Analysis Overview
SHA256
dd975de3c3f3ceae3df415bd697bebd829e2e6578d4c37f5cff08260dcf6ef12
Threat Level: Known bad
The file Uninstall-Node.js.exe was found to be: Known bad.
Malicious Activity Summary
Epsilon Stealer
Reads user/profile data of web browsers
Executes dropped EXE
Loads dropped DLL
Adds Run key to start application
Looks up external IP address via web service
Unsigned PE
Enumerates physical storage devices
Program crash
Suspicious use of AdjustPrivilegeToken
Detects videocard installed
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Opens file in notepad (likely ransom note)
Suspicious use of SendNotifyMessage
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Enumerates processes with tasklist
Checks processor information in registry
Suspicious use of FindShellTrayWindow
Uses Task Scheduler COM API
Kills process with taskkill
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-08 16:05
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral13
Detonation Overview
Submitted
2024-04-08 16:03
Reported
2024-04-08 16:53
Platform
win11-20240221-en
Max time kernel
445s
Max time network
1174s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4181651180-3163410697-3990547336-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4181651180-3163410697-3990547336-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\locales\ca.pak
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
Files
Analysis: behavioral18
Detonation Overview
Submitted
2024-04-08 16:03
Reported
2024-04-08 16:57
Platform
win11-20240221-en
Max time kernel
421s
Max time network
1156s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\locales\en-GB.pak
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-08 16:03
Reported
2024-04-08 16:38
Platform
win11-20240214-en
Max time kernel
452s
Max time network
1176s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4916 wrote to memory of 412 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 4916 wrote to memory of 412 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 4916 wrote to memory of 412 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 412 -ip 412
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 412 -s 536
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-04-08 16:03
Reported
2024-04-08 16:38
Platform
win11-20240214-en
Max time kernel
1800s
Max time network
1801s
Command Line
Signatures
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e803accbfb42cdb4c42b0297fe99a87c6410000 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "2" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \Registry\User\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\NotificationData | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e8005398e082303024b98265d99428e115f0000 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app-64.7z
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app-64.7z"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.0.114764430\58532456" -parentBuildID 20221007134813 -prefsHandle 1820 -prefMapHandle 1812 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b966032-9bc2-4b12-bc90-d15f279ef3fb} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 1900 1e25a4cc958 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.1.539476913\523162012" -parentBuildID 20221007134813 -prefsHandle 2264 -prefMapHandle 2260 -prefsLen 20783 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b3ec55af-b5fc-4b70-9ef3-1f7f2da4131e} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 2276 1e24e5e1158 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.2.1422401016\128713315" -childID 1 -isForBrowser -prefsHandle 3008 -prefMapHandle 3004 -prefsLen 20821 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0969214e-9558-4744-aa41-011f7aa7cb77} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 2876 1e25a45c358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.3.76123671\346246749" -childID 2 -isForBrowser -prefsHandle 3452 -prefMapHandle 3448 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba7a0b39-dcc6-4d8d-9123-5561f21e2686} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 3460 1e24e562e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.4.185017309\659766822" -childID 3 -isForBrowser -prefsHandle 4572 -prefMapHandle 4568 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2192c8e7-6fe9-4aed-87c0-4f6dbc4afd7e} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 4584 1e2613c4958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.5.386433692\187009217" -childID 4 -isForBrowser -prefsHandle 4920 -prefMapHandle 4944 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7ec36c1-35ed-48f2-a50e-4d817a8dbe69} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 5072 1e26053f558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.6.282925997\487567989" -childID 5 -isForBrowser -prefsHandle 5172 -prefMapHandle 5176 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9778e814-5cdf-4abe-ae33-b80af487bf6d} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 5164 1e26053dd58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.7.162930153\2059551034" -childID 6 -isForBrowser -prefsHandle 5364 -prefMapHandle 5368 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ca53a69-8ec6-4e6e-9092-d7b66fc17e18} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 5356 1e26053fe58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.8.1292798787\623380813" -childID 7 -isForBrowser -prefsHandle 1544 -prefMapHandle 5808 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b3b4764-8b84-4a1e-b3b6-aed71d53cf6e} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 5404 1e263cd7058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.9.661999711\218955073" -childID 8 -isForBrowser -prefsHandle 5604 -prefMapHandle 5620 -prefsLen 26644 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {94ba060c-5778-4ae0-b400-51fcad9a8bad} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 5624 1e262ab8e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.10.1477248465\1651594484" -childID 9 -isForBrowser -prefsHandle 4780 -prefMapHandle 5056 -prefsLen 26644 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5002bd2-9984-4ae7-a652-bae087fa8497} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 5248 1e262ab9458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.11.548429663\2061874285" -childID 10 -isForBrowser -prefsHandle 8540 -prefMapHandle 7196 -prefsLen 26644 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0595b0fc-e228-4465-8734-7c0f480908ab} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 8552 1e2694c5058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.12.10111651\1441174644" -childID 11 -isForBrowser -prefsHandle 8064 -prefMapHandle 8076 -prefsLen 26644 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {95606615-20cb-4c7e-a3b1-2eea51dbb435} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 8072 1e264c3c758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.13.805866542\758428712" -childID 12 -isForBrowser -prefsHandle 7928 -prefMapHandle 7924 -prefsLen 26644 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0cca622e-fc51-4c7a-ac7b-f361a7aef68f} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 6900 1e264c3d058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.14.248161299\1620093500" -childID 13 -isForBrowser -prefsHandle 7764 -prefMapHandle 7760 -prefsLen 26644 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec2f9969-5a18-409f-a974-42ef884dcde5} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 6868 1e264c3d958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.15.723084545\10897543" -parentBuildID 20221007134813 -prefsHandle 6744 -prefMapHandle 6740 -prefsLen 26644 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {60b85f61-734a-4faf-b4cf-c6dcdc2474af} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 6752 1e264c3ca58 rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.16.796156669\504606747" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 7884 -prefMapHandle 7868 -prefsLen 26644 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4859af42-8872-4ef5-9ac8-c819a6b22077} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 6848 1e269680a58 utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.17.1793969620\1563188891" -childID 14 -isForBrowser -prefsHandle 4500 -prefMapHandle 6440 -prefsLen 26644 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7bcfd7e5-fa78-489e-87a2-9a078011c206} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 6504 1e26a189f58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.18.203056022\974217622" -childID 15 -isForBrowser -prefsHandle 6368 -prefMapHandle 6364 -prefsLen 26644 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {786d00ce-38e4-4d21-a1a0-6dc1fd92eb6b} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 6376 1e26a437258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.19.1374889918\520299807" -childID 16 -isForBrowser -prefsHandle 4236 -prefMapHandle 4196 -prefsLen 26644 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f374b67-d21f-4792-9de7-77763f98b389} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 4840 1e26a439958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.20.2107887274\155074213" -childID 17 -isForBrowser -prefsHandle 6296 -prefMapHandle 6356 -prefsLen 26644 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f35abc2-9a1e-43fe-9913-fc2f15353b21} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 6304 1e25a707558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.21.486049348\1519281455" -childID 18 -isForBrowser -prefsHandle 2768 -prefMapHandle 5436 -prefsLen 26644 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {657dcffe-7179-48db-8e12-34fffa25d84f} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 10164 1e25e9fb358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.22.56072874\2006460123" -childID 19 -isForBrowser -prefsHandle 10360 -prefMapHandle 10364 -prefsLen 26644 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {80262030-663f-406f-aef3-00f726ec7377} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 10348 1e2605d2858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.23.1352734214\949852829" -childID 20 -isForBrowser -prefsHandle 7396 -prefMapHandle 7408 -prefsLen 26644 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3833da7-8add-44f2-9cc8-63cc41d35f70} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 7392 1e264ecf858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.24.587085677\1085485116" -childID 21 -isForBrowser -prefsHandle 10596 -prefMapHandle 7392 -prefsLen 26644 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8459b6f-fdbf-4128-9813-360049dc3fe2} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 8840 1e264f85a58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.25.1342499072\569896804" -childID 22 -isForBrowser -prefsHandle 8124 -prefMapHandle 10032 -prefsLen 26644 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b4a0e95-b835-4c20-a8b8-c768b3601408} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 8144 1e268a30558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.26.661475444\740871945" -childID 23 -isForBrowser -prefsHandle 9108 -prefMapHandle 9088 -prefsLen 26644 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {28794234-ea38-43a9-b80b-c71fcaecd4c6} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 9124 1e264e7df58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.27.656140039\1649677946" -childID 24 -isForBrowser -prefsHandle 8848 -prefMapHandle 9292 -prefsLen 26644 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3c8fcaa-80d2-4419-85aa-c887e5fe5305} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 8948 1e265111958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.28.1835967385\23041181" -childID 25 -isForBrowser -prefsHandle 6956 -prefMapHandle 6980 -prefsLen 26644 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c59a9f6e-3421-452b-bed6-fec4073f6965} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 10788 1e265112258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.29.1859028813\1138304591" -childID 26 -isForBrowser -prefsHandle 11072 -prefMapHandle 11068 -prefsLen 26644 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b0bb5e3b-d425-4354-8ba7-fd3867f6be91} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 6992 1e26942da58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.30.833992776\1648805566" -childID 27 -isForBrowser -prefsHandle 11188 -prefMapHandle 11192 -prefsLen 26644 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a031a56-1592-429a-83ed-07a3893d8413} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 11180 1e265974758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.31.1377585659\689608482" -childID 28 -isForBrowser -prefsHandle 11772 -prefMapHandle 11776 -prefsLen 26644 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bad1f07f-0400-40fc-a828-fbdccf9a7590} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 11756 1e26946d158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.32.2144475252\1703779544" -childID 29 -isForBrowser -prefsHandle 11588 -prefMapHandle 11584 -prefsLen 26644 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e9e25a85-6938-4955-b09f-635c5bb448d3} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 11596 1e26c0ea358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.33.6312815\1499255633" -childID 30 -isForBrowser -prefsHandle 11252 -prefMapHandle 11248 -prefsLen 26644 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {47e8cf18-4709-47d0-883b-be14a187d837} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 11632 1e26c50a758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.34.1026549121\194900267" -childID 31 -isForBrowser -prefsHandle 11200 -prefMapHandle 11260 -prefsLen 26644 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e5b381e-fddf-4d8c-8f46-f5f895ad5c51} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 11644 1e26c50c558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.35.1295188281\1053108247" -childID 32 -isForBrowser -prefsHandle 11068 -prefMapHandle 10184 -prefsLen 26644 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {73feafa2-efc4-4bcf-8ecf-b271bf280941} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 12068 1e268c08258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.36.1692470378\2019099784" -childID 33 -isForBrowser -prefsHandle 12184 -prefMapHandle 12188 -prefsLen 26644 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9512c8e5-4f3b-4264-a64d-38b6e3033058} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 11228 1e2640d5e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.37.1245138448\1914616647" -childID 34 -isForBrowser -prefsHandle 12052 -prefMapHandle 12176 -prefsLen 26644 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {067de48b-668f-4d0c-aa96-17f2333296aa} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 11212 1e2640d6a58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.38.1181533192\1476133815" -childID 35 -isForBrowser -prefsHandle 12388 -prefMapHandle 11228 -prefsLen 26644 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8284a43b-8563-4e3a-8f45-faffa39af29e} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 12492 1e264531b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.39.993546571\1645242501" -childID 36 -isForBrowser -prefsHandle 12652 -prefMapHandle 12592 -prefsLen 26644 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5921bcd1-a8cc-4c0e-a795-40db661e417d} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 12972 1e263c90058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.40.360993259\4745272" -childID 37 -isForBrowser -prefsHandle 10548 -prefMapHandle 8136 -prefsLen 26644 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {efe66927-6056-49e1-af70-ec19fa53842b} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 3432 1e263953958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.41.2108050140\1962648629" -childID 38 -isForBrowser -prefsHandle 10064 -prefMapHandle 10080 -prefsLen 26644 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d88507a-751b-47e9-ab2b-6aa2f5f105d7} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 4832 1e26536d958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.42.2009258499\2091082331" -childID 39 -isForBrowser -prefsHandle 12016 -prefMapHandle 4616 -prefsLen 27335 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa369229-0f86-4216-ab70-2ca621ec5f12} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 8796 1e2617f6e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.43.418626379\376949106" -childID 40 -isForBrowser -prefsHandle 8748 -prefMapHandle 8740 -prefsLen 27335 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b28726d-5b8e-4a60-8f0a-1fa0b95646a4} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 8188 