.SFX | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| File created | C:\Program Files\WinRAR\WinRAR.exe | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| File opened for modification | C:\Program Files\WinRAR\WinRAR.exe | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| File opened for modification | C:\Program Files\WinRAR\Resources.pri | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| File opened for modification | C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-64.png | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\appcompat\programs\RecentFileCache.bcf | C:\Windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\SERVIC~2\NETWOR~1\AppData\Local\Temp\Cab5FEB.tmp | C:\Windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\SERVIC~2\NETWOR~1\AppData\Local\Temp\Tar5FEC.tmp | C:\Windows\system32\svchost.exe | N/A |
| File created | C:\Windows\wusa.lock | C:\Windows\system32\wusa.exe | N/A |
| File opened for modification | C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat | C:\Windows\system32\sppsvc.exe | N/A |
| File opened for modification | \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Windows\wusa.lock | C:\Windows\system32\wusa.exe | N/A |
| File created | C:\Windows\wusa.lock | C:\Windows\system32\wusa.exe | N/A |
| File opened for modification | \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\sc_reader.exe | C:\Windows\Explorer.EXE | N/A |
| File created | C:\Windows\wusa.lock | C:\Windows\system32\wusa.exe | N/A |
Launches sc.exe
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Desktop\Freakin Product\Injector.exe:Zone.Identifier | C:\Program Files\WinRAR\WinRAR.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Temp\Rar$EXb1868.13100.rartemp\Vanta.exe:Zone.Identifier | C:\Program Files\WinRAR\WinRAR.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Temp\Rar$EXb1868.13896.rartemp\Fix.exe:Zone.Identifier | C:\Program Files\WinRAR\WinRAR.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Temp\Rar$EXb1868.13896.rartemp\Vanta.exe:Zone.Identifier | C:\Program Files\WinRAR\WinRAR.exe | N/A |
| File created | C:\Users\Admin\Desktop\Collapse v3.1\Collapse.exe:Zone.Identifier | C:\Program Files\WinRAR\WinRAR.exe | N/A |
| File created | C:\Users\Admin\Desktop\Installer.exe:Zone.Identifier | C:\Program Files\WinRAR\WinRAR.exe | N/A |
| File created | C:\Users\Admin\Downloads\winrar-x64-701.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Temp\Rar$EXb1868.13100.rartemp\Fix.exe:Zone.Identifier | C:\Program Files\WinRAR\WinRAR.exe | N/A |
| File created | C:\Users\Admin\Desktop\Fix.exe:Zone.Identifier | C:\Program Files\WinRAR\WinRAR.exe | N/A |
| File created | C:\Users\Admin\Desktop\Vanta.exe:Zone.Identifier | C:\Program Files\WinRAR\WinRAR.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
Program crash
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-341Q8.tmp\Installer.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\tasklist.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\find.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\tasklist.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\find.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\Collapse v3.1\Collapse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\Collapse v3.1\Collapse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-26I9R.tmp\Installer.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\tasklist.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-6CID7.tmp\Installer.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\Installer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\tasklist.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\tasklist.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\Collapse v3.1\Collapse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-BONUG.tmp\Installer.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\Installer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\find.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\tasklist.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\Installer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\find.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\find.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\Installer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\find.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Rar$EXb1868.13100.rartemp\Vanta.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\Installer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\find.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\find.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Rar$EXb1868.13100.rartemp\Vanta.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\Vanta.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\Vanta.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\Collapse v3.1\Collapse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\Collapse v3.1\Collapse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\Collapse v3.1\Collapse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\tasklist.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\tasklist.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\tasklist.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\find.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-SCP41.tmp\GMSPowerCtrl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\Collapse v3.1\Collapse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-E4PT4.tmp\Installer.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-O3CJ4.tmp\GMSPowerCtrl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\Vanta.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\Installer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\tasklist.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\Collapse v3.1\Collapse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-Q6DJ1.tmp\Installer.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-KKV9R.tmp\Installer.tmp | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key security queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Component Information | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\WinRAR\WinRAR.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\WinRAR\WinRAR.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\WinRAR\WinRAR.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TypedURLs | C:\Windows\system32\taskmgr.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Windows\explorer.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartPage | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartPage\StartMenu_Start_Time = b439422c4a77db01 | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA} | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\ | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Windows\Explorer.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Windows\Explorer.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\19\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\ | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\ = "WinRAR" | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Windows\Explorer.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.bz\ = "WinRAR" | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.txz\ = "WinRAR" | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\13 | C:\Windows\Explorer.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Rev = "0" | C:\Windows\Explorer.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\0 = 19002f433a5c000000000000000000000000000000000000000000 | C:\Windows\Explorer.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202020202020202 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\0 | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32\ThreadingModel = "Apartment" | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}" | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202020202020202020202 | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\0\MRUListEx = 0100000000000000ffffffff | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\19\Shell\SniffedFolderType = "Generic" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell | C:\Windows\Explorer.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.zip\ = "WinRAR.ZIP" | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\4\MRUListEx = 00000000ffffffff | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = ffffffff | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\ = "WinRAR ZIP archive" | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.zipx | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Windows\Explorer.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\0\0\0\0\NodeSlot = "14" | C:\Windows\Explorer.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\HotKey = "0" | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.tlz | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\MRUListEx = 00000000ffffffff | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\1\0 | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5 | C:\Windows\Explorer.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR32 | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.uue\ = "WinRAR" | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Windows\Explorer.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0 | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\PropertySheetHandlers | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\ | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.lzh | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\19\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid = "{137E7700-3573-11CF-AE69-08002B2E1262}" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.uue | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\16\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid = "{137E7700-3573-11CF-AE69-08002B2E1262}" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid = "{137E7700-3573-11CF-AE69-08002B2E1262}" | C:\Windows\Explorer.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Windows\Explorer.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Windows\Explorer.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202 | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders | C:\Windows\Explorer.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.rev\ = "WinRAR.REV" | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Windows\Explorer.EXE | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 | C:\Program Files\WinRAR\WinRAR.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Program Files\WinRAR\WinRAR.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Local\Temp\Rar$EXb1868.13896.rartemp\Fix.exe:Zone.Identifier | C:\Program Files\WinRAR\WinRAR.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Temp\Rar$EXb1868.13896.rartemp\packages\CapCut.lnk:Zone.Identifier | C:\Program Files\WinRAR\WinRAR.exe | N/A |
| File created | C:\Users\Admin\Desktop\Collapse v3.1\Collapse.exe:Zone.Identifier | C:\Program Files\WinRAR\WinRAR.exe | N/A |
| File created | C:\Users\Admin\Desktop\Freakin Product\Injector.exe:Zone.Identifier | C:\Program Files\WinRAR\WinRAR.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Temp\Rar$EXb1868.13100.rartemp\Vanta.exe:Zone.Identifier | C:\Program Files\WinRAR\WinRAR.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Temp\Rar$EXb1868.13896.rartemp\Vanta.exe:Zone.Identifier | C:\Program Files\WinRAR\WinRAR.exe | N/A |
| File created | C:\Users\Admin\Desktop\packages\CapCut.lnk:Zone.Identifier | C:\Program Files\WinRAR\WinRAR.exe | N/A |
| File created | C:\Users\Admin\Downloads\instructions.txt:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\winrar-x64-701.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\Vanta.zip:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Temp\Rar$EXb1868.13100.rartemp\Fix.exe:Zone.Identifier | C:\Program Files\WinRAR\WinRAR.exe | N/A |
| File created | C:\Users\Admin\Desktop\Installer.exe:Zone.Identifier | C:\Program Files\WinRAR\WinRAR.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Temp\Rar$EXb1868.13100.rartemp\packages\CapCut.lnk:Zone.Identifier | C:\Program Files\WinRAR\WinRAR.exe | N/A |
| File created | C:\Users\Admin\Desktop\Fix.exe:Zone.Identifier | C:\Program Files\WinRAR\WinRAR.exe | N/A |
| File created | C:\Users\Admin\Desktop\Vanta.exe:Zone.Identifier | C:\Program Files\WinRAR\WinRAR.exe | N/A |
| File created | C:\Users\Admin\Downloads\Collapse.zip:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\Freakin Product.zip:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\InstallPack2025.rar:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\WinRAR\WinRAR.exe | N/A |
| N/A | N/A | C:\Windows\Explorer.EXE | N/A |
| N/A | N/A | C:\Program Files\WinRAR\WinRAR.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Program Files\WinRAR\WinRAR.exe | N/A |
| N/A | N/A | C:\Program Files\WinRAR\WinRAR.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\WinRAR\uninstall.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Rar$EXb1868.13896.rartemp\Fix.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\powercfg.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\powercfg.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\powercfg.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\powercfg.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\dialer.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\ProgramData\WindowsServices\WindowsAutHost | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\dialer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\powercfg.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\powercfg.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\powercfg.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\powercfg.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\system32\dialer.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\svchost.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of UnmapMainImage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\svchost.exe | N/A |
| N/A | N/A | C:\Windows\system32\svchost.exe | N/A |
| N/A | N/A | C:\Windows\system32\wbem\wmiprvse.exe | N/A |
| N/A | N/A | C:\Windows\system32\svchost.exe | N/A |
| N/A | N/A | C:\Windows\system32\svchost.exe | N/A |
| N/A | N/A | C:\Windows\system32\svchost.exe | N/A |
| N/A | N/A | C:\Windows\system32\svchost.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\system32\winlogon.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
"taskhost.exe"
C:\Windows\system32\Dwm.exe
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://duckduckgo.com/"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://duckduckgo.com/
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2512.0.854466697\262359259" -parentBuildID 20221007134813 -prefsHandle 1232 -prefMapHandle 1224 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0f54974-fb66-4c2d-b7f4-df4a1b3f9947} 2512 "\\.\pipe\gecko-crash-server-pipe.2512" 1296 103d5958 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2512.1.1086154796\182864474" -parentBuildID 20221007134813 -prefsHandle 1484 -prefMapHandle 1480 -prefsLen 21708 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e5bdec6-559a-4f8e-9435-a8f26fec6241} 2512 "\\.\pipe\gecko-crash-server-pipe.2512" 1512 d72b58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2512.2.1881915622\1005920309" -childID 1 -isForBrowser -prefsHandle 2092 -prefMapHandle 2088 -prefsLen 21746 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {204a4a98-a2a0-4469-922b-9fb2456a7043} 2512 "\\.\pipe\gecko-crash-server-pipe.2512" 2104 1a5c3558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2512.3.951252467\80831273" -childID 2 -isForBrowser -prefsHandle 2908 -prefMapHandle 2904 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {809256e7-2d18-486f-8806-c25e1f7a0ea9} 2512 "\\.\pipe\gecko-crash-server-pipe.2512" 2920 1b938d58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2512.4.1126472075\1247998609" -childID 3 -isForBrowser -prefsHandle 3736 -prefMapHandle 3732 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac095ca3-4a40-4843-9a0d-131fcd9c00e6} 2512 "\\.\pipe\gecko-crash-server-pipe.2512" 3740 1df1fb58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2512.5.1365372855\433663329" -childID 4 -isForBrowser -prefsHandle 3852 -prefMapHandle 3856 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b0a9667-9ca0-46e7-946a-f6850c427ad8} 2512 "\\.\pipe\gecko-crash-server-pipe.2512" 3840 1df21f58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2512.6.466198695\1922565121" -childID 5 -isForBrowser -prefsHandle 4020 -prefMapHandle 4024 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f742a91-7921-4041-9ed5-7b86e5abe06b} 2512 "\\.\pipe\gecko-crash-server-pipe.2512" 4008 1df22858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2512.7.325064339\1367802991" -childID 6 -isForBrowser -prefsHandle 4368 -prefMapHandle 4364 -prefsLen 26531 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {92a455eb-f02b-4bc9-903c-50f898c8688b} 2512 "\\.\pipe\gecko-crash-server-pipe.2512" 4380 227dbf58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2512.8.191112465\185775330" -childID 7 -isForBrowser -prefsHandle 4588 -prefMapHandle 4584 -prefsLen 26531 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a4141b0a-009e-4f21-8a3a-616764e38947} 2512 "\\.\pipe\gecko-crash-server-pipe.2512" 4596 22916858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2512.9.609084933\97657143" -parentBuildID 20221007134813 -prefsHandle 4784 -prefMapHandle 4724 -prefsLen 26531 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2727076-890e-4bcb-81b9-ecf89d9332ce} 2512 "\\.\pipe\gecko-crash-server-pipe.2512" 4772 229f9858 rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2512.10.475430049\1701027472" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4744 -prefMapHandle 4752 -prefsLen 26531 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f2cb512-e07b-4d0c-a137-bbe75f4e3bc2} 2512 "\\.\pipe\gecko-crash-server-pipe.2512" 4808 22913258 utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2512.11.92540605\453794888" -childID 8 -isForBrowser -prefsHandle 5144 -prefMapHandle 5140 -prefsLen 26531 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e1e43f6-cab7-4beb-8cc5-830cdbab7785} 2512 "\\.\pipe\gecko-crash-server-pipe.2512" 5156 226cce58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2512.12.761661250\1343509215" -childID 9 -isForBrowser -prefsHandle 5548 -prefMapHandle 5536 -prefsLen 26531 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {706220d3-a6d4-4f83-948d-bf6afb8f6171} 2512 "\\.\pipe\gecko-crash-server-pipe.2512" 5588 d66e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2512.13.1001227838\1717165959" -childID 10 -isForBrowser -prefsHandle 9464 -prefMapHandle 9468 -prefsLen 26531 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {55ef36e9-654f-474a-a0bf-83c0abbae59a} 2512 "\\.\pipe\gecko-crash-server-pipe.2512" 9452 1fffd358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2512.14.635765548\1070241728" -childID 11 -isForBrowser -prefsHandle 4556 -prefMapHandle 4528 -prefsLen 27070 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e806cd7-299f-4e81-aba1-f5fdb36ad6b5} 2512 "\\.\pipe\gecko-crash-server-pipe.2512" 1792 22649258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2512.15.1620293631\1884030463" -childID 12 -isForBrowser -prefsHandle 4192 -prefMapHandle 3340 -prefsLen 27070 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b609fb2-6c3b-41e5-9724-34dbc079e1ed} 2512 "\\.\pipe\gecko-crash-server-pipe.2512" 4976 20146e58 tab
C:\Users\Admin\Downloads\winrar-x64-701.exe
"C:\Users\Admin\Downloads\winrar-x64-701.exe"
C:\Program Files\WinRAR\uninstall.exe
"C:\Program Files\WinRAR\uninstall.exe" /setup
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2512.16.1965010717\1583310269" -childID 13 -isForBrowser -prefsHandle 2156 -prefMapHandle 2164 -prefsLen 27110 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c79645b1-8264-4b26-a9e9-9426104dcddf} 2512 "\\.\pipe\gecko-crash-server-pipe.2512" 2136 25d7be58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2512.17.1317016857\528515564" -childID 14 -isForBrowser -prefsHandle 5016 -prefMapHandle 5056 -prefsLen 27110 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c5e91cfd-1c3a-4f4d-84b5-83ecde54e87f} 2512 "\\.\pipe\gecko-crash-server-pipe.2512" 8632 21310d58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2512.18.1838109728\1362970087" -childID 15 -isForBrowser -prefsHandle 2628 -prefMapHandle 848 -prefsLen 27110 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c13c5183-f798-4e01-a786-9c140f5bd5d2} 2512 "\\.\pipe\gecko-crash-server-pipe.2512" 5044 1efa8558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2512.19.75512195\234357082" -childID 16 -isForBrowser -prefsHandle 8616 -prefMapHandle 8624 -prefsLen 27110 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1d2a20a-454a-4656-9cc7-e40ee49e505d} 2512 "\\.\pipe\gecko-crash-server-pipe.2512" 5016 1ffd6b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2512.20.1894121719\1062601945" -childID 17 -isForBrowser -prefsHandle 8356 -prefMapHandle 8312 -prefsLen 27110 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed669cef-b57d-4994-a6f4-16fef5fa5713} 2512 "\\.\pipe\gecko-crash-server-pipe.2512" 8624 236d6258 tab
C:\Program Files\WinRAR\WinRAR.exe
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\Admin\Downloads\Vanta.zip"
C:\Users\Admin\AppData\Local\Temp\Rar$EXb1868.13100.rartemp\Vanta.exe
"C:\Users\Admin\AppData\Local\Temp\Rar$EXb1868.13100.rartemp\Vanta.exe"
C:\Users\Admin\AppData\Local\Temp\Rar$EXb1868.13100.rartemp\Vanta.exe
"C:\Users\Admin\AppData\Local\Temp\Rar$EXb1868.13100.rartemp\Vanta.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 516
C:\Users\Admin\AppData\Local\Temp\Rar$EXb1868.13896.rartemp\Fix.exe
"C:\Users\Admin\AppData\Local\Temp\Rar$EXb1868.13896.rartemp\Fix.exe"
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop UsoSvc
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop WaaSMedicSvc
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop wuauserv
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop bits
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop dosvc
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "802580752-268034109-1287345949610083661190516930844453381-1983807173779767673"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1261066421-986863019398983875838855669-528466228189125881719069484131627937023"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-905152442-5233764511430814600231942313-3689478714873130541972297467625952127"
