Analysis Overview
SHA256
f19808c135c2221711c2b7d527da0dc71e05d8e38bbea0dc6176405584ba7ede
Threat Level: Known bad
The file Server.exe was found to be: Known bad.
Malicious Activity Summary
Njrat family
Modifies Windows Firewall
Unsigned PE
Suspicious use of SetWindowsHookEx
Modifies data under HKEY_USERS
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Uses Task Scheduler COM API
Suspicious use of WriteProcessMemory
Checks processor information in registry
Modifies registry class
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-05 07:56
Signatures
Njrat family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-05 07:56
Reported
2024-03-05 08:05
Platform
win10v2004-20240226-en
Max time kernel
516s
Max time network
517s
Command Line
Signatures
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "24" | C:\Windows\system32\LogonUI.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Server.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Windows\system32\LogonUI.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\Server.exe
"C:\Users\Admin\AppData\Local\Temp\Server.exe"
C:\Windows\SysWOW64\netsh.exe
netsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\Server.exe" "Server.exe" ENABLE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3944.0.1973647857\245435568" -parentBuildID 20221007134813 -prefsHandle 1884 -prefMapHandle 1876 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f01faf7-20dc-42a0-af45-58614fcedf43} 3944 "\\.\pipe\gecko-crash-server-pipe.3944" 1976 1857f105358 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3944.1.1383641256\1327764223" -parentBuildID 20221007134813 -prefsHandle 2396 -prefMapHandle 2384 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2c08bc6-9871-4cca-ac23-b28d071a3281} 3944 "\\.\pipe\gecko-crash-server-pipe.3944" 2408 1857dc39858 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3944.2.2122580804\1153993095" -childID 1 -isForBrowser -prefsHandle 3120 -prefMapHandle 1640 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {33a5c8f8-9b55-4eaf-8bb3-4203ee412d3d} 3944 "\\.\pipe\gecko-crash-server-pipe.3944" 1600 1857e462558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3944.3.1570450705\1737654464" -childID 2 -isForBrowser -prefsHandle 3608 -prefMapHandle 3604 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {64692251-212a-4c02-8ed7-1ca7b535c4fc} 3944 "\\.\pipe\gecko-crash-server-pipe.3944" 3616 18579160758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3944.4.1243447148\788639517" -childID 3 -isForBrowser -prefsHandle 4472 -prefMapHandle 4468 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8bc36af5-e03a-4d2d-b3c7-3c6b12d63cf1} 3944 "\\.\pipe\gecko-crash-server-pipe.3944" 4340 1850b910e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3944.5.1473697076\1278761901" -childID 4 -isForBrowser -prefsHandle 5084 -prefMapHandle 5068 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9d9e9751-8d4d-4438-96c3-8864e03f4254} 3944 "\\.\pipe\gecko-crash-server-pipe.3944" 5092 1850b911a58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3944.6.582813479\1861829569" -childID 5 -isForBrowser -prefsHandle 5224 -prefMapHandle 5228 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {80af05a0-a7ee-4b46-915c-189355ad0525} 3944 "\\.\pipe\gecko-crash-server-pipe.3944" 5216 1850be7e158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3944.7.860228975\605094413" -childID 6 -isForBrowser -prefsHandle 5412 -prefMapHandle 5416 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b63d4c6-309e-4937-b9dc-bd730d3bfab1} 3944 "\\.\pipe\gecko-crash-server-pipe.3944" 5404 1850be7f958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3944.8.1424989041\1233422348" -childID 7 -isForBrowser -prefsHandle 5808 -prefMapHandle 408 -prefsLen 29458 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {717c55e7-6eca-4150-9e91-30609d533c83} 3944 "\\.\pipe\gecko-crash-server-pipe.3944" 6064 18579160a58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3944.9.760119910\376234940" -childID 8 -isForBrowser -prefsHandle 6316 -prefMapHandle 6312 -prefsLen 29712 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {49c9977e-6dd3-4a55-98e4-0c2f7f5b8a30} 3944 "\\.\pipe\gecko-crash-server-pipe.3944" 4120 18510c1b658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3944.10.2026928214\663344753" -childID 9 -isForBrowser -prefsHandle 5432 -prefMapHandle 6420 -prefsLen 29712 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4de660f0-3525-424c-a212-497fbc64cd14} 3944 "\\.\pipe\gecko-crash-server-pipe.3944" 5400 185114b3d58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3944.11.1329082201\1267137967" -childID 10 -isForBrowser -prefsHandle 10600 -prefMapHandle 10592 -prefsLen 29712 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1b91231-50da-44c3-b989-be5367a705d3} 3944 "\\.\pipe\gecko-crash-server-pipe.3944" 10608 1850d22cb58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3944.12.219401028\1086529985" -parentBuildID 20221007134813 -prefsHandle 10348 -prefMapHandle 10220 -prefsLen 29712 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bce6caa6-119d-4293-8ab5-22bef9cbe757} 3944 "\\.\pipe\gecko-crash-server-pipe.3944" 10192 18511aeb758 rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3944.13.2089222437\948882285" -childID 11 -isForBrowser -prefsHandle 10068 -prefMapHandle 10064 -prefsLen 29712 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b73da137-c2ac-445e-b8f3-cdda7bc39cdb} 3944 "\\.\pipe\gecko-crash-server-pipe.3944" 10056 18513533058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3944.14.582657885\609374535" -childID 12 -isForBrowser -prefsHandle 9916 -prefMapHandle 9912 -prefsLen 29712 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {02cc6186-cdd3-42b8-bf3b-4a775de36f21} 3944 "\\.\pipe\gecko-crash-server-pipe.3944" 9924 18513532d58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3944.15.1687317310\2028905656" -childID 13 -isForBrowser -prefsHandle 10440 -prefMapHandle 10428 -prefsLen 29712 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {511d682b-684d-46f0-acde-78658ff79406} 3944 "\\.\pipe\gecko-crash-server-pipe.3944" 10448 18513534b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3944.16.563487114\375789930" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 9460 -prefMapHandle 9456 -prefsLen 29799 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {33e08af9-7fe5-48cb-9775-34ef2fe682e9} 3944 "\\.\pipe\gecko-crash-server-pipe.3944" 9532 185100ca058 utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3944.17.1025291331\1001537873" -childID 14 -isForBrowser -prefsHandle 9584 -prefMapHandle 9536 -prefsLen 29799 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e151edcb-a960-410d-a0f6-2679670ee3b3} 3944 "\\.