1e264b30f58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.44.1209093806\1425908347" -childID 41 -isForBrowser -prefsHandle 9448 -prefMapHandle 7000 -prefsLen 27344 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cba7f12c-3dbb-4e59-b66e-f5178b09fa9f} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 7176 1e26396c258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.45.1801507771\282197316" -childID 42 -isForBrowser -prefsHandle 4620 -prefMapHandle 7280 -prefsLen 27344 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {57013e65-331d-4976-9246-21d034758123} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 11632 1e2618eb258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.46.1169125936\1280142163" -childID 43 -isForBrowser -prefsHandle 8928 -prefMapHandle 12800 -prefsLen 27344 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f36b85fa-d9b8-4e18-aec0-df5b3fea6282} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 8920 1e2617f9b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.47.195855062\533374919" -childID 44 -isForBrowser -prefsHandle 9836 -prefMapHandle 7432 -prefsLen 27344 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {de83d9be-7e6e-4998-8267-0453b1c5ee25} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 12784 1e268a03e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.48.1246369294\831056611" -childID 45 -isForBrowser -prefsHandle 9444 -prefMapHandle 9528 -prefsLen 27344 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2e06933-7bfd-451f-9d0c-60c587f2b606} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 4584 1e269c99458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.49.1115213079\595950637" -childID 46 -isForBrowser -prefsHandle 10408 -prefMapHandle 10108 -prefsLen 27344 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e716b6d4-7568-4d38-a52e-d88bcd526005} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 4444 1e262d92658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.50.729201925\1663390145" -childID 47 -isForBrowser -prefsHandle 8764 -prefMapHandle 12732 -prefsLen 27344 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c2e47a3-33e0-46d9-9dd2-640c9180ffa2} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 12832 1e264174a58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.51.301132567\804192928" -childID 48 -isForBrowser -prefsHandle 11992 -prefMapHandle 12792 -prefsLen 27657 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {39a26e68-0f8e-46ad-a18e-5041fc3f0446} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 4564 1e264e7dc58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.52.779975403\969935414" -childID 49 -isForBrowser -prefsHandle 12260 -prefMapHandle 9020 -prefsLen 27657 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c6e5073-8c94-4e4b-8d7d-5210d2fa7abd} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 12252 1e264e0d258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.53.1219779164\841982239" -childID 50 -isForBrowser -prefsHandle 9528 -prefMapHandle 9092 -prefsLen 27657 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1925c0b-1439-4271-aa17-7a3dab3cc569} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 10200 1e264175358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.54.1203240208\736945191" -childID 51 -isForBrowser -prefsHandle 7336 -prefMapHandle 4216 -prefsLen 27666 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {32a94b02-f4f7-4307-a314-bd9d09636498} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 12840 1e263cf8d58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.55.611510400\525631239" -childID 52 -isForBrowser -prefsHandle 9076 -prefMapHandle 12852 -prefsLen 27666 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bfbb9f98-ab91-44f0-9d5b-dd56d98d6541} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 4876 1e263bf0358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.56.597796903\1343365013" -childID 53 -isForBrowser -prefsHandle 6512 -prefMapHandle 5532 -prefsLen 27666 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {55d233ff-af0d-4c6a-bffa-d7436a42704a} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 10956 1e2617fb658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.57.1525333990\1387594230" -childID 54 -isForBrowser -prefsHandle 12984 -prefMapHandle 12508 -prefsLen 27666 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {33d00108-45f8-4406-b317-5231d51cb50b} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 5764 1e2641c1c58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.58.637698866\1609850074" -childID 55 -isForBrowser -prefsHandle 12620 -prefMapHandle 12632 -prefsLen 27666 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e2bde59-bee0-4f01-8449-102984b910a9} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 8128 1e264ecdd58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.59.1690101079\1388108826" -childID 56 -isForBrowser -prefsHandle 12696 -prefMapHandle 12736 -prefsLen 27675 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {523838ae-4767-42f0-bf34-57e2ea1cd9b8} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 1500 1e264d64e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.60.813774095\953352515" -childID 57 -isForBrowser -prefsHandle 12444 -prefMapHandle 12464 -prefsLen 27675 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5fd85ff8-958f-4995-bef6-eb0f2e5c735b} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 9920 1e269c98e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.61.1820529773\1022446073" -childID 58 -isForBrowser -prefsHandle 12724 -prefMapHandle 7156 -prefsLen 27675 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {944e21c7-fb4a-402a-af0f-93a15f58f567} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 9824 1e261a58558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.62.1839454458\314950558" -childID 59 -isForBrowser -prefsHandle 4040 -prefMapHandle 9060 -prefsLen 27675 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f457046-184f-45e3-8ea7-e56f8a662f06} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 12564 1e2641bf558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.63.1043255384\562850197" -childID 60 -isForBrowser -prefsHandle 12748 -prefMapHandle 13060 -prefsLen 27675 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e783e0aa-113b-4f53-acbe-edfeec839003} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 9340 1e264fd5658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.64.1540265011\214471523" -childID 61 -isForBrowser -prefsHandle 7008 -prefMapHandle 7388 -prefsLen 27675 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {528f5be7-25d6-452d-95e3-7189a7a9b8c1} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 5764 1e26942fe58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.65.238644235\1408251818" -childID 62 -isForBrowser -prefsHandle 6476 -prefMapHandle 11364 -prefsLen 27675 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9585b46b-20bf-4c9a-b5ea-f2db534b98ae} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 8580 1e269912158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.66.1427525017\1851692604" -childID 63 -isForBrowser -prefsHandle 4288 -prefMapHandle 1656 -prefsLen 27675 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fac8e681-e4bf-4231-b88c-eef1764f3e36} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 7636 1e24e52ea58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.67.1233848844\578155507" -childID 64 -isForBrowser -prefsHandle 8120 -prefMapHandle 9020 -prefsLen 27675 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2596357-fa73-41a0-8c52-9758887999c8} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 10960 1e263953058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.68.2034104286\612193454" -childID 65 -isForBrowser -prefsHandle 8116 -prefMapHandle 12544 -prefsLen 27675 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab37998b-7950-4bd9-8368-9a2bd916f728} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 9888 1e264fd6558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.69.1041640673\94830007" -childID 66 -isForBrowser -prefsHandle 10468 -prefMapHandle 9892 -prefsLen 27684 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee0600cb-bd8f-4edd-9dfd-0c30f7592a2b} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 7156 1e26a12de58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.70.1220649687\287863076" -childID 67 -isForBrowser -prefsHandle 9528 -prefMapHandle 13060 -prefsLen 27684 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e01cdd3-e36b-44d7-9e54-61441a6552c8} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 7032 1e2618e9458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.71.1276989721\891491159" -childID 68 -isForBrowser -prefsHandle 3328 -prefMapHandle 7024 -prefsLen 27684 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2160f93-fb70-49df-b866-4863b03c5762} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 10152 1e2641c1358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.72.1237390043\498860287" -childID 69 -isForBrowser -prefsHandle 8376 -prefMapHandle 7152 -prefsLen 27684 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b16aa9b4-b91e-444f-9b13-d0668846375f} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 8404 1e264ecf258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.73.514742556\471291673" -childID 70 -isForBrowser -prefsHandle 4656 -prefMapHandle 9880 -prefsLen 27836 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d34b592-9c9b-4f8f-a1f4-5456c1136e20} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 2664 1e264534258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.74.1327993455\920108126" -childID 71 -isForBrowser -prefsHandle 10436 -prefMapHandle 4400 -prefsLen 27836 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fae12bf0-31ff-4b5e-a435-b0dcf0782f7f} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 9024 1e2636f2f58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.75.1637860752\2134192172" -childID 72 -isForBrowser -prefsHandle 4044 -prefMapHandle 10468 -prefsLen 27836 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bad4437d-5a92-4ef4-bdb1-87648f63d18b} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 6472 1e264b2e858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.76.81924538\1591773806" -childID 73 -isForBrowser -prefsHandle 12236 -prefMapHandle 10436 -prefsLen 27836 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e05866de-bba7-4aca-ae7e-e736b6841a3a} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 3428 1e264176b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.77.975417007\1558598203" -childID 74 -isForBrowser -prefsHandle 1444 -prefMapHandle 5180 -prefsLen 27836 -prefMapSize 233444 -jsInitHandle 1076 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {098d47e1-1efb-4856-a7e7-4237e6e20c73} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 10548 1e2641c0158 tab
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 52.10.78.57:443 | shavar.prod.mozaws.net | tcp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| N/A | 127.0.0.1:49736 | tcp | |
| N/A | 127.0.0.1:49742 | tcp | |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| HK | 172.217.27.35:443 | id.google.com | tcp |
| HK | 172.217.27.35:443 | id.google.com | tcp |
| HK | 172.217.27.35:443 | id.google.com | udp |
| US | 45.55.107.24:443 | file.io | tcp |
| DE | 108.157.4.102:443 | www.file.io | tcp |
| US | 151.101.3.42:443 | s.sni.global.fastly.net | tcp |
| US | 8.8.8.8:53 | 102.4.157.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.3.101.151.in-addr.arpa | udp |
| US | 151.101.3.42:443 | s.sni.global.fastly.net | tcp |
| US | 104.22.47.142:443 | hb.vntsm.io.cdn.cloudflare.net | tcp |
| GB | 142.250.178.14:443 | analytics.google.com | tcp |
| GB | 142.250.178.14:443 | analytics.google.com | udp |
| BE | 64.233.166.157:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 157.166.233.64.in-addr.arpa | udp |
| BE | 64.233.166.157:443 | stats.g.doubleclick.net | udp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| DE | 108.157.7.75:443 | d1ykf07e75w7ss.cloudfront.net | tcp |
| DE | 18.66.248.47:443 | dfh8hwrwbxm35.cloudfront.net | tcp |
| DE | 108.157.4.57:443 | config.aps.amazon-adsystem.com | tcp |
| DE | 108.157.4.88:443 | config.aps.amazon-adsystem.com | tcp |
| IE | 34.254.143.3:443 | load-euw1.exelator.com | tcp |
| US | 172.67.36.110:443 | cdn.hadronid.net | tcp |
| GB | 23.53.174.156:443 | e4536.g.akamaiedge.net | tcp |
| US | 104.22.53.86:443 | cdn.id5-sync.com | tcp |
| GB | 23.53.174.156:443 | e4536.g.akamaiedge.net | tcp |
| US | 104.22.4.69:443 | pixels.ad.gt | tcp |
| US | 104.22.4.69:443 | pixels.ad.gt | tcp |
| US | 8.8.8.8:53 | 75.7.157.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.248.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.4.157.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.4.157.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.143.254.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.36.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.53.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.174.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.4.22.104.in-addr.arpa | udp |
| GB | 195.181.164.21:443 | load77.exelator.com | tcp |
| DE | 18.154.63.112:443 | cmp.inmobi.com | tcp |
| NL | 89.207.16.210:443 | convex-rr.global.dual.dotomi.weighted.com.akadns.net | tcp |
| US | 172.67.23.234:443 | p.ad.gt | tcp |
| US | 34.193.107.217:443 | nmcapps-onsite-tag-external-alb-315845598.us-east-1.elb.amazonaws.com | tcp |
| DE | 18.159.154.206:443 | api.cmp.inmobi.com | tcp |
| US | 104.18.23.145:443 | cadmus.script.ac | tcp |
| US | 34.95.69.49:443 | i.clean.gg | tcp |
| US | 34.95.69.49:443 | i.clean.gg | tcp |
| DE | 18.173.232.53:443 | aax.amazon-adsystem.com | tcp |
| US | 34.120.111.33:443 | api.edkt.io | tcp |
| IE | 52.18.58.124:443 | track.venatusmedia.com | tcp |
| US | 34.95.69.49:443 | i.clean.gg | udp |
| US | 34.120.111.33:443 | api.edkt.io | udp |
| US | 172.67.23.234:443 | p.ad.gt | tcp |
| US | 172.67.23.234:443 | p.ad.gt | tcp |
| US | 172.67.23.234:443 | p.ad.gt | tcp |
| US | 172.67.23.234:443 | p.ad.gt | tcp |
| US | 104.26.8.169:443 | script.4dex.io | tcp |
| DE | 141.95.98.64:443 | id5-sync.com | tcp |
| US | 34.120.111.33:443 | api.edkt.io | tcp |
| NL | 145.40.97.67:443 | prebid.a-mo.net | tcp |
| US | 172.64.144.78:443 | elb.the-ozone-project.com | tcp |
| US | 104.26.8.169:443 | script.4dex.io | tcp |
| US | 172.67.23.234:443 | p.ad.gt | tcp |
| US | 172.67.23.234:443 | p.ad.gt | tcp |
| US | 172.67.23.234:443 | p.ad.gt | tcp |
| DE | 141.95.98.64:443 | id5-sync.com | tcp |
| US | 172.67.23.234:443 | p.ad.gt | tcp |
| DE | 37.252.171.149:443 | ib.adnxs.com | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| NL | 198.47.127.205:443 | image2.pubmatic.com | tcp |
| NL | 213.19.162.90:443 | pixel.rubiconproject.net.akadns.net | tcp |
| US | 172.64.151.101:443 | ssum-sec.casalemedia.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| NL | 89.149.192.200:443 | rtb-csync-euw1.smartadserver.com | tcp |
| FR | 185.255.84.150:443 | hb-api.omnitagjs.com | tcp |
| DE | 18.157.230.4:443 | eu-tlx.3lift.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid-lhrc.pubmnet.com | tcp |
| FR | 185.86.139.85:443 | prg.smartadserver.com | tcp |
| FR | 185.86.139.85:443 | prg.smartadserver.com | tcp |
| DE | 3.78.8.221:443 | btlr.sharethrough.com | tcp |
| DE | 3.78.8.221:443 | btlr.sharethrough.com | tcp |
| DE | 3.78.8.221:443 | btlr.sharethrough.com | tcp |
| DE | 3.78.8.221:443 | btlr.sharethrough.com | tcp |
| DE | 37.252.172.123:443 | ib.adnxs.com | tcp |
| US | 69.166.1.8:443 | iad-2-apex.go.sonobi.com | tcp |
| US | 8.8.8.8:53 | 90.162.19.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.192.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.139.86.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.171.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.172.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.230.157.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.8.78.3.in-addr.arpa | udp |
| US | 172.64.151.101:443 | ssum-sec.casalemedia.com | udp |
| GB | 142.250.180.1:443 | 10a68dad8f4435ef0bae2162ce660b5e.safeframe.googlesyndication.com | tcp |
| US | 23.220.113.164:443 | e11385.dscd.akamaiedge.net | tcp |
| GB | 142.250.180.1:443 | 10a68dad8f4435ef0bae2162ce660b5e.safeframe.googlesyndication.com | udp |
| US | 96.46.186.186:443 | track-sc-was.aniview.com | tcp |
| GB | 23.73.139.80:443 | player.aniview.com | tcp |
| DE | 2.16.6.28:443 | feed.avplayer.com | tcp |
| GB | 142.250.178.1:443 | cdn-content.ampproject.org | tcp |
| GB | 142.250.178.1:443 | cdn-content.ampproject.org | tcp |
| GB | 142.250.178.1:443 | cdn-content.ampproject.org | tcp |
| GB | 142.250.178.1:443 | cdn-content.ampproject.org | tcp |