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-10274594120508693981352189662139903888176377120819380777081662106458-468732561"
C:\Windows\system32\dialer.exe
C:\Windows\system32\dialer.exe
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe delete "WindowsAutHost"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe create "WindowsAutHost" binpath= "C:\ProgramData\WindowsServices\WindowsAutHost" start= "auto"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1897189998-1855320063-186596251182070217-15858370271250809311059929373-136525893"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop eventlog
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe start "WindowsAutHost"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1608478311-18491580832066236292-992264595-5691655591391618286-19815818841654338114"
C:\ProgramData\WindowsServices\WindowsAutHost
C:\ProgramData\WindowsServices\WindowsAutHost
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-5254337441347991899596806215-692256500554538634267872711769036035333195970"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop UsoSvc
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop WaaSMedicSvc
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop wuauserv
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop bits
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop dosvc
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
C:\Windows\system32\dialer.exe
C:\Windows\system32\dialer.exe
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-11460355111018546123-166172346-343983203-1528730383-873474410-15090472991633477918"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "294474702-79541061925490579694463079916814002891224566385-542044898-1416612933"
C:\Windows\system32\dialer.exe
C:\Windows\system32\dialer.exe
C:\Windows\system32\dialer.exe
dialer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
C:\Users\Admin\Desktop\Fix.exe
"C:\Users\Admin\Desktop\Fix.exe"
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2133799045-643697750250565251-271309849-488256448-9136356631356663278496603374"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop UsoSvc
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-432146763-702658296224467617659777780-13711429651900868506426077136-1678694459"
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop WaaSMedicSvc
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop wuauserv
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop bits
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop dosvc
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
C:\Windows\system32\dialer.exe
C:\Windows\system32\dialer.exe
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-947900564551231702129715595-160288308-1822976840478198347-380629098-768809965"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-18048177351817180165-66300192192100430913293211441326007786-2057006894-2002733795"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-893010413-1299533766-512647143-15374387351958315393-15232204401567718415-1396000027"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-9249225032089189382-1794759508-160103926200610704923980379321302030184169356"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop eventlog
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe start "WindowsAutHost"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "353262775-674737835-1940535413294628723-996578682-21371826391180022527-465591884"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-68629543-1709936626-826361143-20931976781592957117-856179611-1408105613171104090"
C:\ProgramData\WindowsServices\WindowsAutHost
C:\ProgramData\WindowsServices\WindowsAutHost
C:\Users\Admin\Desktop\Vanta.exe
"C:\Users\Admin\Desktop\Vanta.exe"
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-527445710181975571-9505379861280681944-253494387-19625104741881951473-1117691579"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop UsoSvc
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "857818100990933190-1936866719-11739767552965570771031634945167180786-403681841"
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop WaaSMedicSvc
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-245892504-1303398525-11352668151661194424117655404816790858515826699532100103125"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop wuauserv
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-3903746451071239429-9571668611813484614-17425961952040927254-690397088-1747654999"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop bits
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "715818308-2489224781081339503269700578-1791857504827854404154251218-606391413"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop dosvc
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
C:\Windows\system32\dialer.exe
C:\Windows\system32\dialer.exe
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1272655037-1393698894-318102280967151770539262666-1697862481-18096431-917682368"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1885643645-2857063223964926651692916829628622537-12629962025615323231978661728"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "170611320618366060131614883118-779223718-5299695281679869952-1567218784-91744119"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1001051658-252888896167019709-432031931604463979469989945-740525735-797402571"
C:\Users\Admin\Desktop\Vanta.exe
"C:\Users\Admin\Desktop\Vanta.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4392 -s 516
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
C:\Users\Admin\Desktop\Vanta.exe
"C:\Users\Admin\Desktop\Vanta.exe"
C:\Users\Admin\Desktop\Vanta.exe
"C:\Users\Admin\Desktop\Vanta.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 516
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2512.21.1322679281\1213498892" -childID 18 -isForBrowser -prefsHandle 832 -prefMapHandle 5452 -prefsLen 27175 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0141a2df-b973-4c7c-bb58-a39f8ac4ffd3} 2512 "\\.\pipe\gecko-crash-server-pipe.2512" 5444 2130fb58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2512.22.1376027010\1152291491" -childID 19 -isForBrowser -prefsHandle 9396 -prefMapHandle 9404 -prefsLen 27175 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1080f04c-d052-4ae4-95bc-fed862f23dee} 2512 "\\.\pipe\gecko-crash-server-pipe.2512" 5276 21310458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2512.23.1072957693\1475833593" -childID 20 -isForBrowser -prefsHandle 5016 -prefMapHandle 8196 -prefsLen 27175 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {90cf5613-2f6b-439c-a82e-1364ff1abef1} 2512 "\\.\pipe\gecko-crash-server-pipe.2512" 8304 22c89158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2512.24.633445943\140617249" -childID 21 -isForBrowser -prefsHandle 4016 -prefMapHandle 1864 -prefsLen 27175 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a2235ec1-21f7-4b15-8d71-1338e07ee7ae} 2512 "\\.\pipe\gecko-crash-server-pipe.2512" 2408 22c8a658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2512.25.2134708900\1359207090" -childID 22 -isForBrowser -prefsHandle 8372 -prefMapHandle 8392 -prefsLen 27175 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3cc7cd7-1250-4b69-a4da-3f401626d186} 2512 "\\.\pipe\gecko-crash-server-pipe.2512" 8368 24b73e58 tab
C:\Program Files\WinRAR\WinRAR.exe
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\Admin\Downloads\Collapse.zip"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0xc0
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
C:\Users\Admin\Desktop\Collapse v3.1\Collapse.exe
"C:\Users\Admin\Desktop\Collapse v3.1\Collapse.exe"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-60018768919668734681927707613-1034386812-7436403671743694498-21358942421420640851"
C:\Users\Admin\Desktop\Collapse v3.1\Collapse.exe
"C:\Users\Admin\Desktop\Collapse v3.1\Collapse.exe"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "4676287314979244911126738071685936536440305561669234697-174283279-1602442150"
C:\Users\Admin\Desktop\Collapse v3.1\Collapse.exe
"C:\Users\Admin\Desktop\Collapse v3.1\Collapse.exe"
C:\Users\Admin\Desktop\Collapse v3.1\Collapse.exe
"C:\Users\Admin\Desktop\Collapse v3.1\Collapse.exe"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "212791747415013685881245099759861548520155393934-252149033-1078610831-1784819754"
C:\Users\Admin\Desktop\Collapse v3.1\Collapse.exe
"C:\Users\Admin\Desktop\Collapse v3.1\Collapse.exe"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-15871482902044241189447007511-330032551-11941907925685539031051168268-1885809897"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" -Command Add-MpPreference -ExclusionPath 'C:\cgfdto'
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1452329604-10832224-964449270-10891844021741816013085643442049835718-887922792"
C:\Users\Admin\Desktop\Collapse v3.1\Collapse.exe
"C:\Users\Admin\Desktop\Collapse v3.1\Collapse.exe"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2652164022115213892-1501913152-286915644308791151955911184574920773577707794"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" -Command Add-MpPreference -ExclusionPath 'C:\ydngwoxd'
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-284741794-1535350811-1007125553-54272046611560681942003316997-1611917256888284548"
C:\Users\Admin\Desktop\Collapse v3.1\Collapse.exe
"C:\Users\Admin\Desktop\Collapse v3.1\Collapse.exe"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "19124263427267871991600361909-1468550477-203083016613578557651220093581742288307"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" -Command Add-MpPreference -ExclusionPath 'C:\hklwohvkdz'
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "18182485401505722190-1299093291-1646858348-127927832-1380161183-2708210611636483133"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" -Command Add-MpPreference -ExclusionPath 'C:\romodnn'
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1651761690-2061223892123715312712364063001905149884-11039977952255849131419169674"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" -Command Add-MpPreference -ExclusionPath 'C:\vjdwylfj'
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "2002661374-891623881331469448264443117-1481581534-1678179351966963107-135046230"
C:\Users\Admin\Desktop\Collapse v3.1\Collapse.exe
"C:\Users\Admin\Desktop\Collapse v3.1\Collapse.exe"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-10183241431930562827-1034759328-24462505319791531701336001708243085404-1534884619"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 1160
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 1180
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" -Command Add-MpPreference -ExclusionPath 'C:\zsnioqit'
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "6309575913884284511324602471-751240488-20258910321616638240-760627418563076057"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 1160
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5060 -s 1200
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" -Command Add-MpPreference -ExclusionPath 'C:\luidp'
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-10177112-633792987-1357418261440597738258857018990389513778681441874718007"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 1136
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4632 -s 1200
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" -Command Add-MpPreference -ExclusionPath 'C:\fuapshnnrp'
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "777689874-916929867696855904-707067738-1144061113-4163487312138630315-1672884838"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4820 -s 1200
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 1240
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Users\Admin\Desktop\Collapse v3.1\Collapse.exe
"C:\Users\Admin\Desktop\Collapse v3.1\Collapse.exe"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1352158211879695612-525327170-16499161-8283349181310811039-1928578225-1359060617"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Collapse v3.1\aliensee.txt
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" -Command Add-MpPreference -ExclusionPath 'C:\tjpxhw'
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1187269374-68939332919894080541865668171-1159726809-1721521863523807518-1500443223"
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Collapse v3.1\configs.txt
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 1200
C:\Windows\system32\Dwm.exe
"C:\Windows\system32\Dwm.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe -Embedding
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x538
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2512.26.2104372529\519429583" -childID 23 -isForBrowser -prefsHandle 8340 -prefMapHandle 3504 -prefsLen 27884 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c664df4-90a5-4231-bc90-c19d880bdde2} 2512 "\\.\pipe\gecko-crash-server-pipe.2512" 5044 20148658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2512.27.624599146\664884090" -childID 24 -isForBrowser -prefsHandle 3604 -prefMapHandle 5488 -prefsLen 27884 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e389a1e9-9ab7-4b0b-b0b9-07351cdaf575} 2512 "\\.\pipe\gecko-crash-server-pipe.2512" 5156 20148f58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2512.28.805452470\809564388" -childID 25 -isForBrowser -prefsHandle 5272 -prefMapHandle 4132 -prefsLen 27884 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bfd45084-3293-4e54-afa8-030c978a6cad} 2512 "\\.\pipe\gecko-crash-server-pipe.2512" 2872 1d254258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2512.29.1114242391\895812488" -childID 26 -isForBrowser -prefsHandle 2216 -prefMapHandle 4132 -prefsLen 27884 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1cdaaa42-956c-4b7f-abfb-44de52f82109} 2512 "\\.\pipe\gecko-crash-server-pipe.2512" 5376 20497458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2512.30.295908868\349943965" -childID 27 -isForBrowser -prefsHandle 2728 -prefMapHandle 8568 -prefsLen 27884 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {487f8e03-0a94-4cf2-8b52-069a841c88eb} 2512 "\\.\pipe\gecko-crash-server-pipe.2512" 4580 1d2b1a58 tab
C:\Program Files\WinRAR\WinRAR.exe
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\Admin\Downloads\Freakin Product.zip"
C:\Program Files\WinRAR\WinRAR.exe
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\Admin\Downloads\Freakin Product.zip"
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
C:\Users\Admin\Desktop\Freakin Product\Injector.exe
"C:\Users\Admin\Desktop\Freakin Product\Injector.exe"
C:\Users\Admin\Desktop\Freakin Product\Injector.exe
"C:\Users\Admin\Desktop\Freakin Product\Injector.exe"
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
C:\Users\Admin\Desktop\Freakin Product\Injector.exe
"C:\Users\Admin\Desktop\Freakin Product\Injector.exe"
C:\Users\Admin\Desktop\Freakin Product\Injector.exe
"C:\Users\Admin\Desktop\Freakin Product\Injector.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2512.31.992205529\1249329922" -childID 28 -isForBrowser -prefsHandle 4116 -prefMapHandle 1792 -prefsLen 27893 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {27c5ec6f-e62e-4734-a156-6210b249def5} 2512 "\\.\pipe\gecko-crash-server-pipe.2512" 1124 20113758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2512.32.941916509\1051960362" -childID 29 -isForBrowser -prefsHandle 8576 -prefMapHandle 8188 -prefsLen 27893 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {61a8e9e4-1837-4daf-a995-47e61bd3a751} 2512 "\\.\pipe\gecko-crash-server-pipe.2512" 8472 20498f58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2512.33.2045272396\1115503538" -childID 30 -isForBrowser -prefsHandle 8560 -prefMapHandle 9168 -prefsLen 27893 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {87d389f8-8cc7-4136-ada6-3002718cb201} 2512 "\\.\pipe\gecko-crash-server-pipe.2512" 4532 d62258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2512.34.682999526\1710615915" -childID 31 -isForBrowser -prefsHandle 5504 -prefMapHandle 8256 -prefsLen 27893 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d6b2855-a9fc-4c9d-b452-6eee4d6549d4} 2512 "\\.\pipe\gecko-crash-server-pipe.2512" 8448 259a1358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2512.35.47135863\500531750" -childID 32 -isForBrowser -prefsHandle 8572 -prefMapHandle 2612 -prefsLen 27893 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f66fdaa3-7b7c-4817-b242-75466fa7dc02} 2512 "\\.\pipe\gecko-crash-server-pipe.2512" 9256 2054e558 tab
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\instructions.txt
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2512.36.1326800093\1214436384" -childID 33 -isForBrowser -prefsHandle 8492 -prefMapHandle 2096 -prefsLen 27893 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2954bc83-3b7c-4c21-b9ce-c582b10f03be} 2512 "\\.\pipe\gecko-crash-server-pipe.2512" 3616 1d1ed558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2512.37.127840312\1054972056" -childID 34 -isForBrowser -prefsHandle 2136 -prefMapHandle 5000 -prefsLen 27893 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c01af838-d9c2-473a-9f7b-700adcd1f105} 2512 "\\.\pipe\gecko-crash-server-pipe.2512" 9132 1ef49c58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2512.38.2041391786\1747732140" -childID 35 -isForBrowser -prefsHandle 8140 -prefMapHandle 5364 -prefsLen 27893 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e51d100b-53d4-4310-a6e9-442faa7d5c54} 2512 "\\.\pipe\gecko-crash-server-pipe.2512" 8132 1b073958 tab
C:\Program Files\WinRAR\WinRAR.exe
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\Admin\Downloads\InstallPack2025.rar"
C:\Users\Admin\Desktop\Installer.exe
"C:\Users\Admin\Desktop\Installer.exe"
C:\Users\Admin\AppData\Local\Temp\is-Q6DJ1.tmp\Installer.tmp
"C:\Users\Admin\AppData\Local\Temp\is-Q6DJ1.tmp\Installer.tmp" /SL5="$60386,2497748,121344,C:\Users\Admin\Desktop\Installer.exe"
C:\Users\Admin\Desktop\Installer.exe
"C:\Users\Admin\Desktop\Installer.exe" /VERYSILENT
C:\Users\Admin\AppData\Local\Temp\is-97VBK.tmp\Installer.tmp
"C:\Users\Admin\AppData\Local\Temp\is-97VBK.tmp\Installer.tmp" /SL5="$70386,2497748,121344,C:\Users\Admin\Desktop\Installer.exe" /VERYSILENT
C:\Users\Admin\Desktop\Installer.exe
"C:\Users\Admin\Desktop\Installer.exe"
C:\Users\Admin\AppData\Local\Temp\is-BONUG.tmp\Installer.tmp
"C:\Users\Admin\AppData\Local\Temp\is-BONUG.tmp\Installer.tmp" /SL5="$400FE,2497748,121344,C:\Users\Admin\Desktop\Installer.exe"
C:\Users\Admin\Desktop\Installer.exe
"C:\Users\Admin\Desktop\Installer.exe" /VERYSILENT
C:\Users\Admin\AppData\Local\Temp\is-341Q8.tmp\Installer.tmp
"C:\Users\Admin\AppData\Local\Temp\is-341Q8.tmp\Installer.tmp" /SL5="$500FE,2497748,121344,C:\Users\Admin\Desktop\Installer.exe" /VERYSILENT
C:\Users\Admin\Desktop\Installer.exe
"C:\Users\Admin\Desktop\Installer.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe"
C:\Users\Admin\AppData\Local\Temp\is-E4PT4.tmp\Installer.tmp
"C:\Users\Admin\AppData\Local\Temp\is-E4PT4.tmp\Installer.tmp" /SL5="$400CC,2497748,121344,C:\Users\Admin\Desktop\Installer.exe"
C:\Users\Admin\Desktop\Installer.exe
"C:\Users\Admin\Desktop\Installer.exe" /VERYSILENT
C:\Users\Admin\AppData\Local\Temp\is-6CID7.tmp\Installer.tmp
"C:\Users\Admin\AppData\Local\Temp\is-6CID7.tmp\Installer.tmp" /SL5="$500CC,2497748,121344,C:\Users\Admin\Desktop\Installer.exe" /VERYSILENT
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
C:\Windows\SysWOW64\find.exe
find /I "wrsa.exe"
C:\Users\Admin\Desktop\Installer.exe
"C:\Users\Admin\Desktop\Installer.exe"
C:\Users\Admin\AppData\Local\Temp\is-KKV9R.tmp\Installer.tmp
"C:\Users\Admin\AppData\Local\Temp\is-KKV9R.tmp\Installer.tmp" /SL5="$200A4,2497748,121344,C:\Users\Admin\Desktop\Installer.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe"
C:\Users\Admin\Desktop\Installer.exe
"C:\Users\Admin\Desktop\Installer.exe" /VERYSILENT
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "39332690315306084272006343701-13419708762034108080-16665595951891503409-393631941"
C:\Users\Admin\AppData\Local\Temp\is-26I9R.tmp\Installer.tmp
"C:\Users\Admin\AppData\Local\Temp\is-26I9R.tmp\Installer.tmp" /SL5="$300A4,2497748,121344,C:\Users\Admin\Desktop\Installer.exe" /VERYSILENT
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
C:\Windows\SysWOW64\find.exe
find /I "wrsa.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH
C:\Windows\SysWOW64\find.exe
find /I "opssvc.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1048222587-329712599-1367435600-2015014930-6785616661893497036-4639160051497346381"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH
C:\Windows\SysWOW64\find.exe
find /I "opssvc.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1896943391-71703480615743090061697733174-2044782610-2065883971-8655289631395386929"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH
C:\Windows\SysWOW64\find.exe
find /I "avastui.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-3910996391334275432-774601376-18935209920701167731583567310-1059763271522240067"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
C:\Windows\SysWOW64\find.exe
find /I "avgui.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH
C:\Windows\SysWOW64\find.exe
find /I "avastui.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1695836733-1295338392044448913789550433607363120-16421737382112016077-1833144902"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
C:\Windows\SysWOW64\find.exe
find /I "nswscsvc.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
C:\Windows\SysWOW64\find.exe
find /I "avgui.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "2734985671588439202-533886338-2065302165-1915125589-46408214-1933873145984575041"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
C:\Windows\SysWOW64\find.exe
find /I "nswscsvc.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
C:\Windows\SysWOW64\find.exe
find /I "sophoshealth.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe"
C:\Users\Admin\AppData\Local\Temp\is-SCP41.tmp\GMSPowerCtrl.exe
"C:\Users\Admin\AppData\Local\Temp\is-SCP41.tmp\GMSPowerCtrl.exe"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "3984579392284854231790871386-1897277914-3843355874140351231019533205-460922848"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
C:\Windows\SysWOW64\find.exe
find /I "sophoshealth.exe"
C:\Users\Admin\AppData\Local\Temp\is-O3CJ4.tmp\GMSPowerCtrl.exe
"C:\Users\Admin\AppData\Local\Temp\is-O3CJ4.tmp\GMSPowerCtrl.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
C:\Windows\SysWOW64\find.exe
find /I "wrsa.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
C:\Windows\SysWOW64\find.exe