\pipe\gecko-crash-server-pipe.3944" 10428 18511632e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3944.18.175913486\368363449" -childID 15 -isForBrowser -prefsHandle 9388 -prefMapHandle 9252 -prefsLen 29799 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c0f9a3a-c4bc-49ce-ac7f-0eb33efb2373} 3944 "\\.\pipe\gecko-crash-server-pipe.3944" 9152 1851162d658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3944.19.60864149\1984680803" -childID 16 -isForBrowser -prefsHandle 9620 -prefMapHandle 4120 -prefsLen 29799 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4540a1aa-9e00-4feb-8bde-781e0270b9e1} 3944 "\\.\pipe\gecko-crash-server-pipe.3944" 6320 1850f30f258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3944.20.1894820778\1498494607" -childID 17 -isForBrowser -prefsHandle 9224 -prefMapHandle 9232 -prefsLen 29799 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d2f7d68-2486-4199-b22a-cf80641b97e7} 3944 "\\.\pipe\gecko-crash-server-pipe.3944" 9296 18514d61158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3944.21.991137580\1227104972" -childID 18 -isForBrowser -prefsHandle 8720 -prefMapHandle 8712 -prefsLen 29799 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c48ef06-ce3d-45e7-90fe-9f89f55ac2d8} 3944 "\\.\pipe\gecko-crash-server-pipe.3944" 8708 1851267ec58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3944.22.1576534782\1873318410" -childID 19 -isForBrowser -prefsHandle 6632 -prefMapHandle 8588 -prefsLen 29799 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b63e298a-ea7b-4f57-8f73-3d181bbcf235} 3944 "\\.\pipe\gecko-crash-server-pipe.3944" 8708 18515510c58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3944.23.461692222\1755671953" -childID 20 -isForBrowser -prefsHandle 8260 -prefMapHandle 8264 -prefsLen 29799 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d49308d0-4d26-44e9-9e62-98b8dc7907e1} 3944 "\\.\pipe\gecko-crash-server-pipe.3944" 8348 1851550fd58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3944.24.1967717758\44690757" -childID 21 -isForBrowser -prefsHandle 8048 -prefMapHandle 6632 -prefsLen 29799 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {58973dae-3291-4a80-81dc-0fe4438d1b05} 3944 "\\.\pipe\gecko-crash-server-pipe.3944" 8324 18514bbec58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3944.25.837984618\1542867485" -childID 22 -isForBrowser -prefsHandle 7796 -prefMapHandle 7800 -prefsLen 29799 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {82e02d67-137c-412b-8b11-c8f3677345bd} 3944 "\\.\pipe\gecko-crash-server-pipe.3944" 7816 18512b4be58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3944.26.717788983\1884897820" -childID 23 -isForBrowser -prefsHandle 7616 -prefMapHandle 7612 -prefsLen 29799 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d423786d-c1f7-422f-810f-beac59fdafd9} 3944 "\\.\pipe\gecko-crash-server-pipe.3944" 7624 18512a34858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3944.27.620612486\783414254" -childID 24 -isForBrowser -prefsHandle 7560 -prefMapHandle 7556 -prefsLen 29799 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {da1b8c26-f331-4663-8b18-8c1aee00b37c} 3944 "\\.\pipe\gecko-crash-server-pipe.3944" 7568 18512a37e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3944.28.1188271919\1549637275" -childID 25 -isForBrowser -prefsHandle 7348 -prefMapHandle 7344 -prefsLen 29799 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f58340a-fa87-453d-81d9-29d2604d3519} 3944 "\\.\pipe\gecko-crash-server-pipe.3944" 7356 18512a35d58 tab
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa388c055 /state1:0x41c64e6d
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:5552 | tcp | |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.197.79.204.in-addr.arpa | udp |
| N/A | 127.0.0.1:5552 | tcp | |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| N/A | 127.0.0.1:5552 | tcp | |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.171.91.138.in-addr.arpa | udp |
| N/A | 127.0.0.1:5552 | tcp | |
| US | 8.8.8.8:53 | 104.241.123.92.in-addr.arpa | udp |
| N/A | 127.0.0.1:5552 | tcp | |
| US | 8.8.8.8:53 | 119.110.54.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:5552 | tcp | |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.178.17.96.in-addr.arpa | udp |
| N/A | 127.0.0.1:5552 | tcp | |
| US | 8.8.8.8:53 | 32.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| US | 8.8.8.8:53 | 211.178.17.96.in-addr.arpa | udp |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| US | 8.8.8.8:53 | 190.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 44.237.149.213:443 | shavar.services.mozilla.com | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| N/A | 127.0.0.1:61459 | tcp | |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 54.218.225.239:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 239.225.218.54.in-addr.arpa | udp |
| N/A | 127.0.0.1:61467 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| GB | 88.221.134.155:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | 155.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 216.58.212.238:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| N/A | 127.0.0.1:5552 | tcp | |
| US | 8.8.8.8:53 | 238.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r1---sn-4g5ednde.gvt1.com | udp |
| GB | 216.58.212.238:443 | redirector.gvt1.com | udp |
| DE | 74.125.162.134:443 | r1---sn-4g5ednde.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1.sn-4g5ednde.gvt1.com | udp |
| US | 8.8.8.8:53 | r1.sn-4g5ednde.gvt1.com | udp |
| DE | 74.125.162.134:443 | r1.sn-4g5ednde.gvt1.com | udp |
| US | 8.8.8.8:53 | 134.162.125.74.in-addr.arpa | udp |
| N/A | 127.0.0.1:5552 | tcp | |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| US | 8.8.8.8:53 | 136.71.105.51.in-addr.arpa | udp |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | 228.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| US | 8.8.8.8:53 | yandex.ru | udp |
| RU | 5.255.255.77:80 | yandex.ru | tcp |
| US | 8.8.8.8:53 | yandex.ru | udp |
| RU | 5.255.255.77:80 | yandex.ru | tcp |
| US | 8.8.8.8:53 | yandex.ru | udp |
| US | 8.8.8.8:53 | 77.255.255.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dzen.ru | udp |
| RU | 62.217.160.2:443 | dzen.ru | tcp |
| US | 8.8.8.8:53 | dzen.ru | udp |
| US | 8.8.8.8:53 | dzen.ru | udp |
| US | 8.8.8.8:53 | sso.passport.yandex.ru | udp |
| RU | 213.180.204.24:443 | sso.passport.yandex.ru | tcp |
| US | 8.8.8.8:53 | passport.yandex.ru | udp |
| US | 8.8.8.8:53 | passport.yandex.ru | udp |
| N/A | 127.0.0.1:5552 | tcp | |
| US | 8.8.8.8:53 | 24.204.180.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.160.217.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sso.dzen.ru | udp |