| GB | 142.250.178.1:443 | cdn-content.ampproject.org | tcp |
| US | 34.120.111.33:443 | api.edkt.io | udp |
| GB | 142.250.178.1:443 | cdn-content.ampproject.org | udp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | tcp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| US | 23.220.113.164:443 | e11385.dscd.akamaiedge.net | tcp |
| GB | 23.73.139.80:443 | player.aniview.com | tcp |
| GB | 23.73.139.56:443 | player.aniview.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 23.53.112.234:443 | ads.pubmatic.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 185.64.190.89:443 | st.pubmatic.com | tcp |
| GB | 23.73.139.56:443 | player.aniview.com | udp |
| GB | 172.217.169.70:443 | s0.2mdn.net | tcp |
| GB | 142.250.180.2:443 | googleads4.g.doubleclick.net | tcp |
| GB | 172.217.169.70:443 | s0.2mdn.net | udp |
| GB | 142.250.180.2:443 | googleads4.g.doubleclick.net | udp |
| US | 173.0.146.6:443 | go1.aniview.com | tcp |
| GB | 185.64.190.81:443 | simage4.pubmatic.com | tcp |
| US | 8.8.8.8:53 | sync.a-mo.net | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 8.8.8.8:53 | acdn.adnxs.com | udp |
| US | 8.8.8.8:53 | p.rfihub.com | udp |
| US | 8.8.8.8:53 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| NL | 145.40.97.67:443 | sync.a-mo.net | tcp |
| US | 8.8.8.8:53 | bh.contextweb.com | udp |
| FR | 185.255.84.153:443 | visitor.omnitagjs.com | tcp |
| US | 8.8.8.8:53 | sync.mathtag.com | udp |
| US | 8.8.8.8:53 | creativecdn.com | udp |
| US | 8.8.8.8:53 | gum.nl3.vip.prod.criteo.com | udp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 151.101.1.108:443 | acdn.adnxs.com | tcp |
| US | 8.8.8.8:53 | visitor-fra02.omnitagjs.com | udp |
| US | 8.8.8.8:53 | pixel-sync.sitescout.com | udp |
| NL | 178.250.1.11:443 | gum.nl3.vip.prod.criteo.com | tcp |
| US | 34.120.133.55:443 | api.rlcdn.com | tcp |
| NL | 193.0.160.130:443 | p.rfihub.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| US | 54.156.138.144:443 | sync.srv.stackadapt.com | tcp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| US | 216.200.232.253:443 | sync.mathtag.com | tcp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| NL | 178.250.1.11:443 | gum.nl3.vip.prod.criteo.com | tcp |
| US | 8.8.8.8:53 | 81.190.64.185.in-addr.arpa | udp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | 153.84.255.185.in-addr.arpa | udp |
| NL | 145.40.97.66:443 | sync.a-mo.net | tcp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| US | 151.101.1.108:443 | acdn.adnxs.com | tcp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 216.200.232.253:443 | sync.mathtag.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| NL | 145.40.97.67:443 | sync.a-mo.net | tcp |
| US | 8.8.8.8:53 | secure-assets.rubiconproject.com | udp |
| NL | 154.57.158.25:443 | ads.stickyadstv.com | tcp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| NL | 154.57.158.25:443 | ads.stickyadstv.com | tcp |
| US | 8.8.8.8:53 | ssp.disqus.com | udp |
| IE | 34.240.191.207:443 | ap.lijit.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | cs.krushmedia.com | udp |
| FR | 5.135.209.100:443 | ssbsync.smartadserver.com | tcp |
| NL | 145.40.97.67:443 | sync.a-mo.net | tcp |
| US | 34.120.133.55:443 | api.rlcdn.com | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | s2s.aniview.com | udp |
| US | 8.8.8.8:53 | optimized-by.rubiconproject.com | udp |
| BE | 104.68.78.171:443 | secure-assets.rubiconproject.com | tcp |
| US | 8.2.110.134:443 | cs.krushmedia.com | tcp |
| DE | 3.75.62.37:443 | ups.analytics.yahoo.com | tcp |
| US | 52.205.107.134:443 | ssp.disqus.com | tcp |
| US | 96.46.186.176:443 | s2s.aniview.com | tcp |
| US | 34.98.64.218:443 | u.openx.net | tcp |
| DE | 51.89.9.252:443 | onetag-sys.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 35.186.253.211:443 | rtb.openx.net | tcp |
| FR | 178.250.7.13:443 | dnacdn.net | tcp |
| US | 8.8.8.8:53 | pixel-sync.sitescout.com | udp |
| US | 96.46.186.182:443 | sync.aniview.com | tcp |
| US | 34.98.64.218:443 | u.openx.net | udp |
| US | 96.46.186.182:443 | sync.aniview.com | tcp |
| US | 8.8.8.8:53 | visitor-fra02.omnitagjs.com | udp |
| US | 8.8.8.8:53 | eu-eb2.3lift.com | udp |
| US | 34.120.111.33:443 | api.edkt.io | udp |
| DE | 51.89.9.252:443 | onetag-sys.com | udp |
| US | 96.46.186.182:443 | sync.aniview.com | tcp |
| US | 104.19.159.19:443 | assets.a-mo.net | tcp |
| US | 104.19.159.19:443 | assets.a-mo.net | tcp |
| US | 96.46.186.182:443 | sync.aniview.com | tcp |
| US | 35.186.253.211:443 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | 55.133.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.216.36.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.160.0.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.169.93.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.8.184.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.79.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.138.156.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.97.40.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.232.200.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.111.223.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.158.57.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.191.240.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.209.135.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.78.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.62.75.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.110.2.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.107.205.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.186.46.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.64.98.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.9.89.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | am1-direct-bgp.contextweb.com | udp |
| US | 80.77.87.108:443 | eexsync.com | tcp |
| US | 23.220.112.27:443 | hbx.media.net | tcp |
| NL | 72.246.173.47:443 | eus.rubiconproject.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| NL | 213.19.162.71:443 | prebid-server.rubiconproject.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| DE | 54.93.36.101:443 | videoproxyservervip-2125505963.eu-central-1.elb.amazonaws.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 52.5.72.128:443 | qvdt3feo.com | tcp |
| US | 69.166.1.66:443 | sync.go.sonobi.com | tcp |
| US | 69.166.1.66:443 | sync.go.sonobi.com | tcp |
| US | 8.8.8.8:53 | 182.186.46.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.159.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.87.77.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.173.246.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.162.19.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.112.220.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.36.93.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.1.166.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.72.5.52.in-addr.arpa | udp |
| FR | 91.134.110.136:443 | rtb-csync.smartadserver.com | tcp |
| FR | 91.134.110.136:443 | rtb-csync.smartadserver.com | tcp |
| US | 23.220.112.27:443 | hbx.media.net | udp |
| FR | 91.134.110.136:443 | rtb-csync.smartadserver.com | tcp |
| NL | 178.250.1.9:443 | widget.nl3.vip.prod.criteo.com | tcp |
| DK | 37.157.4.29:443 | cm.adform.net | tcp |
| US | 52.46.130.91:443 | s.amazon-adsystem.com | tcp |
| US | 80.77.87.161:443 | cs.admanmedia.com | tcp |
| US | 80.77.87.161:443 | cs.admanmedia.com | tcp |
| GB | 216.58.201.106:443 | imasdk.googleapis.com | tcp |
| DE | 18.197.118.154:443 | rtb.mfadsrvr.com | tcp |
| NL | 213.19.162.90:443 | pixel-eu.rubiconproject.com | tcp |
| NL | 213.19.162.90:443 | pixel-eu.rubiconproject.com | tcp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| NL | 89.149.192.75:443 | ssbsync-global.smartadserver.com | tcp |
| NL | 198.47.127.18:443 | image8.pubmatic.com | tcp |
| US | 52.46.130.91:443 | s.amazon-adsystem.com | tcp |
| GB | 216.58.201.106:443 | imasdk.googleapis.com | udp |
| US | 45.55.107.24:443 | file.io | tcp |
| US | 45.55.107.24:443 | file.io | tcp |
| US | 8.8.8.8:53 | 9.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.4.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.130.46.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.87.77.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.192.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.213.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.118.197.18.in-addr.arpa | udp |
| US | 80.77.87.161:443 | cs.admanmedia.com | tcp |
| NL | 198.47.127.19:443 | pugm-amsfpairbc.pubmnet.com | tcp |
| DE | 85.114.159.93:443 | dsp.adfarm1.adition.com | tcp |
| US | 64.74.236.159:443 | b1sync.zemanta.com | tcp |
| NL | 72.246.173.47:443 | eus.rubiconproject.com | tcp |
| NL | 213.19.162.90:443 | pixel-eu.rubiconproject.com | tcp |
| IE | 54.239.38.253:443 | aax-eu.amazon-adsystem.com | tcp |
| NL | 213.19.162.90:443 | pixel-eu.rubiconproject.com | tcp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| IE | 99.81.198.135:443 | ce.lijit.com | tcp |
| US | 96.46.186.15:443 | track1.avplayer.com | tcp |
| US | 8.8.8.8:53 | 253.38.239.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | csync.loopme.me | udp |
| US | 8.8.8.8:53 | jadserve.postrelease.com | udp |
| US | 80.77.87.161:443 | cs.admanmedia.com | tcp |
| DE | 18.66.248.27:443 | api-2-0.spot.im | tcp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| US | 35.173.144.25:443 | cs-server-s2s.yellowblue.io | tcp |
| NL | 35.214.253.238:443 | csync.loopme.me | tcp |
| US | 67.202.105.22:443 | ssc-cms.33across.com | tcp |
| DE | 18.66.248.125:443 | public.servenobid.com | tcp |
| US | 80.77.87.161:443 | cs.admanmedia.com | tcp |
| US | 8.8.8.8:53 | cs.adnear.net | udp |
| US | 8.8.8.8:53 | pixel.mathtag.com | udp |
| US | 8.8.8.8:53 | 135.198.81.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.186.46.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.248.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.253.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.144.173.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.248.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.105.202.67.in-addr.arpa | udp |
| US | 205.178.189.129:443 | cs.adnear.net | tcp |
| US | 34.95.81.168:443 | rubiconcm.digitaleast.mobi | tcp |
| US | 74.121.140.211:443 | pixel.mathtag.com | tcp |
| IE | 52.19.105.29:443 | match.prod.bidr.io | tcp |
| US | 64.74.236.159:443 | b1sync.zemanta.com | tcp |
| IE | 52.17.147.169:443 | jadserve.postrelease.com.akadns.net | tcp |
| US | 35.244.174.68:443 | id.rlcdn.com | tcp |
| US | 192.132.33.67:443 | bttrack.com | tcp |
| US | 34.95.81.168:443 | rubiconcm.digitaleast.mobi | udp |
| US | 205.178.189.129:443 | cs.adnear.net | tcp |
| US | 35.244.174.68:443 | id.rlcdn.com | udp |
| NL | 63.215.202.178:443 | match.sync.ad.cpe.dotomi.com | tcp |
| US | 64.74.236.159:443 | b1sync.zemanta.com | tcp |
| US | 64.74.236.159:443 | b1sync.zemanta.com | tcp |
| GB | 216.58.201.98:443 | pubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 68.174.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.105.19.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.140.121.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.33.132.192.in-addr.arpa | udp |
| IE | 52.17.97.65:443 | g2.gumgum.com | tcp |
| US | 8.8.8.8:53 | 178.202.215.63.in-addr.arpa | udp |
| US | 80.77.87.161:443 | cs.admanmedia.com | tcp |
| GB | 216.58.201.98:443 | pubads46.g.doubleclick.net | udp |
| US | 80.77.87.161:443 | cs.admanmedia.com | tcp |
| DE | 18.66.248.29:443 | cs-rtb.minutemedia-prebid.com | tcp |
| IE | 52.19.121.99:443 | ads.servenobid.com | tcp |
| IE | 52.19.121.99:443 | ads.servenobid.com | tcp |
| IE | 52.19.121.99:443 | ads.servenobid.com | tcp |
| NL | 77.245.57.72:443 | sync.adkernel.com | tcp |
| US | 172.64.145.29:443 | cdn.dxkulture.com | tcp |
| US | 8.43.72.97:443 | pixel-us-east.rubiconproject.com | tcp |
| US | 52.73.191.19:443 | beacon.lynx.cognitivlabs.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| FR | 45.137.176.88:443 | sync.adotmob.com | tcp |
| DK | 37.157.6.237:443 | c1.adform.net | tcp |
| JP | 211.120.53.203:443 | tg.socdm.com | tcp |
| US | 38.68.201.140:443 | rbp.mxptint.net | tcp |
| NL | 154.59.122.79:443 | ums.acuityplatform.com | tcp |
| US | 104.18.25.173:443 | s.tribalfusion.com | tcp |
| US | 69.166.1.66:443 | iad-2-sync.go.sonobi.com | tcp |
| DE | 52.59.150.1:443 | match.sharethrough.com | tcp |
| US | 142.250.148.120:443 | csi.gstatic.com | tcp |
| US | 142.250.148.120:443 | csi.gstatic.com | tcp |
| FR | 45.137.176.88:443 | sync.adotmob.com | tcp |
| JP | 211.120.53.203:443 | tg.socdm.com | tcp |
| NL | 154.59.122.79:443 | ums.acuityplatform.com | tcp |
| US | 104.18.25.173:443 | s.tribalfusion.com | udp |
| DE | 18.154.63.48:443 | live.primis.tech | tcp |
| US | 142.250.148.120:443 | csi.gstatic.com | tcp |
| US | 142.250.148.120:443 | csi.gstatic.com | tcp |
| US | 8.8.8.8:53 | 72.57.245.77.in-addr.arpa | udp |
| US | 104.18.36.155:443 | ssum.casalemedia.com | tcp |
| US | 64.74.236.191:443 | sync.outbrain.com | tcp |
| US | 8.8.8.8:53 | 19.191.73.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.6.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.25.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.201.68.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.150.59.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.53.120.211.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.122.59.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ads.servenobid.com | udp |
| US | 8.8.8.8:53 | 1.cpm.ak-is2.net | udp |
| US | 8.8.8.8:53 | dssp-prod-cdn.nyc3.cdn.digitaloceanspaces.com | udp |
| US | 104.18.24.173:443 | s.tribalfusion.com | tcp |
| DE | 18.154.63.48:443 | d2wcz8sc48ztgm.cloudfront.net | udp |
| US | 142.250.148.120:443 | csi.gstatic.com | udp |
| US | 104.18.36.155:443 | ssum.casalemedia.com | udp |
| GB | 216.58.201.98:443 | pubads46.g.doubleclick.net | udp |
| US | 104.18.24.173:443 | s.tribalfusion.com | udp |
| NL | 46.228.174.115:443 | tag.1rx.io | tcp |
| GB | 216.58.201.98:443 | pubads46.g.doubleclick.net | tcp |
| IE | 52.208.188.224:443 | rtb.gumgum.com | tcp |
| IE | 34.247.205.196:443 | usersync.gumgum.com | tcp |
| IE | 34.247.205.196:443 | usersync.gumgum.com | tcp |
| IE | 54.72.77.89:443 | pr-bh.ybp.yahoo.com | tcp |
| US | 8.18.47.7:443 | match.deepintent.com | tcp |
| US | 52.54.15.240:443 | sync.ipredictive.com | tcp |
| US | 35.244.159.8:443 | us-u.openx.net | tcp |
| IE | 34.247.205.196:443 | usersync.gumgum.com | tcp |
| US | 35.244.159.8:443 | us-u.openx.net | udp |
| NL | 77.245.57.72:443 | 1.cpm.ak-is2.net | tcp |
| US | 80.77.87.108:443 | eexsync.com | tcp |
| IE | 52.49.51.224:443 | cs.yellowblue.io | tcp |
| IE | 52.49.51.224:443 | cs.yellowblue.io | tcp |
| US | 45.55.126.71:443 | do-default-lb.dxkulture.com | tcp |
| US | 45.55.126.71:443 | do-default-lb.dxkulture.com | tcp |
| NL | 193.3.178.4:443 | ads.us.e-planning.net | tcp |
| US | 8.8.8.8:53 | 7.47.18.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.15.54.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | um.simpli.fi | udp |
| US | 8.8.8.8:53 | sync.intentiq.com | udp |
| IE | 34.250.71.194:443 | cs.yellowblue.io | tcp |
| DE | 18.173.233.63:443 | sync.intentiq.com | tcp |
| NL | 213.19.162.90:443 | pixel-eu.rubiconproject.net.akadns.net | tcp |
| NL | 213.19.162.90:443 | pixel-eu.rubiconproject.net.akadns.net | tcp |
| NL | 34.91.62.186:443 | um.simpli.fi | tcp |
| DE | 18.173.233.63:443 | sync.intentiq.com | udp |
| US | 34.149.50.64:443 | s.seedtag.com | tcp |
| DE | 108.157.4.110:443 | s.ad.smaato.net | tcp |
| US | 35.244.174.68:443 | idsync.rlcdn.com | tcp |
| US | 34.149.50.64:443 | s.seedtag.com | udp |
| US | 35.244.174.68:443 | idsync.rlcdn.com | udp |
| US | 8.8.8.8:53 | 186.62.91.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.4.157.108.in-addr.arpa | udp |
| NL | 178.250.1.7:443 | ssp-sync.criteo.com | tcp |
| US | 104.18.36.155:443 | ssum.casalemedia.com | udp |
| US | 69.166.1.8:443 | iad-2-apex.go.sonobi.com | tcp |
| NL | 46.228.174.115:443 | tag.1rx.io | tcp |
| FR | 185.86.139.85:443 | prg.smartadserver.com | tcp |
| NL | 213.19.162.71:443 | prebid-server-perf-eu.rubiconproject.net.akadns.net | tcp |
| US | 205.178.189.129:443 | cs.adnear.net | tcp |
| US | 205.178.189.129:443 | cs.adnear.net | tcp |
| DE | 18.157.230.4:443 | tlx.3lift.com | tcp |
| FR | 185.86.139.85:443 | prg.smartadserver.com | tcp |
| DE | 37.252.172.123:443 | ib.adnxs.com | tcp |
| US | 69.166.1.8:443 | iad-2-apex.go.sonobi.com | tcp |
| NL | 46.228.174.115:443 | tag.1rx.io | tcp |
| NL | 213.19.162.71:443 | prebid-server-perf-eu.rubiconproject.net.akadns.net | tcp |
| GB | 142.250.178.1:443 | cdn-content.ampproject.org | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 216.58.201.106:443 | imasdk.googleapis.com | udp |