find /I "wrsa.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1103478689-45855953272163752837072840-1852909108-187111470219627662281922650330"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH
C:\Windows\SysWOW64\find.exe
find /I "opssvc.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH
C:\Windows\SysWOW64\find.exe
find /I "opssvc.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH
C:\Windows\SysWOW64\find.exe
find /I "avastui.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH
C:\Windows\SysWOW64\find.exe
find /I "avastui.exe"
C:\Users\Admin\AppData\Local\Temp\is-SCP41.tmp\GMSPowerCtrl.exe
"C:\Users\Admin\AppData\Local\Temp\is-SCP41.tmp\GMSPowerCtrl.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
C:\Windows\SysWOW64\find.exe
find /I "avgui.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
C:\Windows\SysWOW64\find.exe
find /I "avgui.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "27150722-14828063841835947984-414014393-410376497-1318351169-1674306901-223174489"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
C:\Windows\SysWOW64\find.exe
find /I "nswscsvc.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
C:\Windows\SysWOW64\find.exe
find /I "nswscsvc.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
C:\Windows\SysWOW64\find.exe
find /I "sophoshealth.exe"
C:\Windows\SysWOW64\find.exe
find /I "sophoshealth.exe"
C:\Users\Admin\AppData\Local\Temp\is-G68GS.tmp\GMSPowerCtrl.exe
"C:\Users\Admin\AppData\Local\Temp\is-G68GS.tmp\GMSPowerCtrl.exe"
C:\Users\Admin\AppData\Local\Temp\is-SBAFS.tmp\GMSPowerCtrl.exe
"C:\Users\Admin\AppData\Local\Temp\is-SBAFS.tmp\GMSPowerCtrl.exe"
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
C:\Program Files\WinRAR\WinRAR.exe
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\Admin\Downloads\offline installer.rar"
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34034.rartemp\Installer.exe
"C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34034.rartemp\Installer.exe"
C:\Users\Admin\AppData\Local\Temp\is-BNPME.tmp\Installer.tmp
"C:\Users\Admin\AppData\Local\Temp\is-BNPME.tmp\Installer.tmp" /SL5="$900A4,2497748,121344,C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34034.rartemp\Installer.exe"
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34034.rartemp\Installer.exe
"C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34034.rartemp\Installer.exe" /VERYSILENT
C:\Users\Admin\AppData\Local\Temp\is-1UANM.tmp\Installer.tmp
"C:\Users\Admin\AppData\Local\Temp\is-1UANM.tmp\Installer.tmp" /SL5="$A00A4,2497748,121344,C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34034.rartemp\Installer.exe" /VERYSILENT
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Installer.exe
"C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Installer.exe"
C:\Users\Admin\AppData\Local\Temp\is-T48C1.tmp\Installer.tmp
"C:\Users\Admin\AppData\Local\Temp\is-T48C1.tmp\Installer.tmp" /SL5="$9009E,2497748,121344,C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Installer.exe"
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Installer.exe
"C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Installer.exe" /VERYSILENT
C:\Users\Admin\AppData\Local\Temp\is-HHR2P.tmp\Installer.tmp
"C:\Users\Admin\AppData\Local\Temp\is-HHR2P.tmp\Installer.tmp" /SL5="$A009E,2497748,121344,C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Installer.exe" /VERYSILENT
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
C:\Windows\SysWOW64\find.exe
find /I "wrsa.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH
C:\Windows\SysWOW64\find.exe
find /I "opssvc.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH
C:\Windows\SysWOW64\find.exe
find /I "avastui.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
C:\Windows\SysWOW64\find.exe
find /I "avgui.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
C:\Windows\SysWOW64\find.exe
find /I "nswscsvc.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
C:\Windows\SysWOW64\find.exe
find /I "sophoshealth.exe"
C:\Users\Admin\AppData\Local\Temp\is-5IPTM.tmp\GMSPowerCtrl.exe
"C:\Users\Admin\AppData\Local\Temp\is-5IPTM.tmp\GMSPowerCtrl.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
C:\Windows\SysWOW64\find.exe
find /I "wrsa.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH
C:\Windows\SysWOW64\find.exe
find /I "opssvc.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH
C:\Windows\SysWOW64\find.exe
find /I "avastui.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | duckduckgo.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| IE | 52.142.124.215:443 | duckduckgo.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | duckduckgo.com | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | duckduckgo.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| N/A | 127.0.0.1:49185 | tcp | |
| N/A | 127.0.0.1:49193 | tcp | |
| US | 8.8.8.8:53 | improving.duckduckgo.com | udp |
| IE | 52.142.124.215:443 | improving.duckduckgo.com | tcp |
| US | 8.8.8.8:53 | links.duckduckgo.com | udp |
| IE | 20.223.54.233:443 | links.duckduckgo.com | tcp |
| US | 8.8.8.8:53 | links.duckduckgo.com | udp |
| IE | 52.142.124.215:443 | improving.duckduckgo.com | tcp |
| US | 8.8.8.8:53 | links.duckduckgo.com | udp |
| US | 8.8.8.8:53 | external-content.duckduckgo.com | udp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| US | 8.8.8.8:53 | external-content.duckduckgo.com | udp |
| US | 8.8.8.8:53 | external-content.duckduckgo.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| DE | 142.250.186.46:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| DE | 142.250.186.46:443 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| DE | 142.250.184.214:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| DE | 142.250.184.214:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 64.233.184.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 64.233.184.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| DE | 142.250.185.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| DE | 142.250.185.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | suggestqueries-clients6.youtube.com | udp |
| US | 216.58.206.78:443 | suggestqueries-clients6.youtube.com | tcp |
| US | 216.58.206.78:443 | suggestqueries-clients6.youtube.com | tcp |
| US | 8.8.8.8:53 | suggestqueries-clients6.youtube.com | udp |
| US | 8.8.8.8:53 | suggestqueries-clients6.youtube.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| DE | 142.250.185.142:443 | play.google.com | tcp |
| DE | 142.250.185.142:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 216.58.206.78:443 | suggestqueries-clients6.youtube.com | udp |
| DE | 142.250.185.142:443 | play.google.com | udp |
| US | 216.58.206.78:443 | suggestqueries-clients6.youtube.com | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| DE | 172.217.18.14:443 | youtube.com | tcp |
| US | 8.8.8.8:53 | youtube.com | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| DE | 172.217.18.14:443 | youtube.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| DE | 142.250.185.202:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| DE | 142.250.185.202:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| DE | 142.250.185.202:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| DE | 142.250.185.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| DE | 142.250.185.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | support.mozilla.org | udp |
| US | 8.8.8.8:53 | www.mozilla.org | udp |
| US | 8.8.8.8:53 | wiki.mozilla.org | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | www-mozilla.fastly-edge.com | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | www-mozilla.fastly-edge.com | udp |
| US | 8.8.8.8:53 | prod.wikimo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.wikimo.prod.webservices.mozgcp.net | udp |
| IE | 52.142.124.215:443 | improving.duckduckgo.com | tcp |
| US | 8.8.8.8:53 | duckduckgo.com | udp |
| IE | 20.223.54.233:443 | links.duckduckgo.com | tcp |
| US | 8.8.8.8:53 | links.duckduckgo.com | udp |
| US | 8.8.8.8:53 | duckduckgo.com | udp |
| US | 8.8.8.8:53 | links.duckduckgo.com | udp |
| US | 8.8.8.8:53 | links.duckduckgo.com | udp |
| US | 8.8.8.8:53 | links.duckduckgo.com | udp |
| US | 8.8.8.8:53 | www.win-rar.com | udp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| US | 8.8.8.8:53 | www.win-rar.com | udp |
| US | 8.8.8.8:53 | www.win-rar.com | udp |
| US | 8.8.8.8:53 | www.win-rar.com | udp |
| US | 8.8.8.8:53 | www.win-rar.com | udp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| DE | 142.250.186.46:443 | youtube-ui.l.google.com | udp |
| DE | 142.250.186.142:443 | consent.youtube.com | tcp |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| DE | 142.250.186.142:443 | consent.youtube.com | udp |
| US | 216.58.206.78:443 | suggestqueries-clients6.youtube.com | udp |
| US | 216.58.206.78:443 | suggestqueries-clients6.youtube.com | udp |
| DE | 142.250.184.214:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| DE | 172.217.16.193:443 | yt3.ggpht.com | tcp |
| US | 8.8.8.8:53 | photos-ugc.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | photos-ugc.l.googleusercontent.com | udp |
| DE | 172.217.16.193:443 | photos-ugc.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | rr4---sn-aigzrnsl.googlevideo.com | udp |
| GB | 74.125.168.233:443 | rr4---sn-aigzrnsl.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr4.sn-aigzrnsl.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr4.sn-aigzrnsl.googlevideo.com | udp |
| GB | 74.125.168.233:443 | rr4.sn-aigzrnsl.googlevideo.com | udp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| DE | 142.250.186.97:443 | lh4.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | googlehosted.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | googlehosted.l.googleusercontent.com | udp |
| DE | 142.250.186.97:443 | googlehosted.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | rr2---sn-aigzrn7d.googlevideo.com | udp |
| GB | 173.194.138.199:443 | rr2---sn-aigzrn7d.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr2.sn-aigzrn7d.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr2.sn-aigzrn7d.googlevideo.com | udp |
| GB | 173.194.138.199:443 | rr2.sn-aigzrn7d.googlevideo.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| DE | 142.250.186.97:443 | lh3.googleusercontent.com | tcp |
| DE | 142.250.186.97:443 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| DE | 142.250.185.142:443 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| DE | 142.250.185.142:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | yt3.googleusercontent.com | udp |
| DE | 142.250.185.193:443 | yt3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | yt3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | yt3.googleusercontent.com | udp |
| DE | 142.250.185.193:443 | yt3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | rr5---sn-aigzrn7e.googlevideo.com | udp |
| GB | 173.194.5.42:443 | rr5---sn-aigzrn7e.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr5.sn-aigzrn7e.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr5.sn-aigzrn7e.googlevideo.com | udp |
| GB | 173.194.5.42:443 | rr5.sn-aigzrn7e.googlevideo.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 104.17.150.117:80 | www.mediafire.com | tcp |
| US | 104.17.150.117:80 | www.mediafire.com | tcp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 104.17.150.117:443 | www.mediafire.com | tcp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 104.17.150.117:443 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 104.17.150.117:443 | static.mediafire.com | tcp |
| US | 104.17.150.117:443 | static.mediafire.com | tcp |
| US | 104.17.150.117:443 | static.mediafire.com | tcp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| DE | 142.250.185.228:443 | www.google.com | tcp |
| DE | 142.250.185.138:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 104.17.150.117:443 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| DE | 142.250.185.228:443 | www.google.com | udp |
| DE | 142.250.185.138:443 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| DE | 142.250.186.46:443 | translate.google.com | tcp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| DE | 142.250.186.46:443 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| GB | 18.154.84.124:443 | cdn.amplitude.com | tcp |
| FR | 163.70.128.23:443 | scontent.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| DE | 142.250.184.202:443 | translate.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| FR | 163.70.128.23:443 | scontent.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| DE | 142.250.184.202:443 | translate.googleapis.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| FR | 163.70.128.23:443 | scontent.xx.fbcdn.net | udp |
| US | 52.34.90.139:443 | api.amplitude.com | tcp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| DE | 172.217.18.99:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| DE | 172.217.16.202:443 | translate-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| DE | 172.217.16.202:443 | translate-pa.googleapis.com | udp |
| DE | 172.217.18.99:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | star-mini.c10r.facebook.com | udp |
| US | 8.8.8.8:53 | star-mini.c10r.facebook.com | udp |
| BE | 142.251.168.154:443 | stats.g.doubleclick.net | tcp |
| GB | 163.70.147.35:443 | www.facebook.com | udp |
| BE | 142.251.168.154:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 172.67.199.186:443 | the.gatekeeperconsent.com | tcp |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 172.67.199.186:443 | the.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| US | 104.21.42.32:443 | privacy.gatekeeperconsent.com | tcp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | cdn.otnolatrnup.com | udp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.19.208.227:443 | cdn.otnolatrnup.com | tcp |
| US | 8.8.8.8:53 | cdn.otnolatrnup.com | udp |
| US | 104.21.42.32:443 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | cdn.otnolatrnup.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.19.208.227:443 | cdn.otnolatrnup.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 104.19.208.227:443 | otnolatrnup.com | tcp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 104.19.208.227:443 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | www.mediafiredls.com | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | www.mediafiredls.com | udp |
| US | 104.26.2.173:443 | www.mediafiredls.com | tcp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | www.mediafiredls.com | udp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| GB | 18.245.143.58:443 | tags.crwdcntrl.net | tcp |
| IE | 34.255.103.133:443 | ad.crwdcntrl.net | tcp |
| IE | 63.32.145.18:443 | ad.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | download2271.mediafire.com | udp |
| US | 104.18.159.164:443 | otnolatrnup.com | tcp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 199.91.155.12:443 | download2271.mediafire.com | tcp |
| US | 8.8.8.8:53 | download2271.mediafire.com | udp |
| US | 8.8.8.8:53 | download2271.mediafire.com | udp |
| US | 104.18.159.164:443 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| DE | 142.250.185.142:443 | play.google.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 104.18.159.164:80 | otnolatrnup.com | tcp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | woreppercomming.com | udp |
| IT | 52.222.130.30:443 | woreppercomming.com | tcp |
| US | 8.8.8.8:53 | woreppercomming.com | udp |
| US | 8.8.8.8:53 | www.chancial.com | udp |
| US | 104.21.79.34:443 | www.chancial.com | tcp |
| US | 8.8.8.8:53 | www.chancial.com | udp |
| US | 8.8.8.8:53 | www.chancial.com | udp |
| US | 104.21.79.34:443 | www.chancial.com | udp |
| US | 8.8.8.8:53 | www.opera.com | udp |
| DE | 18.184.153.27:443 | www.opera.com | tcp |
| US | 8.8.8.8:53 | front-geo.production.opera-website.route53.opera.com | udp |
| US | 8.8.8.8:53 | front-geo.production.opera-website.route53.opera.com | udp |
| US | 8.8.8.8:53 | cdn-production-opera-website.operacdn.com | udp |
| US | 8.8.8.8:53 | www.googleoptimize.com | udp |
| FR | 104.85.36.228:443 | cdn-production-opera-website.operacdn.com | tcp |
| FR | 104.85.36.228:443 | cdn-production-opera-website.operacdn.com | tcp |
| FR | 104.85.36.228:443 | cdn-production-opera-website.operacdn.com | tcp |
| FR | 104.85.36.228:443 | cdn-production-opera-website.operacdn.com | tcp |
| FR | 104.85.36.228:443 | cdn-production-opera-website.operacdn.com | tcp |
| FR | 104.85.36.228:443 | cdn-production-opera-website.operacdn.com | tcp |
| US | 8.8.8.8:53 | e11604.dscf.akamaiedge.net | udp |
| US | 216.58.206.78:443 | www.googleoptimize.com | tcp |
| US | 8.8.8.8:53 | www.googleoptimize.com | udp |
| US | 8.8.8.8:53 | e11604.dscf.akamaiedge.net | udp |
| US | 8.8.8.8:53 | www.googleoptimize.com | udp |
| US | 216.58.206.78:443 | www.googleoptimize.com | udp |
| US | 8.8.8.8:53 | woreppercomming.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | notifier.win-rar.com | udp |
| DE | 51.195.68.173:443 | notifier.win-rar.com | tcp |
| DE | 51.195.68.173:443 | notifier.win-rar.com | tcp |
| US | 8.8.8.8:53 | warlikedbeliev.org | udp |
| US | 172.67.181.203:443 | warlikedbeliev.org | tcp |
| US | 8.8.8.8:53 | pool.hashvault.pro | udp |
| DE | 80.240.16.67:80 | pool.hashvault.pro | tcp |
| US | 8.8.8.8:53 | slkpanel3458647.site | udp |
| US | 104.17.150.117:443 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.19.117.22:80 | crl.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 23.44.65.132:80 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | warlikedbeliev.org | udp |
| US | 172.67.181.203:443 | warlikedbeliev.org | tcp |
| US | 172.67.181.203:443 | warlikedbeliev.org | tcp |
| US | 172.67.181.203:443 | warlikedbeliev.org | tcp |
| US | 172.67.181.203:443 | warlikedbeliev.org | tcp |
| DE | 142.250.184.202:443 | translate-pa.googleapis.com | udp |
| DE | 142.250.184.214:443 | i.ytimg.com | udp |
| GB | 173.194.138.199:443 | rr2.sn-aigzrn7d.googlevideo.com | udp |
| DE | 172.217.16.193:443 | photos-ugc.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | rr1---sn-aigzrn7e.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr1.sn-aigzrn7e.googlevideo.com | udp |
| GB | 173.194.5.38:443 | rr1.sn-aigzrn7e.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr1.sn-aigzrn7e.googlevideo.com | udp |
| GB | 173.194.5.38:443 | rr1.sn-aigzrn7e.googlevideo.com | udp |
| US | 104.17.150.117:443 | www.mediafire.com | udp |
| US | 104.17.150.117:443 | www.mediafire.com | udp |
| DE | 142.250.185.138:443 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| DE | 142.250.186.46:443 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| FR | 163.70.128.23:443 | scontent.xx.fbcdn.net | udp |
| FR | 163.70.128.23:443 | scontent.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| DE | 172.217.16.202:443 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| FR | 163.70.128.35:443 | www.facebook.com | udp |
| US | 8.8.8.8:53 | star-mini.c10r.facebook.com | udp |
| US | 8.8.8.8:53 | star-mini.c10r.facebook.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | rr4---sn-aigzrn7d.googlevideo.com | udp |
| GB | 173.194.138.201:443 | rr4---sn-aigzrn7d.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr4.sn-aigzrn7d.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr4.sn-aigzrn7d.googlevideo.com | udp |
| GB | 173.194.138.201:443 | rr4.sn-aigzrn7d.googlevideo.com | udp |
| US | 8.8.8.8:53 | slkpanel3458647.site | udp |
| US | 8.8.8.8:53 | rr4---sn-aigzrnsl.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr4.sn-aigzrnsl.googlevideo.com | udp |
| US | 8.8.8.8:53 | app.mediafire.com | udp |
| US | 8.8.8.8:53 | rr4.sn-aigzrnsl.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr2---sn-aigzrn7d.googlevideo.com | udp |
| US | 104.17.151.117:443 | www.mediafire.com | tcp |
| US | 8.8.8.8:53 | rr5---sn-aigzrn7e.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr2.sn-aigzrn7d.googlevideo.com | udp |
| US | 8.8.8.8:53 | app.mediafire.com | udp |
| US | 8.8.8.8:53 | rr5.sn-aigzrn7e.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr2.sn-aigzrn7d.googlevideo.com | udp |
| US | 8.8.8.8:53 | app.mediafire.com | udp |
| US | 8.8.8.8:53 | rr5.sn-aigzrn7e.googlevideo.com | udp |
| US | 104.17.151.117:443 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| DE | 172.217.18.99:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | app.mediafire.com | udp |
| US | 8.8.8.8:53 | app.mediafire.com | udp |
| US | 8.8.8.8:53 | sessions.bugsnag.com | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 35.190.88.7:443 | sessions.bugsnag.com | tcp |
| US | 35.190.88.7:443 | sessions.bugsnag.com | tcp |
| US | 8.8.8.8:53 | sessions.bugsnag.com | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | sessions.bugsnag.com | udp |
| BE | 142.251.168.154:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 35.190.88.7:443 | sessions.bugsnag.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 172.67.199.186:443 | the.gatekeeperconsent.com | udp |
| US | 104.21.42.32:443 | the.gatekeeperconsent.com | udp |
| US | 104.19.208.227:443 | otnolatrnup.com | udp |
| US | 104.19.208.227:443 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| US | 104.21.42.32:443 | the.gatekeeperconsent.com | udp |
| US | 172.67.199.186:443 | the.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 104.18.159.164:443 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | download2335.mediafire.com | udp |
| US | 199.91.155.76:443 | download2335.mediafire.com | tcp |
| US | 8.8.8.8:53 | download2335.mediafire.com | udp |
| US | 8.8.8.8:53 | download2335.mediafire.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| DE | 142.250.185.142:443 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | track.wargaming-aff.com | udp |
| NL | 35.204.100.195:443 | track.wargaming-aff.com | tcp |
| US | 8.8.8.8:53 | wargaming-affiliate.g2afse.com | udp |
| US | 8.8.8.8:53 | wargaming-affiliate.g2afse.com | udp |
| US | 8.8.8.8:53 | track.wg-aff.com | udp |
| NL | 35.204.130.99:443 | track.wg-aff.com | tcp |
| US | 8.8.8.8:53 | clk.wargaming.net | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| LU | 92.223.23.231:443 | clk.wargaming.net | tcp |
| US | 8.8.8.8:53 | clk.wargaming.net | udp |
| US | 8.8.8.8:53 | clk.wargaming.net | udp |
| US | 8.8.8.8:53 | promo.worldofwarships.eu | udp |
| GB | 93.123.11.62:443 | promo.worldofwarships.eu | tcp |
| US | 8.8.8.8:53 | cl-4fe8a58f.gcdn.co | udp |
| US | 8.8.8.8:53 | cl-4fe8a58f.gcdn.co | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| DE | 142.250.185.142:443 | play.google.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| GB | 88.221.134.209:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| DE | 142.250.185.206:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| DE | 142.250.185.206:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r4---sn-aigzrnsz.gvt1.com | udp |