| RU | 62.217.160.14:443 | sso.dzen.ru | tcp |
| US | 8.8.8.8:53 | sso.dzen.ru | udp |
| US | 8.8.8.8:53 | sso.dzen.ru | udp |
| RU | 213.180.204.24:443 | passport.yandex.ru | tcp |
| US | 8.8.8.8:53 | 14.160.217.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.dzeninfra.ru | udp |
| RU | 62.217.160.2:443 | dzen.ru | tcp |
| US | 8.8.8.8:53 | suggest.sso.dzen.ru | udp |
| RU | 62.217.160.3:443 | static.dzeninfra.ru | tcp |
| US | 8.8.8.8:53 | static.dzeninfra.ru | udp |
| RU | 87.250.254.106:443 | suggest.sso.dzen.ru | tcp |
| US | 8.8.8.8:53 | static.dzeninfra.ru | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| US | 8.8.8.8:53 | suggest.sso.dzen.ru | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| US | 8.8.8.8:53 | 3.160.217.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.254.250.87.in-addr.arpa | udp |
| RU | 87.250.251.119:443 | mc.yandex.ru | tcp |
| US | 8.8.8.8:53 | s3.dzeninfra.ru | udp |
| RU | 5.255.255.77:443 | yandex.ru | tcp |
| US | 8.8.8.8:53 | top-fwz1.mail.ru | udp |
| US | 8.8.8.8:53 | ad.mail.ru | udp |
| US | 8.8.8.8:53 | avatars.dzeninfra.ru | udp |
| US | 8.8.8.8:53 | s3.dzeninfra.ru | udp |
| RU | 62.217.160.4:443 | s3.dzeninfra.ru | tcp |
| RU | 62.217.160.4:443 | s3.dzeninfra.ru | tcp |
| RU | 62.217.160.4:443 | s3.dzeninfra.ru | tcp |
| US | 8.8.8.8:53 | top-fwz1.mail.ru | udp |
| US | 8.8.8.8:53 | r.mail.ru | udp |
| RU | 62.217.160.4:443 | s3.dzeninfra.ru | tcp |
| RU | 62.217.160.4:443 | s3.dzeninfra.ru | tcp |
| RU | 62.217.160.4:443 | s3.dzeninfra.ru | tcp |
| US | 8.8.8.8:53 | s3.dzeninfra.ru | udp |
| US | 8.8.8.8:53 | r.mail.ru | udp |
| US | 8.8.8.8:53 | top-fwz1.mail.ru | udp |
| US | 8.8.8.8:53 | avatars.dzeninfra.ru | udp |
| US | 8.8.8.8:53 | yastatic.net | udp |
| US | 8.8.8.8:53 | avatars.dzeninfra.ru | udp |
| RU | 5.255.255.77:443 | yandex.ru | tcp |
| US | 8.8.8.8:53 | yastatic.net | udp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| US | 8.8.8.8:53 | yastatic.net | udp |
| US | 8.8.8.8:53 | 119.251.250.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.160.217.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.131.154.178.in-addr.arpa | udp |
| RU | 87.250.254.106:443 | suggest.sso.dzen.ru | tcp |
| RU | 87.250.254.106:443 | suggest.sso.dzen.ru | tcp |
| RU | 87.250.254.106:443 | suggest.sso.dzen.ru | tcp |
| RU | 87.250.254.106:443 | suggest.sso.dzen.ru | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| N/A | 127.0.0.1:5552 | tcp | |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| RU | 87.250.250.119:443 | mc.yandex.com | tcp |
| US | 8.8.8.8:53 | 119.250.250.87.in-addr.arpa | udp |
| RU | 5.255.255.77:443 | yandex.ru | tcp |
| RU | 5.255.255.77:443 | yandex.ru | tcp |
| RU | 5.255.255.77:443 | yandex.ru | tcp |
| RU | 5.255.255.77:443 | yandex.ru | tcp |
| RU | 5.255.255.77:443 | yandex.ru | tcp |
| RU | 5.255.255.77:443 | yandex.ru | tcp |
| RU | 5.255.255.77:443 | yandex.ru | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| US | 8.8.8.8:53 | avatars.mds.yandex.net | udp |
| RU | 87.250.247.181:443 | avatars.mds.yandex.net | tcp |
| RU | 87.250.247.181:443 | avatars.mds.yandex.net | tcp |
| US | 8.8.8.8:53 | avatars.mds.yandex.net | udp |
| US | 8.8.8.8:53 | avatars.mds.yandex.net | udp |
| US | 8.8.8.8:53 | favicon.yandex.net | udp |
| US | 8.8.8.8:53 | yabs.yandex.ru | udp |
| RU | 87.250.250.36:443 | favicon.yandex.net | tcp |
| US | 8.8.8.8:53 | favicon.yandex.net | udp |
| RU | 213.180.204.91:443 | yabs.yandex.ru | tcp |
| US | 8.8.8.8:53 | yabs.yandex.ru | udp |
| US | 8.8.8.8:53 | favicon.yandex.net | udp |
| US | 8.8.8.8:53 | yabs.yandex.ru | udp |
| US | 8.8.8.8:53 | r.mail.ru | udp |
| US | 8.8.8.8:53 | 181.247.250.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.250.250.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.204.180.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static-mon.yandex.net | udp |
| US | 8.8.8.8:53 | hdrc.yandex.net | udp |
| RU | 87.250.254.189:443 | hdrc.yandex.net | tcp |
| US | 8.8.8.8:53 | hdrc.yandex.net | udp |
| RU | 87.250.251.92:443 | static-mon.yandex.net | tcp |
| US | 8.8.8.8:53 | cryprox.yandex.net | udp |
| RU | 87.250.251.119:443 | mc.yandex.com | tcp |
| US | 8.8.8.8:53 | hdrc.yandex.net | udp |
| US | 8.8.8.8:53 | cryprox.yandex.net | udp |
| RU | 95.163.52.67:443 | top-fwz1.mail.ru | tcp |
| RU | 95.163.41.56:443 | r.mail.ru | tcp |
| RU | 95.163.41.56:443 | r.mail.ru | tcp |
| N/A | 127.0.0.1:5552 | tcp | |
| US | 8.8.8.8:53 | 2ip.ru | udp |
| RU | 87.250.250.119:443 | mc.yandex.com | tcp |
| RU | 87.250.250.119:443 | mc.yandex.com | tcp |
| RU | 87.250.250.119:443 | mc.yandex.com | tcp |
| DE | 46.4.38.254:443 | 2ip.ru | tcp |
| US | 8.8.8.8:53 | 2ip.ru | udp |
| US | 8.8.8.8:53 | 2ip.ru | udp |
| US | 8.8.8.8:53 | 189.254.250.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.251.250.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.41.163.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.52.163.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.38.4.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | an.yandex.ru | udp |
| RU | 93.158.134.90:443 | an.yandex.ru | tcp |
| US | 8.8.8.8:53 | an.yandex.ru | udp |
| RU | 93.158.134.90:443 | an.yandex.ru | tcp |
| US | 8.8.8.8:53 | an.yandex.ru | udp |
| RU | 87.250.251.92:443 | cryprox.yandex.net | tcp |
| US | 8.8.8.8:53 | r.mradx.net | udp |
| RU | 95.163.52.80:443 | r.mradx.net | tcp |
| US | 8.8.8.8:53 | r.mradx.net | udp |
| US | 8.8.8.8:53 | r.mradx.net | udp |
| RU | 93.158.134.90:443 | an.yandex.ru | tcp |
| RU | 93.158.134.90:443 | an.yandex.ru | tcp |
| US | 8.8.8.8:53 | 90.134.158.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.52.163.95.in-addr.arpa | udp |
| RU | 87.250.247.181:443 | avatars.mds.yandex.net | tcp |
| RU | 87.250.247.181:443 | avatars.mds.yandex.net | tcp |
| US | 8.8.8.8:53 | ysa-static.passport.yandex.ru | udp |
| US | 8.8.8.8:53 | vk.com | udp |
| RU | 87.240.132.67:443 | vk.com | tcp |
| US | 8.8.8.8:53 | vk.com | udp |
| US | 8.8.8.8:53 | vk.com | udp |
| US | 8.8.8.8:53 | log.dzen.ru | udp |
| RU | 62.217.160.6:443 | log.dzen.ru | tcp |
| US | 8.8.8.8:53 | log.dzen.ru | udp |
| US | 8.8.8.8:53 | log.dzen.ru | udp |
| US | 8.8.8.8:53 | 67.132.240.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.160.217.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.vk.com | udp |
| RU | 93.186.237.1:443 | login.vk.com | tcp |
| US | 8.8.8.8:53 | login.vk.com | udp |
| US | 8.8.8.8:53 | login.vk.com | udp |
| US | 8.8.8.8:53 | ipv6.2ip.io | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 1.237.186.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| BE | 66.102.1.155:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| BE | 66.102.1.155:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| RU | 213.180.204.158:443 | storage.mds.yandex.net | tcp |