| GB | 216.58.201.98:443 | pubads46.g.doubleclick.net | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| NL | 2.18.121.73:80 | ciscobinary.openh264.org | tcp |
| GB | 216.58.201.110:443 | redirector.gvt1.com | tcp |
| GB | 216.58.201.110:443 | redirector.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1.sn-aigl6ney.gvt1.com | tcp |
| GB | 173.194.183.166:443 | r1.sn-aigl6ney.gvt1.com | udp |
| FR | 185.86.139.85:443 | prg.smartadserver.com | tcp |
| NL | 46.228.174.115:443 | tag.1rx.io | tcp |
| NL | 213.19.162.71:443 | prebid-server-perf-eu.rubiconproject.net.akadns.net | tcp |
| DE | 37.252.172.123:443 | ib.adnxs.com | tcp |
| FR | 185.86.139.85:443 | prg.smartadserver.com | tcp |
| US | 69.166.1.8:443 | iad-2-apex.go.sonobi.com | tcp |
| GB | 216.58.201.98:443 | pubads46.g.doubleclick.net | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| GB | 172.217.169.70:443 | s0.2mdn.net | udp |
| GB | 142.250.180.2:443 | googleads4.g.doubleclick.net | udp |
| NL | 213.19.162.71:443 | prebid-server-perf-eu.rubiconproject.net.akadns.net | tcp |
| NL | 46.228.174.115:443 | tag.1rx.io | tcp |
| GB | 216.58.201.106:443 | imasdk.googleapis.com | udp |
| GB | 216.58.201.106:443 | imasdk.googleapis.com | udp |
| FR | 185.86.139.85:443 | prg.smartadserver.com | tcp |
| NL | 213.19.162.71:443 | prebid-server-perf-eu.rubiconproject.net.akadns.net | tcp |
| NL | 46.228.174.115:443 | tag.1rx.io | tcp |
| DE | 37.252.172.123:443 | ib.adnxs.com | tcp |
| US | 69.166.1.8:443 | iad-2-apex.go.sonobi.com | tcp |
| GB | 216.58.201.98:443 | pubads46.g.doubleclick.net | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.180.2:443 | googleads4.g.doubleclick.net | udp |
| GB | 142.250.178.14:443 | analytics.google.com | udp |
| NL | 213.19.162.71:443 | prebid-server-perf-eu.rubiconproject.net.akadns.net | tcp |
| NL | 46.228.174.115:443 | tag.1rx.io | tcp |
| GB | 216.58.201.106:443 | imasdk.googleapis.com | udp |
| NL | 46.228.174.115:443 | tag.1rx.io | tcp |
| NL | 213.19.162.71:443 | prebid-server-perf-eu.rubiconproject.net.akadns.net | tcp |
| FR | 178.32.197.49:443 | euw2.smartadserver.com | tcp |
| US | 23.220.113.164:443 | e11385.dscd.akamaiedge.net | tcp |
| US | 69.166.1.8:443 | iad-2-apex.go.sonobi.com | tcp |
| DE | 37.252.172.123:443 | ib.adnxs.com | tcp |
| GB | 216.58.201.98:443 | pubads46.g.doubleclick.net | udp |
| GB | 172.217.169.70:443 | s0.2mdn.net | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.180.2:443 | googleads4.g.doubleclick.net | udp |
| NL | 46.228.174.115:443 | tag.1rx.io | tcp |
| FR | 178.32.197.49:443 | euw2.smartadserver.com | tcp |
| NL | 213.19.162.71:443 | prebid-server-perf-eu.rubiconproject.net.akadns.net | tcp |
| GB | 216.58.201.106:443 | imasdk.googleapis.com | udp |
| GB | 142.250.200.2:443 | ade.googlesyndication.com | tcp |
| GB | 142.250.200.2:443 | ade.googlesyndication.com | udp |
| US | 23.200.189.164:443 | e11385.dscd.akamaiedge.net | tcp |
| GB | 23.73.139.80:443 | a1970.dscd.akamai.net | tcp |
| NL | 213.19.162.71:443 | prebid-server-perf-eu.rubiconproject.net.akadns.net | tcp |
| NL | 46.228.174.115:443 | tag.1rx.io | tcp |
| FR | 178.32.197.49:443 | euw2.smartadserver.com | tcp |
| GB | 74.125.168.138:443 | rr5---sn-aigl6nze.googlevideo.com | tcp |
| GB | 74.125.168.138:443 | rr5---sn-aigl6nze.googlevideo.com | udp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| US | 69.166.1.8:443 | iad-2-apex.go.sonobi.com | tcp |
| DE | 18.157.230.4:443 | eu-tlx.3lift.com | tcp |
| DE | 37.252.172.123:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | track.venatusmedia.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | st.pubmatic.com | udp |
| GB | 142.250.180.2:443 | googleads4.g.doubleclick.net | udp |
| GB | 142.250.180.2:443 | googleads4.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | ssptkr-ams.pubmnet.com | udp |
| US | 8.8.8.8:53 | e6603.g.akamaiedge.net | udp |
| GB | 142.250.180.2:443 | googleads4.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | content1.avplayer.com | udp |
| US | 8.8.8.8:53 | a1970.dscd.akamai.net | udp |
| US | 173.0.146.6:443 | go1.aniview.com | tcp |
| FR | 178.32.197.49:443 | euw2.smartadserver.com | tcp |
| NL | 46.228.174.115:443 | tag.1rx.io | tcp |
| NL | 213.19.162.71:443 | prebid-server-perf-eu.rubiconproject.net.akadns.net | tcp |
| US | 23.200.189.164:443 | e11385.dscd.akamaiedge.net | tcp |
| FR | 178.32.197.49:443 | euw2.smartadserver.com | tcp |
| US | 69.166.1.8:443 | iad-2-apex.go.sonobi.com | tcp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | eu-tlx.3lift.com | udp |
| DE | 37.252.172.123:443 | ib.adnxs.com | tcp |
| GB | 172.217.169.70:443 | s0.2mdn.net | udp |
| GB | 172.217.169.70:443 | s0.2mdn.net | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| NL | 213.19.162.71:443 | prebid-server-perf-eu.rubiconproject.net.akadns.net | tcp |
| NL | 46.228.174.115:443 | tag.1rx.io | tcp |
| GB | 216.58.201.106:443 | imasdk.googleapis.com | udp |
| GB | 74.125.175.102:443 | rr1---sn-aigl6nzk.googlevideo.com | tcp |
| GB | 74.125.175.102:443 | rr1---sn-aigl6nzk.googlevideo.com | udp |
| GB | 142.250.200.2:443 | ade.googlesyndication.com | udp |
| US | 69.166.1.8:443 | apex.go.sonobi.com | tcp |
| FR | 178.32.197.49:443 | euw2.smartadserver.com | tcp |
| DE | 37.252.172.123:443 | ib.adnxs.com | tcp |
| GB | 172.217.169.70:443 | s0.2mdn.net | udp |
| GB | 172.217.169.70:443 | s0.2mdn.net | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| NL | 46.228.174.115:443 | tag.1rx.io | tcp |
| NL | 213.19.162.71:443 | prebid-server-perf-eu.rubiconproject.net.akadns.net | tcp |
| GB | 216.58.201.106:443 | imasdk.googleapis.com | udp |
| US | 142.250.148.120:443 | csi.gstatic.com | udp |
| US | 142.250.148.120:443 | csi.gstatic.com | tcp |
| US | 142.250.148.120:443 | csi.gstatic.com | tcp |
| US | 142.250.148.120:443 | csi.gstatic.com | tcp |
| US | 142.250.148.120:443 | csi.gstatic.com | tcp |
| US | 23.200.189.164:443 | play.aniview.com | tcp |
| FR | 178.32.197.49:443 | euw2.smartadserver.com | tcp |
| NL | 213.19.162.71:443 | prebid-server-perf-eu.rubiconproject.net.akadns.net | tcp |
| NL | 46.228.174.115:443 | tag.1rx.io | tcp |
| DE | 37.252.172.123:443 | ib.adnxs.com | tcp |
| US | 69.166.1.8:443 | apex.go.sonobi.com | tcp |
| DE | 18.157.230.4:443 | eu-tlx.3lift.com | tcp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| GB | 172.217.169.70:443 | s0.2mdn.net | udp |
| GB | 172.217.169.70:443 | s0.2mdn.net | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | rr4---sn-aigl6nzs.googlevideo.com | udp |
| GB | 142.250.187.225:443 | photos-ugc.l.googleusercontent.com | tcp |
| GB | 74.125.175.73:443 | rr4---sn-aigl6nzs.googlevideo.com | tcp |
| GB | 142.250.187.225:443 | photos-ugc.l.googleusercontent.com | udp |
| GB | 74.125.175.73:443 | rr4---sn-aigl6nzs.googlevideo.com | udp |
| FR | 178.32.197.49:443 | euw2.smartadserver.com | tcp |
| NL | 213.19.162.71:443 | prebid-server.rubiconproject.com | tcp |
| NL | 46.228.174.115:443 | tag.1rx.io | tcp |
| GB | 216.58.201.106:443 | imasdk.googleapis.com | udp |
| US | 69.166.1.8:443 | iad-2-apex.go.sonobi.com | tcp |
| NL | 185.89.210.20:443 | ib.anycast.adnxs.com | tcp |
| US | 23.53.112.234:443 | e6603.g.akamaiedge.net | tcp |
| GB | 172.217.169.70:443 | s0.2mdn.net | udp |
| GB | 172.217.169.70:443 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | googleads4.g.doubleclick.net | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| NL | 213.19.162.71:443 | prebid-server.rubiconproject.com | tcp |
| FR | 185.86.139.95:443 | prg.smartadserver.com | tcp |
| NL | 213.19.162.71:443 | prebid-server.rubiconproject.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| GB | 216.58.201.106:443 | imasdk.googleapis.com | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| NL | 185.89.210.20:443 | ib.anycast.adnxs.com | tcp |
| US | 69.166.1.8:443 | iad-2-apex.go.sonobi.com | tcp |
| US | 23.53.112.234:443 | e6603.g.akamaiedge.net | tcp |
| GB | 172.217.169.70:443 | s0.2mdn.net | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| FR | 185.86.139.95:443 | prg.smartadserver.com | tcp |
| NL | 213.19.162.71:443 | prebid-server.rubiconproject.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| FR | 185.86.139.95:443 | prg.smartadserver.com | tcp |
| NL | 213.19.162.71:443 | prebid-server.rubiconproject.com | tcp |
| GB | 216.58.201.106:443 | imasdk.googleapis.com | udp |
| NL | 185.89.210.20:443 | ib.anycast.adnxs.com | tcp |
| US | 69.166.1.8:443 | iad-2-apex.go.sonobi.com | tcp |
| GB | 172.217.169.70:443 | s0.2mdn.net | udp |
| US | 23.53.112.234:443 | e6603.g.akamaiedge.net | tcp |
| GB | 172.217.169.70:443 | s0.2mdn.net | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.200.2:443 | ade.googlesyndication.com | udp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| FR | 185.86.139.95:443 | prg.smartadserver.com | tcp |
| NL | 213.19.162.71:443 | prebid-server.rubiconproject.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| NL | 213.19.162.71:443 | prebid-server.rubiconproject.com | tcp |
| FR | 185.86.139.95:443 | prg.smartadserver.com | tcp |
| GB | 216.58.201.106:443 | imasdk.googleapis.com | udp |
| NL | 185.89.210.20:443 | ib.anycast.adnxs.com | tcp |
| US | 69.166.1.8:443 | iad-2-apex.go.sonobi.com | tcp |
| DE | 18.157.230.4:443 | eu-tlx.3lift.com | tcp |
| FR | 185.86.139.95:443 | prg.smartadserver.com | tcp |
| GB | 172.217.169.70:443 | s0.2mdn.net | udp |
| GB | 172.217.169.70:443 | s0.2mdn.net | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| GB | 23.73.139.80:443 | a1970.dscd.akamai.net | tcp |
| FR | 185.86.139.95:443 | prg.smartadserver.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| NL | 213.19.162.71:443 | prebid-server.rubiconproject.com | tcp |
| NL | 185.89.210.20:443 | ib.anycast.adnxs.com | tcp |
| US | 69.166.1.8:443 | iad-2-apex.go.sonobi.com | tcp |
| FR | 149.202.238.97:443 | euw2.smartadserver.com | tcp |
| GB | 172.217.169.70:443 | s0.2mdn.net | udp |
| GB | 172.217.169.70:443 | s0.2mdn.net | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| NL | 213.19.162.71:443 | prebid-server.rubiconproject.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| NL | 213.19.162.71:443 | prebid-server.rubiconproject.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| GB | 216.58.201.106:443 | imasdk.googleapis.com | udp |
| GB | 216.58.201.106:443 | imasdk.googleapis.com | udp |
| GB | 216.58.201.106:443 | imasdk.googleapis.com | tcp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| FR | 149.202.238.97:443 | euw2.smartadserver.com | tcp |
| NL | 213.19.162.71:443 | prebid-server.rubiconproject.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| NL | 185.89.210.20:443 | ib.anycast.adnxs.com | tcp |
| US | 69.166.1.8:443 | iad-2-apex.go.sonobi.com | tcp |
| FR | 149.202.238.97:443 | euw2.smartadserver.com | tcp |
| GB | 216.58.213.2:443 | googleads4.g.doubleclick.net | udp |
| GB | 172.217.169.70:443 | s0.2mdn.net | udp |
| GB | 172.217.169.70:443 | s0.2mdn.net | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| NL | 213.19.162.71:443 | prebid-server.rubiconproject.com | tcp |
| GB | 216.58.201.106:443 | imasdk.googleapis.com | udp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| FR | 149.202.238.97:443 | euw2.smartadserver.com | tcp |
| NL | 213.19.162.71:443 | prebid-server.rubiconproject.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| US | 69.166.1.8:443 | iad-2-apex.go.sonobi.com | tcp |
| NL | 185.89.210.20:443 | ib.anycast.adnxs.com | tcp |
| GB | 216.58.213.2:443 | googleads4.g.doubleclick.net | udp |
| GB | 172.217.169.70:443 | s0.2mdn.net | udp |
| GB | 172.217.169.70:443 | s0.2mdn.net | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| NL | 213.19.162.71:443 | prebid-server.rubiconproject.com | tcp |
| GB | 216.58.201.106:443 | imasdk.googleapis.com | udp |
| NL | 213.19.162.71:443 | prebid-server.rubiconproject.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| FR | 149.202.238.97:443 | euw2.smartadserver.com | tcp |
| NL | 185.89.210.20:443 | ib.anycast.adnxs.com | tcp |
| US | 8.8.8.8:53 | apex.go.sonobi.com | udp |
| US | 69.166.1.8:443 | apex.go.sonobi.com | tcp |
| DE | 18.157.230.4:443 | tlx.3lift.com | tcp |
| GB | 216.58.213.2:443 | googleads4.g.doubleclick.net | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| NL | 213.19.162.71:443 | prebid-server.rubiconproject.com | tcp |
| GB | 216.58.201.106:443 | imasdk.googleapis.com | udp |
| NL | 213.19.162.71:443 | prebid-server.rubiconproject.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| NL | 81.17.55.99:443 | euw1.smartadserver.com | tcp |
| GB | 216.58.201.106:443 | imasdk.googleapis.com | udp |
| NL | 185.89.210.20:443 | ib.anycast.adnxs.com | tcp |
| US | 69.166.1.8:443 | apex.go.sonobi.com | tcp |
| GB | 216.58.213.2:443 | googleads4.g.doubleclick.net | udp |
| GB | 172.217.169.70:443 | s0.2mdn.net | udp |
| US | 23.53.112.234:443 | e6603.g.akamaiedge.net | tcp |
| GB | 172.217.169.70:443 | s0.2mdn.net | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| GB | 23.73.139.80:443 | a1970.dscd.akamai.net | tcp |
| NL | 213.19.162.71:443 | prebid-server.rubiconproject.com | tcp |
| NL | 81.17.55.99:443 | euw1.smartadserver.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| NL | 213.19.162.71:443 | prebid-server.rubiconproject.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| NL | 81.17.55.99:443 | euw1.smartadserver.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| US | 69.166.1.8:443 | apex.go.sonobi.com | tcp |
| NL | 185.89.210.20:443 | ib.anycast.adnxs.com | tcp |
| GB | 216.58.213.2:443 | googleads4.g.doubleclick.net | udp |
| GB | 172.217.169.70:443 | s0.2mdn.net | udp |
| US | 23.53.112.234:443 | e6603.g.akamaiedge.net | tcp |
| GB | 172.217.169.70:443 | s0.2mdn.net | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| NL | 81.17.55.99:443 | euw1.smartadserver.com | tcp |
| NL | 213.19.162.71:443 | prebid-server.rubiconproject.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| GB | 216.58.201.106:443 | imasdk.googleapis.com | udp |
| US | 69.166.1.8:443 | apex.go.sonobi.com | tcp |
| NL | 81.17.55.99:443 | euw1.smartadserver.com | tcp |
| NL | 185.89.210.20:443 | ib.anycast.adnxs.com | tcp |
| US | 23.53.112.234:443 | e6603.g.akamaiedge.net | tcp |
| GB | 172.217.169.70:443 | s0.2mdn.net | udp |
| GB | 172.217.169.70:443 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | googleads4.g.doubleclick.net | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| GB | 216.58.201.98:443 | googleads4.g.doubleclick.net | udp |
| GB | 216.58.201.98:443 | googleads4.g.doubleclick.net | tcp |
| NL | 213.19.162.71:443 | prebid-server.rubiconproject.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| NL | 81.17.55.99:443 | euw1.smartadserver.com | tcp |
| NL | 185.89.210.20:443 | ib.anycast.adnxs.com | tcp |
| US | 69.166.1.8:443 | apex.go.sonobi.com | tcp |
| DE | 18.157.230.4:443 | tlx.3lift.com | tcp |
| US | 23.53.112.234:443 | e6603.g.akamaiedge.net | tcp |
| GB | 172.217.169.70:443 | s0.2mdn.net | udp |
| GB | 216.58.201.98:443 | googleads4.g.doubleclick.net | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| NL | 81.17.55.99:443 | euw1.smartadserver.com | tcp |
| NL | 185.89.210.20:443 | ib.anycast.adnxs.com | tcp |
| US | 69.166.1.8:443 | apex.go.sonobi.com | tcp |
| US | 23.53.112.234:443 | e6603.g.akamaiedge.net | tcp |
| GB | 172.217.169.70:443 | s0.2mdn.net | udp |
| GB | 216.58.201.98:443 | googleads4.g.doubleclick.net | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| US | 44.240.83.117:443 | location.services.mozilla.com | tcp |
| NL | 81.17.55.99:443 | euw1.smartadserver.com | tcp |
| NL | 185.89.210.20:443 | ib.anycast.adnxs.com | tcp |
| US | 69.166.1.8:443 | apex.go.sonobi.com | tcp |
| US | 23.53.112.234:443 | e6603.g.akamaiedge.net | tcp |
| GB | 172.217.169.70:443 | s0.2mdn.net | udp |
| GB | 216.58.201.98:443 | googleads4.g.doubleclick.net | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| GB | 23.73.139.56:443 | content1.avplayer.com | udp |
| GB | 23.73.139.80:443 | content1.avplayer.com | tcp |
| GB | 23.73.139.56:443 | content1.avplayer.com | tcp |
| NL | 185.89.210.20:443 | ib.anycast.adnxs.com | tcp |
| DE | 18.157.230.4:443 | tlx.3lift.com | tcp |
| US | 69.166.1.8:443 | apex.go.sonobi.com | tcp |
| NL | 81.17.55.99:443 | euw1.smartadserver.com | tcp |
| US | 23.53.112.234:443 | e6603.g.akamaiedge.net | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| BE | 104.68.68.28:443 | e4751.b.akamaiedge.net | tcp |
| DE | 18.173.233.19:443 | ajs-assets.ftstatic.com | tcp |
| DE | 18.154.63.119:443 | d1dvhck2p605dz.cloudfront.net | tcp |
| IE | 54.228.83.32:443 | tag.device9.com | tcp |
| DE | 18.173.233.54:443 | js.ad-score.com | tcp |
| NL | 72.246.172.44:443 | secure.flashtalking.com | tcp |