| GB | 74.125.175.169:443 | r4---sn-aigzrnsz.gvt1.com | tcp |
| US | 8.8.8.8:53 | r4.sn-aigzrnsz.gvt1.com | udp |
| US | 8.8.8.8:53 | r4.sn-aigzrnsz.gvt1.com | udp |
| GB | 74.125.175.169:443 | r4.sn-aigzrnsz.gvt1.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| DE | 142.250.184.214:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| US | 8.8.8.8:53 | photos-ugc.l.googleusercontent.com | udp |
| DE | 172.217.16.193:443 | photos-ugc.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | photos-ugc.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | rr1---sn-aigzrn7z.googlevideo.com | udp |
| GB | 173.194.135.102:443 | rr1---sn-aigzrn7z.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr1.sn-aigzrn7z.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr1.sn-aigzrn7z.googlevideo.com | udp |
| GB | 173.194.135.102:443 | rr1.sn-aigzrn7z.googlevideo.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| DE | 142.250.186.97:443 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | googlehosted.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | googlehosted.l.googleusercontent.com | udp |
| DE | 142.250.186.97:443 | googlehosted.l.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | rr3---sn-aigzrn7d.googlevideo.com | udp |
| GB | 173.194.138.200:443 | rr3---sn-aigzrn7d.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr3.sn-aigzrn7d.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr3.sn-aigzrn7d.googlevideo.com | udp |
| GB | 173.194.138.200:443 | rr3.sn-aigzrn7d.googlevideo.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | bit.ly | udp |
| US | 67.199.248.10:443 | bit.ly | tcp |
| US | 67.199.248.10:443 | bit.ly | udp |
| US | 8.8.8.8:53 | mega.nz | udp |
| US | 8.8.8.8:53 | mega.nz | udp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| US | 8.8.8.8:53 | mega.nz | udp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| LU | 66.203.124.37:443 | eu.static.mega.co.nz | tcp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| LU | 66.203.124.37:443 | eu.static.mega.co.nz | tcp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| US | 8.8.8.8:53 | g.api.mega.co.nz | udp |
| LU | 66.203.125.12:443 | g.api.mega.co.nz | tcp |
| LU | 66.203.125.12:443 | g.api.mega.co.nz | tcp |
| US | 8.8.8.8:53 | lu.api.mega.co.nz | udp |
| US | 8.8.8.8:53 | lu.api.mega.co.nz | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | mega.nz | udp |
| US | 8.8.8.8:53 | mega.nz | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| DE | 142.250.185.142:443 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | g.megaad.nz | udp |
| LU | 89.44.169.132:443 | g.megaad.nz | tcp |
| US | 8.8.8.8:53 | g.megaad.nz | udp |
| US | 8.8.8.8:53 | gfs208n158.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs206n166.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs204n165.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs270n422.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs214n158.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs240n111.userstorage.mega.co.nz | udp |
| FR | 185.206.26.68:443 | gfs208n158.userstorage.mega.co.nz | tcp |
| FR | 185.206.26.68:443 | gfs208n158.userstorage.mega.co.nz | tcp |
| FR | 185.206.26.68:443 | gfs208n158.userstorage.mega.co.nz | tcp |
| FR | 185.206.26.68:443 | gfs208n158.userstorage.mega.co.nz | tcp |
| NL | 185.206.24.113:443 | gfs204n165.userstorage.mega.co.nz | tcp |
| US | 8.8.8.8:53 | gfs206n166.userstorage.mega.co.nz | udp |
| NL | 185.206.24.113:443 | gfs204n165.userstorage.mega.co.nz | tcp |
| NL | 185.206.24.113:443 | gfs204n165.userstorage.mega.co.nz | tcp |
| NL | 185.206.24.113:443 | gfs204n165.userstorage.mega.co.nz | tcp |
| BE | 94.24.37.76:443 | gfs206n166.userstorage.mega.co.nz | tcp |
| BE | 94.24.37.76:443 | gfs206n166.userstorage.mega.co.nz | tcp |
| BE | 94.24.37.76:443 | gfs206n166.userstorage.mega.co.nz | tcp |
| BE | 94.24.37.76:443 | gfs206n166.userstorage.mega.co.nz | tcp |
| SE | 69.30.89.21:443 | gfs240n111.userstorage.mega.co.nz | tcp |
| US | 8.8.8.8:53 | gfs208n158.userstorage.mega.co.nz | udp |
| SE | 69.30.89.21:443 | gfs240n111.userstorage.mega.co.nz | tcp |
| SE | 69.30.89.21:443 | gfs240n111.userstorage.mega.co.nz | tcp |
| SE | 69.30.89.21:443 | gfs240n111.userstorage.mega.co.nz | tcp |
| US | 8.8.8.8:53 | gfs204n165.userstorage.mega.co.nz | udp |
| LU | 89.44.168.250:443 | gfs270n422.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.250:443 | gfs270n422.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.250:443 | gfs270n422.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.250:443 | gfs270n422.userstorage.mega.co.nz | tcp |
| ES | 185.206.27.68:443 | gfs214n158.userstorage.mega.co.nz | tcp |
| ES | 185.206.27.68:443 | gfs214n158.userstorage.mega.co.nz | tcp |
| ES | 185.206.27.68:443 | gfs214n158.userstorage.mega.co.nz | tcp |
| ES | 185.206.27.68:443 | gfs214n158.userstorage.mega.co.nz | tcp |
| US | 8.8.8.8:53 | gfs208n158.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs206n166.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs204n165.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs240n111.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs270n422.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs214n158.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs240n111.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs214n158.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs270n422.userstorage.mega.co.nz | udp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| US | 8.8.8.8:53 | mega.nz | udp |
| US | 8.8.8.8:53 | mega.nz | udp |
| US | 8.8.8.8:53 | vpn.mega.nz | udp |
| LU | 66.203.125.12:443 | lu.api.mega.co.nz | tcp |
| LU | 66.203.124.51:443 | vpn.mega.nz | tcp |
| US | 8.8.8.8:53 | vpn.mega.nz | udp |
| US | 8.8.8.8:53 | vpn.mega.nz | udp |
| US | 8.8.8.8:53 | mega.io | udp |
| LU | 89.44.169.134:443 | mega.io | tcp |
| US | 8.8.8.8:53 | mega.io | udp |
| US | 8.8.8.8:53 | mega.io | udp |
| US | 8.8.8.8:53 | g.api.mega.co.nz | udp |
| LU | 66.203.125.15:443 | g.api.mega.co.nz | tcp |
| LU | 66.203.125.15:443 | g.api.mega.co.nz | tcp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| DE | 142.250.184.214:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| DE | 142.250.185.142:443 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| DE | 142.250.184.214:443 | i.ytimg.com | udp |
| DE | 172.217.16.193:443 | photos-ugc.l.googleusercontent.com | udp |
| DE | 142.250.186.46:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | rr1---sn-aigzrnsl.googlevideo.com | udp |
| GB | 74.125.168.230:443 | rr1---sn-aigzrnsl.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr1.sn-aigzrnsl.googlevideo.com | udp |
| GB | 74.125.168.230:443 | rr1.sn-aigzrnsl.googlevideo.com | udp |
| US | 8.8.8.8:53 | app.mediafire.com | udp |
| US | 8.8.8.8:53 | app.mediafire.com | udp |
| US | 104.17.151.117:443 | app.mediafire.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | app.mediafire.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | app.mediafire.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| DE | 172.217.18.99:443 | www.google.co.uk | udp |
| DE | 172.217.18.99:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 8.8.8.8:53 | sessions.bugsnag.com | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 35.190.88.7:443 | sessions.bugsnag.com | udp |
| US | 52.26.109.135:443 | api.amplitude.com | tcp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 8.8.8.8:53 | sessions.bugsnag.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 104.17.151.117:443 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 172.67.199.186:443 | the.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 8.8.8.8:53 | cdn.otnolatrnup.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 8.8.8.8:53 | cdn.otnolatrnup.com | udp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| US | 104.19.208.227:443 | cdn.otnolatrnup.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| GB | 18.154.84.124:443 | cdn.amplitude.com | tcp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | cdn.otnolatrnup.com | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 104.19.208.227:443 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 104.21.42.32:443 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | www.mediafiredls.com | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| US | 104.26.2.173:443 | www.mediafiredls.com | tcp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | www.mediafiredls.com | udp |
| US | 8.8.8.8:53 | www.mediafiredls.com | udp |
| GB | 18.245.143.58:443 | tags.crwdcntrl.net | tcp |
| IE | 63.32.145.18:443 | ad.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | download1529.mediafire.com | udp |
| US | 104.18.159.164:443 | otnolatrnup.com | udp |
| US | 205.196.123.217:443 | download1529.mediafire.com | tcp |
| US | 8.8.8.8:53 | download1529.mediafire.com | udp |
| US | 8.8.8.8:53 | track.wargaming-aff.com | udp |
| US | 8.8.8.8:53 | track.wargaming-aff.com | udp |
| US | 8.8.8.8:53 | wargaming-affiliate.g2afse.com | udp |
| US | 8.8.8.8:53 | track.wargaming-aff.com | udp |
| NL | 35.204.130.99:443 | track.wargaming-aff.com | tcp |
| US | 8.8.8.8:53 | track.wg-aff.com | udp |
| US | 8.8.8.8:53 | track.wg-aff.com | udp |
| US | 8.8.8.8:53 | track.wg-aff.com | udp |
| NL | 35.204.130.99:443 | track.wg-aff.com | tcp |
| US | 8.8.8.8:53 | trck.wargaming.net | udp |
| LU | 92.223.23.230:443 | trck.wargaming.net | tcp |
| US | 8.8.8.8:53 | trck.wargaming.net | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | trck.wargaming.net | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 104.21.42.32:443 | privacy.gatekeeperconsent.com | udp |
| US | 104.19.208.227:443 | otnolatrnup.com | udp |
| US | 104.21.42.32:443 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | download2348.mediafire.com | udp |
| US | 199.91.155.89:443 | download2348.mediafire.com | tcp |
| US | 8.8.8.8:53 | download2348.mediafire.com | udp |
| US | 8.8.8.8:53 | download2348.mediafire.com | udp |
| US | 8.8.8.8:53 | clk.wargaming.net | udp |
| LU | 92.223.23.231:443 | clk.wargaming.net | tcp |
| US | 8.8.8.8:53 | clk.wargaming.net | udp |
| US | 8.8.8.8:53 | promo.worldofwarships.eu | udp |
| US | 8.8.8.8:53 | promo.worldofwarships.eu | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | cl-4fe8a58f.gcdn.co | udp |
| US | 8.8.8.8:53 | promo.worldofwarships.eu | udp |
| GB | 93.123.11.62:443 | promo.worldofwarships.eu | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | cl-4fe8a58f.gcdn.co | udp |
| US | 8.8.8.8:53 | cl-4fe8a58f.gcdn.co | udp |
| US | 8.8.8.8:53 | promo-cdn.worldofwarships.com | udp |
| US | 8.8.8.8:53 | tenor.wargaming.net | udp |
| GB | 93.123.11.62:443 | promo-cdn.worldofwarships.com | tcp |
| GB | 93.123.11.62:443 | promo-cdn.worldofwarships.com | tcp |
| GB | 93.123.11.62:443 | promo-cdn.worldofwarships.com | tcp |
| GB | 93.123.11.62:443 | promo-cdn.worldofwarships.com | tcp |
| GB | 93.123.11.62:443 | promo-cdn.worldofwarships.com | tcp |
| GB | 93.123.11.62:443 | promo-cdn.worldofwarships.com | tcp |
| US | 8.8.8.8:53 | fe-ed3.wgcrowd.io | udp |
| LU | 92.223.21.23:443 | fe-ed3.wgcrowd.io | tcp |
| US | 8.8.8.8:53 | fe-ed3.wgcrowd.io | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 104.17.150.117:443 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 104.21.42.32:443 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | download2267.mediafire.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 199.91.155.8:443 | download2267.mediafire.com | tcp |
| US | 8.8.8.8:53 | download2267.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| DE | 142.250.185.142:443 | play.google.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| DE | 142.250.184.214:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | mega.nz | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| US | 8.8.8.8:53 | mega.nz | udp |
| US | 8.8.8.8:53 | mega.nz | udp |
| US | 8.8.8.8:53 | mega.nz | udp |
| US | 8.8.8.8:53 | mega.nz | udp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| US | 8.8.8.8:53 | mega.nz | udp |
| NL | 66.203.127.11:443 | eu.static.mega.co.nz | tcp |
| NL | 66.203.127.11:443 | eu.static.mega.co.nz | tcp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| LU | 66.203.125.15:443 | g.api.mega.co.nz | tcp |
| LU | 66.203.125.15:443 | g.api.mega.co.nz | tcp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| US | 8.8.8.8:53 | mega.nz | udp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| US | 8.8.8.8:53 | mega.nz | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| DE | 142.250.185.142:443 | play.google.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| DE | 142.250.186.46:443 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| DE | 142.250.185.142:443 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| DE | 142.250.184.214:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| DE | 142.250.185.142:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| DE | 142.250.185.142:443 | play.google.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | kubekuqyeud.biz | udp |
| US | 8.8.8.8:53 | guardeduppe.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | toppyneedus.biz | udp |
| US | 8.8.8.8:53 | flockefaccek.org | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | babberstalek.org | udp |
| US | 8.8.8.8:53 | carrystuppeder.net | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | rebuildhurrte.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | climepunneddus.com | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| GB | 104.82.131.75:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| GB | 104.82.131.75:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| DE | 142.250.184.214:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| GB | 104.82.131.75:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| DE | 142.250.186.46:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| GB | 104.82.131.75:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| GB | 104.82.131.75:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| DE | 142.250.185.142:443 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| N/A | 127.0.0.1:6341 | tcp | |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| DE | 142.250.185.142:443 | play.google.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| DE | 142.250.186.46:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| DE | 142.250.186.46:443 | youtube-ui.l.google.com | tcp |
| DE | 142.250.184.214:443 | i.ytimg.com | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\datareporting\glean\pending_pings\1ed7532a-d204-44c3-9b35-35afe23f619b
| MD5 | 73276eae48867ed97c3b383253acdbf1 |
| SHA1 | 39fe2292f820abfd3fde1f431e3688f6f5dbb555 |
| SHA256 | 83ffae706ed9d827e5c438190b1288fe801315ba0547a837bef4a21458e887bd |
| SHA512 | da644adcf1332be73346981797592f4ceeb395436c618749ce0e5fa76b7db17b4a3a2bf80c574632b768a4bb24bf2da4e2499755eff5b5102d3255f5aedb5851 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 1486f106e646223184d2b1da8949598d |
| SHA1 | b8850c3b289bd02d50b1c5c9a9df4604ec4f436e |
| SHA256 | ab96bf86eb0a3cb818f8a838576bd6eb9274f8dc49b0b9da44f5c6dc35986280 |
| SHA512 | fa7505120ad5588ed2e4095f59949df0dd4637b1118f32a660cc78cbbd871957991475bbef94c98331794578eb926285ec766a1a26056d216d167b89e304a089 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\datareporting\glean\db\data.safe.bin
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\datareporting\glean\pending_pings\ac1a77a6-712a-4b3d-b918-9efeca51d3b1
| MD5 | 53f342e56c38fa650a8aaa10e3a4ef73 |
| SHA1 | 93096403c84e415521395f471fa2efc8a3dec6cd |
| SHA256 | 17ba891fd98a3da256b2b4dffc24525d9c5d9d215a1418d0d4dfd909382d4086 |
| SHA512 | 8b279121c1d95ed8ec70e999819d354e22c440ee9c01bc88e7110989e44ab8e68e524b8317548a1d3fa3ae70fbe66e946155f0a8f5c674e0bb777dddc6d360ac |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1009pdhg.default-release\cache2\entries\37373F56CBD822F5FCF64BA01E1320A0924D8460
| MD5 | 6913949b5cf991004a8ece7c105a50c1 |
| SHA1 | 05c4abfe2fdee9b42d20040b9e4c2b8150e9b1f8 |
| SHA256 | 04f2edc3dee282d5df68bdcc42d24c8ce40396d8a204637c0a5fa9c378f1134c |
| SHA512 | 272f6d7a6f53d5c8955200b9480927bf3699eec000c683973fa3157db17da8d29cfa80cb2597a0a51dbdfd678424626273ab2428a1022b8100ad19fec8c3c724 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1009pdhg.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 6440daf757e527bc70010af7fc807b97 |
| SHA1 | 3fdc8e72fa80c79ea100f74ccfd0867f199f7a08 |
| SHA256 | 654a47e8bc469217b0f9bff8143104f50b958b9d3d5451d1828f2f613fa7aae3 |
| SHA512 | 8ce10de8854499c9db6047f69fd75a272690c2e6b5a038fb14ec124ca374b495d9df2204aa8a8adc9bf599ae8a28cf477bc92bd58a6cead0a07776b894caf84a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\prefs.js
| MD5 | 9c7f9750e66c8a4a939725824f2e694c |
| SHA1 | d3ef86e9c723af39897c739412e12ba13c49b74a |
| SHA256 | 4f2d6d38d609289e5bb4a4d760df3d7c5bfc40627895747ac81e2289c0e84527 |
| SHA512 | 5bb96af810c0992427fc3eb951ec836db84db6d175825302ceeb86e81cb9bce602e96e24e9bffb3b996155dfe7ae45fe1451518a4e067c097daa3cbb8e87a80c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\prefs-1.js
| MD5 | 738c0714ad3a417a5a3d019afbddaff5 |
| SHA1 | 785ce73202467741ac43d10170332897d11c0d4b |
| SHA256 | ea90dc3b48ebbcc83f561e2d36efe32cc03c2ef2c4acfcf5449b9eb01a986978 |
| SHA512 | d7c9e492dfe5b8f00ad5e2b8134e0ca3c26974499e614791500ff8d86288862014c9f1deb8406aa5823d4b19e74aa541aaa4da487ff31eb98789680c63881ac2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 1a7150c8611083cfad6fe6a8d066cb2c |
| SHA1 | 060642ff42f4dac2e55c465c8f90181d441255db |
| SHA256 | 767f2ae43cc828340daff809de0bca1dc901161711f3bf7afcfb544dc6448462 |
| SHA512 | ca5938e43f49d1ccdf55351320a1fe0e2088a03eb85e6638cca926f8c36fca354e0c099b4570d63108976df03c12e4a8a795130ed85da8c004aabf7c7880ac3f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\storage\default\https+++www.youtube.com\cache\morgue\103\{05a773d1-5172-458c-b895-cd990fbbb267}.final
| MD5 | 2a252393b98be6348c4ba18003cc3471 |
| SHA1 | 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598 |
| SHA256 | 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee |
| SHA512 | 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\storage\default\https+++www.youtube.com\idb\227967718yCt7-%iCt7-%rbecs6p9o.sqlite
| MD5 | 27e33e67132df00c0b040c8d8bf383fb |
| SHA1 | b4d90022fd332ddd6b1dc92af2e639bf86ecd9f4 |
| SHA256 | b552d72dddf2ccfb32f08c5f0a6e69ba0ae3ec12fa003f8c09e453818c13d2fd |
| SHA512 | dc24b6d71ee20e82071e4d62747d5397f39ffa7964e5fb30ee0090b2d5455b131aafa8d48d5dd857d660269c90725e3ff7659f628276e4e960a985da76a77216 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\weave\toFetch\tabs.json.tmp
| MD5 | f20674a0751f58bbd67ada26a34ad922 |
| SHA1 | 72a8da9e69d207c3b03adcd315cab704d55d5d5f |
| SHA256 | 8f05bafd61f29998ca102b333f853628502d4e45d53cff41148d6dd15f011792 |
| SHA512 | 2bce112a766304daa2725740622d2afb6fe2221b242e4cb0276a8665d631109fbd498a57ca43f9ca67b14e52402abe900f5bac9502eac819a6617d133c1ba6a3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 49909444f34322f973274b8d67b577df |
| SHA1 | 7e168a3e2606228c4956f259becdd40095570c42 |
| SHA256 | 5deebadb42ed9610a15a2a56a243d5425d34a9f98039ec20e53ab9254a3f0793 |
| SHA512 | de46319f4e3008696b8d5c1256404fea9af485ae26057665ee32e6a79e893bd856a80955af2a79b08637805475b90d5fd90e02a606465213edb63c02ad8e53b3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\datareporting\glean\db\data.safe.bin
| MD5 | afbac2583ec3c2a25957c4f7f210b066 |
| SHA1 | 9ea8a2648ad1f4b8bf3f1b83c886ca58ee040df5 |
| SHA256 | a08e780158f829f0bd6424c9ddebadd6e0d653c5ae4be5863d8c28a6b25770dd |
| SHA512 | e09eb583b97616962242e7f10a52759996ba20a1b65abf5961496959289725aad2d6a5bad0bf75bb2af3a9b6ee3419e58c0d8e4b4bb0ba2f98c97fdd836d0c62 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 3b20197065bd57d57786ba17980603c1 |
| SHA1 | 7f6e8ce9217fef4217aa5f681d4491d7efefcb54 |
| SHA256 | 2547784525acc0b5031f764e5240a4fd08eeaf35e0e0ca3b2dbded9bdaf6298c |
| SHA512 | 54c4ab0a161de85a4027ea7e8bdcee3248626bdab31ad0245b14679a2a7eff33efb358e36ee50253ec752a0ab2cc6d59fd83eed398b54042f9e319a510972410 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1009pdhg.default-release\cache2\doomed\5989
| MD5 | 63d23b0426385caffa282b1ebe6c9e18 |
| SHA1 | 54d47b219aaf469a00e60b300024aa4a5cd45a01 |
| SHA256 | 503bcd5a8d3482d8f594d0071a5df7f532928357979ca95be2b86dbad3ecb1cd |
| SHA512 | 8a3e3510bf89c93abf355554bb643bebd7e7010cfdc3bbec903766dd948eb272e1c8750933d6836aa973e58e0ea5ce78b4498119a36512fc24f763980cd3d9d5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\prefs-1.js
| MD5 | dd8194fe7dd672a28184930850b4e8ee |
| SHA1 | 8d49d5bd00f3908a33ac2276a38413bab5443821 |
| SHA256 | c66cf96e92d771fa7028af53566aa649ebe7dce911de333130695fb780f97822 |
| SHA512 | 5c9053af2e16cb4d43b9a613a2224affe9f47224fa9c1a962586209c02bad3a12facdca493137100dc11e6359b40952a11a6acc251d03a6412f2f8862588f0fe |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | e21ca362a7880023166e509c1e6d4c2f |
| SHA1 | 093a75213adb2ec1891ed28d09bc10c485cf749b |
| SHA256 | e3686d5d3611bbcf673263d8377d2ab8048eaef8ed5fa1958b76c0e307542204 |
| SHA512 | 9e136c2533676af5da55ab0f607d673bd3538ca2c7a4e11f965b38cf409a42944576f9a4e3b8d99d20adbccfc5b53d4d0977c98030c1cfd3fb2d35cb2de0eb4e |
C:\Users\Admin\Downloads\winrar-x64-701.KO830ro_.exe.part
| MD5 | 0768b4e647494f8879e68a78aceec69a |
| SHA1 | ee903db50a63f52087d5cbdf10964e63d9ebd4b1 |
| SHA256 | b6c766647c4117e535b85d668da78bfd39e05350ae8582321090684b3ef00be3 |
| SHA512 | 7f6e0fa7c95f9010566476495c46d6f814c4ec4e9c068ce27ba9244fe833ee001ad507f0ae34a67f6347779033d5ca85698d370d0dc6b7b06f0c74f5c4e380cf |
C:\Users\Admin\AppData\Local\Temp\Cab66FF.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
\Users\Admin\Downloads\winrar-x64-701.exe
| MD5 | 46c17c999744470b689331f41eab7df1 |
| SHA1 | b8a63127df6a87d333061c622220d6d70ed80f7c |
| SHA256 | c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a |
| SHA512 | 4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6 |
\Program Files\WinRAR\Uninstall.exe
| MD5 | 4783f1a5f0bba7a6a40cb74bc8c41217 |
| SHA1 | a22b9dc8074296841a5a78ea41f0e2270f7b7ad7 |
| SHA256 | f376aaa0d4444d0727db5598e8377f9f1606400adbbb4772d39d1e4937d5f28c |
| SHA512 | 463dff17f06eca41ae76e3c0b2efc4ef36529aa2eaed5163eec0a912fe7802c9fb38c37acfe94b82972861aaf1acf02823a5948fbb3292bb4743641acb99841e |
C:\Program Files\WinRAR\WinRAR.exe
| MD5 | 53cf9bacc49c034e9e947d75ffab9224 |
| SHA1 | 7db940c68d5d351e4948f26425cd9aee09b49b3f |
| SHA256 | 3b214fd9774c6d96332e50a501c5e467671b8b504070bbb17e497083b7e282c3 |
| SHA512 | 44c9154b1fdbcf27ab7faee6be5b563a18b2baead3e68b3ea788c6c76cf582f52f3f87bd447a4f6e25ec7d4690761332211659d754fb4e0630c22a372e470bda |