| RU | 213.180.204.158:443 | storage.mds.yandex.net | tcp |
| US | 8.8.8.8:53 | storage.mds.yandex.net | udp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| GB | 172.217.16.238:443 | www3.l.google.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | storage.mds.yandex.net | udp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| GB | 172.217.16.238:443 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.1.102.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.204.180.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.dzen.ru | udp |
| RU | 62.217.160.5:443 | cdn.dzen.ru | tcp |
| US | 8.8.8.8:53 | cdn.dzen.ru | udp |
| US | 8.8.8.8:53 | cdn.dzen.ru | udp |
| RU | 87.250.251.92:443 | cryprox.yandex.net | tcp |
| US | 8.8.8.8:53 | 5.160.217.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | avatars.mds.yandex.net | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | r3.mail.ru | udp |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | krf.r.mail.ru | udp |
| N/A | 127.0.0.1:5552 | tcp | |
| US | 8.8.8.8:53 | krf.r.mail.ru | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| RU | 95.163.52.89:443 | krf.r.mail.ru | tcp |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 193.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.52.163.95.in-addr.arpa | udp |
| RU | 95.163.52.89:443 | krf.r.mail.ru | tcp |
| RU | 95.163.52.89:443 | krf.r.mail.ru | tcp |
| US | 8.8.8.8:53 | 33.hot-video.dzeninfra.ru | udp |
| RU | 62.217.161.104:443 | 33.hot-video.dzeninfra.ru | tcp |
| RU | 62.217.161.104:443 | 33.hot-video.dzeninfra.ru | tcp |
| US | 8.8.8.8:53 | 33.cold-video.dzeninfra.ru | udp |
| US | 8.8.8.8:53 | 33.cold-video.dzeninfra.ru | udp |
| US | 8.8.8.8:53 | 27.hot-video.dzeninfra.ru | udp |
| RU | 62.217.161.136:443 | 27.hot-video.dzeninfra.ru | tcp |
| RU | 62.217.161.136:443 | 27.hot-video.dzeninfra.ru | tcp |
| US | 8.8.8.8:53 | 27.cold-video.dzeninfra.ru | udp |
| US | 8.8.8.8:53 | 27.cold-video.dzeninfra.ru | udp |
| N/A | 127.0.0.1:5552 | tcp | |
| US | 8.8.8.8:53 | 40.hot-video.dzeninfra.ru | udp |
| RU | 62.217.161.105:443 | 40.hot-video.dzeninfra.ru | tcp |
| RU | 62.217.161.105:443 | 40.hot-video.dzeninfra.ru | tcp |
| US | 8.8.8.8:53 | 40.cold-video.dzeninfra.ru | udp |
| RU | 62.217.161.105:443 | 40.cold-video.dzeninfra.ru | tcp |
| RU | 62.217.161.105:443 | 40.cold-video.dzeninfra.ru | tcp |
| US | 8.8.8.8:53 | 16.hot-video.dzeninfra.ru | udp |
| RU | 62.217.161.73:443 | 16.hot-video.dzeninfra.ru | tcp |
| RU | 62.217.161.73:443 | 16.hot-video.dzeninfra.ru | tcp |
| US | 8.8.8.8:53 | 16.cold-video.dzeninfra.ru | udp |
| US | 8.8.8.8:53 | 40.cold-video.dzeninfra.ru | udp |
| US | 8.8.8.8:53 | 16.cold-video.dzeninfra.ru | udp |
| US | 8.8.8.8:53 | 104.161.217.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.161.217.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.161.217.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.161.217.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clck.dzen.ru | udp |
| N/A | 127.0.0.1:5552 | tcp | |
| RU | 62.217.160.12:443 | clck.dzen.ru | tcp |
| US | 8.8.8.8:53 | clck.dzen.ru | udp |
| US | 8.8.8.8:53 | clck.dzen.ru | udp |
| US | 8.8.8.8:53 | 12.160.217.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ad.adriver.ru | udp |
| RU | 195.209.108.38:443 | ad.adriver.ru | tcp |
| US | 8.8.8.8:53 | ad.adriver.ru | udp |
| US | 8.8.8.8:53 | ad.adriver.ru | udp |
| US | 8.8.8.8:53 | 38.108.209.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dzen.ru | udp |
| N/A | 127.0.0.1:5552 | tcp | |
| US | 8.8.8.8:53 | dzen.ru | udp |
| RU | 87.250.254.189:443 | hdrc.yandex.net | tcp |
| US | 8.8.8.8:53 | www.speedtest.net | udp |
| US | 104.18.202.232:443 | www.speedtest.net | tcp |
| US | 8.8.8.8:53 | www.speedtest.net.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | www.speedtest.net.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | 232.202.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.ziffstatic.com | udp |
| US | 8.8.8.8:53 | b.cdnst.net | udp |
| GB | 88.221.120.210:443 | cdn.ziffstatic.com | tcp |
| US | 8.8.8.8:53 | e96286.dsci.akamaiedge.net | udp |
| US | 151.101.2.219:443 | b.cdnst.net | tcp |
| US | 151.101.2.219:443 | b.cdnst.net | tcp |
| US | 151.101.2.219:443 | b.cdnst.net | tcp |
| US | 151.101.2.219:443 | b.cdnst.net | tcp |
| US | 151.101.2.219:443 | b.cdnst.net | tcp |
| US | 8.8.8.8:53 | dualstack.zd.map.fastly.net | udp |
| US | 8.8.8.8:53 | dualstack.zd.map.fastly.net | udp |
| US | 8.8.8.8:53 | e96286.dsci.akamaiedge.net | udp |
| GB | 88.221.120.210:443 | e96286.dsci.akamaiedge.net | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | d1ykf07e75w7ss.cloudfront.net | udp |
| N/A | 127.0.0.1:5552 | tcp | |
| US | 8.8.8.8:53 | d1ykf07e75w7ss.cloudfront.net | udp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 104.18.131.236:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 8.8.8.8:53 | cdn.static.zdbb.net | udp |
| GB | 92.123.26.32:443 | cdn.static.zdbb.net | tcp |
| US | 8.8.8.8:53 | e96286.g.akamaiedge.net | udp |
| US | 8.8.8.8:53 | 219.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.120.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.131.18.104.in-addr.arpa | udp |
| DE | 52.85.32.41:443 | d1ykf07e75w7ss.cloudfront.net | tcp |
| US | 8.8.8.8:53 | e96286.g.akamaiedge.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | securepubads46.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | securepubads46.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | dualstack.zd.map.fastly.net | udp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| DE | 52.85.32.41:443 | d1ykf07e75w7ss.cloudfront.net | tcp |
| US | 104.18.32.137:443 | geolocation.onetrust.com | tcp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| GB | 172.217.169.34:443 | securepubads46.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | zdbb.net | udp |
| US | 8.8.8.8:53 | gurgle.speedtest.net | udp |
| US | 52.200.26.28:443 | gurgle.speedtest.net | tcp |
| US | 8.8.8.8:53 | gurgle.zdbb.net | udp |
| IE | 52.51.112.117:443 | zdbb.net | tcp |
| US | 8.8.8.8:53 | zdbb.net | udp |
| US | 8.8.8.8:53 | zdbb.net | udp |
| US | 8.8.8.8:53 | gurgle.zdbb.net | udp |
| GB | 172.217.169.34:443 | securepubads46.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 137.32.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.26.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.32.85.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.112.51.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.26.200.52.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | gurgle.zdbb.net | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 52.200.26.28:443 | gurgle.zdbb.net | tcp |