| NL | 72.246.172.44:443 | secure.flashtalking.com | tcp |
| NL | 72.246.172.44:443 | secure.flashtalking.com | tcp |
| US | 8.8.8.8:53 | 119.63.154.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.83.228.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.172.246.72.in-addr.arpa | udp |
| GB | 3.9.206.191:443 | ad-interactions-prod-lb-1426714899.eu-west-2.elb.amazonaws.com | tcp |
| NL | 72.246.172.44:443 | secure.flashtalking.com | tcp |
| US | 130.211.115.4:443 | data.ad-score.com | tcp |
| NL | 72.246.172.44:443 | secure.flashtalking.com | tcp |
| NL | 81.17.55.99:443 | euw1.smartadserver.com | tcp |
| NL | 185.89.210.20:443 | ib.adnxs.com | tcp |
| US | 69.166.1.8:443 | apex.go.sonobi.com | tcp |
| GB | 142.250.178.2:443 | ade.googlesyndication.com | udp |
| US | 23.53.112.234:443 | e6603.g.akamaiedge.net | tcp |
| GB | 172.217.169.70:443 | s0.2mdn.net | udp |
| GB | 216.58.201.98:443 | googleads4.g.doubleclick.net | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| US | 69.166.1.8:443 | apex.go.sonobi.com | tcp |
| NL | 185.89.210.20:443 | ib.adnxs.com | tcp |
| FR | 185.86.139.85:443 | prg.smartadserver.com | tcp |
| GB | 142.250.178.2:443 | ade.googlesyndication.com | udp |
| GB | 216.58.201.98:443 | googleads4.g.doubleclick.net | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| FR | 185.86.139.85:443 | prg.smartadserver.com | tcp |
| NL | 185.89.210.20:443 | ib.adnxs.com | tcp |
| US | 69.166.1.8:443 | apex.go.sonobi.com | tcp |
| GB | 142.250.178.2:443 | ade.googlesyndication.com | udp |
| GB | 172.217.169.70:443 | s0.2mdn.net | udp |
| GB | 216.58.201.98:443 | googleads4.g.doubleclick.net | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| BE | 23.14.90.89:443 | cdn.doubleverify.com | tcp |
| IE | 52.208.114.190:443 | d.agkn.com | tcp |
| US | 23.53.113.23:443 | e7876.dscg.akamaiedge.net | tcp |
| US | 130.211.44.5:443 | rtbc-ew1.doubleverify.com | tcp |
| GB | 172.217.169.70:443 | s0.2mdn.net | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | udp |
| US | 130.211.44.5:443 | rtbc-ew1.doubleverify.com | tcp |
| GB | 142.250.200.2:443 | ade.googlesyndication.com | udp |
| DE | 18.157.230.4:443 | eu-tlx.3lift.com | tcp |
| FR | 185.86.139.85:443 | prg.smartadserver.com | tcp |
| NL | 185.89.210.20:443 | ib.adnxs.com | tcp |
| US | 69.166.1.8:443 | apex.go.sonobi.com | tcp |
| GB | 142.250.178.2:443 | ade.googlesyndication.com | udp |
| GB | 172.217.169.70:443 | s0.2mdn.net | udp |
| GB | 216.58.201.98:443 | googleads4.g.doubleclick.net | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| GB | 23.73.139.80:443 | content1.avplayer.com | tcp |
| US | 69.166.1.8:443 | apex.go.sonobi.com | tcp |
| FR | 185.86.139.85:443 | prg.smartadserver.com | tcp |
| NL | 185.89.210.20:443 | ib.adnxs.com | tcp |
| US | 23.53.112.234:443 | e6603.g.akamaiedge.net | tcp |
| GB | 172.217.169.70:443 | s0.2mdn.net | udp |
| GB | 216.58.201.98:443 | googleads4.g.doubleclick.net | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| US | 69.166.1.8:443 | apex.go.sonobi.com | tcp |
| FR | 185.86.139.85:443 | prg.smartadserver.com | tcp |
| NL | 185.89.210.20:443 | ib.adnxs.com | tcp |
| GB | 216.58.201.98:443 | googleads4.g.doubleclick.net | udp |
| GB | 216.58.201.98:443 | googleads4.g.doubleclick.net | udp |
| US | 23.53.112.234:443 | e6603.g.akamaiedge.net | tcp |
| GB | 172.217.169.70:443 | s0.2mdn.net | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| NL | 185.89.210.20:443 | ib.adnxs.com | tcp |
| US | 69.166.1.8:443 | apex.go.sonobi.com | tcp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| FR | 185.86.139.85:443 | itx4.smartadserver.com | tcp |
| BE | 104.117.77.160:443 | ced-ns.sascdn.com | tcp |
| GB | 216.58.201.98:443 | googleads4.g.doubleclick.net | udp |
| BE | 104.117.77.152:443 | a1977.dscb.akamai.net | tcp |
| FR | 164.132.25.177:443 | www14.smartadserver.com | tcp |
| GB | 172.217.169.70:443 | s0.2mdn.net | udp |
| FR | 185.86.139.96:443 | itx4.smartadserver.com | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| DE | 108.157.4.66:443 | www.file.io | tcp |
| US | 8.8.8.8:53 | 96.139.86.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.77.117.104.in-addr.arpa | udp |
| FR | 164.132.25.177:443 | www14.smartadserver.com | tcp |
| GB | 142.250.200.2:443 | ade.googlesyndication.com | udp |
| NL | 185.89.210.20:443 | ib.adnxs.com | tcp |
| US | 69.166.1.8:443 | apex.go.sonobi.com | tcp |
| DE | 18.157.230.4:443 | tlx.3lift.com | tcp |
| FR | 185.86.139.85:443 | itx4.smartadserver.com | tcp |
| GB | 172.217.169.70:443 | s0.2mdn.net | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| US | 23.53.112.234:443 | ads.pubmatic.com | tcp |
| US | 69.166.1.8:443 | apex.go.sonobi.com | tcp |
| NL | 185.89.210.20:443 | ib.adnxs.com | tcp |
| NL | 89.149.192.65:443 | euw1.smartadserver.com | tcp |
| GB | 23.73.139.80:443 | a1970.dscd.akamai.net | tcp |
| GB | 216.58.201.98:443 | googleads4.g.doubleclick.net | udp |
| US | 23.53.112.234:443 | ads.pubmatic.com | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| NL | 185.89.210.20:443 | ib.adnxs.com | tcp |
| US | 69.166.1.8:443 | apex.go.sonobi.com | tcp |
| NL | 89.149.192.65:443 | euw1.smartadserver.com | tcp |
| GB | 216.58.201.98:443 | googleads4.g.doubleclick.net | udp |
| GB | 216.58.201.98:443 | googleads4.g.doubleclick.net | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| BE | 104.68.68.28:443 | e4751.b.akamaiedge.net | tcp |
| DE | 18.173.233.72:443 | ajs-assets.ftstatic.com | tcp |
| DE | 18.154.63.119:443 | d1dvhck2p605dz.cloudfront.net | tcp |
| US | 8.8.8.8:53 | stat.flashtalking.com | udp |
| DE | 18.173.233.54:443 | d30hfjcp71s79q.cloudfront.net | tcp |
| NL | 72.246.172.44:443 | cdn.flashtalking.com | tcp |
| NL | 72.246.172.44:443 | cdn.flashtalking.com | tcp |
| NL | 72.246.172.44:443 | cdn.flashtalking.com | tcp |
| IE | 54.228.83.32:443 | tag.device9.com | tcp |
| GB | 3.9.206.191:443 | ad-interactions-prod-lb-1426714899.eu-west-2.elb.amazonaws.com | tcp |
| NL | 72.246.172.44:443 | cdn.flashtalking.com | tcp |
| US | 130.211.115.4:443 | data.ad-score.com | tcp |
| NL | 72.246.172.44:443 | cdn.flashtalking.com | tcp |
| US | 69.166.1.8:443 | apex.go.sonobi.com | tcp |
| NL | 89.149.192.65:443 | euw1.smartadserver.com | tcp |
| NL | 185.89.210.20:443 | ib.adnxs.com | tcp |
| GB | 172.217.169.70:443 | s0.2mdn.net | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| IE | 176.34.167.98:443 | autodesk.demdex.net | tcp |
| US | 69.166.1.8:443 | apex.go.sonobi.com | tcp |
| NL | 185.89.210.20:443 | ib.adnxs.com | tcp |
| NL | 89.149.192.65:443 | euw1.smartadserver.com | tcp |
| DE | 18.157.230.4:443 | eu-tlx.3lift.com | tcp |
| GB | 216.58.201.98:443 | googleads4.g.doubleclick.net | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | ad-events.flashtalking.com | udp |
| DE | 18.173.233.54:443 | d30hfjcp71s79q.cloudfront.net | tcp |
| NL | 72.246.172.44:443 | cdn.flashtalking.com | tcp |
| NL | 72.246.172.44:443 | cdn.flashtalking.com | tcp |
| DE | 18.173.233.54:443 | d30hfjcp71s79q.cloudfront.net | tcp |
| US | 130.211.115.4:443 | data.ad-score.com | tcp |
| NL | 72.246.172.44:443 | cdn.flashtalking.com | tcp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| NL | 185.89.210.20:443 | ib.anycast.adnxs.com | tcp |
| NL | 89.149.192.65:443 | euw1.smartadserver.com | tcp |
| US | 69.166.1.8:443 | apex.go.sonobi.com | tcp |
| GB | 172.217.169.70:443 | s0.2mdn.net | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| US | 130.211.115.4:443 | data.ad-score.com | tcp |
| GB | 23.73.139.80:443 | a1970.dscd.akamai.net | tcp |
| US | 69.166.1.8:443 | apex.go.sonobi.com | tcp |
| NL | 89.149.192.65:443 | euw1.smartadserver.com | tcp |
| DE | 37.252.172.123:443 | ib.adnxs.com | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | agen-assets.ftstatic.com | udp |
| US | 8.8.8.8:53 | d3f1y6rso5ozvw.cloudfront.net | udp |
| US | 8.8.8.8:53 | cdn.flashtalking.com | udp |
| US | 8.8.8.8:53 | js.ad-score.com | udp |
| US | 8.8.8.8:53 | ad-events.flashtalking.com | udp |
| DE | 18.173.233.54:443 | js.ad-score.com | tcp |
| NL | 72.246.172.44:443 | e1486.b.akamaiedge.net | tcp |
| NL | 72.246.172.44:443 | e1486.b.akamaiedge.net | tcp |
| DE | 18.173.233.54:443 | js.ad-score.com | tcp |
| US | 130.211.115.4:443 | data.ad-score.com | tcp |
| NL | 72.246.172.44:443 | e1486.b.akamaiedge.net | tcp |
| DE | 37.252.172.123:443 | ib.adnxs.com | tcp |
| US | 69.166.1.8:443 | apex.go.sonobi.com | tcp |
| NL | 89.149.192.65:443 | euw1.smartadserver.com | tcp |
| DE | 18.157.230.4:443 | tlx.3lift.com | tcp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | udp |
| US | 23.53.112.234:443 | e6603.g.akamaiedge.net | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| DE | 18.173.233.54:443 | js.ad-score.com | tcp |
| NL | 72.246.172.44:443 | e1486.b.akamaiedge.net | tcp |
| DE | 18.173.233.54:443 | js.ad-score.com | tcp |
| DE | 37.252.172.123:443 | ib.adnxs.com | tcp |
| US | 69.166.1.8:443 | apex.go.sonobi.com | tcp |
| NL | 89.149.192.65:443 | euw1.smartadserver.com | tcp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | udp |
| US | 23.53.112.234:443 | e6603.g.akamaiedge.net | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | e6603.g.akamaiedge.net | udp |
| US | 130.211.115.4:443 | data.ad-score.com | tcp |
| DE | 18.173.233.72:443 | d3f1y6rso5ozvw.cloudfront.net | tcp |
| US | 8.8.8.8:53 | js.ad-score.com | udp |
| NL | 72.246.172.44:443 | stat.flashtalking.com | tcp |
| US | 8.8.8.8:53 | ad-events.flashtalking.com | udp |
| DE | 18.173.233.54:443 | d30hfjcp71s79q.cloudfront.net | tcp |
| DE | 18.173.233.54:443 | d30hfjcp71s79q.cloudfront.net | tcp |
| US | 69.166.1.8:443 | apex.go.sonobi.com | tcp |
| NL | 89.149.192.65:443 | euw1.smartadserver.com | tcp |
| DE | 37.252.172.123:443 | ib.adnxs.com | tcp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | udp |
| US | 23.53.112.234:443 | ads.pubmatic.com | tcp |
| US | 8.8.8.8:53 | st.pubmatic.com | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| GB | 172.217.169.70:443 | s0.2mdn.net | udp |
| IE | 54.194.78.109:443 | autodesk.demdex.net | tcp |
| US | 8.8.8.8:53 | googleads4.g.doubleclick.net | udp |
| US | 69.166.1.8:443 | apex.go.sonobi.com | tcp |
| DE | 37.252.172.123:443 | ib.adnxs.com | tcp |
| NL | 89.149.192.65:443 | euw1.smartadserver.com | tcp |
| GB | 216.58.204.66:443 | googleads4.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 23.53.112.234:443 | e6603.g.akamaiedge.net | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | js.ad-score.com | udp |
| US | 8.8.8.8:53 | ad-events.flashtalking.com | udp |
| US | 8.8.8.8:53 | stat.flashtalking.com | udp |
| NL | 72.246.172.44:443 | cdn.flashtalking.com | tcp |
| NL | 72.246.172.44:443 | cdn.flashtalking.com | tcp |
| DE | 18.173.233.54:443 | d30hfjcp71s79q.cloudfront.net | tcp |
| DE | 18.173.233.54:443 | d30hfjcp71s79q.cloudfront.net | tcp |
| US | 130.211.115.4:443 | data.ad-score.com | tcp |
| NL | 72.246.172.44:443 | cdn.flashtalking.com | tcp |
| NL | 72.246.172.44:443 | cdn.flashtalking.com | tcp |
| NL | 72.246.172.44:443 | cdn.flashtalking.com | tcp |
| NL | 72.246.172.44:443 | cdn.flashtalking.com | tcp |
| GB | 23.73.139.80:443 | content1.avplayer.com | tcp |
| DE | 37.252.172.123:443 | ib.adnxs.com | tcp |
| NL | 89.149.192.65:443 | euw1.smartadserver.com | tcp |
| US | 69.166.1.8:443 | iad-2-apex.go.sonobi.com | tcp |
| DE | 18.157.230.4:443 | tlx.3lift.com | tcp |
| GB | 216.58.204.66:443 | googleads4.g.doubleclick.net | udp |
| US | 23.53.112.234:443 | e6603.g.akamaiedge.net | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| DE | 18.173.233.54:443 | d30hfjcp71s79q.cloudfront.net | tcp |
| DE | 18.173.233.54:443 | d30hfjcp71s79q.cloudfront.net | tcp |
| DE | 37.252.172.123:443 | ib.adnxs.com | tcp |
| NL | 89.149.192.65:443 | euw1.smartadserver.com | tcp |
| US | 69.166.1.8:443 | iad-2-apex.go.sonobi.com | tcp |
| GB | 216.58.204.66:443 | googleads4.g.doubleclick.net | udp |
| US | 23.53.112.234:443 | e6603.g.akamaiedge.net | tcp |
| GB | 172.217.169.70:443 | s0.2mdn.net | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| US | 23.53.112.234:443 | e6603.g.akamaiedge.net | tcp |
| US | 69.166.1.8:443 | iad-2-apex.go.sonobi.com | tcp |
| NL | 89.149.192.65:443 | euw1.smartadserver.com | tcp |
| DE | 37.252.172.123:443 | ib.adnxs.com | tcp |
| GB | 216.58.204.66:443 | googleads4.g.doubleclick.net | udp |
| GB | 216.58.204.66:443 | googleads4.g.doubleclick.net | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| US | 23.53.112.234:443 | e6603.g.akamaiedge.net | tcp |
| US | 23.53.112.234:443 | e6603.g.akamaiedge.net | tcp |
| US | 8.8.8.8:53 | ad-events.flashtalking.com | udp |
| US | 8.8.8.8:53 | stat.flashtalking.com | udp |
| DE | 18.173.233.54:443 | d30hfjcp71s79q.cloudfront.net | tcp |
| DE | 18.173.233.54:443 | d30hfjcp71s79q.cloudfront.net | tcp |
| US | 130.211.115.4:443 | data.ad-score.com | tcp |
| NL | 72.246.172.44:443 | stat.flashtalking.com | tcp |
| US | 69.166.1.8:443 | iad-2-apex.go.sonobi.com | tcp |
| DE | 37.252.172.123:443 | ib.adnxs.com | tcp |
| NL | 89.149.192.65:443 | euw1.smartadserver.com | tcp |
| GB | 216.58.204.66:443 | googleads4.g.doubleclick.net | udp |
| US | 23.53.112.234:443 | e6603.g.akamaiedge.net | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| DE | 18.173.233.19:443 | d3f1y6rso5ozvw.cloudfront.net | tcp |
| DE | 18.173.233.54:443 | d30hfjcp71s79q.cloudfront.net | tcp |
| NL | 72.246.172.44:443 | stat.flashtalking.com | tcp |
| DE | 18.173.233.54:443 | d30hfjcp71s79q.cloudfront.net | tcp |
| NL | 89.149.192.65:443 | euw1.smartadserver.com | tcp |
| US | 69.166.1.8:443 | iad-2-apex.go.sonobi.com | tcp |
| DE | 37.252.172.123:443 | ib.adnxs.com | tcp |
| DE | 18.157.230.4:443 | tlx.3lift.com | tcp |
| GB | 216.58.204.66:443 | googleads4.g.doubleclick.net | udp |
| US | 23.53.112.234:443 | e6603.g.akamaiedge.net | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| NL | 72.246.172.44:443 | stat.flashtalking.com | tcp |
| US | 8.8.8.8:53 | ad-events.flashtalking.com | udp |
| DE | 18.173.233.54:443 | d30hfjcp71s79q.cloudfront.net | tcp |
| DE | 18.173.233.54:443 | d30hfjcp71s79q.cloudfront.net | tcp |
| GB | 23.73.139.80:443 | content1.avplayer.com | tcp |
| DE | 37.252.172.123:443 | ib.adnxs.com | tcp |
| NL | 89.149.192.65:443 | euw1.smartadserver.com | tcp |
| US | 69.166.1.8:443 | iad-2-apex.go.sonobi.com | tcp |
| GB | 216.58.204.66:443 | googleads4.g.doubleclick.net | udp |
| US | 23.53.112.234:443 | e6603.g.akamaiedge.net | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| US | 130.211.115.4:443 | data.ad-score.com | tcp |
| DE | 18.173.233.54:443 | d30hfjcp71s79q.cloudfront.net | tcp |
| NL | 72.246.172.44:443 | stat.flashtalking.com | tcp |
| DE | 18.173.233.54:443 | d30hfjcp71s79q.cloudfront.net | tcp |
| DE | 37.252.172.123:443 | ib.adnxs.com | tcp |
| US | 69.166.1.8:443 | iad-2-apex.go.sonobi.com | tcp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| NL | 89.149.192.65:443 | euw1.smartadserver.com | tcp |
| US | 8.8.8.8:53 | d1jvc9b8z3vcjs.cloudfront.net | udp |
| US | 8.8.8.8:53 | eu-tlx.3lift.com | udp |
| US | 8.8.8.8:53 | eu-tlx.3lift.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | track.venatusmedia.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | track.venatusmedia.com | udp |
| US | 8.8.8.8:53 | track.venatusmedia.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 23.53.112.234:443 | ads.pubmatic.com | tcp |
| US | 8.8.8.8:53 | e6603.g.akamaiedge.net | udp |
| US | 8.8.8.8:53 | st.pubmatic.com | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | servedby.flashtalking.com | udp |
| US | 130.211.115.4:443 | data.ad-score.com | tcp |
| US | 8.8.8.8:53 | d3f1y6rso5ozvw.cloudfront.net | udp |
| US | 8.8.8.8:53 | d1dvhck2p605dz.cloudfront.net | udp |
| US | 8.8.8.8:53 | d1dvhck2p605dz.cloudfront.net | udp |
| US | 8.8.8.8:53 | d9.flashtalking.com | udp |
| US | 8.8.8.8:53 | cdn.flashtalking.com | udp |
| US | 8.8.8.8:53 | js.ad-score.com | udp |
| NL | 72.246.172.44:443 | cdn.flashtalking.com | tcp |
| US | 8.8.8.8:53 | e1486.b.akamaiedge.net | udp |
| US | 8.8.8.8:53 | tag.device9.com | udp |
| DE | 18.173.233.54:443 | js.ad-score.com | tcp |
| US | 8.8.8.8:53 | d30hfjcp71s79q.cloudfront.net | udp |
| DE | 18.173.233.54:443 | d30hfjcp71s79q.cloudfront.net | tcp |
| US | 8.8.8.8:53 | tag.device9.com | udp |
| US | 8.8.8.8:53 | d30hfjcp71s79q.cloudfront.net | udp |
| US | 8.8.8.8:53 | track1.avplayer.com | udp |
| US | 8.8.8.8:53 | track-sc.avplayer.com | udp |
| US | 8.8.8.8:53 | track-sc.avplayer.com | udp |
| US | 8.8.8.8:53 | stat.flashtalking.com | udp |
| US | 8.8.8.8:53 | e1486.b.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e1486.b.akamaiedge.net | udp |
| NL | 89.149.192.65:443 | euw1.smartadserver.com | tcp |
| US | 8.8.8.8:53 | elb.the-ozone-project.com | udp |
| DE | 37.252.172.123:443 | ib.adnxs.com | tcp |