C:\Program Files\WinRAR\WinRAR.chm
| MD5 | 6ca1bc8bfe8b929f448e1742dacb8e7f |
| SHA1 | eca3e637db230fa179dcd6c6499bd7d616f211e8 |
| SHA256 | 997184b6f08d36dedc2cd12ee8dc5afb5e6e4bf77f7ab10f7ade9eefdb163344 |
| SHA512 | d823f2c960a4d92129b9bda0f4f9195d32e64b929082b5efb9149546b5053021255d1dd03cb443f0a03106314554f76b94173e280a553a81e4ac2ac282877973 |
C:\Program Files\WinRAR\Rar.txt
| MD5 | b954981a253f5e1ee25585037a0c5fee |
| SHA1 | 96566e5c591df1c740519371ee6953ac1dc6a13f |
| SHA256 | 59e40b34b09be2654b793576035639c459ad6e962f9f9cd000d556fa21b1c7cd |
| SHA512 | 6a7772c6b404cd7fee50110b894ff0c470e5813264e605852b8dcc06bfaeb62b8cc79adcb695b3da149e42d5372a0d730cc7e8ed893c0bd0edb015fc088b7531 |
C:\Program Files\WinRAR\WhatsNew.txt
| MD5 | 1c44c85fdab8e9c663405cd8e4c3dbbd |
| SHA1 | 74d44e9cb2bf6f4c152aadb61b2ffc6b6ccd1c88 |
| SHA256 | 33108dd40b4e07d60e96e1bcfa4ad877eb4906de2cc55844e40360e5d4dafb5d |
| SHA512 | 46d3fb4f2d084d51b6fd01845823100abc81913ebd1b0bcfeb52ef18e8222199d282aa45cae452f0716e0e2bf5520f7a6a254363d22b65f7ab6c10f11292ee2d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 69c4543abdfc87432d62349d107b7287 |
| SHA1 | 8eca714264c2ba7e7992f24f7d38be2fb94ba813 |
| SHA256 | f19816847500bb280cb5b0563bb14bdec19e59676b73b8abe7fd75f30508f45d |
| SHA512 | 552350e74108b9bc27d0a3380d61106e0c7cd529083764311c5ff6e130ed7d29de8d4f07c74c2bc323afde1348ee6303d39cb49409f11d14439c949748ea586a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\storage\default\https+++www.youtube.com\idb\227967718yCt7-%iCt7-%rbecs6p9o.sqlite
| MD5 | b21b99dc74eca2e221f1c16da4262de9 |
| SHA1 | d528fa5c34160c0849c42d3b4778cc90bfd5158a |
| SHA256 | 0499b5dca5659a2764a66a01ff74f410a5ee78f2a7eb59eb47da4e39bd5e82ab |
| SHA512 | 5ab15b3e56401d783a42fbfd830e6b2715df0fdd300bdcc56c0be5d5d1071e852eb8ae7802568b9f5917988d4cf655a19f468151bfc26f3d64492b6d3049fcd8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\storage\default\https+++www.youtube.com\idb\1642422152LCo7g%sCD7a%tbacb6a9s.sqlite
| MD5 | d17cce548aa20eb77d2ebf4d6e8e1c04 |
| SHA1 | d90588b6f9a6e414ed47adca7f1309150e68e209 |
| SHA256 | 01c8098ba7a61175e873f1428e28e36e62f0aa260d123b92426819d55019244d |
| SHA512 | 07253201908521e05057199f3fa092473e12f619143f27ce26f2e1cbda65199c142ffb6c0ce6d9203143bfb30878650b04edbf886f6e3924e80f57246d764ca1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 16c10ad90596628e34c735785762a819 |
| SHA1 | 6663047dcaae25092877e6a36747505a105fee9d |
| SHA256 | 2794a7dc919d3c72c8817504f4f14a60bf50c10991976f560428d9100cf29117 |
| SHA512 | 2f926206ae3fb846c2b262929b2a4c5069b22f30e3505b0749467fd4511c4ad1bdf7b9a8369a483e4f2842d3202b2323405fcb3958ca2b3470270501c7b83c15 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 4d5853c41f38fc9dcb882e7656795bdb |
| SHA1 | d549a6e08fbebf82d26f3fef7e24c0b52c6b5daf |
| SHA256 | bae1a10d92d30365f4a1a09c24c94f5ef24f979e39c0c866131c61476bffc06d |
| SHA512 | a7ca2f3eb9bab2ab11f58d3c5df9464ee806b56913539bdabab62f912c940bbd30b432370e890b8fc117e00372e567b5d4cdb9068fcaaeb9d91b1068fcc951c5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1009pdhg.default-release\cache2\doomed\792
| MD5 | c5cdda4fc77a34704f9d1a71c02eadcb |
| SHA1 | f7d082f380c90c6b6ebd0e15ef3b37b4074603a1 |
| SHA256 | 94218292a645d61048dcb52a52cf572ce4353ec877c8609800743fb556e91128 |
| SHA512 | a6baff5d4a5efda4b828b60ec6d4f9a2e1ea5e9160278f04bc7cb8c23cad2d1f8ccb32d53391c85ce46da3628c1447dbd2859c1e5a8e210347ed156b742f76ec |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1009pdhg.default-release\cache2\entries\9008F99735A4707F2015A6B3F207DFB40CA301E6
| MD5 | 5486a54d40cc379acb67e077844a1778 |
| SHA1 | 0d3647c06b411b8371a4e243ac0f0229d26fc99f |
| SHA256 | bcfbfd1cc4dc3b6dc80b99646a2411fbbd5b3171d3e30a97058fbeccc14988d3 |
| SHA512 | 61961175bb63d83253a84639fae98f9e43f9bfa26281a21a0b38529a94943695e3e8d9b7433cbfd724031cc129b3952cacb1b7888ead27fb5e5da93c04a030c5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 8a56f38e0a3f94d04abf9e95f37fa654 |
| SHA1 | c46c542c087d0804e2dc5bea7c8e3c7da9a8ddff |
| SHA256 | 11327ac97f752fa56ff77de445732ca2ffbb3254160530ccae21870088249df3 |
| SHA512 | 7683fd48efae3f14f06f2bed2f8da30aa54f6bbd61235cf1a06f060fc9d747c4b3e1277e9695705b75736043900db44cc53a93b9df336875874dcf316bf1d4e6 |
C:\Users\Admin\Downloads\Vanta.NnPvUC5j.zip.part
| MD5 | c11d9f7f2ecf86185c2b41f4624038bb |
| SHA1 | 896130900f58363f5e8af4fcd3c5dc3cfc05cfd9 |
| SHA256 | d2c5c15eb128bd4734f1c623e4ef5028ff0002e7dc9ca49289cd38ae27f8376e |
| SHA512 | 5f3962c104912c9ef58d72842f301d43f44c96adfc143d9937a0b301b6ac91bce7a5edab6f82e8e84af0e64bd2f806d36da5df24f06b855d899c1a40e747a2b6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\storage\default\https+++www.googletagmanager.com^partitionKey=%28https%2Copera.com%29\cache\morgue\198\{f55e2291-89ab-4b34-a176-43b2fb4ee3c6}.final
| MD5 | 631fe342ea671e3a98c99521a411573f |
| SHA1 | 62ce9cc7c2cdade5ea5c167b41510ecc4adb234a |
| SHA256 | 3e26b067bfcbcd77e0b1089dfc9f891ee8f16c9e868e50f30da3ccaa9d4bd0c2 |
| SHA512 | 795087b3bca98becfe410e346dd5288a38902bb79b996891554133b5c10583d03c0a3c26f96f89c9b3e6d8fe69dc67e86e9fd468f7476d1b47a88cf2d3db084e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | b9d2ae96fb01f21540ea4b37b26589c9 |
| SHA1 | 124ec3d341c68e136bed49459fa395f64514df3c |
| SHA256 | 891b39c9fde3d1aa9459f097eced91340945fba78b26126a6c06c905f957a0f2 |
| SHA512 | 7c4be85c1d5304af218d1dd4fa55215c6403d3ffc993a1934cd3915f6f9f3ce3f36c2da0ee3b21f4bfb3e507e421e6e4d78f6a006a9a5d0d4467c4e3b43b9a45 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\datareporting\glean\events\events
| MD5 | 11d9ba939c4f6bc47b2d12bf5e003229 |
| SHA1 | 0aefd3f311cea3dbbb029be3f5f9aeacf2525817 |
| SHA256 | 6ada4a89afa780a070aa7d2da2b3e19cee188b07db88838a84a73aa5ef8a0a25 |
| SHA512 | aadad1b5f6dc8763a8990a44fbc9cbb745a3373f96f461acf8834543bc47759e110399761930309079f14df148645f2de89cc9a6a31d0f77b685a05851cef66c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | a9cb4ca8da550f1a3be0aae51bf427d9 |
| SHA1 | cf13b88bf47edbb9af79fa1b0931fe456da3b1e7 |
| SHA256 | 7ae2355e482cb9bccd328e9b2ee5da0b7190b4250d1ebecbf5819051e0cf722f |
| SHA512 | 29e9f35a3ddf59d8556c0b7c8edbdaa0ba84d684c1780a49f61dfcd725f76e1cc391c1e48bfd3701a8141826a1a41a6adecb785672cbd4cb33bcb861bfb89035 |
C:\Users\Admin\Downloads\Vanta.zip
| MD5 | c693eda2636997704ee796b9fd5508d5 |
| SHA1 | 3a35433e57fa581f8899b16bbd6efa43e9e2eafc |
| SHA256 | acc818906994825a0f4455ef2336d4761ff6ad36b853ef784eb9086284268e69 |
| SHA512 | a474ad85e55a438bd64788051b384fff2381aefb5fdb477794d6d1b92774673a399f2720dbddc59dca44fa6fb9c201c788e940fc3f65f2cb7118d8b30dcedf0b |
C:\Users\Admin\AppData\Local\Temp\TarE918.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb1868.13100.rartemp\Vanta.exe
| MD5 | 015c72cc456ab14ac5d2ee176550d560 |
| SHA1 | 4582757958f5340cc176414d2c091920b0d28b9a |
| SHA256 | 7629a49ff45c42f9a6626884cbc1d7bcc8cc1cd7e1b4ce330a9e3a0ad7d642e9 |
| SHA512 | 809a77aedea6d78e809969667856f7b4e87ac8b97e0d232d307eb7afa2d304c719a5d71e1703d5a01b93b7fe98c8d398dc48900b0a9b7e54d3b948f65aac6339 |
memory/2308-2032-0x0000000001190000-0x0000000001220000-memory.dmp
memory/932-2048-0x0000000000400000-0x000000000045D000-memory.dmp
memory/932-2045-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp
memory/932-2043-0x0000000000400000-0x000000000045D000-memory.dmp
memory/932-2041-0x0000000000400000-0x000000000045D000-memory.dmp
memory/932-2039-0x0000000000400000-0x000000000045D000-memory.dmp
memory/932-2037-0x0000000000400000-0x000000000045D000-memory.dmp
memory/932-2035-0x0000000000400000-0x000000000045D000-memory.dmp
memory/932-2046-0x0000000000400000-0x000000000045D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Rar$EXb1868.13896.rartemp\Fix.exe:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb1868.13896.rartemp\Fix.exe
| MD5 | 44c25581eac4e0b62346054a177c0b64 |
| SHA1 | ab836e67aedebc218e61752993ddb585d3ea47eb |
| SHA256 | dd5f4102474f24901fa409dc1aa2c31149bfc08d6149411833d360ec09e5ceec |
| SHA512 | 08db4ed9fed2f33eac74a0b8676a7c077504d328dc7baf19959613491230984af74dba190927c2ff1abf9576382cd6d8f5a4d937414c608b8ea72416495f8aff |
memory/3368-2098-0x0000000077930000-0x0000000077932000-memory.dmp
memory/3368-2096-0x0000000077930000-0x0000000077932000-memory.dmp
memory/3368-2094-0x0000000077930000-0x0000000077932000-memory.dmp
memory/3368-2100-0x000000013F1E0000-0x0000000140CEE000-memory.dmp
memory/1904-2108-0x000000001B500000-0x000000001B7E2000-memory.dmp
memory/1904-2109-0x0000000002650000-0x0000000002658000-memory.dmp
memory/3312-2116-0x0000000140000000-0x000000014002B000-memory.dmp
memory/3312-2114-0x0000000140000000-0x000000014002B000-memory.dmp
memory/3312-2113-0x0000000140000000-0x000000014002B000-memory.dmp
memory/3312-2112-0x0000000140000000-0x000000014002B000-memory.dmp
memory/3312-2119-0x0000000140000000-0x000000014002B000-memory.dmp
memory/3312-2118-0x0000000077560000-0x000000007767F000-memory.dmp
memory/3312-2117-0x0000000077780000-0x0000000077929000-memory.dmp
memory/3312-2111-0x0000000140000000-0x000000014002B000-memory.dmp
memory/488-2131-0x0000000000200000-0x000000000022B000-memory.dmp
memory/428-2124-0x0000000000CB0000-0x0000000000CD4000-memory.dmp
memory/428-2122-0x0000000000CB0000-0x0000000000CD4000-memory.dmp
memory/2752-2412-0x0000000000360000-0x0000000000368000-memory.dmp
memory/2752-2411-0x000000001A220000-0x000000001A502000-memory.dmp
C:\Windows\system32\drivers\etc\hosts
| MD5 | f7892522ff70f44411dd60ed28638405 |
| SHA1 | ab16eb12875ff707bb10949670a2b6d6659b41c5 |
| SHA256 | 32f44736ff15641ef054638c865384fcc4de2ac5bccc6bb123f19b55bd90d522 |
| SHA512 | d4e5c97a84d5202044c2c7739a6a75ab6c4ff70efaed2af4789c9fcc278ce39b064f280de93a61b638b626ab40a25b1d110253244807704601456791c1384bdc |
C:\Users\Admin\Desktop\packages\AppVEntSubsystemController.dll
| MD5 | 9e57704c04f110094fd8d9eac5745431 |
| SHA1 | b98b31e19b472bbc4a4d9364f7c63225e3f5bd93 |
| SHA256 | 4871a06d76b527358d3d0621aadd56dc606e141522900e92cdf05cbd75afed12 |
| SHA512 | 360161eacd48921e947d46e680ec9f458e19abe0657b5aec5986e0aaa04edec92d9f1d8544b634d7c880350f3edb8bada8a73e6e7375887e0ee18aff78007ea8 |
C:\Users\Admin\Desktop\packages\AppVIntegration.dll
| MD5 | 73798b6483953b5a59aed6180791bf40 |
| SHA1 | 2baec84d2fc2b41e84868ad2bb0270eaf9962174 |
| SHA256 | 685165ce33976fc762d27a7dba50bbe7cac008e731608fb0b31b064b85a9bc7b |
| SHA512 | eb384e35dfd9874b1cdfd1576bee351751b0b5b19e119f46fbd323b770aa5a1b2d4994b8c3e0f265c275242afddf1ec77f3ffa145aeb976040b11044cafb7035 |
C:\Users\Admin\Desktop\packages\AppXDeploymentExtensions.desktop.dll
| MD5 | 6aea9ba4f8c3727a7d32a3a438c14edf |
| SHA1 | b60c1681e2b5d425cf0e01164ec38e018e974db4 |
| SHA256 | 419684f8e5d9fa4ec481f87834b4106132917edc57dc4e0d88bf0ea4d9e42fb8 |
| SHA512 | 2f744957c8495f77c82404de8d393b0cc8bd9d9b2bbc771f8f02252808aa2ea3cce9f36ad63d9afb478a17e00fca218c97330efb8a1a19d86d19dbc98f709309 |
C:\Users\Admin\Desktop\packages\WdfCoInstaller01009.dll
| MD5 | 4da5da193e0e4f86f6f8fd43ef25329a |
| SHA1 | 68a44d37ff535a2c454f2440e1429833a1c6d810 |
| SHA256 | 18487b4ff94edccc98ed59d9fca662d4a1331c5f1e14df8db3093256dd9f1c3e |
| SHA512 | b3d73ed5e45d6f2908b2f3086390dd28c1631e298756cee9bdf26b185f0b77d1b8c03ad55e0495dba982c5bed4a03337b130c76f7112f3e19821127d2cf36853 |
C:\Users\Admin\Desktop\packages\netaapl64.sys
| MD5 | ee00c544c025958af50c7b199f3c8595 |
| SHA1 | 1a9320ad1ebcaaa21abb5527d9a55ca265deec5d |
| SHA256 | d774db020d9c46d1aa0b2db9fa2c36c4a9c38d904cc6929695321d32aca0d4d1 |
| SHA512 | c08cfb84b6bc98a965b5195b06234646e8f500a0c7e167d8c2961dad3c10da47407d339f1fbd2c3af4104932b94ee042872680d968c3c9b086705d374fc9c94e |
C:\Users\Admin\Desktop\packages\CapCut.lnk
| MD5 | 97d68539d212ca0f246ac6f74494b013 |
| SHA1 | 031d6264cb371c3dfbd3def77a43e9c7a74c7a84 |
| SHA256 | 4dcfd55c9664da798e12a727bba17b7a106f96e71abd6694895d785a018da971 |
| SHA512 | 8affc383225e1aae179ef753d539bc317bbc93b6b27c78323e50dee220bf9855943ba9577f852484a6c34fc1f62e2a52e13ecab16c43fd17820b480ff834041c |
C:\Users\Admin\Desktop\packages\AppxPackaging.dll
| MD5 | 0a316217243e89ef6641907b10b3c737 |
| SHA1 | be1c4a3ca8aa70f6f878ffe712802be9ed45fdae |
| SHA256 | 54101e17a8fb2a35fce198c962b2c0d217f64a61da8af291cc635541a2895711 |
| SHA512 | 59116b149b359a517a42472aa90f868226f5ca21641aaf573bad5883e78a7a11dd645ce898966ed46bc3de390c1e2483bf1dacdc4f17a14ab7a50e7cda4fe8c7 |
C:\Users\Admin\Desktop\packages\AppXDeploymentServer.dll
| MD5 | ee488ba52fe47f61752e358c2416c6c8 |
| SHA1 | 39c482e1c0299fa0beff0152798a3a66c4c47742 |
| SHA256 | cfa80cb2ee287b78eecdd65ec9ee06a6dd32451725bc20936f33c5ada814ec4d |
| SHA512 | 31741c8017722b3d737645c84b4db36e819f8eae86ba0677087aa09d910856551dd79c79cd934fd41f36a2d1ae3f58ea33fdc460f6ad6d771c55eb8c4d9205ca |
C:\Users\Admin\Desktop\packages\AppXDeploymentExtensions.onecore.dll
| MD5 | 7a04a563505bb04c4d4ac69af764f4b4 |
| SHA1 | 9ae0839ec0ba0433f85b12c308ea300ef56e838e |
| SHA256 | 46bf9d2b9ef31988f83d6e81617951f5e310322cf1c9f9bfffda515896488171 |
| SHA512 | 1dedfdc817ecc7afe7bca1d3eb8e0ccde7ca922e14a377a465fb50de4e60b4a242eef8e3fdfa8f138fb8c7de66cb1e0233583d9772a4c7b4d7b03a5de70f4b85 |
C:\Users\Admin\Desktop\packages\AppVEntVirtualization.dll
| MD5 | 45bae6a68dc519894a18d9f81c94cdb4 |
| SHA1 | d8d5920cdd27752e7c9876584ed4f2eab04fd5c9 |
| SHA256 | 197e2179f8892d3058a3063138e30331c46d65eb05772668dd6b2b9165534240 |
| SHA512 | c28d910388a444d24fb3b3258f6323d5441547561356287269fb51178d31b93105967a468659ec7fb785cbbae913bc9611144e5451320335ba4c4c52f353f733 |
C:\Users\Admin\Desktop\packages\AppVEntSubsystems64.dll
| MD5 | d19ef60e1d6549ce4325cf42cf94c9d6 |
| SHA1 | fce28ec94ac247ef27e5b1f3649f953e7f97fdff |
| SHA256 | 6b331ff82240f8c3024bc626d0e7e0d1068f63fa2e99c606155f2c36b4e3500b |
| SHA512 | e5bcc89e1dfd908e185a6d28f39f2cdffc9b209ffaafc165b167f8bba66c23b1364d5ba94858e02d2812acf4b964203fe83fa40b4b41e793d41677551fbcf3a4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
| MD5 | 8e3ed407766153e608401dc9c8ca7893 |
| SHA1 | 60b8b82a6f6176f7cbe6d52205b8718b0ffa788b |
| SHA256 | 73b64b29370c6d46f103d3595d3d66e3e9e29e0ca2a07c5705ee6b0bc142d368 |
| SHA512 | 3c1d49bed7b69b70e824205ae97438b580bfcf2f170957fc2e5b73ade7151655a6b8d97a930bead480ecb333730999fcceba5092a77b30d694748aa728c7d705 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
| MD5 | 203efb0627a902ed7dabadc087ec69bc |
| SHA1 | afc64991a393da3a95616e75a30ad50d7585f5ae |
| SHA256 | 9732969ce155c37d4b302515b0efeed13e6b14cce7d45c4719c37f368fefabf2 |
| SHA512 | cfd71803bcb562686262e60851f53a2933bb94804695c44a913d60e5c0ccd27533ac96d1bcee046a7da31b1a70858b03603c122f473f2e1bdfc5ebf038092e7b |
memory/4392-3026-0x0000000000DB0000-0x0000000000E40000-memory.dmp
memory/4952-3031-0x0000000000A40000-0x0000000000A48000-memory.dmp
memory/4952-3030-0x000000001A0B0000-0x000000001A392000-memory.dmp
memory/1244-3355-0x0000000004750000-0x000000000475D000-memory.dmp
memory/1244-3356-0x0000000004750000-0x000000000475D000-memory.dmp
memory/4780-3359-0x0000000001340000-0x00000000013D0000-memory.dmp
memory/1244-3430-0x0000000004750000-0x000000000475D000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 530a48142d542854705d9131f3ba7573 |
| SHA1 | 315022e6413f0b1f78716aed13d68902eb97e8d4 |
| SHA256 | bfb510c31c214bcac161eb651f0cca7fb99026c4c995324476635c2291bdda56 |
| SHA512 | e3845214b9a3e02cbe75f52f520341297dd4fd6dbe6d009e9495b98552e614608063c069a97685c77a8a2a59c15beed0ef5bdd1ca38833d1d1a95e8a6d63a19c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1009pdhg.default-release\cache2\doomed\5478
| MD5 | 9d96e24ce8c4b79bc014538bef9e6555 |
| SHA1 | 01f9cd4e945f0e08bc8d21c088d1b0c4568cf83e |
| SHA256 | db585d26a2ee0f17a4d7bb21381e7efce18f42ed15956bf0e40ab9c8dd5c77b3 |
| SHA512 | d5d2b16bb0cc3c9bd295054b6a20a2081d568d154c79bcd6373ebf4a81a8c1aa935f73fe7a237816ef6613fa89712a95687302f62349891f94e33aa3768b31bd |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1009pdhg.default-release\cache2\entries\DCDCCD97B615F85660C06CBDC3964009DD7EF67F
| MD5 | 785c948b8d9e5e8e54c13d00820180b0 |
| SHA1 | 19dd2e9f38da5a8f2d7df8bf99277a176bac76e9 |
| SHA256 | 6333e08f7289baf853cb9b11c9ac44f6d47a281d90c88f508a8b855083b490ca |
| SHA512 | 7806d4e760c22bf511abda430894c6d3ede700daba055b501f21737378ef34bf1c423bef3355449c3637dd599333397a6520b323f6b1d204c229ea2b835223fc |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1009pdhg.default-release\cache2\doomed\7295
| MD5 | 3f235310d72b3dd297e2b22feb04f97c |
| SHA1 | 3dee2300ced750d0ef1853d0a7261fa8dc85e390 |
| SHA256 | 02a562174c49994a7c674202495517fa801dbd35bc0a800eeae4777c6e8515b2 |
| SHA512 | cecf4aa44f194c590f386097e62c13e37e132cb46f3c5c0d4eed86a9a95e88cd11a46b5525525d21ae7f9ab09e8d03f2d5c1c3a98e6edf2a238f138e33da1b53 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1009pdhg.default-release\cache2\doomed\19011
| MD5 | 63be61ab719376487d21539a14f0ae60 |
| SHA1 | 903a59d2908eb33e681347af2ad1a5ece1cd084e |
| SHA256 | b45c5bb2b09ffa66beadb6ceae07fe24ae7e129c204bd7ab5cff0dfa65bc18d2 |
| SHA512 | c8cc42339fa2318a3288329ec86f6da17c58bd49a5e86be9819b1c19cd9439578f15709d20009e92759007372a9fcc9393b4340697ec01ecdeeade49e1b99672 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1009pdhg.default-release\cache2\doomed\4041
| MD5 | 175fd2e17e8c5a03a36460fdefdaf6e2 |
| SHA1 | bfab5a47eb78c42c447eeb28f8c04d9e96de57bb |
| SHA256 | 280e21182bf368a64d75172b67a0b2a0279f4fbb1b493f859ec9ded948340c47 |
| SHA512 | 990a6092233c2311a03c276c79b79f27b72ab1a12b23e6b978220290966e966a85bfdf7882e49c9f3c862329d1d51c58f66455cc9bbb24f50362663cc7c3c7f9 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1009pdhg.default-release\cache2\entries\3D8D3C610457377AAF52CA6ECFC518EFA43706BD
| MD5 | d9c965ff673fcf46ca7cd7ecd6307159 |
| SHA1 | ae8d3b1e3763c5f11befc27d158a80be8ac17b69 |
| SHA256 | 4b142319991c55b8a0eca1b93ac04b9638f6d0471fe4dbab76567ae7d88e4a30 |
| SHA512 | b6ea7fc826f54d7defa19e94955e1d6bf708daea552bab12ec61a80c5f1e601faf92941e812200a86fb3742a41a38db1eee2b91c262255c271621d641f3585b6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 3e15f274988fbb5a988303ef594282a6 |
| SHA1 | b67f1ccdc0a7aa9681d0c3ab62d2b5a80e580e04 |
| SHA256 | f2c32d67bf848822fcc3211099bf88f1f763ebbc77d9364b64e1c72b3a16e9e7 |
| SHA512 | 416b83532fc7018f3fae12668c09e684bf717a49a1dd54b43eaf0320f674f47628304707c5ece7e5cdaeb61b41efea5455ed8e83e6e591136973eff26defca03 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1009pdhg.default-release\cache2\doomed\23770
| MD5 | 66baaaefb2361af687f256b4b5afbeda |
| SHA1 | 41f1e39150907d8d7d90a1f1b2d1f162ed8c37ad |
| SHA256 | 1cc91927d80d5c9beeabcc870e81aa88b5b84448193ccd0616acc590f0ad1573 |
| SHA512 | e1630610a88418d539483d5a481ff97b010af5fd4d671f2f3d473a7bd1fc412f22f6b051b542f597648dc279305acded02a9efb72ab6efb6ae8a2ef423fe2d52 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1009pdhg.default-release\cache2\entries\655BF3A2A93E26139146DF1A34B70AAFD95900DF
| MD5 | 0362554ca3760076fe8f87727d687dce |
| SHA1 | 57f56d947d7cda642d807c877deedefbde96282e |
| SHA256 | ba61e8a70d5ba5f47c6dd3256970dc9d0171d94ede500480e5af4c6ae945e721 |
| SHA512 | 302dc56dbc3de77a72a3d5376e467cfbe9351b05364c595018b01655cf7dff6ff3c0b9eabc12483afd484cff96b9230633d2ea37e05b4972c9ed223a63a697e6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | bee5a74e156956abfd9553368ddf72eb |
| SHA1 | 96c74116d9631a22a9b91ff148df4bd7e9425fbf |
| SHA256 | 1bcb71baf799317b2c3460d0a87b0086a5946e2bc61101e683af947904c82e6c |
| SHA512 | a7aa907f1c546f7ca9b045e0b95a7a82638bbc4d0d00b0fa48e22e772944e033ec003d5d2b1ec338d8db3e50300fc30760514cb56db4b5d5fcc1a7c8ed48ad66 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1009pdhg.default-release\cache2\entries\244C66E08F94A5F3B0A280FADF3C0D33C8B38E4F
| MD5 | 379033a75926746a8106c079463e6004 |
| SHA1 | 1b8ceeb5f51f89d6c56f8f9c746688ff0bd0c803 |
| SHA256 | 90f4073d8b6a05d04f1c9bfc2b2d9fed6b8fdce6319fa06d62afb4117b385192 |
| SHA512 | 5456af07f5fc2e6a5c739fab43d0707425197d74faaa768edee000e68ee57540ef29eee0eef2ea69c3158dd1fa1896d2f278218f714e7b34bbdf7c4d80d033c8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1009pdhg.default-release\cache2\entries\E91029DC41FC9287E14ECCEFB92098270A461061
| MD5 | a0cd9e468ffb8ed1e40dc75f6fe047d1 |
| SHA1 | ace317944448ea5cde85d94b525b63dcffcd2250 |
| SHA256 | a3cc61525591ddfc927f927542c762d6a680b195e413f488250214a27e315523 |
| SHA512 | 7cfd0a3807222f2493820834be787f08e274722ec09f59cb517f48c163472f30b9f286db9abcd3417fc36fef905835a12681ad7c3f639eaf4ef5f57ba15bc172 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1009pdhg.default-release\cache2\entries\9E747F5C69FAFD806C2C3ACA7ACB0AA0EA32B59D
| MD5 | 6bc6e185fc9d781440aaba7379a6df29 |
| SHA1 | d21cee7541f9f2da36e5f63583c3f6c097403b50 |
| SHA256 | 8e696c169e6ecb525fd99c4c457d6038642f1bd232f9b472556d43ecfd4a2591 |
| SHA512 | 352acf4ccdf61545bc4f2a916581ddc1115b8ba4d4b280b0485522a04c3c875b823d2912e586bbcf2999f287db2843ae1eafd9bceaa6153c159f4048e9e60a78 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1009pdhg.default-release\cache2\entries\B73CC9F25D20FBDAA18B302AF1CF8316B8079DFD
| MD5 | 8cddc06fa626f120e15c6dc52a1971bf |
| SHA1 | 5944ffb9de0fe0b9f1061cbbabff8cbb429ea3cc |
| SHA256 | 523f05ebcbb58e38ad1875553b56a14e54c73b5619ccc96a67e75116e6d57cf2 |
| SHA512 | 2641f1b3c33fc36fb0e5869e1b63714e1a39b5aaee70c368d3eaf624307ee9f0de0ce97c8c16e178a50b470527f51d104ef6562bc49c9ffd01a1f28d1a2396d3 |
C:\Users\Admin\Downloads\Collapse.EIczaC_G.zip.part
| MD5 | b4b33795635bb67c6db546a493f4dc1b |
| SHA1 | 2d47d0f044038e45fd334de5398eb83775c4369a |
| SHA256 | e6053ad9d2f6f13a7471ddcbf405bbf3d6b3912b524469df84f9552234d9bc57 |
| SHA512 | 5d4598c7440eeaa18aa41acbdecbb451f57ef06085887aa96684891cc574938fe8fdaea3cce1c78927b7a2b3ec94c8666c689a7da2d85a58bb1b06fed59c0354 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 5f5a96ba344f6ec633cd30d2e07064a2 |
| SHA1 | ca5413239ff288ab0c2786e028921b56559f0b6c |
| SHA256 | 32a33fdf51e9ecd313c37861deff99eeb3a0cf352d099e1a972b69bf38f9b4bb |
| SHA512 | 59a70b10403bed762ef7f3ac023432fe3741ec2805fc883ba30030b1436065de791bb8efaad76f1a16e2a68e7f91ea041674e748bf49b69570384ed58dee95a8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | f39d0d9cd617c5665905e89ab1723a2c |
| SHA1 | b77b6aac86e83fec718f44bfef3e96d16deed01d |
| SHA256 | 44aaab27c4080aaf67fa91e6e5f7c2907673774e5176f306e7b9cb81e611a975 |
| SHA512 | 9888e2a831b2fca9a02605210bb367aefef3e71b559bf1f0729804e263a7d28601b53c12e130ea30a3cb3cbac6d5143af75e9b9922c20226cd6cbc99edb88edc |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\prefs-1.js
| MD5 | e9e47f0c2d4d805902e2081fcdbd6bbc |
| SHA1 | 464773a1d893d2f25fd81f5de942ae4a260685dc |
| SHA256 | a8a8225889e1a5fe415f1849130ba323f291a4fe01ed3f2ba4e2003b00a2adae |
| SHA512 | 8f9b0d43c300f4d876f9ef3ea754f602a1b11569d1c4d0013e9405c41763b88e0fbd9e3c40eb87ae58d6326225240f48faec29f21a9674f1eb438fcc398e402b |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | fa9b1fc1eb4708ff7b66679cef3bb3f0 |