| US | 8.8.8.8:53 | speedtest.boxbroadband.co.uk.prod.hosts.ooklaserver.net | udp |
| US | 8.8.8.8:53 | speedlon.hyperoptic.com | udp |
| US | 8.8.8.8:53 | speedtest.upp.com.prod.hosts.ooklaserver.net | udp |
| US | 8.8.8.8:53 | speedtest-1.london.network.youfibre.com.prod.hosts.ooklaserver.net | udp |
| US | 8.8.8.8:53 | speedtest.thn.lon.network.as201838.net.prod.hosts.ooklaserver.net | udp |
| US | 8.8.8.8:53 | speedtest.swishfibre.com.prod.hosts.ooklaserver.net | udp |
| US | 8.8.8.8:53 | speedtest02a.web.zen.net.uk.prod.hosts.ooklaserver.net | udp |
| US | 8.8.8.8:53 | lg-lon.fdcservers.net | udp |
| US | 8.8.8.8:53 | speedtest.noone.co.uk.prod.hosts.ooklaserver.net | udp |
| GB | 45.10.101.252:8080 | speedtest.boxbroadband.co.uk.prod.hosts.ooklaserver.net | tcp |
| GB | 93.113.26.250:8080 | speedtest.thn.lon.network.as201838.net.prod.hosts.ooklaserver.net | tcp |
| US | 8.8.8.8:53 | speedtest.boxbroadband.co.uk | udp |
| GB | 45.92.46.45:8080 | speedtest-1.london.network.youfibre.com.prod.hosts.ooklaserver.net | tcp |
| US | 8.8.8.8:53 | speedtest.thn.lon.network.as201838.net | udp |
| US | 8.8.8.8:53 | speedtest-1.london.network.youfibre.com | udp |
| GB | 152.37.112.6:8080 | speedlon.hyperoptic.com | tcp |
| GB | 31.22.12.17:8080 | speedtest.swishfibre.com.prod.hosts.ooklaserver.net | tcp |
| GB | 193.3.26.19:8080 | speedtest.upp.com.prod.hosts.ooklaserver.net | tcp |
| GB | 51.148.82.21:8080 | speedtest02a.web.zen.net.uk.prod.hosts.ooklaserver.net | tcp |
| US | 8.8.8.8:53 | speedtest-1.london.network.youfibre.com | udp |
| GB | 50.7.152.4:8080 | lg-lon.fdcservers.net | tcp |
| GB | 188.94.45.252:8080 | speedtest.noone.co.uk.prod.hosts.ooklaserver.net | tcp |
| GB | 95.87.111.214:8080 | lon.host.speedtest.net.prod.hosts.ooklaserver.net | tcp |
| US | 8.8.8.8:53 | speedtest.thn.lon.network.as201838.net | udp |
| US | 8.8.8.8:53 | speedlon.hyperoptic.com | udp |
| US | 8.8.8.8:53 | speedtest.swishfibre.com | udp |
| US | 8.8.8.8:53 | speedtest.upp.com | udp |
| US | 8.8.8.8:53 | speedlon.hyperoptic.com | udp |
| US | 8.8.8.8:53 | speedtest.swishfibre.com | udp |
| US | 8.8.8.8:53 | speedtest.upp.com | udp |
| US | 8.8.8.8:53 | speedtest02a.web.zen.net.uk | udp |
| US | 8.8.8.8:53 | lg-lon.fdcservers.net | udp |
| US | 8.8.8.8:53 | jogger.zdbb.net | udp |
| US | 8.8.8.8:53 | speedtest02a.web.zen.net.uk | udp |
| US | 8.8.8.8:53 | tags.bkrtx.com | udp |
| US | 8.8.8.8:53 | lg-lon.fdcservers.net | udp |
| US | 52.22.232.212:443 | jogger.zdbb.net | tcp |
| US | 8.8.8.8:53 | speedtest.noone.co.uk | udp |
| US | 8.8.8.8:53 | lon.host.speedtest.net | udp |
| US | 8.8.8.8:53 | speedtest.noone.co.uk | udp |
| US | 8.8.8.8:53 | lon.host.speedtest.net | udp |
| US | 8.8.8.8:53 | 252.101.10.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.26.113.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.46.92.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.112.37.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.12.22.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.26.3.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.82.148.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.152.7.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.45.94.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.111.87.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.krxd.net | udp |
| US | 8.8.8.8:53 | jogger.zdbb.net | udp |
| US | 8.8.8.8:53 | e5529.g.akamaiedge.net | udp |
| US | 8.8.8.8:53 | d.sni.global.fastly.net | udp |
| US | 8.8.8.8:53 | e5529.g.akamaiedge.net | udp |
| US | 8.8.8.8:53 | jogger.zdbb.net | udp |
| US | 8.8.8.8:53 | d.sni.global.fastly.net | udp |
| GB | 23.207.215.130:443 | e5529.g.akamaiedge.net | tcp |
| US | 151.101.2.133:443 | d.sni.global.fastly.net | tcp |
| US | 8.8.8.8:53 | stags.bluekai.com | udp |
| US | 8.8.8.8:53 | e9126.x.akamaiedge.net | udp |
| GB | 2.19.169.14:443 | e9126.x.akamaiedge.net | tcp |
| US | 8.8.8.8:53 | e9126.x.akamaiedge.net | udp |
| US | 8.8.8.8:53 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | fastlane.rubiconproject.com | udp |
| US | 8.8.8.8:53 | c2shb.pubgw.yahoo.com | udp |
| US | 8.8.8.8:53 | ib.adnxs-simple.com | udp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | bidder.criteo.com | udp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | tagged-by.rubiconproject.net.akadns.net | udp |
| US | 8.8.8.8:53 | btlr-eu-central-1.sharethrough.com | udp |
| NL | 185.89.211.84:443 | ib.adnxs-simple.com | tcp |
| DE | 52.28.203.152:443 | c2shb.pubgw.yahoo.com | tcp |
| DE | 52.28.203.152:443 | c2shb.pubgw.yahoo.com | tcp |
| DE | 52.28.203.152:443 | c2shb.pubgw.yahoo.com | tcp |
| DE | 52.28.203.152:443 | c2shb.pubgw.yahoo.com | tcp |
| DE | 52.28.203.152:443 | c2shb.pubgw.yahoo.com | tcp |
| US | 8.8.8.8:53 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | tagged-by.rubiconproject.net.akadns.net | udp |
| US | 8.8.8.8:53 | btlr-eu-central-1.sharethrough.com | udp |
| US | 8.8.8.8:53 | ams3-ib.adnxs.com | udp |
| US | 8.8.8.8:53 | ssp-ats-prod-eu-central-1.one-mobile-prod.aws.oath.cloud | udp |
| US | 8.8.8.8:53 | hbopenbid-lhrc.pubmnet.com | udp |
| US | 8.8.8.8:53 | hbopenbid-lhrc.pubmnet.com | udp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | 212.232.22.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ssp-ats-prod-eu-central-1.one-mobile-prod.aws.oath.cloud | udp |
| US | 8.8.8.8:53 | ams3-ib.adnxs.com | udp |
| US | 8.8.8.8:53 | 130.215.207.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.169.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.211.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.203.28.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bidder.nl3.vip.prod.criteo.com | udp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | bidder.nl3.vip.prod.criteo.com | udp |
| US | 8.8.8.8:53 | privacyportal.onetrust.com | udp |
| US | 104.18.32.137:443 | privacyportal.onetrust.com | tcp |
| US | 8.8.8.8:53 | privacyportal.onetrust.com | udp |
| US | 8.8.8.8:53 | secure-us.imrworldwide.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | privacyportal.onetrust.com | udp |
| BE | 66.102.1.155:443 | stats.g.doubleclick.net | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| US | 8.8.8.8:53 | census.eu-west-1.nielsencollections.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | census.eu-west-1.nielsencollections.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | clck.dzen.ru | udp |
| BE | 66.102.1.155:443 | stats.g.doubleclick.net | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 216.58.204.67:443 | www.google.co.uk | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 35.227.252.103:443 | rtb.openx.net | tcp |