| US | 69.166.1.8:443 | iad-2-apex.go.sonobi.com | tcp |
| US | 8.8.8.8:53 | elb.the-ozone-project.com | udp |
| US | 8.8.8.8:53 | elb.the-ozone-project.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | securepubads46.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | securepubads46.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | track.venatusmedia.com | udp |
| US | 8.8.8.8:53 | cdn.doubleverify.com | udp |
| GB | 172.217.169.70:443 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 23.53.112.234:443 | ads.pubmatic.com | tcp |
| GB | 172.217.169.70:443 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | secure.insightexpressai.com | udp |
| US | 8.8.8.8:53 | d.agkn.com | udp |
| US | 8.8.8.8:53 | a1241.dsct.akamai.net | udp |
| US | 8.8.8.8:53 | e6603.g.akamaiedge.net | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| US | 23.53.113.23:443 | e7876.dscg.akamaiedge.net | tcp |
| IE | 52.208.114.190:443 | d.agkn.com | tcp |
| US | 8.8.8.8:53 | e6603.g.akamaiedge.net | udp |
| US | 8.8.8.8:53 | tag-terraform-elb-253521921.eu-west-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | e7876.dscg.akamaiedge.net | udp |
| GB | 23.73.139.65:443 | a1806.dscd.akamai.net | tcp |
| US | 130.211.44.5:443 | rtbc-ew1.doubleverify.com | tcp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| GB | 216.58.204.66:443 | www.googletagservices.com | udp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| US | 130.211.44.5:443 | rtbc-ew1.doubleverify.com | tcp |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| GB | 142.250.180.2:443 | ade.googlesyndication.com | udp |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| DE | 37.252.172.123:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | apex.go.sonobi.com | udp |
| NL | 89.149.192.65:443 | euw1.smartadserver.com | tcp |
| US | 8.8.8.8:53 | d1jvc9b8z3vcjs.cloudfront.net | udp |
| US | 8.8.8.8:53 | eu-tlx.3lift.com | udp |
| DE | 18.157.230.4:443 | eu-tlx.3lift.com | tcp |
| US | 69.166.1.8:443 | iad-2-apex.go.sonobi.com | tcp |
| US | 8.8.8.8:53 | eu-tlx.3lift.com | udp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | track.venatusmedia.com | udp |
| US | 8.8.8.8:53 | track.venatusmedia.com | udp |
| US | 8.8.8.8:53 | track.venatusmedia.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 23.53.112.234:443 | ads.pubmatic.com | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | servedby.flashtalking.com | udp |
| US | 8.8.8.8:53 | e6603.g.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e4751.b.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e6603.g.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e4751.b.akamaiedge.net | udp |
| US | 8.8.8.8:53 | agen-assets.ftstatic.com | udp |
| US | 8.8.8.8:53 | d3f1y6rso5ozvw.cloudfront.net | udp |
| US | 8.8.8.8:53 | d1dvhck2p605dz.cloudfront.net | udp |
| US | 8.8.8.8:53 | d3f1y6rso5ozvw.cloudfront.net | udp |
| US | 8.8.8.8:53 | d1dvhck2p605dz.cloudfront.net | udp |
| US | 8.8.8.8:53 | d9.flashtalking.com | udp |
| US | 8.8.8.8:53 | cdn.flashtalking.com | udp |
| US | 8.8.8.8:53 | js.ad-score.com | udp |
| US | 8.8.8.8:53 | ad-events.flashtalking.com | udp |
| US | 8.8.8.8:53 | stat.flashtalking.com | udp |
| US | 8.8.8.8:53 | tag.device9.com | udp |
| US | 8.8.8.8:53 | e1486.b.akamaiedge.net | udp |
| NL | 72.246.172.44:443 | e1486.b.akamaiedge.net | tcp |
| NL | 72.246.172.44:443 | e1486.b.akamaiedge.net | tcp |
| DE | 18.173.233.54:443 | js.ad-score.com | tcp |
| DE | 18.173.233.54:443 | js.ad-score.com | tcp |
| US | 130.211.115.4:443 | data.ad-score.com | tcp |
| US | 8.8.8.8:53 | tag.device9.com | udp |
| US | 8.8.8.8:53 | e1486.b.akamaiedge.net | udp |
| US | 8.8.8.8:53 | d30hfjcp71s79q.cloudfront.net | udp |
| US | 8.8.8.8:53 | ad-interactions-prod-lb-1426714899.eu-west-2.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | d30hfjcp71s79q.cloudfront.net | udp |
| US | 8.8.8.8:53 | ad-interactions-prod-lb-1426714899.eu-west-2.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | secure.flashtalking.com | udp |
| NL | 72.246.172.44:443 | secure.flashtalking.com | tcp |
| US | 8.8.8.8:53 | stat.flashtalking.com | udp |
| US | 8.8.8.8:53 | e1486.b.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e1486.b.akamaiedge.net | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\datareporting\glean\pending_pings\fe96d5f1-d595-483c-950a-e8803cd08794
| MD5 | 7bd307f88af62a8f5f55e32775921882 |
| SHA1 | 9bd815507be6d94a3957f6d3c9794462e7d5a5cc |
| SHA256 | a04a17811da486ed101233b1109db20581a6463e6b322a645a06f48016fc505b |
| SHA512 | 0f2cff41c73bffdfacb12ff0b4c76616fadf01af66956eb248627e35598a7d957c45b2a7ae7814ca48751d5f28a9b7efa11460b1c2bda9dce609258afc57fc41 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\datareporting\glean\pending_pings\c39e84d7-8c39-4477-be99-83e35641b8c3
| MD5 | 45e5c7781a1c95ab9ad3ab62876f195e |
| SHA1 | 7eb48a539df128ee78761c173cbb605a834434f4 |
| SHA256 | 5e867157bca29884c64c24440d090f24f0c69594fbc10dc1f59c574638439462 |
| SHA512 | f8e9b94b9673c897ba44bef98f21f9360b4f6fe7496826526e568994c3d76bab497896253382f47f3a617f000a69f184b665bcc060de826344a1a4836cb7ce83 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\datareporting\glean\db\data.safe.bin
| MD5 | f151fa6c719506fc9cae608d5da98461 |
| SHA1 | 3e88a73f8752e023f0c9620cb1d0f97576103031 |
| SHA256 | 81a7d48c83426f312ac07f0caf8ad78969941fe4fb40ca04ca1e609a0ad16d69 |
| SHA512 | b94cd0db714e929cf592719385b280d79a0b306ae03fcbeda428876a1c2b267a3612c5291f333402583a312fa9a2fae29a29f671d41dabb1e788a7632f51843d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | b161c7a30c50f69ea05e159a93039c44 |
| SHA1 | cfc9e0ec94dc6f981c5058f84a792b8c554e68a4 |
| SHA256 | a128c6fad2ab59aeb9f1cead2df9e9a40e0275a2c31324d762166c8150cf8005 |
| SHA512 | b7783e70580513bb3d09d313366b962f6716995de714637fc2aa5475da70f0932b2b66ceb7833a68a021927b5053509bece43d5a478dbc9c14b62b27a34dec12 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\prefs-1.js
| MD5 | 3eb102a3982ffb781ba00dcf3ab6de9b |
| SHA1 | 7c34ed98530a27d38beb3cb42086a92a7bdddb6f |
| SHA256 | 9458fd1d618db5e39ce0710206155f3cef0b13872c92f00303f2e416a809464a |
| SHA512 | e1fa976018fcb154fcf3fe8a90bf49d59799da63ea6fea55366fc4696d3a51dbed959287f10e60b3cb8e32d2b139b8a05f0d1e4142fd6d7c6d4518f35c89e268 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | f4d7fd384842da3464996605b90770a1 |
| SHA1 | 4875593406edc84692726a1b543bdaaf45bdb20e |
| SHA256 | 7d820a3f5b835c436088ac38f1ecb0d0c9b5ad8f8cba3c963fa46744df04eb20 |
| SHA512 | f4e6557594109fba7d23c337486c18684feecfe2c5ab29cf42ccfc410ea0215727d450d094b74d79f1dd4239cef6760909882fe4bb37eae88f29d5b4b9ea17fc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 35a184d3103e8658aaa0ebbd38906418 |
| SHA1 | fe4e4e6e808a65a1b1a7596b02cf750256f53dcd |
| SHA256 | a0fa733206e78da33fec3680da0c8bad155992f5eabcbce01407e852ac519b4b |
| SHA512 | 9a8136f200cdec991bb6290f9536dd82fc3e0cef2235420df5aa506547dad9938259b238a9eefc44d4314fa4a1813258c7c213d23daebe624b752bbe522fe8b0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\prefs.js
| MD5 | 541be1e72397b1ca9dce8723fd12f1e7 |
| SHA1 | 848272414f5582000b4902fdbdbad8e04344395a |
| SHA256 | cf79fe60148e5301a0cb2a6c3efda3ed21208d6e1b0c3bed10e8333324224658 |
| SHA512 | 75f2ccf0646f1188a12f5fde3dde1828b6e1dc9d5a850034e5f05a37177560eb564c91ec5b3776c62c8e46776ad5bc04158e385511c4582d0a5a2d173c5727d7 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\doomed\16660
| MD5 | 308cd87c993445e77c9567e067bbd5b4 |
| SHA1 | cfd786d1eacaef6357bc0615e2a21654cd1d6781 |
| SHA256 | b6610ff75fb15a3c8572b77cde9ae6e08fc177b1c473561485868cc34c3d81ca |
| SHA512 | 225b4f971c743b5d7e80fdd18f0a8918c1130e9ee8e872860fa87076d2bdb6830486a7ee68d3640c12cfd98655cd9d96eb71fa9e1cd154c4ba677f5c68bf816e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | ff53323c7e76cf9183258563af6c130b |
| SHA1 | ad96c442dc5b808afbbc3dcb072d551512ceaac5 |
| SHA256 | 3c58500a1021ca8447eeabf5cfe421786775b5985e1735077d1ed0e8ae756642 |
| SHA512 | 9d368af4d935075171dbe8570b6931ca00c96eb1aff6b9b598663baafc8ab7193b207cba8c9c328bba7fe6fff97d2834973d0154b9623285b155871ea92972af |
C:\Users\Admin\Desktop\app.asar
| MD5 | fce47a98dbd20dffaf3a6723760eeca5 |
| SHA1 | 47a3c03a378bb7a46a290071fe805a556135898f |
| SHA256 | d13e4cb61a63cd76369804644c0a948a5a472f83a77b49199c12575434261b93 |
| SHA512 | dfe841643191c8302aa4986fb58a879230338ffe5c90224d727a9452d44f32e4e96d096b7c0df250c66022b6abb8218611a4ee7393f5cbca5853321cbda57bb6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 78a67b181b6cedf32102dbae3d9d7848 |
| SHA1 | c822bf42329a8aef694989602450eaf73c6fc0be |
| SHA256 | 854a7066ee70b0de189ff0a07b3730f84dd4119bbc4042e860e8fedde91f7722 |
| SHA512 | 8232cbde435a5277595c80a786e286bca8a14f42a9af7892c12fb74519e39fee80d8559b1f5351f35194e4893daaedb51a54903de9010606f2260c9bc30cc300 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\doomed\9162
| MD5 | be0bc089cecb56c24215b5ee3bd1a62b |
| SHA1 | 2f885c4ba996b34fdd21f1fc15737c1a3e1ba9f3 |
| SHA256 | 0d9a2228d0571866f88bae8096d0cce351d20cb2a16aa5d7201c54769f540672 |
| SHA512 | 4b364ba1f4c2efe4b2055770082be577668b196cd1877d7ba74b2eaca4bb5673a36cfb2c648049235755386a56759c10b59e248703003050158412bdc0574e28 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\entries\E7977F6E10AFB3B4A8B829A51A5BF2749364C136
| MD5 | 13b920ffaf538504bd5adc4716eff45b |
| SHA1 | b25455814bc31d9ed11efcb5e646dc74a54f4647 |
| SHA256 | acb1d24306ca6dec4517420358c68d562f19ca9f4ba7200cc154aefa8b358323 |
| SHA512 | 424846569f9dce0841281a8c56799f1598500630e98de079f05defc5e145dab13da13f2e2f89f6654545afc742ebd1309e0d43e210667d488619d1c55cd4c139 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\doomed\17650
| MD5 | e9822fb2db4b738f4faf475dead2673e |
| SHA1 | a171c535a29bfa842b411023b96e06535911dc8f |
| SHA256 | 8cbc539eadfe4266a233401e99bc9c7c4c630bf041712bd2be7e8283f8aa0618 |
| SHA512 | 645d32d5c0d50e44f88074fe51181cf936f04ada63f1f719261054b5c274429262390d7bad6ddc8210c20dae9dbacc959b7225e96e91a96c622de139365d35d1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\entries\D1393B593D6D8D609DB1AE29D99DE5A504F1BA2B
| MD5 | d43a2c19528e6bbb5fff3d777ab9b6bb |
| SHA1 | c0e6392875ba8f20fc6af6103af70614eb288e5a |
| SHA256 | 721d48d8eeec294df637e81cdd5a67175a9f35468e06fbce46de1d93011cc2d9 |
| SHA512 | b7f074e88deb917fa4bbdedfabc6930efc6d619799f2aa4024dd543da71cdc53417eec3b11a97d6e38d0eaba944086ab7437c1999d82523656520e5617301301 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\entries\B97D3557F7FB6D914414CD2D9D66059E5A353224
| MD5 | 2db03e3f2e4ae6d20d35e32882626f6d |
| SHA1 | 7fbcadf0991435c139ea460636a8eb1432b02431 |
| SHA256 | c900133eae00e9fbe5ada94690dfbbf94aecfcd56f83463952e90e3957599011 |
| SHA512 | a641bc6e51f6adf37a134bbc830e521f70b32aed689c8b6a7a1c17240b2f7a1f85d19917c480f8a0328374c98ffca63efb86613350ff782a606027946fea2914 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\entries\FA2083489969D30038DCF1A73D2A1DE76CE5D9FC
| MD5 | 9f5575f3e4445b3fcb46477ea6114c61 |
| SHA1 | ff4e791d61b8155c2015d4215cbcd2302dc8ba91 |
| SHA256 | 1b4fd0a2e56130746d77b3abbacb976ae5b771ac87b3c65b3c2e1e71f11207af |
| SHA512 | a43177afcb48da58a7bf7c69eecf0d044296ee5bbeba730a8e8d8c1053a6fa4589080dbd85992a37c78bf1c8de7baf5cd3fe43e9c36b97e2420789f72615763a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\doomed\432
| MD5 | 1784db1065c3520c7560cb8ef752e6a6 |
| SHA1 | 063c503bed108c027047a86bd874a669d0ba1f36 |
| SHA256 | a926606a00afb6752d7eaf146ed60ef8709dce6996d8616068485adb7601ba93 |
| SHA512 | d91e17ccae5406fb129d70a11b68e2331f212450f6e5b66288fe1af1f109388635b70026a42bcc8b159456b56b7538422ed28aae806db2fb2811e8b4381bad69 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\doomed\3600
| MD5 | 7bff28372d28d57c585ec34030703459 |
| SHA1 | 4f68998c9e408c3994251511787d8cade0de7aba |
| SHA256 | c8d9ce4c3d825fcd6b849474e2eab15313910d262ae738b71174e2bf4341e42a |
| SHA512 | 9c81f6dd2d62fc7b07bc3cc31ce22603b9980df2ecc58afd7e2f7408ebe5de6ae0f6fcf97a25646427a3e9f58cdd28f4ddb58b4e3b706b5ad3cf5d439b8f1a74 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\doomed\6192
| MD5 | 41457162643da2a53d51955fafebeb09 |
| SHA1 | 4ab230a174c00a6f1fcf384a8772b6ec40368845 |
| SHA256 | 0104c1f87f3f8f0cce40c8464bbe059523adc57aa9a1bb1a0bc266a88b0ccfad |
| SHA512 | eefbe3f868722cb2958e99e5fc27a7f5208510600e139cab5f3c4a520cca86fdff15023f9fe008406dd873016769dfece220eaa46106984d0e320b05df81ea66 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | cc4687967e2b3be86c877c5ad19ee632 |
| SHA1 | 52272b44e245dc2e10d784d216a2b5d3455db7e7 |
| SHA256 | a29c49f0a6046c0150d1deaeb7878bd6fe85307de7df2bf9691f66648a052120 |
| SHA512 | bf2b2a9da10fd57d801fda67def4e484af8d6c1156592eff5c35e687d94de2412d9710b26dafdbe0851dccefdd87f8ac37de61cfbd95631fe15dab403f8c4be7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\xulstore.json.tmp
| MD5 | 305501242d091271cbe705e0f500872f |
| SHA1 | 8da38efc9feef82f53c41b247d0dac5706608163 |
| SHA256 | cd80d843cd833a77ebc51ed5288feb6acb87f6d9367fd64eb923b8e0b617484b |
| SHA512 | 293ecf64fe09c07ac5645145d5fb2c6874930539d4a280cd23beef601458b7afc8537a3fc3a66777cba199d3230cf77b958df612cdbcadad2e489785223cb421 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\entries\BC071981163B0551FED64606520018441DD3E3D4
| MD5 | 5e7a19cdfca6e6049bfdff426fbfc222 |
| SHA1 | eee91fec41507bd6291cf8293a17c7d307156f18 |
| SHA256 | 8d7509c114377dde1576b002c5c297aaa61ca9b52167e488662ad7662218a7ce |
| SHA512 | f97736c994f671920b5e932e7e6cb7da62c158756dfa2ba942d67bbd20a272d6aa6bf9562d44a4585245775e3bcc9bdfa413cfb23695073332f94f8369825f29 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\doomed\17890
| MD5 | 3fcc650108b6834d133e7b9862ebc10c |
| SHA1 | f7abe821a74c361fbf5b35ddc3d9f312973239e6 |
| SHA256 | d6ccc0605a3bf568b1af5f475adfc63e15d8ae8e945f77e2827ea9cd82d36d82 |
| SHA512 | 3f10204496fb6a5ad5f256b30741705f9f5ba4355e35cee1e1e69b61534a40ee5f49912a18f948246121cac0a51285007824487968867562a374a0f2a7409563 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 61702a52e379dc491bece39517fa6f1d |
| SHA1 | 40cf5b7232a52360b5c0aa292fc33c6dc31f786e |
| SHA256 | 95834fea1b4fca918603dbbef9652463397300aaf1a979e81b17118082bce168 |
| SHA512 | 8502b5380e29a7bcc75468ef15784e741b909ecf55cd1d6106ab33472460ec01729375325f50b34c0f0f18377ca92e021ae35731b46d2f09391457f56ac73358 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\storage\default\https+++www.file.io\ls\usage
| MD5 | d6beab78ebaaf80be0875ba2f029b6d9 |
| SHA1 | d216d5c96c8c6ad0e7c09f0cf051731d000bfee9 |
| SHA256 | 41e51f661e47c533a822d7474a579ec0aefefbe68c76634e7dc56f7efab028c6 |
| SHA512 | 17e25876041bd10379d219424ff089f38288d6558909528eda8b760a69c6ff00905b2c31234ca102ec8ed66096e698f0245dfff20a62e46d05f868648f44d1c8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\doomed\22623
| MD5 | e3f2ea16ac056c75a132022628e022ca |
| SHA1 | 6de5bef6602a499ea6e323cccff05122e03b2c5d |
| SHA256 | b9329e28af19ccdb4b6f7aa07d42bd53ef17fd1886b57ccc7a5e12ad960afa4a |
| SHA512 | 4d856ac3c4cb179a32e3d61c48a7389fc3f920c37e27522b78e8a77b645e64dbdc7726029c46b1e3c74ed4099ad94ca87a685cc6865e9618e61cd2e28cd2bcbb |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\doomed\18460
| MD5 | e847da58602d2acb2966f67ecac5386b |
| SHA1 | 218df5d6a7dff70c3c1fbe8e2dbfd0bdb34cd1a5 |
| SHA256 | 71a925245fb262a318a8842695304af4ba60ddae42194d2123177c5bfe8bf024 |
| SHA512 | c9c69023ef648ea9d92a147575686451e1ac9e1880f5403c8c8e6d8a1ffee37b0c3fc4e070096ef753c241f699daa9eb5cc87b761f52416645b89c9a4b51848f |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\prefs-1.js
| MD5 | 24f9d9895330b40b95bccb1797fb9d79 |
| SHA1 | 5b2b0e6e731c2e2d4f1b5c6b02b564190476d55c |
| SHA256 | eab96698769dace0491be70d59f83b2e96838fc8e73b192787ea2d6e858f970d |
| SHA512 | 05df4014f3d7cbb3831bff77f053fd315b9885994320c3f43b65be1c8ddff70dacc0788fc577eec84ddb067201f59688efcede7686f6e3abfb51b0def53ce35f |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\storage\default\https+++www.file.io\ls\usage
| MD5 | 1188c759b7cd10ba408d34afe9e8f7e6 |
| SHA1 | 49b94875679a0995d29d79f6b3ee461c5e8ab3a3 |
| SHA256 | 503056c034d0c7f17433662db02266f233e3154b727021296fb6af1e0ae26f9c |
| SHA512 | f7aa624a019e0e77d67af9f2f4a79721e280732f0b43523ca2418c9f8edd0d97bc5a2ed3cec654d176fc3a1eab51919846dd23a20dbba1b123a1cbe3473bd951 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\doomed\24466
| MD5 | b53667e8be1451005b2e99adc093573a |
| SHA1 | 9e0e958d370cf0b2ed5a257f13cc0885c36c87ce |
| SHA256 | 1d2410238e485e49eeb82d3a64ff53af455bd8b2d24b7159abbaf8133654fe67 |
| SHA512 | 428f8a0473ad298cf5713c6d7cbcaf3b193f3d8e597bf7262b822420f1c479a6a946895ca89fbd81a4909c00eb97b5486f98d167bf0eb4c85422dc233b5285b0 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\doomed\18747
| MD5 | 33e79377334c62db189920f2ee527f02 |
| SHA1 | c9a71f8d44a8e371ae81715ddadac7037028e999 |
| SHA256 | 8adfa9c3449d44afdc3f730bc9298168ebf18e37cd6777286837c4b20da10b9c |