| SHA1 | c5777392a390e897163869d3ef796213dc82da0a |
| SHA256 | 7c83216676b003dfae32c130a8cbc2b6df429ea67cba13cea52b0d931c969aec |
| SHA512 | 27441a65282928f98dc6c047509d0957dcf7a43368197a908885bccfc043665240a41348f028c8826782c36f9ad298457b400dc9833f9ceaffab2ec9a4f81e70 |
C:\Users\Admin\Desktop\Collapse v3.1\infosee\dq\hi.pak
| MD5 | 1185163466551aacae45329c93e92a91 |
| SHA1 | 0dcbfed274934991966ce666d6d941cfe8366323 |
| SHA256 | eda355e3785313e3d982c1d3652266dce1b6e08832056fe58854b825e0712ca5 |
| SHA512 | 6fad3e24eb868acf78db0591c7ba77abc84e92cda28e8bffee435ea89940a8607e7628c6c5159349377a8d933f373db2dfa4e5715ca404bc3e67fd4a0f22a606 |
C:\Users\Admin\Desktop\Collapse v3.1\sets\Configuration\Cookies\[u5] [email protected]
| MD5 | 529d93fd909474549cb05b5f415c8732 |
| SHA1 | 0257eedf71d1e6164d0c9cf93e66ded286c0a105 |
| SHA256 | fb308b67467f95ad365ad3bdc17ced9949e8cf91266fca434f0f2e3e0bea5d46 |
| SHA512 | 5654a8c24da6f38e620a2095ef4ff4ab2e6bcfd9266f4090a812bd9ee18ba67bb06df54475d0c4e241bfe1f4b48a4fa8fc61e68dd7439766e989dad4bff95da0 |
C:\Users\Admin\Desktop\Collapse v3.1\sets\Configuration\Cookies\[u2] [email protected]
| MD5 | e85e48ef90ab17814a88f8205f32003c |
| SHA1 | 2b83fb4beec94b7ea2386a0ca4cb5aa77f9fd1c6 |
| SHA256 | 2be892d230f0e7fc8431e94041048f0b176bc3b355c7281f1ad0bd935a19e8d1 |
| SHA512 | c973926684966982a153ddd4c351375498805642fee8c4e2b77d06cabb70fc56d807ae4d8049e5fc0aceb99780fb7f32e80181c1d3ec27e23ab256044e790b2c |
C:\Users\Admin\Desktop\Collapse v3.1\sets\Configuration\Cookies\[u2] [email protected]
| MD5 | 490620bfe43cb2d2cd9d4676ee7af336 |
| SHA1 | ecb980967c8250f04547047ae10cd16ef9014370 |
| SHA256 | ee694459823c4ff2053d3ddc48cd829febed5139793c700260ee484ad95384cf |
| SHA512 | 5a547487a0afa7b4f7b18ded75dd90e47fdfe50b865996aec8a7ba81bec6ebd48db43c2a3a65d5b9caa710890a7d9d7d7a2c93fecc99d4b295c33eb831a4f549 |
C:\Users\Admin\Desktop\Collapse v3.1\sets\Configuration\Hits\accounts.riotgames.com\(2) [u0] [accounts.riotgames.com] [[email protected]].txt
| MD5 | c65f460806fba3eab92419435ea5714a |
| SHA1 | db52fa3fc3b6bd317e369b5e48baf83a53517d00 |
| SHA256 | ca032c2266deb7b6f710ec70c21633c2417f8e07c3030bef5cbf13bb01b1be5c |
| SHA512 | 1ce710fc947e142407b12cd9e9605d6d5f129be19a6530df9b227b1727e9817dbeeaae7316cc8921adada4f9a0d5139fbbe8e6e60f1a14a1cbd51048cc408bbd |
C:\Users\Admin\Desktop\Collapse v3.1\sets\Configuration\Hits\epicgames.com\(13) [u0] [epicgames.com] [[email protected]].txt
| MD5 | d71c2d943414c92e5be527f166f14d31 |
| SHA1 | c5d518b32048fbd5be671e61a258421ce724bb38 |
| SHA256 | c4c6637d264f405b15514de59504d749b6420729d59863d2a30946238b61677e |
| SHA512 | fe9a899fc780918f586fb81597c351038736e12f404e3ec18c513d82f54bfc4366130a55f1b5f3ed9116d8153b457a2f7e1ac274c68cb39f9eb90f0f76be4359 |
C:\Users\Admin\Desktop\Collapse v3.1\sets\Configuration\Hits\ea.com\(8) [u0] [ea.com] [[email protected]].txt
| MD5 | 67c96d2758a99081cd6c968313e2ad54 |
| SHA1 | 7e04006a311f18f1585f011ca8e86bfc0de4ae47 |
| SHA256 | 85d6eaeb9361f78637f6664ad55a36151d5036d0729a3f1cf211ae58b6ee0a04 |
| SHA512 | 1e924eee757b1f509205a4d75dc47d38a5e1a7214cc9e9ab4b7de762c059b7a9f915abe298c8e4d402813f8ccd9bc3b71a021dcac176f56f2f2005aad44c63d5 |
C:\Users\Admin\Desktop\Collapse v3.1\sets\Configuration\Hits\roblox.com\(1) [u0] [roblox.com] [[email protected]].txt
| MD5 | bd87d023e0b1f7ddba629e7a71778b47 |
| SHA1 | 3c90f1fc87e552daa68012962c5d20c512e7bbbc |
| SHA256 | edf8962f4ae7f8171b4defe73e649433c52ab66e5bef5746a7690b4daba43892 |
| SHA512 | 70f067a0bad50b741f81258b1ae1ec7b9664fdf6bb502402838cfe2e3d666cf987368fedd86e52826b9ec626ac87a4f32be5f7f37921e1600eb5366229883d30 |
C:\Users\Admin\Desktop\Collapse v3.1\sets\Configuration\Hits\linkedin\(5) [u0] [linkedin] [[email protected]].txt
| MD5 | cc24f9d527c81a416a8196a124e9c2bc |
| SHA1 | 68838ef90abd1211543db573cb1e36eb28366fb5 |
| SHA256 | 717324598a2c12d750cacad95057359e3bef94d2b0bf8ae00c66493cecc26a1e |
| SHA512 | e8702702190d18a637979fccac64632260efb246631170a628dde1349403ddeb4092de6cf14b391648a8303da2ce3597ce5c9d35ece34f82bce75ea7fc24f5c5 |
C:\Users\Admin\Desktop\Collapse v3.1\sets\Configuration\Hits\linkedin\(32) [u0] [linkedin] [[email protected]].txt
| MD5 | a35beed68fb7e88d60cead347c1748b2 |
| SHA1 | c2c08ce855b66163f97c82d5a3c2ba6c39aaff91 |
| SHA256 | d58be5587502a55d59e73d8d77cfe5fd92746e8cb39a0d29ce9b14a405d7224e |
| SHA512 | 306df80ec6a4efec92bfd5cc3147c65d8f0ee57de175de36841c00723b4e3e047683d373342c17261fe4e2f485057f8c0ac023532302b817610be1d5c5fc353d |
C:\Users\Admin\Desktop\Collapse v3.1\sets\Configuration\Hits\linkedin\(28) [u0] [linkedin] [[email protected]].txt
| MD5 | 9e794807e260920763c16e1f12ff6658 |
| SHA1 | c3cd794f6095e3045cead3fe5d9aa332f0c4d5ad |
| SHA256 | c11f47b48b88aa5a3ebb2e6a4a585d856193dad6642af0a4644a6140619a3339 |
| SHA512 | deac91a3c9b1038cc4afd64e6326f4b407ffe0142bc5c1910b1f37e13a9fc03651777802d2e7472c05f7e7eeebbfa4accf1bd88517f344ff475bffa0f78ce1d7 |
C:\Users\Admin\Desktop\Collapse v3.1\sets\Configuration\Hits\linkedin\(16) [u1] [linkedin] [[email protected]].txt
| MD5 | f58cdf9e5597c993b38ba92843bba9c3 |
| SHA1 | 41d9a1c0261b54ef387b752d180c335a054a8b35 |
| SHA256 | c6f545e7d994c8903e7754108972a160db8e73ba20b72fb7d74d5b975d1c79e2 |
| SHA512 | 0282027cdcf43a77ffc12ed3d19692a00f0de6bc54d9f2efb3a9f7e3c95a3d0cdf8b9e81474a4ac13c673eb60fcd08e00096b40b74032a523d8d30fb20480628 |
C:\Users\Admin\Desktop\Collapse v3.1\sets\Configuration\Hits\linkedin\(113) [u0] [linkedin] [[email protected]].txt
| MD5 | c1c54b61e9731a10141fd1f6db051af5 |
| SHA1 | f3ce41b1845fdfccb3d5b60000164cfce5e31223 |
| SHA256 | ae6d529a23a5f0809c5130f019631ea8d03fe6043ba4cff8f15f19dc6d5298b5 |
| SHA512 | bd7a6a5658dd64dc32b759d287b7a69583f7ce0a390ab50de7c3e4e6dbaac982394182f8b4f046df7809c178b05e58245b01056a2273ef97f5937d2e248d322a |
C:\Users\Admin\Desktop\Collapse v3.1\sets\Configuration\Hits\steampowered.com\(7) [u0] [steampowered.com] [[email protected]].txt
| MD5 | 5c9c286f2fa5c8da5fdb463ab2998196 |
| SHA1 | 06593fdec2657751c423040f5c013499290d9c09 |
| SHA256 | 93b1b98ca306b83e3041f47152d2eda0b210b5eb95dde3499bb9a1070f301bf3 |
| SHA512 | 0c8ff4989953887f21495c48e11595296483c9d910d7802cdf1de7c58240155fdeab2c6b0053729c8843d07aeba2bcbdd60843d2a114b4f32830851746fab7d3 |
C:\Users\Admin\Desktop\Collapse v3.1\sets\Configuration\Hits\steampowered.com\(4) [u0] [steampowered.com] [[email protected]].txt
| MD5 | 95a64065be7b0aba1f4738b09a4b52e5 |
| SHA1 | 8bb0fc69138dcdfd613a45fb101030a837566e9c |
| SHA256 | 3add87bf38d24017987e493d7771cd4f2ad78beaff90d922ea4615ff8695aa77 |
| SHA512 | 79c7c3dd051070f506a3994c7165ec539131b8c8483da80f35dc6d11bd1e944dd5e11def458d2bf8bf21c38d6d58a925c9dbcbd72a4319a81000d049cac4c37a |
C:\Users\Admin\Desktop\Collapse v3.1\sets\Configuration\Hits\roblox.com\(16) [u0] [roblox.com] [[email protected]].txt
| MD5 | b8c918c43f1168a20ed584c6b9d609f5 |
| SHA1 | 2354b26351d6c2061a331b5e49fba2327ae2d5bd |
| SHA256 | c815c2cd549b3581c0898e826eb22a446b54da6869e12ad556b46b666c20f487 |
| SHA512 | de6bcb9dafc04a44ebd8ec362f14ca9d21fcd5c518305e267d84dc972b265f16fc50aaa2b0b4857ee10fad9f5a70936e3aa3ed65dcfb5d1189e7343809a7bcdc |
C:\Users\Admin\Desktop\Collapse v3.1\sets\Fastest\Sorted\Country\FR\[0.00 EUR] [1 cc] [0 transactions] [-1 orders] [FR] [[email protected]] [bSycj6NGG9].txt
| MD5 | 610904591f0a6e6db622d1baea4d00a3 |
| SHA1 | 15eb23e35538d07ebc352b37006bf92634046735 |
| SHA256 | 0c9fe023c4b3736928f7610f0bf7df04d3b9f8438292eb5f1338eef6b4558852 |
| SHA512 | db3f7c801d5ff3e0a51d7f58421bebd1f220a9e515c74ee5d9cf90b96574112ba896453f399eeb10660d45563209077c22aecdae8297e24a08299fa2e5519961 |
C:\Users\Admin\Desktop\Collapse v3.1\sets\Fastest\Sorted\Country\BR\[0.00 BRL] [1 cc] [6 transactions] [-1 orders] [BR] [[email protected]] [tsgnbiQJfg].txt
| MD5 | 39249d6b86e41d3dd829aff72b29bdb5 |
| SHA1 | 94df2ab4d412db6e63254e6e550b93322739a01f |
| SHA256 | 13099d76153e571dfd13f78c3a97623c47d0c476a41e4fa41eeb4e23fe16c052 |
| SHA512 | 341bca028ce6c5cc6c0457d98086a660412c3394e75cb08c25ea9a264583329a95d0ffa451ca334620d32d8d88776c897c0114a68e22a8b4fbb8cd568053797e |
C:\Users\Admin\Desktop\Collapse v3.1\sets\wqfg\Sorted\Daily limit\50$\[ACTIVE] [BE] [0 CC] [50$ limit] [0.00$ balance] [0.00$ threshold] [0.00$ spent] [552110634269536].txt
| MD5 | 8e1651dab41fabeb20232971ae4f028c |
| SHA1 | ba830a67821adaefb9c01eb5123ceda5b8bc6951 |
| SHA256 | d0fb11d4b1bee103ca212acd105e6171137a21b44c502686d8282273118e36c0 |
| SHA512 | 0759522dd481b909788b2cd5afb121ab64c2eb457af414d13f3e19ce904db9df251522519ef43a0eb20afbdefd399acf9c231dbf107f3d4b787d64564c907009 |
C:\Users\Admin\Desktop\Collapse v3.1\sets\wqfg\Sorted\Daily limit\51$\[ACTIVE] [BR] [0 CC] [51$ limit] [0.00$ balance] [0.00$ threshold] [0.00$ spent] [485769666438296].txt
| MD5 | 619e5f01941f86a75b762cf9e9bb2a9a |
| SHA1 | ae0f854c4ee580ac5ea890585dcdfc74445bdd40 |
| SHA256 | 8ee03dd0a05b477cd1a223b5e16ebd3617a1f93ca9ac2f69eab544d27ca47bba |
| SHA512 | 0bf52ac1d8e7f2f5e5d9d18013d1eaa9ceed8bc5e92b75deae40a75517b2affb20d923a883ef3c9676bcf88f518903a50d0cdf09a79932fd0fbcdd2db92d802d |
C:\Users\Admin\Desktop\Collapse v3.1\sets\wqfg\Sorted\Daily limit\50$\[ACTIVE] [VN] [0 CC] [50$ limit] [0.00$ balance] [0.00$ threshold] [0.00$ spent] [814447779831582].txt
| MD5 | 4b569a4261defe5f155a18d299bf5a0a |
| SHA1 | 452916b8d2f2d2ad24c6754575007d4339c0f769 |
| SHA256 | 8ec367143b3bbb2f1106a3cd7db248ccb6b85f847b6466a1d9bc5acc9738d02d |
| SHA512 | 59eeacad72608c246506ccd1bd463bf0119c02508a5281ebb5cf290696aa793bdbb43f26bbb255bb90fd0aa5af10d661d5fd84ba72a9499723c2292c6bea492e |
C:\Users\Admin\Desktop\Collapse v3.1\sets\wqfg\Sorted\Daily limit\50$\[ACTIVE] [US] [0 CC] [50$ limit] [0.00$ balance] [0.00$ threshold] [0.00$ spent] [925619759475229].txt
| MD5 | b161943e1fcbbc76842aeb5939018218 |
| SHA1 | c7ef02b74d0af92ebe62508b9b1024424be4a5f3 |
| SHA256 | 92f86a34e157275315cf383c5dbc6bde9f10f1605aa1fbbb9698d991895140c6 |
| SHA512 | 20a5ff83d0d8a8a7be34a201f9b5980d3988b26bf843e7ccd2c9a5ae4bc9a03d58dcb6a4676500cc6a120028c830cf6c03093a23f04e6a2d05b7e7e2b4a626cf |
C:\Users\Admin\Desktop\Collapse v3.1\sets\wqfg\Sorted\Daily limit\50$\[ACTIVE] [US] [0 CC] [50$ limit] [0.00$ balance] [0.00$ threshold] [0.00$ spent] [1176441909721928].txt
| MD5 | ba9138f2771a16436035cb333b33308e |
| SHA1 | 469606ea18e5393674bf7cd5bdce44df005e7a73 |
| SHA256 | c2fb04f32d70da1bb4af413d7f660f15f2fbee922f48da3ff1eb5ff387febc57 |
| SHA512 | 4f3957811fcfdf77840763101e06f157f7f1732b43406105fb97606028cfd4083e263d77655a91698f60d74fda14d50f24d1bdd459a5712d8418b1513dae1dba |
C:\Users\Admin\Desktop\Collapse v3.1\sets\wqfg\Sorted\Daily limit\50$\[ACTIVE] [SE] [0 CC] [50$ limit] [0.00$ balance] [0.00$ threshold] [0.00$ spent] [834238615046170].txt
| MD5 | e542abc4ec276909b7c2d43e1e7e6528 |
| SHA1 | b32e92df07f0ed405e4b46c79dc78c59177f93c3 |
| SHA256 | 33e9f75e249f09404aa1e0271ebe95a4235c8659049e2523f9cd56a122b482ae |
| SHA512 | a018d539db29adf7fd68de87dcaa7ce47e15e4d8ffff6b2a3847bded55e8c3c8f6601534cecf5363cd2426bec470e19747855822aba80d760a0e7c1b80e8fe6d |
C:\Users\Admin\Desktop\Collapse v3.1\sets\wqfg\Sorted\Daily limit\50$\[ACTIVE] [PL] [0 CC] [50$ limit] [0.00$ balance] [0.00$ threshold] [0.00$ spent] [2415866055281543].txt
| MD5 | b507786362922dbed1acb09734d25212 |
| SHA1 | 8b879599d2ad33f186dacfa080f4ec2aa2f203bd |
| SHA256 | 4cf367094063d2f5b3783d3669f3c8774c7b59c670b8f0221f9d21b08264386d |
| SHA512 | a7e93e9926cfe2bfe54666c5fb80dd0ce36ba4ef4c1ba83ff445aea72bcefd729de5dd17e9327ba1321997fd93741f2b0a5454210c6762dbafa0e414182c5305 |
C:\Users\Admin\Desktop\Collapse v3.1\sets\wqfg\Sorted\Daily limit\50$\[ACTIVE] [PH] [0 CC] [50$ limit] [0.00$ balance] [0.00$ threshold] [0.00$ spent] [1295470414803085].txt
| MD5 | 66f5ffaa2077777110c4478dba5e7795 |
| SHA1 | cebff387405a2cdfb8337861cd4bd45b1c3f31ce |
| SHA256 | 97442b84ecfd4539adbe5342e9a158b98dd0b6a6c50582f8c43720592622d6eb |
| SHA512 | 3495637284703c2e0896b49424de5da440949dbdd49ebcd2f911abb88102161f56d589facd7d21d116f316b13adffa19c0e3702c2bec3b0fb39538d90d9dc35d |
C:\Users\Admin\Desktop\Collapse v3.1\sets\wqfg\Sorted\Daily limit\50$\[ACTIVE] [FR] [0 CC] [50$ limit] [0.00$ balance] [0.00$ threshold] [0.00$ spent] [2268641336844436].txt
| MD5 | 0ff69288199be19358d958c65f56b7d9 |
| SHA1 | aac074f78aa24c85129912810c4375c7f0c4561e |
| SHA256 | e9d58ef527bcb37cdc8d8c3641cec1b6dacd17b546f236b02996dd5007e1cd7a |
| SHA512 | 897ab611f0e746f1b74e16c876f591ad32b3c147eed6c2718e289bc90f17cf3797e2b8b0db7c2c7a319e6aded77bc9c27b3b377e135e2346bc9620938321a0dc |
C:\Users\Admin\Desktop\Collapse v3.1\sets\wqfg\Sorted\Daily limit\51$\[ACTIVE] [ID] [0 CC] [51$ limit] [0.00$ balance] [0.00$ threshold] [0.00$ spent] [590109743558845].txt
| MD5 | b3907a1b87e090a38ce487fa4131bd44 |
| SHA1 | 296090ecf9ad239ea6111a4f31ac95904a3bfad6 |
| SHA256 | a9ea601d6d5f89b9361911729d63c460bf48192c6926f78b29bc2d10677a51fb |
| SHA512 | fba3af915e95b5925424f74a14c81038c743ac070578d767f6382b84eb42db93e95b756edcdb31d0d1f56ceac6c753131344a92960f6ec5f1291957d2bbf9c6d |
C:\Users\Admin\Desktop\Collapse v3.1\sets\wqfg\Sorted\Daily limit\52$\[ACTIVE] [CZ] [0 CC] [52$ limit] [0.00$ balance] [0.00$ threshold] [0.00$ spent] [2223923424454307].txt
| MD5 | b439fa846fe589abde496015c2c3330b |
| SHA1 | f13e506deb83ad0bc0d975a5f23e42d04de486cb |
| SHA256 | cbe8d03875b2e05a51a765cf919f0659f0619fcd8ae6251d2d0ea356e6293a81 |
| SHA512 | cdf6bf0cf11d7136e0f9695d067cc747a3db39c1352a843dbffe4f812f6a47c73e573ea44643a68c22bbbb758cf1c4cc488143231cfdbca520b583ffbf1a079e |
C:\Users\Admin\Desktop\Collapse v3.1\sets\wqfg\Sorted\Daily limit\51$\[ACTIVE] [VN] [0 CC] [51$ limit] [0.00$ balance] [0.00$ threshold] [0.00$ spent] [1463539834253349].txt
| MD5 | 641e1ea27b846f03314325e15c15c751 |
| SHA1 | 481d5af796f04da74d304f7a4361e8ee75b8a3d9 |
| SHA256 | 2990f087dce4ec995d0ee49501412d362c74bfe28163fb91371f12f350e19392 |
| SHA512 | f37acd61cf95edd7098c1cb943092b6b2922ac08a854bd6a419fc96007739ab642614526cfe712d2666b42dc814799f25a3edcf9e9b9cce27700dde61427603e |
C:\Users\Admin\Desktop\Collapse v3.1\waress\ff\isfile.txt
| MD5 | 260ca9dd8a4577fc00b7bd5810298076 |
| SHA1 | 53a5687cb26dc41f2ab4033e97e13adefd3740d6 |
| SHA256 | aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27 |
| SHA512 | 51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\1033\StructuredQuerySchema.bin
| MD5 | ae71383c3cbc5a7c64ee793a5779015b |
| SHA1 | 1cabfd5c590a76fe86af0c042b4d9a6e1546cf78 |
| SHA256 | 29bbdf534e97add374f41c9a2e5a1a34952b8eac501f1a8828f5999e7e0d79f7 |
| SHA512 | f7703b0e5b67e2c3bbba42efe912eda68c90d7fe4425c7d2f20f02f2d6e659f71870286055eb87095a0861e4ba04a9fbf72bfb328bda10aadafe2880fd06e51d |
memory/4012-4806-0x0000000000EA0000-0x0000000000EAA000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\TK94J423TQC8A3JYJQKI.temp
| MD5 | b4929c51a158d58b8eb15e8cfb175724 |
| SHA1 | 50ed0ad5a3718e35981121a8cc2c59f0cb430b69 |
| SHA256 | 5a17a413441ecef54f10c2eeee5699da74bef3608c1d83d872189e6d2c993552 |
| SHA512 | 1b13855f79efa56e77a3f04bd1c78e77dd586b03f254766bacf27f0b32b5fbf4bc95b106a141a7807d2faadcd19a4f5b5be9d1b4b46055f8c3145d0451dec036 |
memory/768-4981-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/768-4982-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/768-4983-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/768-4984-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/768-4986-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/768-4987-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/768-4988-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/768-5010-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/768-5012-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/768-5014-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/768-5015-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/768-5013-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/4664-5025-0x00000000001E0000-0x00000000001EA000-memory.dmp
memory/768-5043-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/768-5085-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/768-5084-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/768-5086-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/768-5093-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/768-5095-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/768-5096-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/768-5097-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/768-5099-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/768-5098-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/768-5100-0x0000000140000000-0x00000001405E8000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\prefs-1.js
| MD5 | 78a328629e0e34427758d402c56b29d7 |
| SHA1 | 14d40a6b2431bf690f598b094f666746e8bb8321 |
| SHA256 | aaf22e11c0698d9240a95d6f321269dbecbaf8aa2b5f36cf69a0fd9850caadda |
| SHA512 | 7ffa32a158269465bc0ebec8fa0bee1a6bd4978ae3fed8bef9b8320b891c7f025cd30413531bb2665166df7dcadfc38f31af7015dac746a8eae262aa84325ba2 |
memory/768-5134-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/768-5135-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/768-5287-0x0000000140000000-0x00000001405E8000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\V01.log
| MD5 | 14e373e0ed423eb18ddd40218176bf06 |
| SHA1 | 96de26f56a18bf11bbd5853e023fd7dadf2bd521 |
| SHA256 | 8ed68d0b9332af954af2ac448691b06076ade39c379b01254c2294268746add7 |
| SHA512 | 5b0f0e053cc5745c62153efa9b6269b5f0fcc9310475a57e044b6a5f31a74429eabd11f5ba906ce2da1b0e873deddfc6d77da0b24c3d6d983f969d353272af22 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | f3f8fd039a5d87767fec900cbf580d6f |
| SHA1 | 12a148955fc1cbbd4320de7ea917d0c6d3ddbfe3 |
| SHA256 | 5d0f3f2f3d273a36c0441373c34671ca090493aa4a7ad87212dd70e52d59ff92 |
| SHA512 | 03fae5e4247ba631b5da454bf36b125942d84bf24884e01dac08e528156372af9620abfe2892ae0e1b57d2878096e798d27b556865e8f9b0afbb5095c47ea12e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\storage\default\https+++mega.nz\cache\morgue\243\{0c272b55-f8d3-47c2-8631-ffd370cf12f3}.final
| MD5 | 3efa9abd92666265dd81c4f4311a96f9 |
| SHA1 | 41b6b716d67b93555e444cd453f3c6e3f8c9522c |
| SHA256 | 5066b1841e8877db31312ef3af86f9bc9234c95071119e025764f45241a4e2e7 |
| SHA512 | 5961950f077501608a0f2975e7f69c483eeacc4eec4ac77fd650cc1131609501f87819f93ed23aa508a90426156abf038a859fac4112d2d4435bbb634027cd6c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\serviceworker.txt
| MD5 | a415722bcaf1d0d25ee8559fc6ff3901 |
| SHA1 | 33716e3fd23bc93e515eee425052a799cbfa3384 |
| SHA256 | 1922f8db794df9d0dbfecea6b984876d317492090b55827c64a3ca8205c8fe7d |
| SHA512 | cff2cc1f4131320b0d2a3844dbd07725e513738323a18851df4ffee4b3b54519ae2b3747b925db30b44162931c8037da810e8ad89ba551ebde48a5aa5a0f0516 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | cc09b8ddec1e04940d748f2e211be568 |
| SHA1 | beef303daa18fc028015335556fa264f511697a3 |
| SHA256 | feb1307e4894c6775255a365105fd264454815437d8c7dc4dd82bf1b1dd4498f |
| SHA512 | ae47caf4abe7040506edd77e877eabdde5c6bfd028df1c078747d43d5a78de0cd20b29e81897de9f4a0b0268218e075dc89ba34fa3ce2258e8e1ba2638ba7683 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1009pdhg.default-release\cache2\doomed\21368
| MD5 | 7be5e00e34e9877008c9ec596d4bdefc |
| SHA1 | 0999f26fa6895c6f5bf5c8011de9ceaf2ee3c839 |
| SHA256 | 1f9051891724a19cf57fc2e50ce9ae2deac34065a2bef156a54b226ad82fd608 |
| SHA512 | aac2e5f7c148c0d7f63a1376a24556258c1f67b835cf3945e04d381a5fbe3972f6e1444ebf1a586373fd51dbbe4a3b6f1846d00454ac59de4678df366c82bb25 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1009pdhg.default-release\jumpListCache\+5LATaa+WYV502yRSaFBeA==.ico
| MD5 | 1fe6be6ddb7503cc6d3d931193e5c973 |
| SHA1 | 47715d99e091fcf490ba41f19a05ad15bfcdacec |
| SHA256 | 901d7bad3ba91a01e40a3099d3da273d3ecf37c75c5f71230dd3fa3cd0eef0c1 |
| SHA512 | f49a00024d6d8b3465af8c277dc02af8a5cfe96a8308e9dee6d6cbe5f405ce37ff7c1f2681e9ecbbf750728cc7f2f8fb117c96387edb8f42c34d24c61be37627 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 374c968976bc09cbc00164ab6803c1d6 |
| SHA1 | b298d829cdf9ac2bbe59f29ba23467db7c91cbc9 |
| SHA256 | 3509a69afdbee7d55da10741c5dc75b4d378794471df418aa2262d8e53622395 |
| SHA512 | b8a6b52a81389993d2fc5ca6c2337e567e4416b16b251b2c466208f3a85d741e982bc845a4c381e381ae7b79076d3f171e72fd86ca8b3eb89b2b04df210f35c9 |
C:\Users\Admin\Downloads\Freakin Product.xwz1rVBS.zip.part
| MD5 | 5aa35357201bf7e5b7dbc9e9efd5887a |
| SHA1 | 8f68ff208ac85b878a9c8201656cb2b084f18d4e |
| SHA256 | 2a6f79b1f0edd9e33b85f5c4af22b0bca1856874f5b2fe0aead2eb6f2a3a0223 |
| SHA512 | c45dfd86f494a30130a4d492dd4a5090d4f011b3c048b3668bf1712c93d031cc6fcb0863c0110f8ad37ae1316f9d2226fea71b3ef4cd6fbcf1b3b20cac573b8c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | ee59b98f7afb243db7b15d9341d96ea7 |
| SHA1 | 9b9f01b63b76cd776938829762836691acb73f2f |
| SHA256 | b2c8a96c876734567ed460105efdb07439707c240a057f19918faf741edae6a9 |
| SHA512 | 92d9acdb10198289d6b263f9c6d80d49065015918779a472e2a9dc38923fcdc5722554e10a5c2869410494a5f8f799f7fccca4d56522aaaa96e818f06d5d93b4 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1009pdhg.default-release\cache2\entries\4870A710121BF21D5D97AFC2108932D904FCE94A
| MD5 | e3695aebbd2688a17ac799b894082c37 |
| SHA1 | 0dc4337628e60b05909db5dbc4ac5699bb1f2da5 |
| SHA256 | 1ef77cb2d766917a53ac3bb176c9c5c5eba57cb1c759f30abc2e22647c31a1d3 |
| SHA512 | c1416b207bdb807718c14d9b877d66a308e79b2d55505c73756ccedeb20eb12bb458014bbb98ce08127396a9bd2e8c354d7c4e76b0843febea82c194023f5e73 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1009pdhg.default-release\cache2\doomed\29247
| MD5 | f903cce9d91992218e1e9b54c58245ba |
| SHA1 | 08f8622eadfe582cfde9c32fe9bdf476995c4bef |
| SHA256 | 6b78fe91e2b3da9c8eee38496430f665bbc66506b36e7e205f28708f9fb7175e |
| SHA512 | 2d8ce8d6959ed08c61b2378ee2a1e25381bea301e6a8552bd53fc72b598d9fdfef44989a4318d9efa80cdb3d137f6a968ca83626d115d26a753558299461209e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1009pdhg.default-release\cache2\entries\D051A83F73324AA29B6AE9427D1B80E4AA6C0E93
| MD5 | 863dc32abb24db911becf40423578d2b |
| SHA1 | 02fe46326a65e7b34d4e2d222bf1b31c364cf619 |
| SHA256 | b27a1d8297af60a67471795adc288795635088c92793e338f4c2d665ecb3ccbc |
| SHA512 | 89e2df55506983546daa3ae549b56ef3e52ef37f9d426794689ca3aabb0c120e72f2a46e359d2002e3fd9e773c2004d948d4e16fa3edd595ec71df29345b7a2a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1009pdhg.default-release\cache2\entries\53E0B51656BD8ADB494B343FB5692C4A347F707C
| MD5 | dd170ab299ef186b5455d824b4ef5157 |
| SHA1 | 6c239610cc8555b368bf6901c4cd3eed09140b5d |
| SHA256 | f82dedff6c8159cfd00ed0ea4facd5c5475a9e678181982cdc766170db2ae4e0 |
| SHA512 | 76100e1aa60c2160473c8d5f035c1b85bb2435db2b74eba3717ce307bebd31a1da46eae727cd2f8c4a58851c334947987de7c17f08d064d0d15e4548e32f0144 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1009pdhg.default-release\cache2\entries\2A42E8499BB64786FDAD4D3196574BC049B34EE7