| NL | 213.19.162.91:443 | tagged-by.rubiconproject.net.akadns.net | tcp |
| NL | 213.19.162.91:443 | tagged-by.rubiconproject.net.akadns.net | tcp |
| NL | 213.19.162.91:443 | tagged-by.rubiconproject.net.akadns.net | tcp |
| NL | 213.19.162.91:443 | tagged-by.rubiconproject.net.akadns.net | tcp |
| NL | 213.19.162.91:443 | tagged-by.rubiconproject.net.akadns.net | tcp |
| DE | 3.127.11.28:443 | btlr.sharethrough.com | tcp |
| DE | 3.127.11.28:443 | btlr.sharethrough.com | tcp |
| DE | 3.127.11.28:443 | btlr.sharethrough.com | tcp |
| DE | 3.127.11.28:443 | btlr.sharethrough.com | tcp |
| DE | 3.127.11.28:443 | btlr.sharethrough.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid-lhrc.pubmnet.com | tcp |
| NL | 178.250.1.8:443 | bidder.nl3.vip.prod.criteo.com | tcp |
| IE | 99.80.121.231:443 | census.eu-west-1.nielsencollections.com | tcp |
| US | 104.18.36.155:443 | htlb.casalemedia.com | tcp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.252.227.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.162.19.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.11.127.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.121.80.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.36.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | egress.yandex.net | udp |
| US | 8.8.8.8:53 | cdn-gl.imrworldwide.com | udp |
| US | 35.227.252.103:443 | rtb.openx.net | udp |
| RU | 87.250.251.42:443 | egress.yandex.net | tcp |
| US | 8.8.8.8:53 | egress.yandex.net | udp |
| US | 8.8.8.8:53 | egress.yandex.net | udp |
| DE | 52.85.92.54:443 | cdn-gl.imrworldwide.com | tcp |
| US | 8.8.8.8:53 | d2926jmvsihu4k.cloudfront.net | udp |
| US | 8.8.8.8:53 | d2926jmvsihu4k.cloudfront.net | udp |
| US | 8.8.8.8:53 | bee.imrworldwide.com | udp |
| DE | 18.155.153.19:443 | bee.imrworldwide.com | tcp |
| US | 8.8.8.8:53 | d289cm8jitwx96.cloudfront.net | udp |
| US | 8.8.8.8:53 | d289cm8jitwx96.cloudfront.net | udp |
| US | 104.18.36.155:443 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | 40576cd8d160bcd62641234afadbfbbc.safeframe.googlesyndication.com | udp |
| GB | 216.58.204.65:443 | 40576cd8d160bcd62641234afadbfbbc.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | pagead-googlehosted.l.google.com | udp |
| US | 8.8.8.8:53 | pagead-googlehosted.l.google.com | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| GB | 216.58.204.65:443 | pagead-googlehosted.l.google.com | udp |
| US | 8.8.8.8:53 | static.nl3.vip.prod.criteo.net | udp |
| NL | 178.250.1.3:443 | static.nl3.vip.prod.criteo.net | tcp |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | static.nl3.vip.prod.criteo.net | udp |
| US | 8.8.8.8:53 | 54.92.85.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.251.250.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.153.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.204.58.216.in-addr.arpa | udp |
| N/A | 127.0.0.1:5552 | tcp | |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| NL | 178.250.1.3:443 | static.nl3.vip.prod.criteo.net | tcp |
| FR | 178.250.7.13:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | gum.fr3.vip.prod.criteo.com | udp |
| US | 8.8.8.8:53 | gum.fr3.vip.prod.criteo.com | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | gbc8.nl3.eu.criteo.com | udp |
| US | 8.8.8.8:53 | gbc5.nl3.eu.criteo.com | udp |
| NL | 185.235.87.241:443 | gbc8.nl3.eu.criteo.com | tcp |
| NL | 185.235.87.144:443 | gbc5.nl3.eu.criteo.com | tcp |
| FR | 178.250.7.13:443 | dnacdn.net | tcp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | gbc5.nl3.eu.criteo.com | udp |
| US | 8.8.8.8:53 | gbc8.nl3.eu.criteo.com | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | 13.7.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.87.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.87.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nao5rdsbpxgoxzyscz9xkebzbuk6f1709625869.nuid.imrworldwide.com | udp |
| DE | 18.155.145.93:443 | nao5rdsbpxgoxzyscz9xkebzbuk6f1709625869.nuid.imrworldwide.com | tcp |
| US | 8.8.8.8:53 | d29sshy11yr8a1.cloudfront.net | udp |
| US | 8.8.8.8:53 | d29sshy11yr8a1.cloudfront.net | udp |
| US | 8.8.8.8:53 | 93.145.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | js-sec.indexww.com | udp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| US | 8.8.8.8:53 | ookla-d.openx.net | udp |
| US | 172.64.149.180:443 | js-sec.indexww.com | tcp |
| DE | 162.19.138.117:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 35.244.159.8:443 | ookla-d.openx.net | tcp |
| US | 8.8.8.8:53 | ookla-d.openx.net | udp |
| GB | 96.16.109.9:443 | ads.pubmatic.com | tcp |
| GB | 92.123.242.2:443 | eus.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | js-sec.indexww.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | ookla-d.openx.net | udp |
| US | 8.8.8.8:53 | e6603.g.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e8960.b.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e6603.g.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e8960.b.akamaiedge.net | udp |
| US | 35.244.159.8:443 | ookla-d.openx.net | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| DE | 162.19.138.120:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | 180.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.159.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.242.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.109.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| NL | 213.19.162.90:443 | token.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | pixel.rubiconproject.net.akadns.net | udp |
| DE | 162.19.138.117:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | pixel.rubiconproject.net.akadns.net | udp |
| GB | 93.113.26.250:8080 | speedtest.thn.lon.network.as201838.net | tcp |
| US | 8.8.8.8:53 | 120.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.162.19.213.in-addr.arpa | udp |
| N/A | 127.0.0.1:5552 | tcp | |
| US | 8.8.8.8:53 | speedtest.thn.lon.network.as201838.net.prod.hosts.ooklaserver.net | udp |
| GB | 93.113.26.250:8080 | speedtest.thn.lon.network.as201838.net.prod.hosts.ooklaserver.net | tcp |
| GB | 152.37.112.6:8080 | speedlon.hyperoptic.com | tcp |
| GB | 95.87.111.214:8080 | lon.host.speedtest.net | tcp |
| GB | 51.148.82.21:8080 | speedtest02a.web.zen.net.uk | tcp |
| GB | 93.113.26.250:8080 | speedtest.thn.lon.network.as201838.net.prod.hosts.ooklaserver.net | tcp |
| N/A | 127.0.0.1:5552 | tcp | |
| GB | 93.113.26.250:8080 | speedtest.thn.lon.network.as201838.net.prod.hosts.ooklaserver.net | tcp |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp | |
| GB | 93.113.26.250:8080 | speedtest.thn.lon.network.as201838.net.prod.hosts.ooklaserver.net | tcp |