| SHA512 | 5cc09a42aebe1a5b7fc91997a392ee4c314139f9a8ab17c866fd371b433422ceca2ff366fd0ce4a498af75651cfb62d4c16057eec2d0c13404fc76b6c773373f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\doomed\15289
| MD5 | 345983fcd6948480f44b876539ad70e7 |
| SHA1 | 97a28e79d90acd501096d9595cf9bc325a21daf9 |
| SHA256 | f62ea23ab2437783ddbeedb599328c6183828f491182e186e9cd88a8ea6af602 |
| SHA512 | cbc57967cba001c5fc48cf79f71e872ec79c0ac4530825c4fb747fabc970f620b794632cb40cf63efc24bba4528f69d5ad9d997109eef88a6c16226af73ef60c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\doomed\20957
| MD5 | e84607000f617d084bb08ccb8c2e81fb |
| SHA1 | 5c5917667e58499bc8089bb0287242818b0394e7 |
| SHA256 | c7dab3966b4f68cb52c5c7be37a664f5866849b8887b5565a59c66343d5a1a83 |
| SHA512 | 49e5b7d4b741ab83196ffa3dda618607feeb51df72300951a708d07a33d737ed4187dbc98fa0eca49a3596efecdf4d30aae10309c043a313723769825581b204 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 263198652392c3786806d83ba8debab1 |
| SHA1 | e69762eec72935a15e346ebf3f6a2081330c8b00 |
| SHA256 | 7850dd47ee1ef886807e170170b138091475509df94f8f4e567c2d60503478b7 |
| SHA512 | 3507ed7c1e2f809bf7817ba16f020bb5f936aca9a1deb8f2bf535f0df1187f56c804371090e9977ab09f69a9d025c28643b2e06efd286cd9ef20a6b983b09b6e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\entries\8A442F57CC778AE2ED8E360B830994FDFCE6EAFD
| MD5 | 2bb4577db3a4f3fb122e22120615d5e9 |
| SHA1 | 618f75be885c0792c6b685225cefa0fb1f71aa7c |
| SHA256 | 8a9ec4c9d82a853ca91a1208cc8dff60d354747e217b34a4020abe3a8637f026 |
| SHA512 | c67ad1dc72ab00eb3fc52c5591f892ea047442c5e98f9787bfb4a8870d7d35390b5be518ec50b624175fdc1e1a964e31bb38180841451b04b801c517f745beea |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\storage\default\https+++www.file.io\ls\usage
| MD5 | 267802181607c6241cad5c1ab972c363 |
| SHA1 | 6ec9cdfc7385edbc3db4298342ff92f52ce85383 |
| SHA256 | b305cb31f2766f186826669bffdc38fafc2d321621b8272a762df04772ac0997 |
| SHA512 | 1a7be777c92c93c7448ca6415ef759261bb61bdd3373a0dbce4ba3cc6fbe47ea1823b032fa28c814fd9191b4154400bb93dc51349a7af6770b1dbd700b8a55ef |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\doomed\31206
| MD5 | 6df25e6dac85e7d423e9eb9579f789eb |
| SHA1 | 7bf777ed38a92d9a288949f1dce124c95f08bca6 |
| SHA256 | c781ebfa75fd296bb901a58dd247d2371623c5c0ecc9d5fd4f776d082f974581 |
| SHA512 | 71b7baaa06ef6da29d8ea7853f9a21fff0d39de340b87d616a2f49c2dcdea0326bceba6b4f6525fb96880ff4a65df43d392816cd64542bb2f5a0bacf491beb3b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\entries\DB00EEFE1A5FAAFFABE3412878AC274AEB70CBF5
| MD5 | 9e2ef5dda83caa5ed76e854f0dcc07d0 |
| SHA1 | 83da695161c293c8bf8eacf8b41937ad6895873c |
| SHA256 | 4918166605c7de3d4f60ea0e7329c5eb1f38342a06fa0cc251cf5af835872b67 |
| SHA512 | ceaa2a9ff1c898bb50e084fe15886cea5da9a9d3b7d12600f6c07e133b00de7f1b421e0b5c11a51e3f4d26cde87017762e1305481c439a9feee5491a668c224d |
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41
| MD5 | 767ee514a14d1d0df2eb181433254294 |
| SHA1 | e4ed4b7fe9ef1b1ac9b6cbe62b69dc51c2b02451 |
| SHA256 | 46e209986bf4ef909274f94ff153d7f4be13f40c40c1554910317bc2a9f35441 |
| SHA512 | dff517e174b3bdb8e310640373b55c319a46781cbdfa1b51e50e5f0a10bc2395b60025b8a32f76ca8d451b1f58e64952b76933fc6c8e0b7112c84b8d9053d65a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\doomed\3374
| MD5 | d841799c516112bcbdd84c87b096087d |
| SHA1 | ba346083c82c08d624d243fbfa668939ace99178 |
| SHA256 | 60763592f08816cefe70dfd153acf516a9b2a8bb742c1edaef93c22e6c68ed39 |
| SHA512 | abf8ff57dc797c9bf5cfab2046f62d8fa17a56069977af313617f53d86621ac923a3432b75c12dea06ae46f2d94f65887206fd29fc777a982e40bd9dfd549ceb |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\entries\40F1246A10A6F49D12E1A7D16A1C0BE8452195A8
| MD5 | c6159cbed7fd60c563ee18a995e278cb |
| SHA1 | b62b0375f8192cc2fa2e57487cb482bd11b9db7d |
| SHA256 | 60e2598fdde40e8710e095317882c7006e13bcb7385e9cb58af27f4274a68832 |
| SHA512 | 5929a283f40291b830e911f327a612260eb56ee0dd87a850f4162ba567222415f03daf4597efa609aac6651176ad368a6208c818612c1431fe77ddd5a45ba1b6 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\entries\509296CAF700D0A79992592D8906C97FF2BB5F06
| MD5 | 680e441df1d0bef3d6d92f509eab208c |
| SHA1 | 522651d2725035cd1ca844af8c3996a2035058ba |
| SHA256 | 23457a2b67e86d001ab8c17b916ee9fde9b4df8e28651bb208dabdffb90c3c04 |
| SHA512 | 79120b6118fb3b51ada5664c85e94df7338530bb71d4031f1b1234d2304f8e367213e6a910301323a3c94d665be89e00f1e23b55bf303a7e948c41d9fcd4e335 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\entries\6F7F6650C70A118B6B3F927262045C163843445B
| MD5 | f5058a53522483378623dacf7cce2f2f |
| SHA1 | 5eb0c7b2d328ae45b88da7aaedeaf229552426b8 |
| SHA256 | 5a78b5609f95d3ffdc5a791fb154ed633b8563002ff55f2fee07f5de1012a09f |
| SHA512 | 59a9ee3d5d38ecc6ec07173b4b25769305cc866661d64a9a4fe1ff050150ea42b69cfa5cf22ddf3eb05b324df93343d6628d5b40cffb3f60458e421650052db0 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\entries\01F4AF964A9BC59B94D3708951CA5AF540FD08A4
| MD5 | d08c6495f5f5ef343a1867482c6fcdee |
| SHA1 | 17017d1be73f1f722c5fd829d04c6d7e4c48f448 |
| SHA256 | a93517ec81272eae4b5074175274c466cdf2bad167bc81e72ee954a4533cd5e4 |
| SHA512 | 7c42a4ae5e464debc286c949156c33a4e8f6d2c5749360fe6d1cb6b3016a61ef67312c4b7c5f50f179e0000a46f749abe1aec31d8be3fa58c6c1d5af4c4bb630 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\entries\DB78D2296EE8400C5F7BC5483C9DDCAA1C0F0F79
| MD5 | c4a625302c2b2e9ba8aa279cc781ca1d |
| SHA1 | 01025ec4f5f7a8c7007160c3654a3b038c21ed84 |
| SHA256 | f5835ad59bc42154ecc91cb4c79f23bd1a8f41fd974766eb56c0f0b340475312 |
| SHA512 | 8c7b218bc74dea67429be59e0f452b492952315ea32a94b684575a207ef35c63c792339c31f9367febb185307646dd9696467c85ad6e59cefd9d55838bd5af64 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\entries\DAE814B5A041D03BABAA4BBDE1ADDD497EBF837E
| MD5 | 35118bd5fd5950179026e610e9b6a96d |
| SHA1 | 26326495c408a5e97aa1bfd66ee90228a9b38bac |
| SHA256 | 90f8037b21be79153f869614885ce4b959aae5d33b54ab2dc1e85fc411934c8d |
| SHA512 | 03f337576704d5a7b7b4a8d2500ebaf60e5d82d7696ecc85ae6f631cee77ccfdf212a197a045b98c79b0698e03eb5d2fe99e6b122968485dbe4d632ec60d952b |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 7b6901273eaf023e1c2da8f71c65fdbf |
| SHA1 | dcdf508e79be9b681b2d5a32b751465bf93a6a8c |
| SHA256 | 22a37fdddea8f710294a5909840c84693c84d1a65ff190286773365d6ae99bd8 |
| SHA512 | 8fd8a109cfce686bdd02d6e52a393181da9ad8ae1588e23f092f58696acc8250d0f76d180a7472a7f481a2bbf611370b473b39b494ae47824811fde80d074e9f |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | b01ee3c1dc85925fb801cbc2640a3417 |
| SHA1 | 57957219aecfcc73c1879be995ccf0effaab18fc |
| SHA256 | 41f2c03ac33967d0e221f243f022ba7916d9f37e0ef5fd0581617e2cca43b91b |
| SHA512 | dcb39097bf33a3bc9c47098f8ad538cea21e45ea01d1acdfa7aee0d0a5f7d2a1f23d1f4f15e533b2003bc10264a653d807a993b87499b5168e05f8e50b93a42a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\storage\default\https+++www.file.io\ls\usage
| MD5 | bc603f8b31b2e4bcb20a952990bf871f |
| SHA1 | 9ba9714714eb428c98f205e321550346258242ce |
| SHA256 | 827da5e135659f1686572fc5ecfb69e0ead45900159e472e9f3f791619ad9e23 |
| SHA512 | 8fcf0bcaaf0e981b3c473a9f715576ad2a0a4eefa624f9dde79794017bcb2c8357f41979e9fd23ef2794983cf2ca8ea1e34e593773d77cb73839a5a4b6aafc9e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 7e956b3b61969a2089319cbd54af45b8 |
| SHA1 | 737908480136ba06043ac10dfd98bc65184b45a0 |
| SHA256 | 377c3bb3094e48d506217c310bc3ad55247932802e5a11da44226065f89586a3 |
| SHA512 | d47fcdeecf61b587605241af6c7a605c91488ad00228e5eebf5b3e37e55f2380a640f74e0ef8489d69fc610e52ced77dfeae46d902ca4337655ac589fa05d593 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\doomed\71
| MD5 | 4d9fa6b1624fb9b7237e05ddb8133d26 |
| SHA1 | 1b33b0e5ece20a1d8c226d1da63712d43ab85bd2 |
| SHA256 | 5db08bae163e45f36fb1dcbf55d115522a487a999bb977f661995ffb6e300826 |
| SHA512 | 0fbda3d0bc2aee10218fb7122ba39716abd3671378e2daaae2d33b226bff187f211535e18b79698cbb575ad79a6584a1b0c1e1191c68dea08378b5e0fbde8acc |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\doomed\11821
| MD5 | f83eaca1be6383794398a45e162dd58a |
| SHA1 | ecbef33d7b70a0591afeb5c09e587a89fd8cd3d5 |
| SHA256 | ddf0789ce81a65cbbc657e0ce7ca314d3f92c808e37ab2597fecf0a40126d6a6 |
| SHA512 | 6d7a15abb5edf941a8ffe781c99df775e8048703464e4344184ce4caaeda5ad4b3afefc2e50e4f1b19734536d84ba3519e57b58ecae9c81ebfdfcd891eb1bc04 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\entries\D28DE22FAC14939817047CA347A8530A61AE9CDA
| MD5 | 2ff065e0a0b337e12f5c2d567414b1da |
| SHA1 | 1a6cda0983a6b5d19471360f8e91b6a88cd57c98 |
| SHA256 | ff22592acebbb097e8a63808f68330703e5ceef5c260e132b08aa9dc0ca0766e |
| SHA512 | 69b89340899268d59b6208a0b01191e0250723de668c3c9d548c072090a9644ad618bb308a92b0f2b4cf9b538605a6cd67ef28c56f46dd2f5047918dbfaf30ab |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\entries\FF1342426802C2AF814FDBD2EE3456C6AA2624B6
| MD5 | 079078c93de05c72b7c76a82b0312c76 |
| SHA1 | abf0df35aa28e553bd302a8da7306991ef71549c |
| SHA256 | 4864515affef9b7f82616ca7cf48a1ab5d3c29ba9250f2c70065aeeca97a6778 |
| SHA512 | 1ebc90b1ee117537b3dec033eeb0b02805b44f8ab17ed6ff0cb14928edad2457e07988c4b7b93e0e0814ce5390114f09f7056cdffdac04c7dad9d3b7813b3bf1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\entries\C3DF3C749E443761B2C93B290E34F2A153527FE0
| MD5 | 7524463635551f54b6a4dd44caf6901b |
| SHA1 | 8d807bf1a95573535b750415bf36f3ec1058453d |
| SHA256 | 26d8114fe3d3be96949f56ea11a753fc0c24f80728e50bc66f156172699dfd82 |
| SHA512 | 42e1f45f29bf2c845332c67e238c3828d9c1bef22550458672bd3c9264321047f84f5896c47c1e5bad77543efab3987b9fdd132c18386694bc5d7c0052dd92b7 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\entries\5F4207EF906B867FCF0961852746AB094BB90806
| MD5 | 5a341bf5d9dc6ed6adaceed5a86ed598 |
| SHA1 | 8427fd0531ddacd446eec61c44edc0e2576d12a5 |
| SHA256 | 40fc4d1936ab7892d8855b47eb3ef94246ff814f9e3f78a5a69f5e480cbc4317 |
| SHA512 | 127451c164d5bdb9897c7c73d618fa84af41a749e9e34e56ce125c15ee905060af184c782d4965114e5ecfcf1a0c3b3b8d81c765707918f461f9b06279c1d782 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\entries\4FCB19B95464F72420AC55F58F063616547F3557
| MD5 | 9c845c2d89c1b2f27d3699346efcf0ea |
| SHA1 | dcc5bdc69d626594076a322412637f88c83b2b0a |
| SHA256 | d6d32758d6075487f581b6e30e7bf0acdc74c61be85204177562f1b75dc4f08b |
| SHA512 | 0206b761093024cb7a7cbb752ddaf2784a6b5ce2d5ea8eebed54082ccfb72c1d39f90b2dcc2cf0956181401a0badbf8a96128ed84c5031b102689adde4e153ac |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\entries\EF93D4AD24EE439092B1CA5552ABF7D67BE1D0C0
| MD5 | a22e1df602475a5a03357c01c9a26a27 |
| SHA1 | 9e58923a7edabf3af87efb2e3131afce3e6699e5 |
| SHA256 | 73b9c975ac0030de50b4aeeb711b1bad73bfdc5d5ac36b19b08fef6bd7179e5c |
| SHA512 | 881fe86986c0778926cad84e89bb16841b04ee52e6bbc967d0ff15797353ddc01049973c35d2bcdeb931d5ff993b84ca14431811f5432f41d555eee65e1171e0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\targeting.snapshot.json
| MD5 | 69db4a392f12fa8754c09c22c10f6652 |
| SHA1 | 953d4c225a89b5e5b3b8db7bfe79595c5ec6ec59 |
| SHA256 | 1f332f2a31663937b9d47917703cdcd602d347550ddeae6b3a2c3102480ffd46 |
| SHA512 | 104d732123b34cdb007471f92bcc6c8ef9f2a7047dee862b349ab029936cfebf5924e28a894b24b30c412930fdd59a2f5d1c36c2ed5cff9cc63b21470147d056 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\sessionCheckpoints.json
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\broadcast-listeners.json
| MD5 | 72c95709e1a3b27919e13d28bbe8e8a2 |
| SHA1 | 00892decbee63d627057730bfc0c6a4f13099ee4 |
| SHA256 | 9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa |
| SHA512 | 613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\prefs-1.js
| MD5 | 0fc6f23f3db385745acf9429d20221b8 |
| SHA1 | 99bf298659fb0b850338759f89adf58a40e4bc1d |
| SHA256 | 847fec8facded81ac7802c972febf1dab88a911cc72ecc2e7ed7be629aaf9772 |
| SHA512 | b92613f8ab6ac55f23328ce724d09a0ab9fec3af62b938c0ccfb35a5e2a7371529dbed1a130f872e5b650de1b0512f32ac0ea26da4f83d6dfef9fccc3eb9c1f3 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\entries\0BE0AB3E657A306F56FA0406C0C06378D4ADD37B
| MD5 | bcb4392a13559e654055c0075aa9b5fe |
| SHA1 | 0344b0959af1eaf8220d82499b811bd21aa7642b |
| SHA256 | c8de5336736c2b93dfec8d99b68a83d48855b6d349ed3762f3285cade710bab6 |
| SHA512 | 83be59a59a847ac004e7c5c17dfaada83122d06f14f8244b4580e3af75d6fe6699a7db85c2397bb27418a82d78b2e50a746f8533955a9859bfa973dfd5666567 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\entries\FE9B0B14A973AC4B4CD3A3E39F121C4B64B1F418
| MD5 | 198d3e28975ecd0acfd2e61ee7ebdc44 |
| SHA1 | c4140ce4ae032ddca59310c5805a7793d5094204 |
| SHA256 | 5827a51a4c29fc72922e73cba8fafcb357116c7c8eb1aee1c24aea720e22492c |
| SHA512 | d12f94ef73bca3f36d10b30222ac1c7054ee69887b397f0bcf39c23c6918b3d40e8c118d485ba24fee5aca16cb2ec54453d64232ce70abbcafc3fa950276b9b5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\entries\C433999CD31F673D805838535F0F917245D551C2
| MD5 | 463c5cb393aa3092a2afe58bb1c5870f |
| SHA1 | eda64124e00e03a3a414a6c7c0cad7c89e5f7629 |
| SHA256 | 751c68caea9b666505cd14c06d1389eb3196d8bd278398436c2d68027c14c6d9 |
| SHA512 | f36e8adf1f53a70c486593984108e8d2eb54a2e5646eaa49cd955c2cecbd8b922aa34c04c860182e42dadc3ee4cd264d1bb3cbefd0b5dc4a03b8476e99c42fc1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\entries\9D453341425BA984E5506117C476714C41795F08
| MD5 | 28688e40c076eb3e84715c512dca61ef |
| SHA1 | 17af16a3f0680e126a0a672933337c12bdd92e2a |
| SHA256 | 8e382ceb42db20963511a8ef395646ecc540832a3c7d5fe90e1966d7417d8390 |
| SHA512 | 5fab2d386db3c3b239e5232d1783c75e64a9750c3136963b258a58ef1fe7c36dec7fbd463871ff347f280e24f337002f3e73e154264ebb00ac599ba1a38d614a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\entries\3899B9B5CACC8E35B70C1442287F724144AD150E
| MD5 | e1b7b51f04bd8bdc720ba1830742c344 |
| SHA1 | 68553a27837b48ca0fd69175fe4bcd19d7ac231e |
| SHA256 | c54ea260247f5ce7edc3f38b2507a5ad32249d11ff582eae18ae6fe80ef421fb |
| SHA512 | 1decb7554a67c631d91eb5a29f9a0036376fd98d3f2b4010b0c23184634559ee11f840dbcc8cde214f60f9261a9dc51e935ad82e1a0aceca3567e0c93da0d503 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\entries\D95296EA543CC724F225C64EB52E3B8C3065DFD9
| MD5 | 59f24b209d62b2d93e4ce03c78d04e09 |
| SHA1 | 6b2b8df046a23f9a1e6fc7e69424ee02ff97daad |
| SHA256 | d7719111ee8643321b00a1d0d1cfee00981246b7a3a1b0cd75e1f741561124d8 |
| SHA512 | e277ac6fed2e19cd768795eb0b7aaedfe3cf339e90301c7a9bc6b1f1028177b0ad82040e07f16ef0056fad6c5301e577d929f9cd402207ce436eb733073e75d6 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\doomed\29983
| MD5 | a6a4a005bdc725b8f3cc4b2e39f9a162 |
| SHA1 | 99384d419150ad8d67f4b1f210f6413b75bc938d |
| SHA256 | 2ade4ec078e94a7a55374b663d3684a06cbb00051ec3a5bcecd853568dfb3d2a |
| SHA512 | 6a39d338f4b7a6efc180203055371874431662a45013bb6abcfe6ed05107e6f9d7898682a0ceea33bfb29875b06f87f211d457b681e69bc1da4e54a795435281 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\entries\2D9F3851FD20EB36DD28D1C670660A058204870C
| MD5 | 37b665696adb7a64f9bb4942829e5985 |
| SHA1 | e8800f16a0ef42120a0a6e84876327eddfc56bef |
| SHA256 | 13932ec41a057db7aa3f140016d0d2e2a487d4e3dd78bbcc0aaecbcc9391d314 |
| SHA512 | 0c34f990649b832d7e145cc24a4a331a9d6b1b45f1d785b0f2236ca1924019ad15aef600891d1301de24d6ccdff68dabf1d94d7775f0bf829e76f4bc83164388 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\bookmarkbackups\bookmarks-2024-04-08_11_PnxzxJBdXD-qLCy1wuJYmw==.jsonlz4
| MD5 | 9a0751a6f37133bc27c7fbd334397d6b |
| SHA1 | 7f6e7c75e3b5cd112d3ae2b8cef375ffeb8426f4 |
| SHA256 | 7eefdd05d94085578ee4bfd6fe92d1ea153d4472559b19950734943e9477fb28 |
| SHA512 | 5c9024b5b5bb589f13d93484d7417e1c05f38d9f244987c71e2f24bf5d8e5ad935aaa602f28f001f13b1fc39467eec9ba60319abe67f131587d4e512ea98b409 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 503e3fddee3c5153288505421f33c6a6 |
| SHA1 | 9805f5a9cef15dbab10852e156b00bf1cb3ed500 |
| SHA256 | 413256565c5853574d328a414082aae0f5dbb17cfad8bd100b6b3985ee87d2a4 |
| SHA512 | 1814bef8db86b0bf72513a84c4028f56ef04880cb690c8cc15492620265feac758da0c0acb80ce39181de33917e6c67965cc2f8a9bdbb48bb4a5d6478ceae84b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\entries\E2C86BA64912C7EC622D9C6955076F2AADF26B6E
| MD5 | 2392d64f04a6a68ea1412a493ffc0a68 |
| SHA1 | 189fb30b26e8dba8e62897bf914a35929dde919f |
| SHA256 | 4344ce33f03fe6dcba89d02cb8d3185f3bf2da7f8ece4e63ba20e64da5afee82 |
| SHA512 | 390ce0933ff680a13f1690cd0bada9319f77a01e4fe231f689558419023b4f97e740b2f7a9f51919d4ceac41bfdd6a6f0dd3b5494b382effb13bb9a6f9002897 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\doomed\8793
| MD5 | 4f7296f8b57e87834ed1cb6b286400d3 |
| SHA1 | 6ad384a81d74c59f21073613f884d5b10013f01d |
| SHA256 | f90dbedc702522a23b62b45c99c4da518e61df121c0ade309d12fcaa091419f6 |