| MD5 | 2cea4ccf4df0cd8691f4b821db789c50 |
| SHA1 | a45978266fcca6708d68a8da7a7152676d293676 |
| SHA256 | ee13e28d16bc2888b9c2284506bbb05f4565fb97b7a91e437a5dbce90250ba58 |
| SHA512 | 4a4d5fd7e432bca1d7a58a6ea44d9c9db19da5da45e0c74d0560bae52d4ebf9105a0d163e9676300bb95499e30f1256467e7ca9a3bd6a60caa2ed2489a9def17 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\storage\default\https+++www.mediafire.com\ls\usage
| MD5 | f31c1277c43e8ae6409866adaa241eb0 |
| SHA1 | 0bdd755fb91344983f1689e5498b5b5bbd743950 |
| SHA256 | db9cc3671011c82c3257f645157ed1425531e0bdc97a499dc74e6f21a336040c |
| SHA512 | 5b136abe0899be076667972ae962476ae61b24ca6d79f04942bfc64b9a1dddc5655a35ee29e83a1a406b4a552e145e9d20b4796079c4516fb7ffb1a9a3e8e787 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | b76a3875f20b90890afaffaa2b623d50 |
| SHA1 | 93e1504ac1812cc090c0f6f50f058b02f8b225fb |
| SHA256 | 1b6ce01e9811acc555030d6effb5dd9abb3e9721e22c89626cc82c4a7bc1703a |
| SHA512 | d594524e292a13ffd5d375ca8ff6f4cfe221bc7c8c575a0a61a97a2bedade948e1a75f2e94a9bd43615961f07107c1e6ea96e57f9fee6a2334e3630f08ebe0e4 |
C:\Users\Admin\Downloads\MrVpAaUx.txt.part
| MD5 | 0eb7e075fc44bd936ca6f755198d482c |
| SHA1 | cbee6f495a8c99bfff2983316edf0b4f2f606924 |
| SHA256 | e3c719fcf14b5244a75841d52f19bb7ad1180c6aa05b15b8b9aabf51b5ba5b68 |
| SHA512 | 92eed8821fbd44a2b3aacec4f2bf727501ed86de1f2943d7b6731d479cbfc38652e800cefd42b285a750c0a4c14d3deec14394a54353f5e10eaa3be1f68c3f44 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\downloads.json.tmp
| MD5 | c5e5c40f97bd429da8d85c770f57773c |
| SHA1 | 8480fdbe42ceca60988fbefa4fd0921826ce7580 |
| SHA256 | 7a3f56d9d5819b70ee4de6a3fd19d7d33ea77ecced31d582cef318c3c8c7907a |
| SHA512 | 641f26e8c21f497e4f1abbcaa244669c3c4c079f3d210053752f12146d205d54af398e17b1305008880eeccc23b4a0467b88e2133f8ff86bf6d1440aa786c845 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 9c109310260ca4ebf27040fad108954b |
| SHA1 | f4228279301d303415c062d25db572d78d3213ce |
| SHA256 | e0bac53f6663fbacbdb09837f95f257b30b43b633766b6f973276079ae7bcdc7 |
| SHA512 | f0c30cb87117d5d512539c5519a11c58592a93ef12921c0fb204f62cd581d0ea5ac4d33f2d94c9b63710cfd77539e48fd1c69da39e9c63a479de357438226f3b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1009pdhg.default-release\jumpListCache\eY5VoLGK1DlrxBlYvJO6cw==.ico
| MD5 | 93aaa867ace0c26f22bada351aaa891b |
| SHA1 | c96424ebb079cc2188cc94a215359f6fbd9fc041 |
| SHA256 | ff3aa866b7c765753e5c7adc0cd6bfa65bfd1ea077befe13f8e6625bcf14e5c2 |
| SHA512 | b953d7ddd8e66ef668471f04495f5f23e965709cd49e5f6256d57c3302b0abdee0f770bf054d3805f9ffcb48a0c4356675e5f03d7a05601939c45edff497b56e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1009pdhg.default-release\jumpListCache\4sp5D2DF2yS9PagzZb5ACA==.ico
| MD5 | ea46b7255c4cc96867877b42494a270d |
| SHA1 | 97fa29e418a23503ad1ca0a87ddcca1eae37a466 |
| SHA256 | 2686ca32be23bf44a4a56a168ead9c6bba56f9468f7796e243042d8b6598265e |
| SHA512 | ce37f919749daffbea87fe0eae1285e5b94104df9415ea082b0ca41d8f8111d950cc99d613281a8b13f5b0fdfc95c44d02b9a1b08a2367b603a8c516ca2cd1b0 |
C:\Users\Admin\Downloads\InstallPack2025.9gk8FJB3.rar.part
| MD5 | ed01bc1e22593dc7e6a122dfcee9e6c9 |
| SHA1 | 9be5b0fb3b82bfe35f3b0c31a5367a91ada8a05c |
| SHA256 | 6a1fa28aa66d4de727b371b4042113ac157c0078b431413f1bbf5b0373663383 |
| SHA512 | 64f7d347766771167e96e72f5674dd46508148c2e4e090a088b5bb535524229c054c8e84f39e481858cb8ed4a70e011c9815f4348dc82184d9a55f0c323a02a4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\downloads.json.tmp
| MD5 | 676a4c6c651349c48442ccd0cd73780a |
| SHA1 | c660aca65381bab36fbe9829b2fb5a35ba7d4774 |
| SHA256 | c22e20aa856291765b0f442e91208e23573018e4de0229d324653cb710e2e5cc |
| SHA512 | 5b299931d7f46912a667a9d52c555ef1d142a3c6bed12ebe20afd5e643915de54d1bf1f279c769a502c69ec0be188e275242fb18d3c7e497832f599d67aa2b6e |
C:\Users\Admin\AppData\Local\Temp\is-97VBK.tmp\Installer.tmp
| MD5 | 90fc739c83cd19766acb562c66a7d0e2 |
| SHA1 | 451f385a53d5fed15e7649e7891e05f231ef549a |
| SHA256 | 821bd11693bf4b4b2b9f3c196036e1f4902abd95fb26873ea6c43e123b8c9431 |
| SHA512 | 4cb11ad48b7585ef1b70fac9e3c25610b2f64a16358cd51e32adcb0b17a6ab1c934aeb10adaa8e9ddf69b2e2f1d18fe2e87b49b39f89b05ea13aa3205e41296c |
C:\Users\Admin\AppData\Local\Temp\is-36EJ1.tmp\_isetup\_isdecmp.dll
| MD5 | fd4743e2a51dd8e0d44f96eae1853226 |
| SHA1 | 646cef384e949aaf61e6d0b243d8d84ab04e79b7 |
| SHA256 | 6535ba91fcca7174c3974b19d9ab471f322c2bf49506ef03424517310080be1b |
| SHA512 | 4587c853871624414e957f083713ec62d50c46b7041f83faa45dbf99b99b8399fc08d586d240e4bccee5eb0d09e1cdcb3fd013f07878adf4defcc312712e468d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1009pdhg.default-release\cache2\entries\086D14E784758147911892F9D282428B10CF1DB8
| MD5 | f936ce1c9067642fe38342c0d8e2dc9e |
| SHA1 | c8ab877c432078eae2036d602c3682214eb02c81 |
| SHA256 | 843465c287a9af4432a26e18536b28c2f21632243212b5ddff5c6933aa0af41f |
| SHA512 | 7f6784ac9b6fb2a733ed9eef26a21b0d7b67e7231c49b493a7b3ecad94dbc324cf0d8c63342254bb797c2d7aea479d16ee2054aafe92c2757701221d6636f1b7 |
C:\Users\Admin\AppData\Local\Temp\is-331US.tmp\_isetup\_setup64.tmp
| MD5 | e4211d6d009757c078a9fac7ff4f03d4 |
| SHA1 | 019cd56ba687d39d12d4b13991c9a42ea6ba03da |
| SHA256 | 388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95 |
| SHA512 | 17257f15d843e88bb78adcfb48184b8ce22109cc2c99e709432728a392afae7b808ed32289ba397207172de990a354f15c2459b6797317da8ea18b040c85787e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\prefs.js
| MD5 | b301120d8e19684bf82030e004b7354c |
| SHA1 | 83bba8c8a37ab8fb5f2a45b031c110d0760ad453 |
| SHA256 | 82b965e4ef89c7edef9438cc2422844440cb12fc8b1fb111a14ccfb58bb09acf |
| SHA512 | b5e5f182e5e769aa89c2b708f6b19d393ab51b8f9a4e684361a739b2cc718c0eeed36a8da5dc76614bf4339ee7f56ad4946150d3622ebc84583fef22f4f7640d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\prefs-1.js
| MD5 | 9598aad14e91319386fb78cbacc2b301 |
| SHA1 | 3af5c9c6101ec77d8df5e98ec03af22f7cb41717 |
| SHA256 | cb6760e3c71da0cac18359d2dc76de223f22ab0547a6a047b59364155fdd6bf5 |
| SHA512 | 57a99cfb5ac632c4aa7e8ea2cab20924bc32ce2d7a1869272133e70297d5a6b8e74a3a33f2f7862c19c053af5c322f8bdb108278dad6b299e7b36d118cec0408 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\inc_004.phpt
| MD5 | bb6121dbcca65fa32deccc3197b4a700 |
| SHA1 | fab2a46495d39957b563d0704bf3c943cf847c33 |
| SHA256 | b202b1ef46e151f91d70b73278e792cae636d4896ecafdd587c4171e33efb5e1 |
| SHA512 | 54e60b61ea83df5e246cf9057857cc586481f72bb365e8a932d5112a5f1391bb6f081cdb674a5461be75bf1e28720399eabfe2d91b00b19982c074b6122f56b1 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\parse_url_basic_001.phpt
| MD5 | 7f16aef8213536cff1a3003f5d2daa8e |
| SHA1 | 56694cec4a2c81e953ff20085cc683c807e76527 |
| SHA256 | b2c2d95b3f01c1051ba963899b49902efb18f57df4c41e719f7c842ba792bda9 |
| SHA512 | 054956a8d581a3896afebd35ebb547ba8bf209e4134b6fe8c8e6240abd0d6761d36b939cff1f87891386903ca143983bd421586393676a0a58310d54aa795ab1 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\test002.phpt
| MD5 | 657418791bc38466dbe42b25b17726be |
| SHA1 | 30898ede732a209669b0d1849f81d39c011f4568 |
| SHA256 | 1fdce553927ffbfb8470da6aee83068007b7d4222c822dd6547374058c4293f3 |
| SHA512 | c611dfdbadc5405176ecf2b69ec81b1426d5c5eca31e52ba0c2243bd8e082c602218f9919a263fdca12dfb3a9a9d5cc279d07ac1b66ba4763eb7c6d83bbc49c7 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\zend_multibyte-05.phpt
| MD5 | 251609a5a66b0c4d8b2a0bd641a39d89 |
| SHA1 | f9cca3e4aafdd85b340fea9fcdebd5d7680cd353 |
| SHA256 | 4ae84dd4c586dccd9fd2084d770ea44eeff02625ac5f32e8ce40fea12c3dffd4 |
| SHA512 | 9bd077af2cd5496480d6ea3cac02680e8b2c3005e5dcda6cd87f93d53d70bf643376e88b9df342f206833c5b1c8c6b01b3197a3c200086d7e65cf9ce5d85210f |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\x86\Microsoft.WebTools.Languages.Rest.VS.dll
| MD5 | 856b0fcf4d66e2ff610f4d61d45590a4 |
| SHA1 | 42703fd34a310dfd6e237c830b8ecdfce0546c4a |
| SHA256 | 94d44198cfea0af1beb23c9873c43e6d9cfba4da37fa3ec622fd91498c56af35 |
| SHA512 | dd6ee1f7fea4a773c845dd42f1202735180413392c29eb819573426debec2083b3aa62f8289c737686be9e19ffb4bf4b6a5a52a1ddc520cb9925f0eb54cd8416 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\x86\NuGet.DependencyResolver.Core.dll
| MD5 | 8d65a74c14011430cbd4a9e388d20f2f |
| SHA1 | d18c0c51296901d75ca577ea3b8fe565955a1bf8 |
| SHA256 | f7461e3f4f71c19a26ff0639dc4491b937d0ce539ad41a298c6e11aeffe85a0b |
| SHA512 | e3f3b1578ffdbfb6f7bfe5f718030f5c40515861904e160903cf824a1cdbaaece46b421df244954da37cde15a7b0d1e1377cc036147bf96efd0b1aa1fe0f98dc |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\x86\PresentationFramework.Classic.dll
| MD5 | 12b4079e9b8a633bbdd73d2acff6fc0a |
| SHA1 | 09d0ec3283d24adda3e89d262e2534672ee6488b |
| SHA256 | e402ba494618196ac70087d37739881f8b6732974c8124e6005fef39d5bbb55c |
| SHA512 | 31cec0f939bc6bd9e28c9c5b20d8d7be337a9c6677403b7f8d0c01788954accd6b5f0dd565a5ad7f58199b0ac3ef5e0fd7d7eae680f79b085dbe0a834ea13d18 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\x86\RegionCapture.dll
| MD5 | 671a1fc19d633bd5b0aa11fabe4dfeac |
| SHA1 | ab010fdc59c114b444e539958c8743d254ad322b |
| SHA256 | 736602f667359fdd6b82bc5b1e2ac4de2945764c4b0140031ac7b1b627eff45e |
| SHA512 | a4e83e8d8ccf4fb98ae87974893f4b2104061c234d7ac45e053d3b77fdd5d3f5b09244fdd47a7843cf789f45c4df57096303c27b36658bc473e4ab0e9869b225 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\x86\System.Runtime.Extensions.dll
| MD5 | da2749c1fe09f890325c6d8394bc5305 |
| SHA1 | 786c94f651b7e4b6b36d505d94408af12fed1cc0 |
| SHA256 | 906a515ddb2070ee8d0266b86d50071aa301dc62af46c56b7983590b89e8747a |
| SHA512 | e4eda62ac184d02c79aeb69abccbfba44635cbe844f3db57fb366565467ba1b30374ec81906a0f541a363981746592ea676255165df3d78adf7b83dcce27436a |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\x86\System.Windows.Forms.Design.dll
| MD5 | a3caaddb4b565a4c5bfa7fb95082c947 |
| SHA1 | 665fed84109777878c1757c34c10a5f223015358 |
| SHA256 | 63ba4692ca225f82466ac8986fbcb162ab19a5850648ea79cb4d955a99ab8eaa |
| SHA512 | 150bf42901483f5e3a7bb87e299a3af45e545b84f9f9873fa16972db86b93960f5f426a67a7003caf241d243a44ee73b26ba7903619ef2b52898b65fa429ad8e |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\x86\WinPixSysMonController.dll
| MD5 | 6a26ffa6b8b706acea4b1c9c4cf4832e |
| SHA1 | ae06826be7fa70fe206d04f049035544cb5f2d62 |
| SHA256 | 13c21ce90cc6a468ab855ce0555d7429cfea23993363897ac04762babb197e69 |
| SHA512 | 622acd83c016096b91a279e1735d907e239008bc26b531bf0742261e38e43a960ba74c9714c64c9344e8e7a45e47ba77295793977a4772363a0df467bcba75a1 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\x86\WzAddrycts64.dll
| MD5 | b79ea9ceca29aece47e07100c85d2776 |
| SHA1 | 1bb4e41f0806d5e30c37982ad8aa92f5f4564943 |
| SHA256 | 741a3e261d1b07f2d6e8746d1adf3f6c2b8ac8e414ee62b62b772ac3fcb6100c |
| SHA512 | 7dc4ca066ac020462a3ec828d4fff27545481830eb1bd40dc4b2697d69d2cbcbac3896842e79813eed55258621f222dee1534da6044b8ca758679a91b1687305 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\x86\WzAddrgcts64.dll
| MD5 | 6f3eae2c8926b4de98bf1fbd91908881 |
| SHA1 | 1c8b033f7d89216699af0bac3f23d4d2f345ef15 |
| SHA256 | 2af64d9db0f8b5b7245b63f29f312821aa0e5d04e356942e7664317e839481f0 |
| SHA512 | 72d87d63da1f0a51df0bf465b1ef126a6630dd4263fe6c72812ae39b45fbf59f586ea3d94b735980d1da17750b5d57cad1b5f48667a4e66b8e45a857e09cc6f3 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\x86\WTSP61MS.DLL
| MD5 | 86cc13ee1d093ab7d8c409396f256ee3 |
| SHA1 | 331baa47778af13c2f03a2c84f77bff00b43128e |
| SHA256 | 7043a6f05c96b44fb3cbf51e434f20d4f5bfe6b7c72375a311b940b6e5b4bfbc |
| SHA512 | c60b0e88c3b1a606f17f53ff232fc41c9dc6aa2df9b39b552265c5cde5d429a4ad473d62f603409bf2c7110b526c2bfb1bac6d4b111a3c571517456c9f53883a |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\x86\vspmsg.dll
| MD5 | 3109afa3173ddc16f9b08043e1db0ab9 |
| SHA1 | 6076352e45786e341c5598e1bceb82bc98c7ea9f |
| SHA256 | 59ba38d1dfb82affc6ab8c797c9d75c18ca03fd6cee76a8ed542dbbfeef70060 |
| SHA512 | cfd59fef4344091179e772128105548e1ef0e67084105d4fe492eeb16b090f9a80cf18cfce626be125e3b00104079d21739451a8b97bade37d2f24af81bf766f |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\x86\vb7to8ui.dll
| MD5 | 369ddee9e2303d4e0fb7568433bf586c |
| SHA1 | 729e03f436f34b945d1c77d259de8ec572c1c764 |
| SHA256 | 2ba497e5a24913c9857c502896efba5faf7386839bdd6f74bf6cf57d4ddd12ed |
| SHA512 | f08f531e5d4b8a13622c63b717946e1d1061cb17a680c5606ca9d4521623977ded8380ae19a3959e08525b46fafb211f7b41f0f3a92f1942fd2895bd06c649a9 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\x86\t2k.dll
| MD5 | 0c3470d20ff1f27ca157173bbfbe964d |
| SHA1 | e113270127b57e8457c0d47a7871b4f8095a2bf2 |
| SHA256 | e56cf53e1dcbe8d65c926d9c86db9d80e69e78c0c6caa10d99d19333b3a3bdb6 |
| SHA512 | fbed516fff221c7fabaa2f1a5a7213a7c9197b20743cbbbe731e9f982058fc81828e730febb920d942d7debf025557997fc46066e264999bd0417c775149edc8 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\x86\System.Formats.Asn1.dll
| MD5 | 370cbf8743fba41b4b8bbb490cb2a239 |
| SHA1 | cfcf9e7dfb5105fcabc67c40053129ffa61b9d59 |
| SHA256 | 2882c3966580cf4202b9da81385591470d403bf4e93f3705643aa7332cf7903c |
| SHA512 | 8899e68ce983970352531593cf8038b1cf69d7c2f2273e37bff81a4ec27f6d82eaf611db942be7ffbf9b1a62d1dec54fb17c9ba63a2ae07882f11976c7a8e2d0 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\x86\SweetPeaSupport.dll
| MD5 | d78926d16358daa9e8b685f43264bd0c |
| SHA1 | 286fda98cedd1d4c7f97ed9de5164963903143ab |
| SHA256 | 59c9c17a001d38c31e800ace1380741383bddc27bdf93c14b6c2ca4896717ce7 |
| SHA512 | b9dcb4b84b05604549b193cea6f4d1f1115b4bf17cec41535da0944bba71da977ea5d58fca705b58f7cac7888cc8b6958d340c2c3f8bfd17636a83549e8a450a |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\x86\shmetapdb.dll
| MD5 | 15989fc1a1caa6ab7a9692a811a2bf0d |
| SHA1 | 2c585ac7c3f04ff14d32626a35368f0a3c395f55 |
| SHA256 | 304f1398c3da8cd03aa88f792507caacd07e7967d6262b440b38e1dbdc271cdb |
| SHA512 | 3efd25168fb6fb3d6021106b5c201fd87faf2402efec701ac519c6f27881a40c5e28e88129ed1fdec1c8717b1864a421a26a8c47f084c094ea3cde722e7130ba |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\x86\Qt5Positioning.dll
| MD5 | 714764b987a174a4c03e29187ece86d6 |
| SHA1 | 70b96b3951702972738bd618324a87257e6157cd |
| SHA256 | 8889372b8880e9ab78b86d863cfb1a7c4e22cfaa5360d3761bd03b9de10228bd |
| SHA512 | 698e807e4b8aa7aae05ea85f02f51a9f7edc5b74bd97e047d607bb95823b5d1d4e52e749513f2ce4c4bd89c643dee4504847da5f0061f4cd09d7f2ef3e310e7d |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\x86\msys-nettle-8.dll
| MD5 | 2f7530fa6b1aab24edff605a2a272e39 |
| SHA1 | ea6fde8d758f6984ad7ac51adb6b551ace581fe0 |
| SHA256 | fc3a1a83a14bf595ac1a880d47ec1a0b580466ddbb3cde9c419a8396119e913c |
| SHA512 | fd8c69e9b44487ae947987c7e8a7296987ba1b9ed9b1e7bb99f43d0f672610074fd5d44c9940f234c25f244457dc4c5e0431cceb71ce5f948409e9b563370bdc |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\x86\msys-fido2-1.dll
| MD5 | 0e2f58b5ec6b601c2a310aebe74e4f2e |
| SHA1 | 2119bcaa653639c6ef75ebc3dd6b24e0d78f5bc9 |
| SHA256 | cec34e5a90b7805c9ec12fdf18165e922cf93d2e9b91f55a20549c72e98e4123 |
| SHA512 | 7f528cef90654614dc12fb54b0426c65aa0631b98cdb2e6e60827df1d07683d3fe867febbe0f7a38f85529aa9a033d4eaaaf5476cdfd020388b2e42644cda26e |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\x86\msadomd.dll
| MD5 | b13bcfaf1b2817ecda80bc884486a3b6 |
| SHA1 | 0f9435cc96c40c9ad3c49fbfd47d610c1c81ea6d |
| SHA256 | 4235fd8271e2ae3b449777be367cb49573469b85fe309ad2d5216f5bb0d4498c |
| SHA512 | ed801afe0fce4c7e75e99dfbcc16e1dd6f91ba2c42c61475bf6361010147d2f226f33655d7a0f708183b0c1d7aa0a9fe6181914c9f612940ebc6a478797c48d4 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\x86\Microsoft.WebTools.Languages.Html.VS.dll
| MD5 | 67239ab806e8d911da4bcc0182dcceaf |
| SHA1 | 7f128001984c420255a3c020f91c744d00476084 |
| SHA256 | b225880f0aee5d11803d58b67866596376ad95922f1dc196ad880f9f5d68fe14 |
| SHA512 | 58c68d21036374ef9187a166f780d64d43982d3fd0af51370d636dfa98a65fcfe78ee8a3abc93800e2f3c5b0518c76e5a9124f455ba76fd29f075e03430972a6 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\x86\Microsoft.Web.XmlTransform.dll
| MD5 | 4d50aa81a8fd1a08b3a359fc8ef89d64 |
| SHA1 | fa13d9dccd8dfa4ec4f86627e5a387607fcd0d04 |
| SHA256 | b750b27c8deaad9a126dfa370dfc190733d971ef2a721f966a9a465aa59a28c8 |
| SHA512 | 8e8b692815eb673d81e409def34c99b0e4d08bc6e6341b7b67e81ca6c21d6a08c5411a7f43e86d76d112c16322877e2533ebc87bd279e54e9f73e3ae91caa4e8 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\x86\Microsoft.Data.OData.resources.dll
| MD5 | afee26ba5a65942b9d84b1e96d860434 |
| SHA1 | d1323908edff52949488def7f1ded3ef6da26a54 |
| SHA256 | a1317d8ae204f101736850eef75eb5f77d57afb33a79f6ce62302fc644bbb81e |
| SHA512 | f6ad1e2f25a9cf7860457f9f9e6d29461156e195373f906f93c62adccd84b600ee557c4e19497ae35dfe8d2ab6b3828ad8cfada560f2689a8ca1fed375e044a0 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\x86\LdrtBurn64.dll
| MD5 | 4b815e44d94d38438b90c3198797c0a5 |
| SHA1 | d29d9ca4f66e13c66eeb3e53332670f777252597 |
| SHA256 | 0c80df2fdc238ddc66b5ae493a9dea395f03b828fdde4d6d90ffd76154d6ea03 |
| SHA512 | 8563c2b7d1c2ee48a9ae297d8ab9251ed18a896d1ff4b29b088f02393891bf28f888e7c6d5c7c6133069d18fe5bec37d936dce6ca83d5ca64b901296669fc74d |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\x86\javafx-iio.dll
| MD5 | ecd247ec430dbbe8f9ed829e827514ff |
| SHA1 | 4fa71fe07d820d0f185fe2d8acf5b132fbcb7ddf |
| SHA256 | 11f428cd8602ec280ce87ce031842912f64caba3772ce32f06d40935001f9672 |
| SHA512 | 53aef2f4e279474ec13ed60e40f836b6788d4108b0aed2707243fd126be16376723d7decec305ffdef69d3412f865d1dbeb58d5e9b991059bad0d11c2b921a41 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\x86\javaaccessbridge.dll
| MD5 | f27c7d8d02644289cb098559f4e429b3 |
| SHA1 | 13c96ef09163038532864e15c5db7ce6d481e96f |
| SHA256 | 6efe85370a4dec85036cf930924ddcd9feb5c32575bfd6313660a095d2b121ec |
| SHA512 | cf2b1102dbc410ec9ca39b0c622f785958cfcf302e33a157b6ea322a83f56d9ec4221b4d80dc51fb5e0b637a206006e43335649af38a00dcafefac864f4d33ad |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\zend_interfaces.c
| MD5 | b3bf10f183cc9230b2be39d8a900ef74 |
| SHA1 | 8f41fd60f38ae85c60eec2d9084c4a9f5f90a9ff |
| SHA256 | 105f669739572e9fe33aafbe7c93715b4ba4f2fbd3563548d1db0623bf5b2a41 |
| SHA512 | 00800bb1e6fc8b67eb439fe4d965ddb655c081acc16f1401179cc77d7634de71a692ff0f763ddd8f85d0527ca686c49bb1cd907b3f6da2e5e2d79ee30be4bb60 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\yield_ref_function_call_by_reference.phpt
| MD5 | a2c45350d72e473c9cdac67f2c9bcff8 |
| SHA1 | 4783f5e98651e40bdebcc361a6c6388538f44f54 |
| SHA256 | ebd51d0d77f7a97a25b54a68289457953a8c53136a17a92d4edaf0409485b3e8 |
| SHA512 | 3a61c854d55c97aa4384e5064c80cbb7fc6fe4f2de26b0ed27c1d2f58601571240b258c987cb1590cf3c8e03bce822681ef2e85f4835cbdfb658a3fbc612ef88 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Microsoft.VisualStudio.ClickOnce.Publish.dll
| MD5 | f5b20da5d1b128bed2c35dfdb4539de4 |
| SHA1 | 88efcfbfb5ea603668d84ccc94f1e765a6ea878e |
| SHA256 | 5fb931d716ee7499a3b94245c395e342299de39e8028336730987bd01d4398f8 |
| SHA512 | 957a9e235f95367d1563d4d22067bce1d1898bc910294999d86f8125cc885ebdccbb602df2146163ef2f4b683b0e6d0db7acb9fcfeabbb7e717a5f5df92b79b7 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Microsoft.CodeAnalysis.VisualBasic.CodeStyle.dll
| MD5 | c3d71b871af4e832507275f9e7f0136e |
| SHA1 | 710e7dcf7ea419e290336e435fa5668e0d8dc313 |
| SHA256 | 1175bda400b8f1dcf463a3c56cd7174dbf88a86b5b660fdd6a3225cd8b526e5c |
| SHA512 | 4c56dd0b8918cae626ecaa1d3b2a7facfd839379837b64fe51fd7eeafad6763480f2921a276d06338a42b5112e6d9b5bf4721b96cd51bd3d704e07542c4a9be4 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\libtidy.dll
| MD5 | 62aa69f648aea39fc20dcca7a2efacb7 |
| SHA1 | 925b8e886b6b975e451ee8fcfad1e1660e154701 |
| SHA256 | 732a9c7798dc63af8c933daef8e75cdcd6e131d11c40325e7af00a508cd7bb86 |
| SHA512 | 5f2b843824f11c30950e196531e393b30cb9f6d69d14545cfb49d7c7aa74384c662374efee8678027e9841c3d5dba854f4a3fc466ab247339b6752bfd048506a |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\XMLDocument_fromFile_01.phpt
| MD5 | cf4c593ca9b9fc1db07304b956a686a9 |
| SHA1 | 66f3f6d6bcfcd445cb4070d0696b6db28cda9b77 |
| SHA256 | 071a7ee40166d248522ebbd497d9523a10a04e4800d6dcb754101f9783984e4f |
| SHA512 | 6a64a1b207688ffedd58f271cbf4d62667dc118213923a2631a2de1bc78f09b946b6e921eb0f630aa4603aa7014a9e86742a7644dba1b094895574c40ae70821 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\xml001.phpt
| MD5 | 06bc442276667d9586ae4e9eaf2f5585 |
| SHA1 | d254e1e675deaa0c8ce60067562d7110020e8c68 |
| SHA256 | 89373def9f066fb01ce993223d8a32b38a028781e3a281c01111aa3097516cbf |
| SHA512 | e60adbe3b5457a20047950451966bd6e0a090fba05d7c1a78bfa42ee91ce05c22ed37fba7a7297a825d3ebe2f78363fc913c18a8ad191f85ecd7fd7ab6c5246f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 75dd12bd3cc14cde3dddeb8aa0cc28ba |
| SHA1 | f8792c4604213716b057c610ee5216821677b0b5 |
| SHA256 | 1d83f2e8ee020cf4937c0313ff403e14f9874e52d05900e55eb3751bd80a40fd |
| SHA512 | 5fa2191b2efe41be1cc289ac9bd58651552f13c726408ea91bd875ca32473dd71452e05be592b0d7ed17d8cafa758928e6a1b155432950c6c326da7fb6723ed3 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\write20.phar
| MD5 | fd3835a2eb70a10d156f978f88b4530d |
| SHA1 | fca4d6288c610caa0d7f7ab3aab6fb775305e353 |
| SHA256 | 3ceb5586fcc18d5048ba5833ac41518c79a78a7cd2b12fb5f4921cdb614edaeb |
| SHA512 | ea5cc6436e8194cb638c3e7dfae2868f31ede28795936eb9859ff3b2f3d7a0527468309c11422f78dbeac370f1394df20cb302e2dc009538dbc905b89d01b822 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\wbmp.c
| MD5 | 54521da86ae51e2d8605565f3a1975d7 |
| SHA1 | 72dbf58fe63a4ad55b21e0e71a253251595bc53a |
| SHA256 | 27606b242f8a7fc52e5c13ad18e92d5c3ec9e80423db6d8eb68d289052800797 |
| SHA512 | 39f7f9f2ca52f70d94e07908235430beabc12837326d88471d901f44c2e2304294c8c3c9bf13c60c0d2e3c13abcbcf87577746363eaec0463fbe2f4c432948c8 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\trim1.phpt
| MD5 | e92c04949c0e18b16e93d355349d7a7a |
| SHA1 | 0664432dca808815956221e2a5299cdf47f7c989 |
| SHA256 | dc9a31cef0e0f64e1513a19ddeb3f086f246c2c046b18e21adfcaa0d7c96c8c1 |
| SHA512 | 4bab8e55448f27a3a97f7a21bc7dadcdc7d87a0cad5f72144bfe790f94c4a2bb0190317f2355cfe423af3d119664c45bec2a701a661753c966ef4d2bfa49c73f |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\test_arginfo.h
| MD5 | 7b608bff5c94a7f6e67a20f3e68bd4e4 |
| SHA1 | 096b6ef0b1006228bd4661b4a0d0e5193963d76b |
| SHA256 | 02fe803a30af48f6de66fab8bdb43cb93e1b1358d502880f9a5f99b795690b95 |
| SHA512 | 74e0a27e8f37ebb1a7f001ca3a14de96da9236cdf820ae9495cf593b1f85bb4b527a35cb41ced60ae910401116f64125063e62cab576a1c01a0bb133755d124e |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\temporary_buffer_leak.jpg
| MD5 | dc86779d7f24486f75ebd12a20468a01 |
| SHA1 | adbb51dd04d66e59b739c729f253d67a17e72d6d |