| GB | 93.113.26.250:8080 | speedtest.thn.lon.network.as201838.net.prod.hosts.ooklaserver.net | tcp |
| GB | 93.113.26.250:8080 | speedtest.thn.lon.network.as201838.net.prod.hosts.ooklaserver.net | tcp |
| GB | 93.113.26.250:8080 | speedtest.thn.lon.network.as201838.net.prod.hosts.ooklaserver.net | tcp |
| GB | 93.113.26.250:8080 | speedtest.thn.lon.network.as201838.net.prod.hosts.ooklaserver.net | tcp |
| GB | 93.113.26.250:8080 | speedtest.thn.lon.network.as201838.net.prod.hosts.ooklaserver.net | tcp |
| N/A | 127.0.0.1:5552 | tcp | |
| GB | 93.113.26.250:8080 | speedtest.thn.lon.network.as201838.net.prod.hosts.ooklaserver.net | tcp |
| N/A | 127.0.0.1:5552 | tcp | |
| US | 8.8.8.8:53 | yandex.ru | udp |
| US | 8.8.8.8:53 | yandex.ru | udp |
| N/A | 127.0.0.1:5552 | tcp | |
| N/A | 127.0.0.1:5552 | tcp |
Files
memory/1780-0-0x0000000074CB0000-0x0000000075261000-memory.dmp
memory/1780-1-0x00000000014B0000-0x00000000014C0000-memory.dmp
memory/1780-2-0x0000000074CB0000-0x0000000075261000-memory.dmp
memory/1780-4-0x0000000074CB0000-0x0000000075261000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\datareporting\glean\pending_pings\8d7c2a6b-017d-4026-8a61-39faad599149
| MD5 | f743d7528396d9f5ef335b5d2840114d |
| SHA1 | 8c27092262a701be23255d0ba069aa73b22ceca2 |
| SHA256 | 24954cca6cc2216590815ad3d74973a686090c2f6dab83774b1272cff2220eee |
| SHA512 | f64fb0aef99f8f711396607498940a7cb199c3311ecfaccb0b5bc8cc9ebb2b9b4fcae47f60fde5304f4fea76ec44bc3203d5f2483dc832b69e8648a65ce11400 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\datareporting\glean\pending_pings\88142fd3-03bb-4559-8590-7be98cab3ac6
| MD5 | 17bdfc9557d515a579b346cd2d329789 |
| SHA1 | 6b690b29cbeacad1cf8899568f081a2e8e740300 |
| SHA256 | 71a68177cb0c8e7f795c3e7658a669368a5d860b11326bb73f6184bb3bc982b0 |
| SHA512 | 75dfdc3fde3c6435fcdc48394e84174d012e719c402460270f162d4d846135b7c8b11e0ef65a5b263400d8b7ba8e963986a56ffb220c8f27cd41075d52066e1a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\datareporting\glean\db\data.safe.bin
| MD5 | f3e925674bcc1bd6ff96173104fdecac |
| SHA1 | 26981a13977558308320e06fc4e266e26155d548 |
| SHA256 | 68e7ec2e716e9e320f2545d713d9466c90b6d795dc64afe5211b5138ab0789c2 |
| SHA512 | b4c5abf5ca82a416cb0633d8a431024b827b61d8af9f109277507eb2e2dc9bd50648fc7aff2e75f5166dff7c6102247c30aeb2cf062449522d40cae1acb2faad |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\prefs.js
| MD5 | f46f649ab92f23d4cd6d4210165585de |
| SHA1 | 48c516c59a4489b56ed0eb1197ed3951aa9883cb |
| SHA256 | 5d28e960a42fbcb8e2ebfda2013cf986d86d2e23599a7ce07744e632581df7ed |
| SHA512 | 821985559bc9c6213823f0ff03852011d2dcf941e859ac6d65aacbee605ac0538db726457811450a8c46aa90459c08b47c31598053c8dcab2e4ba0b048075b68 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | f08db921c0664be842f59c3b5a8466a8 |
| SHA1 | e08feac55617648b01587f406fe210cb36f5a055 |
| SHA256 | 08c5a524760eb76e3ce5d8fef7107cde6356d57be62e0ec6b684f08e9de65941 |
| SHA512 | 581190f5dab82c831531002493966ea5d30b1d35f00b028cc2a9b577926bc59ee39cb17f5b5ebb61a1c6b46a955728edecc5090c07179da16f1144e0c6adf6e0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | de8d610d705773c8b76bd59effc4bbe9 |
| SHA1 | 6cdf9f5de5c027ec59fb1c45c6e21d0cc3115d65 |
| SHA256 | 31901dd70b27f520c6f073803ee1dd063d143970f4a743990b162964b4074a75 |
| SHA512 | 9ec6f3e3684035590c3a6f8b944b8dd659059e9cfd30e322f69047ffbc2e8fca77229d354304e8fab3c7c4f4963c87a6a14dee202700da0d813eb615dca9c185 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\prefs-1.js
| MD5 | d0309b6f50ffdde709c8c6b5ba01a34e |
| SHA1 | 360706664ce5219201d2633d31cff181db93d2f6 |
| SHA256 | 52d861edf17a361e0d572f9e3e6aa25438bc1d12fa81285a2ddc1863aed6f050 |
| SHA512 | a1c6a1b3cdee1e38701acb6a3eaa6e506d850dcf8ddc0ed5e92c84738255abfe4efa5626f47178872b2979b2f79d0f35f3d595267f1a07f283666170fde80480 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\on1px6pk.default-release\cache2\entries\E66F5AA5E3C285C270CF84BD11111C74D38F245C
| MD5 | f26c4b8623021a07b21603c481ee220b |
| SHA1 | 6c7f102fee539db5df54e57a786033b098524992 |
| SHA256 | b24473f12f5bf65b033e6ea3de44105cb96c717d50b21e239f9ccadaace4309d |
| SHA512 | 4e92577b935611b6f843022b868b48532e1bf6dbf045b1f418a16317ad3972d0854adcfb1605ee9f276000590967b143b5cf55e1b8525797c95cef9578893ec2 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\prefs-1.js
| MD5 | 8b3e7fb51b7267a29d3dd6f97e535c48 |
| SHA1 | 8132b223b86cfca8c5bd025823ce447485567a23 |
| SHA256 | 3bbf89ac9408e350b87eced387f7f5e599c099d8a5cba40782fbfc86f6bc8a79 |
| SHA512 | 3c6364364a862d98c3ea429203af6fc6165c7d5d834815b31866caf1e3815718f21ffc1c77aff3304535c68c345e7bf489b0e9e7ffd7178ae3ca284412b7b132 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 3eb25604763dfc9f80d64b3a0ce31859 |
| SHA1 | 82f48e9946c83daeb2d7007806d60646f2e5935c |
| SHA256 | 490e1368c5db4e0d7b13dcb113c3387def4c96d21a8c92e3621f9ebe8ff9dfba |
| SHA512 | e917d90426ba8f34bad0fd7b0006b15a271a5f7094e26cabb2e732f9daa81788a30d9f0fefe212ff1f843bdba9b658a9fa531af68f3cebad3a484a9948394f45 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 13326123b82d98a2380d22b8f6cf7316 |
| SHA1 | 654fd03a97f6bc21597a3e6bac959be46bb525e5 |
| SHA256 | 6996141bea6026aa00997aa0a26fdf7a89d55ecb4288c0db83b348de2fa8d3de |
| SHA512 | bc2f60ce7553a4bacfb07c3fc853857694ff9596807df95a65d17e81c643c7c9c9816392b3d36d328cfb03f02d8698f1ad294111dac2cdb56dc350107120e398 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\prefs-1.js
| MD5 | 0a58ca710376a441f1ace39da4dc13b8 |
| SHA1 | e08091a02256baec92ec80883cd923ee3602df43 |
| SHA256 | 63f5f33675330af7122157adc0256a46f76747b8d6c31ebbd6017ca921d83690 |
| SHA512 | ee80ab3bdbd78071f558f34b00af1b6714a9c3e3e547a5128de17b6cd0d1f99c94ac6150ce272cd340666657631dd3fab6103c5f51904d985849c2674d5e5858 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | dc2d58b7e5ffcc841e7b3942af9fd15b |
| SHA1 | 13c9908b92e4cb2a2dbe00573cc56e21001425b0 |
| SHA256 | f427f38a50bd6e02f23ed6cab69a20c613877bd6b0136ca0b984babbd0522c3f |
| SHA512 | 0bad0f846378fbb37dcad6842bfc6476fe2c92bb58a67a236e7609e3775a9c1457fa89ea3deae5a0d6797acebdc1dbe0edc09b9ca5c6e6b29ba2b2620dc338b6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 2ed3b2ce677482868cc17d5a99540805 |
| SHA1 | 02c2b8cf9242b4dc5b1857bd2d7c17d04a067d65 |
| SHA256 | d23a1bf9a82f1322e29329eff3347ea82998517231d3c52205374180b545dc0c |
| SHA512 | e6c8728904ecdb34c5fa82a2374a597456efae32b385b16e6baff778ef2bb0f1e0f6d1442d5a6d22c59e1de21d24c485b5c2486d0ffb937e7796850085004852 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\on1px6pk.default-release\cache2\doomed\3114
| MD5 | 386f516805b13203319fb7cadb99cdcf |
| SHA1 | bd46f85621e3633ee69001812623285073b702c9 |
| SHA256 | 55f16ffe6c8f93ffc85ab2885a64174aed98a2d3f00a459f635c23755e34c51e |