| SHA256 | 8e539f9f3738c8ffd4d126605002d2b6498cd087cc20a8cc45830718aeaec4f0 |
| SHA512 | 12adb9830d8a0dc1f489dc8a760b67aafa34b741e94247590767304eb52420d15df8fef300293554a2ba83cafc1849d099b4741f7c5f9b8a66c86aba27f33f15 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\stylesheet.h
| MD5 | 233a12de5eddb97d9a9017dd0d9cef50 |
| SHA1 | 2e514341329ea4b68252047b191dc70301f6c816 |
| SHA256 | 266b76e8c12efa95c5425f7878f3aa17a2a5e41b9db08a0161fe65fa31fbc895 |
| SHA512 | 1b64e069db10ab9313b1ac5a6846df9cf1fcda2c505bd224825ebfd6bef77796c01b2bcb98514b2c9e163be117dd25390106ff40197d226dc6759a8299c31af8 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\socket_abstract_path_sendmsg.phpt
| MD5 | 053d3bfce5bf888a5b303867c3e58185 |
| SHA1 | f9899d2208c53b22cf4c2579e6dbc0a07406b52f |
| SHA256 | c5b264df2a315f294642ab6fa06653fbdea9e98db201e88d5b022ee95bebbc73 |
| SHA512 | 83740ac7c1f0ecada1b0b4c300b46ffc9cd0cea8ec5b588218b37d4afc821c42dd53b67be12003f5d0de5b1068c4fc01fefdaf2e66cb7d800d3e1fb712fddfbd |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\session_module_name_variation1.phpt
| MD5 | 0376bc27857c2293d013c5d354394e00 |
| SHA1 | 1356e9c408f4bfd106206179e208d83d0e0e03d5 |
| SHA256 | 5178bf37f829aa452689e4b6a8c307be5301e5db19b9bc5a41d4ce1df9df7dd4 |
| SHA512 | 3e077be8448a5a749fb4ee566f8a0b75d6d1adfb10bb1f345cca4a0d1923b54aa155d3c2145263ef61a23f03e3e6268f5ac0a3da2e785efbea4c8ff84aa6e616 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\sensitive_parameter.phpt
| MD5 | 39b6cafa5553145cb5b580ec0e3fe56e |
| SHA1 | d0f55f628d77eba1a9fdc5e8830e803c25353c04 |
| SHA256 | f29c32dd2577c277b0cdb27e3ff820b69194b9c07622f53bbde03827bea02a3b |
| SHA512 | ccad28f072a8a91fd2b26601273f4300bdb1672032c3a8c0ea99f8da26f843b97c7a1e0494fc1f4fd61f5c743b01f30f460623dbac4e5cbd25c3fa066a01e9a4 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\sapi_windows_vt100_support_winko_in-err.phpt
| MD5 | 1cc20356258a3cc3164160eb233c7bb6 |
| SHA1 | 78e85146aaefe333f7e4f2443faee890e6aba624 |
| SHA256 | 58c9fc530422090459df9e7b62c3ba04c954f3da0f0c5296deb1758d93f9ba48 |
| SHA512 | fdb1f9d84aa11533be96dcd44976524e0beabc44036e63b9090a542a6d69c2dd44b154130867c37f3c927808dfd5f396b9704c22a80a4e7435be1fc06e5980a5 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\ReflectionProperty_getHooks.phpt
| MD5 | ed0d6f417da01a5c70708ef17310dd49 |
| SHA1 | 58c010b29a51595ecb9b3303407f4155449d4b6a |
| SHA256 | fc7f742c3ab6cc2a6aa9c3929c137151eb06a88eef2ef1eac7464c5b6086ceca |
| SHA512 | 8842dca840a2b3aae10da359201865d1167b110e3239a333cabb0ef5e88852bc2b6b0eb4cfd10f0539aeab7102b7bbd8166464ae5dd160938f755897b4db2164 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\ReflectionFunction_isClosure_basic.phpt
| MD5 | 0ea42cae40120ecd838ff07777b1dbe4 |
| SHA1 | 9193eaf3be1d6f42cf3f62c06210b04f5a62507d |
| SHA256 | b7b508321e5b73ac9790e77f7cbc3ffb7cfdd6e9533811644b41809d64d2e074 |
| SHA512 | 5eb4c3d4299bc58242ac813dcc2f5ed9b1fc3d1754438b56a29639d30be85673a30c48341b705bbc555492d27bbc1350ebcf97442e17feb8957a74b3017db41f |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\README.md
| MD5 | b43af38178fc08a1f404c2a6393bb4ae |
| SHA1 | 18568b8be64805a6872d19fbf92d6321ee19cc8e |
| SHA256 | 274d1ef0960544666aa9e1e74da18657970398d83f50a4fbda3905ccfab9d120 |
| SHA512 | e71897216f5de7657036ea7649a555cdc74953eab76e726480ae210357ebd3f72fcd54a06d00638ed0a36124888e08e7c6e7e7de75a07d340e8b8ad276540503 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\property_override_publicStatic_privateStatic.phpt
| MD5 | b05d72702d6830bf48eca5608743fa5f |
| SHA1 | 918206f30159acf105eddbcc00afd8e41f9161eb |
| SHA256 | 1da5986543b428f74eb461def39a40d726b114204f3431fea61ebd97023885e0 |
| SHA512 | 093ffbe1ed446a1d0527964977502aa22575b565df8344981ba5f0316548a25740a742aaeedafe9031a6ca2aae7c0704633e6043fa52c110ec175f1584813ebf |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\php_gdbm.h
| MD5 | fb24a3ef1f7f8132eb2ecc991d2332cd |
| SHA1 | 1ab58649bf6a3f47a1bd8f00db1509be195bfd26 |
| SHA256 | e5063413ab45cd405354698166f8d5f95cb912572eff38c50db3517db301f7e7 |
| SHA512 | de74f0793de8e37e4c9376382c15c8f62d0d8c8d5572bc667aa50d52f7db7cbe2dcb7eb73c7e0b78ea0c16c7a136450c078e1144b964bf8c46276def0a8f8c2f |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\php_filestat.h
| MD5 | 389f783e0d7daf5010077b727997423e |
| SHA1 | 421e55f848aac2b121c7721948b7a67c58e9c90e |
| SHA256 | 80880c06d6a9c3364431573d8d8f193ad098da5f4c7471ebb7b1857dd221ddd6 |
| SHA512 | 80d0f9ed6ff53d6cea758258aea82b2f6a61832a2e17b50ed2acf93ab28b0fc26aa24d49fa468a35dd623461cafe1c6d956b8d6022253e1cf20a37275bcce82e |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\phar_buildfromiterator7.phpt
| MD5 | 4fba5bfc37dd916228f567f597342a06 |
| SHA1 | 87ac755576157e205aad42b9585a519857494964 |
| SHA256 | 304917f238b29a5a8f3aa9b817d11cf176d145e1f4cb2108d48cd3be9028a008 |
| SHA512 | 7d045e2033aa9525a5c7856b464ebb1bba89a9b0e046ae5d3362f94265a6edc3cf9f7731974a1acaa773768c5bbabc727da0e39fd15025808b2f86c3e60fed8b |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\pgsql_driver.c
| MD5 | 405bb8316a0f71ec4cd7e0490b4e7098 |
| SHA1 | d419d070c68ef4c0e878fb40a6e2a5edaed735ab |
| SHA256 | dc13e5a537185bf00b4c5df7a555458bb127bfd5071b0a4ccd0f12128d391456 |
| SHA512 | 3f50b10dcbd5ddd81bb3b083217931e1e1958977ad91b17650ce5d34e4e19653dfbe38934565487c5951ad168ecb0c43a5ac5d0c01733c0149c75147201b9b49 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\open_error.phpt
| MD5 | 6ee25570006d008cf776e88643d0b2f1 |
| SHA1 | da8cc6acb6de86a1749605d5117b4c374f029c8f |
| SHA256 | 93e0e5569a42d45c86affd9370a0a288d27bcb891c6539d8b5c184d12cd24883 |
| SHA512 | f1e0e2056085d9995a25dc4486399838df9cd9d4607c5e8ca7a15ecd5f2ffcb489674e28f50e74ca30bbf92dbb2e539d55260fd12a613de95b0981fabb203ed4 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\ns_041.phpt
| MD5 | 1ab793e83712cff07f69e4e20e82ddb8 |
| SHA1 | cdd34244732b24e780ac0f428d92832682218a6a |
| SHA256 | a487610440859c66af8433bc41207cc03b490a940ec56f5b74c37db4991aa06c |
| SHA512 | bd5b2b150a505bf8dbf9f634f4a16a08584b8f2c502c589c870a2e1125ffe7648ef5e8dc5581777e0bcd4398e03b69aa1de716c6af771eafb6149fcff70a2d44 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\nls_en.c
| MD5 | a76ab1236a3dcb13a00668ec1abcf805 |
| SHA1 | 61d77bb5632163356dee4ed415ed5b1d589193ef |
| SHA256 | b12f5584d538fe47eeb17f16a5466db780bcad39ad0b69ca1bea7e0fa590fef2 |
| SHA512 | 6a622b3605c76f1b70d878758b1e73b12e93b91c3ada0f276da52dc511077a2b67151eff64524abf58b1230d788a1bd59fec390998b027f0e5b4c75cd0ff29b4 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\T50.phpt
| MD5 | 344c883b91c668b56bc579c1f182ca5d |
| SHA1 | 23193ccdac8f760e277a80e2135e9f2b9c6202ca |
| SHA256 | 086b8c73863fa087696d065757ccae36c77b257b12e22851d2bf06410babe32e |
| SHA512 | 5d08b20888d77f932ba5b184d89ea65ea15d51034dd6d81af0d87b22c59e938f30269c5aee3d7794e11da214cc3b6468677b1045c5f71f3d01d3be17ce15654f |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\mysql_sql_parser.c
| MD5 | fd07b4dc5f760d30141f3cea59a32e3b |
| SHA1 | 4c447de653c6e4d19a404dbe2b9fb234d92fc654 |
| SHA256 | 3b25edfa46af0c1a0ba2a5aec73b6a36c1933bb8ef1fd77bf7aa5da15f311420 |
| SHA512 | 2791b73528336e2cdc8ac3330665a99de82066c4194251094d5eef1d5b25a78752eaf36b52b461b2213941009db85f5d6d1e658cdbcb7d125503afba01770ab3 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\mysqlnd_ps_codec.c
| MD5 | 2e828664a845c74ed2808d43e9fc0e41 |
| SHA1 | 5c73af8dce3c1b41171dae8afa4b3545e92ee70e |
| SHA256 | 37a1ea578ca72637938e2fdfc7dfbc9e78f32cc53523715b6f9cb7cf7027c8bc |
| SHA512 | ac17c04cb29f7e23032f9ac3bb763d2be924aa4546733fa70da4fad42171916c50669387024ae1b9ec49317ed2985e8d652385c1346fc3db03d28b8a629ce697 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\mkdir_rmdir_variation1.phpt
| MD5 | 8f3ccb4318e90415e83d0f8897bfeb46 |
| SHA1 | 9e31da3bdc68eb02da8a08ad9e1c43764f239b44 |
| SHA256 | cef7730966f83d9c79ca54464f97f298dbdfc72e5c998adc60b45f433164a9d2 |
| SHA512 | 41fd94909be46b119b52837e0b6367e4880a557b7b153fdc4441453935ab7d0eccf4bdc694f7e1d1edf87587d89959caf07728111dbb1c57fb21e618b3bac125 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\lsapi_main_arginfo.h
| MD5 | 43f926489a0d1e4b4cda7bce2f9d7762 |
| SHA1 | 59e84f098850c0b6bfc7e1bc08ad295b24a66098 |
| SHA256 | 3e60e7c159597af06128011e87873428d349e46b2e9b5b116eed5d2ce8b4cd6f |
| SHA512 | 21733b4ac7924fa5711f0fa586287e4faec716e339c4cc76e882c512d96862c28a870d52c0bb60ed725b679b572d89ef9a8635d26b59431c91c85272ee63fd62 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\long_columns.phpt
| MD5 | f3c704c45d5ba5680404a17eebc8390b |
| SHA1 | c3fa006a59fe77fd9262b7f4208060de85251404 |
| SHA256 | 7751a21f651d5be135991613d63c75e2c7d837465ce4f47e4f4dc331605971da |
| SHA512 | e64677d1045dd2e83bde9b3a1278dc1006f1f6d17bd5e6895a27da08eb4d9619e8dfcc344de86491c2eefb2014f959e7f28d4920559551b0cf6df7237eb4d8c4 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\intl_cppshims.h
| MD5 | 60c1faf3cafc226ed3da58669b2c9c8d |
| SHA1 | cdfac7435a50fdadc5b3628442beed159d972ef4 |
| SHA256 | 16bd1cffbc97cca0a71bf3cc5fc28573edb1fd9b709753502b8a3cb95dd5dae0 |
| SHA512 | d2ee67b407dc6be9ee9b85577d101f6265a62106e48a1983d1090e32d3c305b4caaf9ef45e913d99f545184a6f7593fb15e4200f402d5aa2841558055e4b2999 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\image021.tiff
| MD5 | c82ca77aadf114101770c2e92e7c1f64 |
| SHA1 | 04e204009181fb7a2182299f12f2cecc24f84381 |
| SHA256 | b7d7f4f5be5b452e1e197e96d46a64adbc3715559fc720d842badc7de821f0f7 |
| SHA512 | 55a50f8e477436a233659a2626dd2791985cb6a04f2c7c982f771d78c22a0e63cfc3b13d702859ea85d61339c438c89695809c3d0bfd38647e1c015835dcf69b |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\HTMLDocument_fromString_LIBXML_COMPACT.phpt
| MD5 | 01f0a9a83f3fe82551dbb6beb1da710d |
| SHA1 | bea35d6bf37189ae31699dc199c40a8316ea7f18 |
| SHA256 | 99da9f0b644c8807d728764dc11c03f77554d131550df726d678d6f6eca92dab |
| SHA512 | d411406e52c859f9c0d5749509a27b2289f6673dd32aba02b9af2684c45ed0f839bb113f1c82094e41816373bb8ef8ba3140275236858d65c791deb24ddf99d3 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\gzuncompress_error1.phpt
| MD5 | e4c4a84857b6047e02b79f5a0722ad7c |
| SHA1 | a47c7456ba18468319109be513d27d084edd5062 |
| SHA256 | 8a5c3e034c987b3f24bd3b12c86dc744b5248c332be3f5913410d95cf236f489 |
| SHA512 | 1ab46d2f4ab1f75bf0b7dcf1fbc33327dc88e968f09b6b3c50115d0b3f4ea905e1b43c3a04d6994e939f1237fc96c8a7d52048c4316ee117707e1c2f8f36cfed |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\gmdate_variation12_64bits.phpt
| MD5 | d56a07dfcec708ffde3fd827892443b1 |
| SHA1 | 2624093d84a863041453f8198f269e2d862074c4 |
| SHA256 | 3ae23c6b0230eb62bb110274b346bace0c7b4239ccdcff900f9d18fdef437ec7 |
| SHA512 | 118828c0e43ac2e6c03670f32b57b265bb7e1b454511e87e9b73f0cd2ef3c5784274a6ace3494438b6ea8288e7fe38ab09c5c53bf8020149219b3cecdc5fec26 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\gh9697.phpt
| MD5 | 503b91514b4d74ee68badd403aac49d7 |
| SHA1 | 062937aef0dac40aaac2a4643003d04eb77b6dcc |
| SHA256 | 20a1bf97b950d352c0139dbe0254d530b6c3abd458e85a71a1c223e86f1c2649 |
| SHA512 | e06cfe8350c0ff4709c95f4919e4843cac71dcfb3dfb0130ae304e475203f52e2f0a4ed6e0102e9ced648fd366b676f96be61a392f063739f3a6b0ea132e20ba |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\gh8841.phpt
| MD5 | c2b62016086b2c8cb2a618a97e4e3a06 |
| SHA1 | 35afd02c6922d71e33637a9638238d2a9f08ad75 |
| SHA256 | c689edf788a734aa7add7cef71b88a0838eb1fc95ffea04805deecfcfbac71f8 |
| SHA512 | 001d4bd9e7693bcf3f6d9fea44e611e21db34ab35dcb379894d10a6f831075aa31042f19cbc88d6cc40c588472eb8a0f7e233b042a6936426bb24fd2c45445d3 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\gh16316.phpt
| MD5 | ce68fbfc731882824e29084b57159579 |
| SHA1 | fb698056746a9a9577dcfdb2492955fda2eca2ea |
| SHA256 | e30c3fe3a357ac04ebb2e932c88cd826a65549da0d3d7a776a40957356fde50f |
| SHA512 | a25bddeecf62c06ce719550c162cde372c54733d2d3c0efb7f98b60141d2f71e3e51a468c594c6f2660493a3f9f0ae6f87288895d77dc2b9c64c9eaa7715dac4 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\gh16257.phpt
| MD5 | bc6ad02797fdb4050a21c058baf7d44a |
| SHA1 | 9673901b0455985a8336b1dc11015a8a17312e5c |
| SHA256 | aad45b9fdf9cc9ff49c05c60e61c2ed3bf64cd0e4925724b92135cceb3e4236d |
| SHA512 | 82339bc9a11b3093eec4b24003a38bb308b0cc8e9c5f5b922570aa0b3adaf8f47e144195a64d5c3dbe3b0d4e1238928df56243f99e744967df0af16581b38e5b |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\gh13612.phpt
| MD5 | 12da9e6a0de01e1f02039f462efa2d19 |
| SHA1 | da013182ddc398719cfaff45832b1e7349447be5 |
| SHA256 | 2ca67d99952798bb644f563d233a458653c18935330fe48d31b52a54345958ca |
| SHA512 | 560e98bc95a4d52ccd6210e9f1135ca5272e9facec2b1a3cf7652311ac693ec4db0d5e5f51246fe73e8029ca0092d7244c1ccfc954e24cc276b9460755807ad0 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\getservbyname_basic.phpt
| MD5 | a3e0bedce591fafe1a2fb1deb06da65f |
| SHA1 | d6631e2dac34893f66604409f75053438c7c1ade |
| SHA256 | cc6b9c06fce239a4219193941c0f3f5da5a3366ce38d7aa5563d1c6d44b656c5 |
| SHA512 | 0eda8cd07ee2be2a459a9b691b7671f4a11f556fab5dfd8bbb6c9be95c7c05375becd48af9921897e43dd9bc5bb16e30a170ff73fae7a6aa83441ebc2b49698c |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\filter.stub.php
| MD5 | 27fd564b20fd1894417e8600fdef7a25 |
| SHA1 | c3f3240137eaa89316276920acf35f975b2dd8f9 |
| SHA256 | 9ef981250103a0529213121b722e9d68ec8799532644699668590489dae0cb88 |
| SHA512 | f9ed10e1b1e4c1cfc9653a737941f22ea67cd4a197f653dd927cddc4462764f1f3d9273fea3c43d21ad189ac71acb8cc861c1dee96ff493691bf073a037f2eac |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\filesystemiterator_flags.phpt
| MD5 | c29ab023d5dbaacdafe8f136915b1227 |
| SHA1 | 3876d4ffd45631b3c3c64122edd75dfa5c9732c4 |
| SHA256 | beeebc47e7bd8ffc5cce13b489303b92f492b60eb93aec622095f555cc8b3570 |
| SHA512 | d85cf4ba40b1f8d942afcdb254fbd5d09410fe9180d567662e15b7870bd5fc1e96ff82c8a08d2a60ce80c7486089347115c9f703e3fa9347faa269a014be1943 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\fetch_ref_initializes.phpt
| MD5 | 85ac94a92989ae49b4874bb5419d9048 |
| SHA1 | b2719dbff60751b5ece40ebbda68affbc7372f10 |
| SHA256 | 97f11ebd6843aa7edf7b35588f9fcb134366e5e295f721f246c5d1c3a50fc63f |
| SHA512 | c93ff285c61f0e378e84f6841d3d535be2b2ffb19b44f4dfa3746e518a0eb0cfcf0452924b506c4b5f74c31f3e8c12ada54277b61efc7dc6285b57583f5de4d0 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\errmsg_003.phpt
| MD5 | c1d86702d875634292cd729cd4e1245f |
| SHA1 | e69d3f910384031e30f13b79527e51e891ea6c62 |
| SHA256 | 9491ada380631339bef86fd7eefdd09475dfc6c5942bde85eb83474cab63f5cb |
| SHA512 | c27b6e45e98f411e34d67ac0841a38f7a6ef677f1a1fdb56f9761caaa7db0d5325ba0bd82d92af6b2038bf4512c774f4f646d9b7653a6f9ea875fae5f9b715fd |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\Document_createElement.phpt
| MD5 | 5329ed8d3722843bc9e2796b9200bf94 |
| SHA1 | b83d75c5588689fb0e1676a4ff32677b8d619cdd |
| SHA256 | f66a880a72a378b5d0160c66884afdb19582ef12c808dab014ecb09a8f216b3c |
| SHA512 | 26b7e25b2f999b2489aa010c6a77529d2d7ceb0d075f822e5f55bcfc9baf2730331693b198979c76f64bf90948767328114f7aa117dbd4d4fb7c7c95f73c085d |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\dba_inifile_creation_matrix.phpt
| MD5 | d67257ff043d2736dd50ef4d5f5621e3 |
| SHA1 | ded67968190fb5369086a99a66da082482593d23 |
| SHA256 | c34c736bd5e114119482967b74c199dcbde045132a658971f487ad9dd396e779 |
| SHA512 | a76d7fcddbdbb187d09d9951241b3d4bb238d7fda2611719717066f2a2ce2fa40284163cc07fc052ed6c64186db2a8ea7ebe5eab905654dd1eae56caebaa81ea |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\config.w32
| MD5 | a545cb04bbe422b98839a9401b551c55 |
| SHA1 | 3bce3c8958cce9b0f5b617383c9926b37a6fb0f1 |
| SHA256 | 4f34723262b84623260fd23337e162191e371f8240f5d070288372a8b44bccf3 |
| SHA512 | 75d70b317fa79f90335494ba2a77ed105d2af92e822eb5d466875399adbb2e5053ca8a796dbea51edf5eb48aa0d6779698ecf0d8fdb68eaecc0ce7b33b202eaa |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\closure_use_parameter_name.phpt
| MD5 | eeb9fc6cab873e4c5bffac4e1fbc9349 |
| SHA1 | a3d2d011c1a2945d71ebae7d00d285b584d2194e |
| SHA256 | 73b4f82119af6acb81803eeb42e50a3135acaea62783d46535dd90c0fb62c91a |
| SHA512 | 1d0c0df7ecd25cd8f5fdeee6b04b38b358cb773b6421ffa7c8e3585b3ca705f32438c0e743d561ea67fc49cfbf78f06f625b13594306b785535ff432b90b8cc8 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\bug81693.phpt
| MD5 | 1b3a8e8caf779e29d6925fcf001c404d |
| SHA1 | 043ee7d3c3f89131159a2a79f9b4a45dfd51febe |
| SHA256 | a9de18dd380a805c194d8bcdf0af838124d1c9182ad9cee4993a3c57b5ee729d |
| SHA512 | 42676b6b907aaa9a5733be289d4f76f9b2fb3def9c1af9df93a5d9b9bc33bffa13befd31214a8630ce118d0b1932c5b37517c5504805b5ea79af2a6d78e45483 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\bug79091.phpt
| MD5 | dc06c1520b851bb868a0b56f8df4e2a7 |
| SHA1 | e9395620e7be004e42ff64d35dafd05a1c670811 |
| SHA256 | 0c056454394eff1609c6533576639d45c2d4d024a961ce4fe1c046c09cffb6f5 |
| SHA512 | c433ff2ebd4f067a183f8a6a035e2caf5e074f89c621c49e9454a70386098f323630a29dd1bee0cc1b2183a10ce0712b05db8f1e6891e4d65cdc41b867a7dece |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\bug77753.tiff
| MD5 | 0375ab959f4f7abcada0a496106916cb |
| SHA1 | 3d3291786e6ffa7db088f9f622e9c870fe49566e |
| SHA256 | dcd06f2697c6a79098a60a6d68c78efaa88f232039985fcb45ba7bdef912db28 |
| SHA512 | 890625fc5261cfb85489ef294fb53f020e8a051cb7c1f7b052e902e2b112aa4296ea9294f27655fc406d850009b202110d8d0ab12a78223f05124ebb681dc32d |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\bug71972.phpt
| MD5 | c79ac04f423bb6f21694cfd4306e5b79 |
| SHA1 | 9e16b1bb3d3592f5e29d2eecdae01fce55c9a732 |
| SHA256 | 0fc162ee07e14207667ee8337f24b613dc125c4c10a312441b881d54a921319a |
| SHA512 | 452b5ad6979dae2f6207d862685e85332eaeaa7e1c25da3188c484ed4553105e9b291be27fdea94ba4f220c74d4c259f15f5332d6ed6ca110e0bb549344f3f19 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\bug63882_2.phpt
| MD5 | 374d4ac7227665110bf67c3ad87904c3 |
| SHA1 | 570e6995d1ef54798f39fc94ace074bafa86eeca |
| SHA256 | 35c6a5f2c07d66639d73d6536f9737d16dcd1e64d531c2a493d96a87fe055325 |
| SHA512 | 58457ef23f9e7038467a1057ca3be069c52e20baa7d601f47c32283119eacde0ec07c2ad622ff9572abcc8bc07d6715b812878df6aa43ad11d65162a92d8b3a1 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\bug50661.phpt
| MD5 | 41a7883a49c6900594a49324bbf93b5d |
| SHA1 | 17e60170d366c806ca8080da97cbac9038cbedda |
| SHA256 | f039f8676815c8b32447e342cf0435960e7a539682d92957d91f2170e2b9df15 |
| SHA512 | d24a192f0699a4f5176be717bd8223323408576e20849c508cd54f98dd48269899a9a1edc105c8953f75a7a6d5956b5b02da32e6e7454ab6b186df181d7fb229 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\bug37244.phpt
| MD5 | 58f2ec13a2daea01e8afaf6530e73aae |
| SHA1 | caf5164e967b1d291cf420ddb192dd6009c1eb9d |
| SHA256 | 446c8be6f61a2f1753bd4b0b4a35450d9e4fe101ecbb05dae0d72d30064c5cb8 |
| SHA512 | 468e775ed9351249b482b335ba6f3436f019486addd7c3ca3b95969a9d24ab50465c4096bdd648e2755a9309a7f3859078af31f98da6e762bcb864d804f4a601 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\bug24573.phpt
| MD5 | 5f258d87867a842e14e27568b1abb0bf |
| SHA1 | c1167cd86c54c4fdfb189f99bce9422dfb3cc0e4 |
| SHA256 | f8e67318cb401ad936c29c4ecdc3eaa8845ed369af12aaec76d502b85e24dc8d |
| SHA512 | e59d5ccf5aaf6527124f4a2f6fd4dc050496e091a710e0ccd9404f456eb3653397afe0c850438602ff18bd45547956be9e332cead86cfa78403e71d9ba727f52 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\bug22592.phpt
| MD5 | f0dbe9d192beeffe9eee00f20408ef08 |
| SHA1 | 8f1d1ef723d53d40aff4e70a3180abd96054f43b |
| SHA256 | 138134b4fb611e72e33acacc7a56ceae63e2726554f5587f052b85514e8b724c |
| SHA512 | 8467779d26681427adc109c681392a70f8092e4607b80d5f5f58b6abb8b8a283944f1837b27b6c5a301601b3e10e050c021faa1c1e3e8901b2d180e6cd048c28 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\bug22544.png
| MD5 | 10a57d09a2c63fad87b85b38d6b258d6 |
| SHA1 | a9ba2549c1c12de4d8618b9a6c9a1e71d6ceffcd |
| SHA256 | a0e3dc88903e8478aa0114bee60b72bffbba0a09daaf319bf1f57c496bf4624a |
| SHA512 | 64d224c3dd3bc2138275e874957d92f86d02826ab263cf3c03eed6d201198ec3c4854767638aa48fca6e947fa714bee896ff94e622ab0908d1636ade4786015f |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\assign_dim_ref_with_prop_ref.phpt
| MD5 | 39ff7166f4f375f15a53b7a1e0425bea |
| SHA1 | 9d12bf4e6e75b301efc10f48fd8fb717d7c6c9e8 |
| SHA256 | 2aba51fcaa860f87c214707540c35f58ddc5fe5d651595b4c9a42f48876a175e |
| SHA512 | 929d20f15b2d5c089d694ae9e08b6a3ff7b755769e27bd8536e64984aa2c38f8594e0f385c540dc79292a7a5eb99938148ebca8d13c29b6c57ce2a6f7cf46380 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\array_combine_variation5.phpt
| MD5 | 1d8d37286edede00378c14c2a7b2df2e |
| SHA1 | 58a6b186c4a674a3a2ba1ebdf7374b05f86ee266 |
| SHA256 | c48ead0ae5668f7beb7486379b293d0fa682a7ec67475d65c8a9316e6d3b97f5 |
| SHA512 | 994565e741fbf38e6aa4108ad93a3f1c0cfd2658df69c125df606ab8ce98d3a4028b8e26cb6c212015bd2ed5214e130c222b74c38e04ea0045d4db0a3e2e7c29 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\012.phpt
| MD5 | ec57ff0611e8319018388b8fa50df2d5 |
| SHA1 | eb792bf663caa9935dc59d76629ddca11370e31d |
| SHA256 | 4f7479dab3b752951952014490b7a05af0af1d50c4ec83840fd9898d7c398a78 |
| SHA512 | d66a694021dd79cdd402f33e5036537c8734106f26f295473fcb22ef98a6dcaa1ae13b4c0e4a5b3f44dd3e6b523dd11084b4343e0175aa2224a6245c3c0afa14 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\007_variation17.phpt
| MD5 | 80b52d8cff321d7e8feb9f0be91d6a21 |
| SHA1 | bf96af28da026cd9d5dbe6bb5521f985dbe88878 |
| SHA256 | 5ec5a92cb985feead9f919f73be7e924e6955490f89703ae9532a05a197d0205 |
| SHA512 | db7938f23b3e2eb988b087c37f20667b26b54cc33cebf4f8beabb0f7fd58af167b3ff4d9c9595c47f371af52a4cb74b9364d1d1a2555e53b8240aecdffe23a33 |
C:\Users\Admin\AppData\Local\Temp\Rar$EXb4588.34948.rartemp\Config\.gitignore
| MD5 | dc681ef588e7f6fae34c756b02692c49 |
| SHA1 | 08b73ca9f27adcc92d1af373e163f33ff7733ae7 |
| SHA256 | 65714df21271495bb8ab44ae3f3b80fc80a41e89f78923213da135193a2bb330 |
| SHA512 | f16f18ac7e17788603e60d7cc852a1db14184e43dcd24075bd1ef9d917238f33c6764055ff145fb6151738a074de768d6ddff195d8958a835d5f3c8e5146fe97 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1009pdhg.default-release\cache2\entries\767E030A0F98FFE2261FA4480B3E1DA5159BBDA5
| MD5 | 097b68cbbdbfe893273736f3295b8adf |
| SHA1 | c94194e0191f59e3935b6d1f2ed901242bf18ba0 |
| SHA256 | 3ef6add1ddc7eafedbcf8adeb89497c7edcb1c72ef4aff0d5adbdaa2e09f459d |
| SHA512 | 8506c48a868192f2caf5a786b4dcdeb78371e9e1da344da914262df8aa5c0d567c1b2883e1b2b238aaf7bccb35274464f6d95f02920876a2fa7f7fbba467a5aa |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | dd84ce515759bbef256ecc8adfb50228 |
| SHA1 | 6c4762e1412f04334cd2b49d5021b755b83c039e |
| SHA256 | c11d03f4f9d1631c728a9655d1ceb5372fe3183de7790bb5473d8f207a1c6794 |
| SHA512 | 0779a5e27675b8304864d23826c024a64fb74324316de5a9c3a8f0f6091443a6688dc506a0cce089e8d6e4870ebfd233fbc3f2279140ecbc002cfee97ce3baaa |