| SHA512 | 552140283ff592f863e5ddb275a1b4e0e055cc9d4a435148a876a7c7184d4d859c3c2a10a180acf917af665c41a11d04947282974c3a4c30f93c87cbdc0afd85 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\on1px6pk.default-release\cache2\doomed\31169
| MD5 | 7cf7658e62ddfc3313344bee20c318d5 |
| SHA1 | da48f0ba700f829434685a49deed3e54df32c684 |
| SHA256 | 4fdacb4edc293f519ea6880cb572efc7febdcb5ac89a291ccca8aa44ca23fc5d |
| SHA512 | e12660f553ddc65fb132a8909e020ddad347d446e7b80096f7e76dfcdec4a6f17793f0123edc8aa64e97e30c8ff5f762a640d5110beaa352f55bee2cc63973df |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\on1px6pk.default-release\cache2\doomed\18346
| MD5 | a5d79b5ba9086326fa5f7b8733877a52 |
| SHA1 | 135c869f30c94a60e4c50bab92edc66333c25aca |
| SHA256 | d1ff4a2dc1a3d744c44c8f8e481c4b37e420de44a02b0ce24c7053e0b1cc5e26 |
| SHA512 | f1fe825505d372dad7ad62292cb306ed6f4b269935407fcb271f5f943c016cbaa5f63c85c54c590f5bada04bdc76081adf3f2bba6d5799312837ebb2cfe79e63 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\on1px6pk.default-release\cache2\entries\B328E8DA65216CF455469432E7CB675D0EAA676E
| MD5 | 008bcf192f0eed14b80a5ebeafa09f4e |
| SHA1 | c40163a261e4c5104c86fbd7e3a5bf879bc768fb |
| SHA256 | b10d324f8f4420eb2f18563eaf795c53c99c8a4a74ac298bdcf4a8d2f3e37cef |
| SHA512 | ad9f9ee248c3c507b8dd8d5801ed0a840d783f941d8178308d849f4f8d840fd50323233a261f93a4d6410a0adcef805bc9e29776755d64a1e57ea58147876ec3 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\on1px6pk.default-release\cache2\doomed\27032
| MD5 | fe3a9e32ef140c3c8fa568ef8f41dfde |
| SHA1 | af6c4a15fdb78dddb0671dd0e0a562c70a3e462a |
| SHA256 | a4aab25bf5c88103529c017fa00f378efc301e152512f7716486c30b1be0f596 |
| SHA512 | f6d025f92ab3f7c502f8b4e362eaac3d8252bd6d67a608a9d031d2a592a833b39f24b8f423838050583ebd4ac2e456493acd01de162a15ac033d004d51ac3587 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | f76066cf55f2e135b75e2b1c8dd2db3b |
| SHA1 | f8bde998e9f153f1b1d9679d29dec284771dfdb2 |
| SHA256 | b119de52fcec3786c0e019b06ce699f9c41eca652493f667cf531cbc01940c82 |
| SHA512 | 5114b4bbaac91f258c63242c9b3c4ceb1e252d797ea847f8c86a27d37f9b3252c0e849866e4f03fb6c67a8d40732546ac8d6cc8291bfc774df33cde492d9c600 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\on1px6pk.default-release\cache2\entries\47F62F8C39EDAAFF5A423EB94D0F7EA5D1F5CB47
| MD5 | f462aca5c76f8e58df1296bcb64933aa |
| SHA1 | 7bae779a16d255ca7988ebade445d9ed58f83113 |
| SHA256 | e73a3fa72b3162551c9b3888b08178e94303028ef432458cc80276f80b18a02c |
| SHA512 | e252ea9d005bb0348f00a130d1e30f3bacfb63552b999fdcfeb132153eeaaedd73bc7bf59ce1bd7cbfeb7826ef96d80bdd80cbd5b9b873d91be3c1a6237a6265 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\on1px6pk.default-release\cache2\entries\7D3068195A30D049CC263CE0A0641E65E92E39CF
| MD5 | da72b088592b37eb23f102e8bb7ee332 |
| SHA1 | 68a5ae06a065dc7d92cea56815c4de2bbcf62e4f |
| SHA256 | 8375ff7b3a9c8696075f2e0bedaf23c623fe81901c47e24aa5545f99b3f09e03 |
| SHA512 | 052526fd4a597e92707ffa1c360905e2aa59cca13932582f8eee9fb436b12147ff53447ab286bd47d91cce04eddffba4dbcdd6fff083b5dd43e32afee4820c60 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\on1px6pk.default-release\cache2\entries\7B896D6A3CA49904D51511B41E348B0D831F2105
| MD5 | fc3e4f7077e737c10823b6507a8760d9 |
| SHA1 | 6746b336862488828b2fd3a296005863a9a01055 |
| SHA256 | 15476500e33e60ce4ec3f9ff878704d7dcc941ce8ac8732e2e850bdad9dc7df5 |
| SHA512 | ae6cac7c09799206cfa1215b38f46f041884f8da321a9a13b80ad130eaae53fcff9f9611ec705e42c332c0694bf3e7a20166d0da80c1df27e913afc9877a8acf |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | f87fe1785cdd9a0e32e0a0d0cfdd4cad |
| SHA1 | 2aeb7eb55d0dc2097e79d48d13c3b0307e177ad2 |
| SHA256 | 9933e89b6a3627b664869ceb6fd7554fd2ba420b871319d535202dcf92381b1c |
| SHA512 | e77eb1b10763aee9512a80176d84d07487eecd70459cccc3fdea94a454a79f0d3151179fadf97762a7a71396948659add9f6459f1fa3af883459c65f82651e0f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\on1px6pk.default-release\cache2\entries\677B80A25A006EDCC273545819E7C8B9A97E5201
| MD5 | 5a4505549e2670998d9a05441beaa255 |
| SHA1 | 77e7980cd5e2f342e0ad13f10d28df07eb36ba17 |
| SHA256 | 360fa0a1f2622bef88aadb5e2a3a63dc7c50721ae55e119d77212d14a404ece7 |
| SHA512 | 5b9fdc393d0ea171860a06704c1929da2bacdfac14e40a132d70f9e49f05b59da9d3f2cbf24eb944895e8f4389908ba114014e19dcf4d0e2b68d05831c7530c6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | eb0a02bc5457ee8967f76cb3b4c77e0a |
| SHA1 | 238514a90c059ed4b6ee594bdd2257d02794a9cd |
| SHA256 | 0654b6dbec8a05817f6f3f7d8cb8b7c99bd5097fb252c2834f021d4a4116e16c |
| SHA512 | d7c10a1614868f92ccd4287cbf276e39a78983f881f52756c9f27c58f120e89c0e36a30000460980510313732cc9445fef16112a4e5ac20d0a6a681d24f2c6fe |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\storage\default\https+++dzen.ru\ls\usage
| MD5 | 2f5ec463b151dffed39ac8bb78f98557 |
| SHA1 | 9974da8c09942c5ed8198788773ec75d26917f6a |
| SHA256 | 9bedf0921eed273ced883a6b71a036eb92a3ed642cb37aaac2c36d7682e4ad43 |
| SHA512 | 0781c22310aedb8522ed3b1a75f6292cbe68d59cec23c6ebb4b8189a11a8e775f2f7adb94ce1b4c7645ecfcabe9e16bb8b8253ffea79645f2ca2d5a9f8a67a23 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\sessionCheckpoints.json.tmp
| MD5 | c8dc58eff0c029d381a67f5dca34a913 |
| SHA1 | 3576807e793473bcbd3cf7d664b83948e3ec8f2d |
| SHA256 | 4c22e8a42797f14510228f9f4de8eea45c526228a869837bd43c0540092e5f17 |
| SHA512 | b8f7c4150326f617b63d6bc72953160804a3749f6dec0492779f6c72b3b09c8d1bd58f47d499205c9a0e716f55fe5f1503d7676a4c85d31d1c1e456898af77b4 |
memory/1780-3411-0x0000000074CB0000-0x0000000075261000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\sessionstore.jsonlz4
| MD5 | 03efaf492b3805b4c95aafca508b42ff |
| SHA1 | 290495892e61dc178f3fd81fe496d2cabbc9d950 |
| SHA256 | a3e2ab3a63101d691e30b74cca2369f8f93306d2681a87bfc5ab86ce8941b40e |
| SHA512 | 07209155d498aac021c2c31fbc1856e459bbd02e89a57f1f30426d251c926f3397f3b4ac45bc9abca9d6dc9aed08dadcdb031b7f3eb3cfa7b600c0ee8a48b3a1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\prefs.js
| MD5 | 53f9b5c940c811f7de42142f52f079e7 |
| SHA1 | e6ddac30584232c0a5e4d867d1d89f8ec6820e55 |
| SHA256 | 32243fcdc9025ab5246ceff4e623cd7a33f334f47d0881d79bbc2da402455d8e |
| SHA512 | 23380ab6573252594ee94d5a06844d9ef494af475c770aa135a581ec03facdffe0112c0292cc30c604880d7a3c62750fb943162056e344b98130145a3eca5d03 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\prefs-1.js
| MD5 | f66b03518e55164f0682ba75a38dabb7 |
| SHA1 | fc09052f60098c99e0a7fd5a266aa2e4c45adcb8 |
| SHA256 | b81c0f561333780c562f5b77e992a0c60d5e1795280bec96dd9f7d5c66833f1a |
| SHA512 | 4a7e51c5ac67ab7bc06a0587827a0151191dd575d1413ccf9caf0e3afa345df5cb9369eda3f3af8dbd6606f59cf9f81627708a7aa68a53452c0168e0af5112f5 |