| SHA512 | f65d44466a547427d0dda7536e1d403e9757f6635eec710a7055e3f257ac94e66fcf476200dae3ec4468a972e67064f2be0f4d42f6b918bbba3280cfd720c363 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\storage\default\https+++www.file.io\ls\usage
| MD5 | aa088d1a9ef3da304f4075eb9cc4dda2 |
| SHA1 | 3f59e308246a02cde63b2c366c49c8e9bcf3aa96 |
| SHA256 | 6090cc858dd0cd9983a58fcb84ad8c3aee3d60f3a0328254e1c9adebfc69abd6 |
| SHA512 | 7c29595461b4866a7d36f74aa298399b2037a1702a63bcd96859c418d1806950d639e0950d0cfd21d58e754df3711b2a6359c730bcabec23ae180a263e524121 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\doomed\20285
| MD5 | b9b14fa340ef30fe5d9fb561b3f2abb5 |
| SHA1 | d2c8709bda36c3ecfdc332d151ddffafeed26280 |
| SHA256 | 449fcc2c5eb8e3a2d81e5695c433cb7394ffdfd066cdeaf0079db228d6bd7fed |
| SHA512 | 8301a8c2769ea2957424a9ad0b07b9f2cea6c0d664bac8b1a737aa7047890f48bcd984621bdc4a4b097ec823fccce1a83c988d5173d8818675bd5f79208f3d7f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\doomed\14363
| MD5 | cdd9adeb2ad95eb16b2710784f81badc |
| SHA1 | bdf573257f14e41e2d4f07f0337bce154848b4af |
| SHA256 | 9d1662785cc64dde3a9a662601a9f80c210140f34d727d8e55661c4575a321f0 |
| SHA512 | a070ad6d7da2df4f3ac403c3a69cbd67f06ec01f0b6287dc61a43fbba9fc13f77495faec4fcd7dfefe159e9b38cfc37073ffe57cbb2a6ebda766c079ed431377 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\doomed\26556
| MD5 | b801e526740968884581ed2c59d3efb1 |
| SHA1 | 108c1702f2e71de155b5cb7a765efc9b09130ea4 |
| SHA256 | 6949d28d8cfd21a422b79731dbbb2dfd1e43c7c0fcee1d1a0db05ac981bc41cf |
| SHA512 | 02917312c4a17324002e77e3bef51931ed2789bb39bcaba63f73911bdc7b8322e251c1cdcf2f8fbbc1dac073e688dc96741414645c98b0d0407e5b04e601b1bc |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\doomed\27787
| MD5 | 673bb226fdd7f86626f26097f8098950 |
| SHA1 | 4815e5eb92e4b90b025d4d68e3a696cf73c5ea8a |
| SHA256 | 4ecb5ec04e1e3e5290569a1c4f298fdfcbe9c44a9a5e2cd4603738df7e111ad6 |
| SHA512 | b388fc764fd4ddd8e91bd35a1551098b91a5c0d0e31c963edae96552f66a1b0163d3163c76588f0da69d808f471be1763a40e5eee1569cb45a99cf9b4e84ad2b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\doomed\17588
| MD5 | b9f947c71374bf2350839db1b1aacfcd |
| SHA1 | f04f7ba1655935107f33d686cfc52030eed72071 |
| SHA256 | ed003bc8c8e282d3af1a27908df5905c32e1175457c39942a25e0c436cbfdc7e |
| SHA512 | f3a93e4629ce8a108eb782085515b5381fb1a23581266dbba58e81289ec714bff29e66a0b127c4d922d0a0e13521834b38263e66cd59f210b3680537c86230d1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\prefs.js
| MD5 | 9a8e5a6cafd1d1af8a0227f0720dee0a |
| SHA1 | 2c1575fe4a43013f6de1becc0b65691e47e86656 |
| SHA256 | 850b72b1c829360467afbc55c48c141ff4112512d50bc8d03cd28471d5018568 |
| SHA512 | 51800e10f64a5021f29a3e26bd7f811c9fac783026b863702985765a0e5408d55cd1bffaf133d84336f63f6d70a32c8300e66baf7591ab150cf5023fcfac5d56 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\doomed\2065
| MD5 | 7e1111a8a2aa0fb45b698b627badcfb4 |
| SHA1 | 70bc891d0c4552a51a3934428aea07f5ddf2da65 |
| SHA256 | e027a65bb26ced2b43743e946d743000ce6c02aa465faefb4483ccb1ca500ae4 |
| SHA512 | 6ab0f10d990b4c4beb466f3aef3d29f728d933c3825a683ec380e9ca97f4c667b6219a4e78b8b1ba7360a68ebf1f919670ab3c76d6f4e03e82c03aabda2d3128 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\prefs-1.js
| MD5 | 8aba3f2ce8c03d9dbc2b4c2e0b022b78 |
| SHA1 | 96c50c52f174283811d1f541c0f471fcfd796e3c |
| SHA256 | f351de411738a701139e9d67fe7282cfcdfd178947320478feb15d556c553435 |
| SHA512 | 739d8befed8e52bc8d01d2f82934c46bae399f1124ebb577c41bc362e9589058c3e0d300afd7ba4b4f02f02023584143967870d84d4b5f15ec675d870e703a5e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\doomed\30698
| MD5 | f12e99187cc91cdc08a0aa73b9d7372d |
| SHA1 | 29c6d2d8811aeb71b23e763993acfcedcbd77dbd |
| SHA256 | 0a5f070d4ca0621b41c0ee56722b6b40be0d59da0e00fbf2c24f258e8aeb2007 |
| SHA512 | d306b44e85780a924622a54f6ce8f32731240dfc916f3807ffae719e82a2938433ffa803530718de8d007ecd2c00a89215f001799ec33e8b7caaa414a26749fb |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\doomed\32472
| MD5 | 5910b0ac5b530cf55ee67ffc1afeaefa |
| SHA1 | c6957939e6c889147585cbd2e3bb8b4272cb33fd |
| SHA256 | 7701335a0723bb3489f37d507a56ed137b1d19b53c2c3d831327b0322f5c4b8f |
| SHA512 | 681952956f621b3a70c4f742022cbe291e3ff140bf13826fb6b8fb0015fed2cb4e0bb316464c20eea8fc45e15fc71d07353344f4356c88eefb19ef368e190a9d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\doomed\7644
| MD5 | 5c37507adcff8be1650ed350e9080fb6 |
| SHA1 | 67ca2008f2503c5674aa33c9dc05c509181c0acc |
| SHA256 | c44d47f7863575a0bc28d5c08829b23d21d26346aadd931f988c6ed5b22328ee |
| SHA512 | c9f23f4feee2921292bdfbb52b08ee23d1169b038d05e1fc2d62bb78d5ddaa6c32a69ac6cb07c0f36852af467388ae7a12b124b61fe7a0f067567f9bdcea542f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | f52da6766bb75d37d7cf4c6dfebbdf9d |
| SHA1 | 9aa7a0e0e422142e693ab78f39943b53a53c90e1 |
| SHA256 | 9bea309f0f8de4db0166a8fb63cff469475bc9d4c3d12f742bd358a72a058b09 |
| SHA512 | b1ad78f698aa0d547f283a1b7069d42d6565ef76b0b9959268ec955d32aa2023947ac9b65f39e8fea4f48364da7450c58d10fac889dc893ffb72860edd451e02 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\entries\2C9AC9AF93A7344CAD00E78281243395ED85E861
| MD5 | ea2b11ef68ddaba0298a14232435c06f |
| SHA1 | c8b7774ad83c81c8a36f82a5a5313275d4bcef9a |
| SHA256 | a809b08c02b2ac3d6ce3db897b0334d5dc81639dd828fbc36ce9678334877601 |
| SHA512 | 6325ee704591ba4be6aaea5f7aa74faa7d27fa09215c80c600f68c2d389e6a4ef73fce2f9e975aa1f4ef8001198ad5443cd7a419f2984221fccfad1092a521dc |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\entries\C2D3EB53EFE3BCC32C89C716383E17473965ECFA
| MD5 | 46abe17873afa83d7f14621be95507f7 |
| SHA1 | d17afdee381641f08c1c92629c39d1a70f48d078 |
| SHA256 | 1d217d97925b2b908db29250fabdecf7a03bf62a2ef74eb896849204c2a09bac |
| SHA512 | 083c3ba8462b1631aa940113df34a0966ccf904f6188704367f00927a0f4e8da5a7a301c560ce1919b075c49b5059cead0d9d4ac304fd0a73bcce20fa99fe194 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\entries\4DEC8EAABEAB7289E8F669A07654B4F1EC195331
| MD5 | 9bafbe263a96c99c7d2b92074f6a518c |
| SHA1 | 7ba079b0159ac49e04ba24a23c34bbe768306fad |
| SHA256 | e03f40a654df010bb43c9f03dc81bb7e1dfbf3c65fa2236467b7a6ada921bedb |
| SHA512 | d31bfa27ecf16bd0b3a3e02013ae24943aa2cec6431e905f57c96b50c5be30ded245b4c9ba25852b6454367f841f3c152595f14b237af9278f6d707c75a00d02 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\entries\F6CC5F89462FA1DEA681DA345E472FD7D9E31791
| MD5 | 03e8b0f05574d0e6a1df18f7334bc3f5 |
| SHA1 | d0519e375355d20e9b5dfff8542f95c4ccdc1cbf |
| SHA256 | f8b10cdf151bdb633d0bd5b3af671af200d58b7deec024cc71be122353eb9b61 |
| SHA512 | ceea802aeeb89d462dbb1f6974806fb3856918e2aead155088cfce3153c2fa534b0debc36c45307cc784c3d9e33937a15259eea1e3fb094cb7f87f1f63fd63ab |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | efbea9d10d3ffcb3a2043025e23f09e5 |
| SHA1 | 5d5774a3b11efc0ac8797eccc493819b8ee7f77e |
| SHA256 | bdb9efe8c817b8d0c3ab3ff7a7c4334bcffc66655dd2a516d45e3d49beb7d345 |
| SHA512 | 695e7beb2657d87ba74e5dd661e27010b12b2c7eddeaf9818cd9e8a54ee80c4f0b34f1de37c2c4e4d28afbe95bf7f60a821e8c95856b15933569dc90702709a9 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\doomed\19428
| MD5 | 2f5d661f03f6e7a32592b5091d99558f |
| SHA1 | c3d39e9f16b31c4c7c103a5402c933dcf9538c90 |
| SHA256 | a8315e41526d7c11bbfc4fa67c78e8a61fb8d6c522d1f7b27a37e20853261e24 |
| SHA512 | 0f7ce69a6c517b0ac1013a147c0b07f34323c0d6b757e56446676169467fec2d0738d36b20327e14ae7929bb0b9509ccb2aaa45b584c8d17447a8750512a814e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\entries\D95FECA5FBDA7A2B0CEEC15F6B67C1D357D8A9D0
| MD5 | 1a9f1f39e65eecea986ccb3025651b91 |
| SHA1 | 8c00003836a2a0cdedc513197367764d32f154eb |
| SHA256 | d9f6386101f155cf10cd7bda97493ac3ed61d4aa7cf8369446f5e2694056d5a3 |
| SHA512 | df00b34666730e5a48c86588f78644d8bd9f3efd636debd5fba8bfb2c4a45a537804023aa7f4703135ba2fe0dff1233db20f8d202bf5996a4e8240a3d56ee546 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\entries\15D088D4BCE659FE7BC40E8BF3AD0A9D545C3B60
| MD5 | 1decdc3ac722d9f288b8894a5fa1901f |
| SHA1 | 2087f2c060b771a94971edf6e4a848b4f1d4ba64 |
| SHA256 | 08226abca2f37de45d755f8d984de86f91bcad764afbf821dfecb96ac3f9f9a9 |
| SHA512 | f164251854fedadf90010d7eb122c15c4094084afe339d069b4367ed3766a328442c69a737065613a5e17b179f494feab10c79c5abf1474c23fe378ddbcaaab6 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\doomed\16841
| MD5 | e3bf753cee9b4a6dd46cd86a30aae1ee |
| SHA1 | a88e17a88f6e83ace14413fcddde35ea5d70c234 |
| SHA256 | 19074a7c550a15a985cb5d780a3894d900f185491134e1f505a6a704afa9f96b |
| SHA512 | 16ed0cb183ffd87054836e703c3a540de21e246fb6551b01b128291583b04329a414ad95efb39c248b1325794e41f3cc03293869c9e2bc7c50fec463f2fbf651 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\storage\default\https+++www.file.io\ls\usage
| MD5 | a67da8b3ebb146a5c6ea1c98b2ae6b86 |
| SHA1 | 0c08c54d5e1cd29cca2b7291c7620f030cf9e485 |
| SHA256 | 842a943888dc457e95abdbbe6169089aef2e0a03fdd215c3e786fc624caf68ca |
| SHA512 | 56dbf1171cb1b07dc60b91faf8202238619d0777cdd85bf1f282fe6c6e8060ee8831aa0d45ab73e229b433ad437fa64eee7bdf31b005aace8de7c8622053f6f0 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\doomed\27608
| MD5 | 5dc974716e54a29c2bb4044fb990455e |
| SHA1 | 15ac09b7a1b4c42d9dcdd78ddcdb9997596be43d |
| SHA256 | a8a99d92f875fc26da5a135accce43af6a37fad0c413c7e045fb3cfb51ec69fd |
| SHA512 | c3cd34ed394c49bf99cf1a56091b1e2b3660529c1c89101468450714bc7b2a58cb8f22448a1ca2d116c9bdaa3747971a724335b82271528d9dbd9a1c5dfa4125 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\prefs.js
| MD5 | cfec5d713836de85bb3a556760a8bab3 |
| SHA1 | a534f6a3bce20bae7c05d29fa2657825a7f154f3 |
| SHA256 | df6e5b438610978c4999c392740c84d57fe4e0edacb7884ab50c638dfbfb09bc |
| SHA512 | 8ceeb73a635207e02931923b294dda7a65c009acd4f70f5d820c9e710b83b6df5cb7ca9bc8e57f9a56549351f6e0afce5f50ea13525ec6f23021b63f0ad88fa7 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\entries\5B826B40CD53759CAB2F67D173FC38CDB9B99D4C
| MD5 | a89f610d20eb0dd4068d776cc45344f5 |
| SHA1 | 48f201d59e10bb626c7ed1fd4b92030eb1d80234 |
| SHA256 | ff8bac6c1c2b6bd62c4b9286a329bc15a5e5259e9f7fe6ddd2e51a61e388fc6e |
| SHA512 | daeabd97e85295452eb6db2d0b875c452163e69569491bf2695ead708c1522ebcf54ddd4e6b909a16d4d06abba162f069596ea8c04f708a80de3cc19f514e637 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\doomed\6529
| MD5 | a6fbb81caa2b0e836c2850b8ef8c7209 |
| SHA1 | 97291a29dbabdb6d7097e445d9c8e91585f49da9 |
| SHA256 | 33db587c14002a297205035a163e4986e52623315d4cf52432a2c9cf977230d9 |
| SHA512 | 251bec35ac8fe4e13f7fb76ee3cecd4b1bd685a2ade2ec8ffcdca8f5ee6a44788efc1ba830693910e2b6eb42e4b1e95ea97f58a5e9162ecbdf9808b03a7f4b46 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\storage\default\https+++www.file.io\ls\usage
| MD5 | 42b3ba9267a58242f4907fffd6864c0e |
| SHA1 | 6a2f789fa1981fc2afb90ac0b986e1b6e6edc106 |
| SHA256 | fac02f23f487410eda7eb3d4b9e08ae3efc9a82443a0199192e6ff1de6b4b66f |
| SHA512 | c1987d7d765af456f55a9dd9891318020d24467f0c29fd41cf904cbb2caf47403e7032d807326bcf19efa95e647bfbe2b42e4edc1fc4ad2a415e0420ebd2ab30 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\entries\47D4A2D8C945600F738FE025E6FC65ED49F8969F
| MD5 | 5fbbc2427afea1e1cc570eabeff7c958 |
| SHA1 | da2c2b8c4122992a833a241c35e7691e703b1983 |
| SHA256 | 69c694021025610081ff72d61b773f689011d499f24d030db4f5d844693cdc2c |
| SHA512 | 19b3af79b5add0a714d80f3cfac62aebea566f4883deb6b5d9614cd6b5b1bbbb86f1356971cda49f8f66c208a9d186dc1f333606c70dbb77aafb30695f261503 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\storage\default\https+++www.file.io\ls\usage
| MD5 | ecaf9b1431554655fd149eb5657993b1 |
| SHA1 | 4c54750e666b9df0f9bb2fa6d9f8502e0f6c691e |
| SHA256 | 9409e6811ce1307f315599d76cfaec58bcbca1b6e74c592bbb39e676660d7924 |
| SHA512 | 5614407994c3768c91c2fb1e8dddebf7ee027ba1403fdb4b95f97dd7aac79d236b5833d77f6b353e1ce56358d5d3346b6e2476352112f02f55cb429e43d4de1c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\doomed\5081
| MD5 | 54347df99589ce84f906423ecaa821cb |
| SHA1 | abf99f7d55e465c62fdbe67d79ca062a8c67c3cd |
| SHA256 | 6570abd022940e46758e318ebcc6f8e33d838e25b79a2919bd2bdc64bdb28d31 |
| SHA512 | ed42301468e7186e53987d491e37675a7046a70de5a3ce19a16bb3c5ad4e29cf6cf93b6b639f8786496e8f40b5c3aeca1bad597640bfcab477ac7b199b901081 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\storage\default\https+++www.file.io\ls\usage
| MD5 | 2366d448df90ad315cf4fac248ed2466 |
| SHA1 | 830fce6e26062d2690ced9934319847e1fbdff24 |
| SHA256 | 8185214196e65e6f8543e9962e78b3e70cd7eeb1b82cb3661ae9ffa9c12b64db |
| SHA512 | 452e6fb822fb28de53ac4eb5d606e1fc609c618126b70b9279084f921a29b4958e0aa330eaaabac0abaae968d27008f9f8cffe1bd5176e36efdd945bcb5dde79 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\storage\default\https+++www.file.io\ls\usage
| MD5 | 7347d2581ecd7657ea7fc26a3305f5d7 |
| SHA1 | 1b0818d3840ca787e4f093933eed9f84ce8f6bd9 |
| SHA256 | 484299fddd302e8f8e0eb5cb5e622156a131a6c06c9c1371b796a806e028c686 |
| SHA512 | 0899a3e1e6b832ada18eab4b98d24c92ff3add983bfeac007cc2b0de460fe72334d10b47430cdf7de0f08124a67f69ec0a8404065a2588aa11aacc42f6ec5463 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\doomed\6911
| MD5 | 5f045749114c836f738c0466f00c29b8 |
| SHA1 | 5f0c4f8cc51e53ea92745de04c50b5b15a42de53 |
| SHA256 | f987ea4337f0fb0717927059aaf2ff42e3202da6aed337147491bc27288a161c |
| SHA512 | ebde25c34cd415d7fa84e232ff1e40a8f82360a4878bec6927264104b8334398633c7bda6523a19d9b4217ea3a5696793b96dd433d46dce65d618ee4ea0e7397 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\doomed\23478
| MD5 | d66af4926d2f810c8d624b69b95394b5 |
| SHA1 | bd49430e2231162f240a15d350d7708212c953e9 |
| SHA256 | 73f286900fce55ec49e6e0d767eede951bc290800921ef45939f81728da18b4a |
| SHA512 | 9925924c3aaec88e35f865ece4712d996a0e73de7bde8a69e3999c0fefde1588e43fa37f5a3501cc9a2c63b1459a345d34e569990281cd0de5f1e777dd75db21 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\entries\4FD58D164FF17A0149A8C10E00D71E5583455554
| MD5 | c1971f836c7f4ea1f321237411b397e7 |
| SHA1 | 248f56eb2fcdce936fe44f15bd305db1e4b3cab9 |
| SHA256 | 1fc22b876eb474439be49aaae6b19605c5af280e60a5233359734efdc33d3449 |
| SHA512 | b59f9f75774793d563e049fe2f9e9815fa2f7db37ba98269af40fca1fd6496798f4a2856a266bf5cbf74085ee3f01325e1ef1322e02ba1a7f90455ef118d097b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\entries\4087345E23DA1E9EDD0AAAD36F0AA7B3C5C4B08F
| MD5 | de18849c651de3aae29afc00eb60aa0f |
| SHA1 | b54fef1fcce937ea3494c10a602973c6fc26cf3a |
| SHA256 | 0e53993bb581b7a7ad0c0fbdd7d581a433a264058272c764fc637553f918f5fa |
| SHA512 | f3845fe965c1a4a9d40343e7149aa0c7f6f9c98e1e880e2ec297f66477993773c4c8808a7c2984eac8e849842bf9e0ef339cc21ac967a009c8e1ef2f93531082 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\entries\DE0274686EF581FF443F90DB70E41D416B0B6D41
| MD5 | 50060f3baee0c0bd8b738031376b7dc7 |
| SHA1 | 926b879b765dac191b818eb51f20776838b15539 |
| SHA256 | 6bcd60e9828f06d9626d1347e6ceebc652bf14ed37d8cb29e180ff7fa2333d46 |
| SHA512 | d93e73ae65fe645ab384578124055f9b36744e25773c0c7cd441c9274fb2fb2c61e86ad17fdbae14ad5e676be2e21d9fc374b799a5589aa3781d42b1c00769e4 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\entries\AA7B33640DD7A8C35F0EC59C330FDEDC77E3935E
| MD5 | 40c9761189f89267da8fe3e9b06f612d |
| SHA1 | 6582cfa4bbb7ab5edf610db920a6a02bf08d9466 |
| SHA256 | d806c9c596ae0fbd1482f1631a8d97ddde60c503a76c95ca70ec3bfba0960db1 |
| SHA512 | 890dd97671cfe965cdeaf2a046792f08f85e0aec7477a24b72caaf916b872ccddf2de1b68c8bfdd33a0deeae06cb8a3db0575fc16bb160e189b2bc1b2040d0dd |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\entries\6F8F51C2291A6E6BAD6679845DCAE5B07813D3FA
| MD5 | 88b457900a644944e6c983802ef1edbf |
| SHA1 | 446842a58246bd0a17f0c40dd7d1f3ac628d92b1 |
| SHA256 | 52975e5066b0000a2329864d6e5607a0a4fbc20e3c998627aa705bff617180bb |
| SHA512 | 7eb0f04849fb7ef40a845e7ce53ef962c1b7a1fa3e21a3cce8a063f816635cc6676add22e6ccc1cba63768ca64c2f07ed0cab33b8ae11740e606996594ad4bb7 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\doomed\2883
| MD5 | 014538fa0599da27db17ca29d7f81bd3 |
| SHA1 | 83fa6971dd3b7bcd113dde02278d1f6e80667ff6 |
| SHA256 | e20c5900f5af8892b02b4dc53f6a9efbdd9d0a4cb875743cfb31967041d5665a |
| SHA512 | 110c9fc178a28aa22a1f6ad3178ed87e2b51fb557ba6170fbf8229d38e14cb6678e5ec5a4e2cccc7d7e3a5227bc1d8e1e628a466db404c6494e4aacebfec1e11 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\doomed\17814
| MD5 | 2eda865d6d0ef04a581b3ec14ad94511 |
| SHA1 | 94780dd546969894ac796fd470335ee4591bcc6e |
| SHA256 | 561ec75a2a8701a6c6d63b1428efc32e91cecf4014c97050206c2d374b71694e |
| SHA512 | b56162a02f1281c7f7030e09356cee820b51b1f4ab06f0d4c77ac0e62d38d8c2229e3afe4919d85f57b8aaadd0405a38b96ecfd8b7dc500f22e05617e91ddd07 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\entries\B7842ED9985E30539C7A274015B627645E8F6689
| MD5 | 1ba8a1000f06460a180cf5f3689759e4 |
| SHA1 | 57213f99d393dd7663a04e80b3d0db9b6cab5589 |
| SHA256 | 6bc6815c12b0b78c17433e3c1214267dc42f5b00b99d0cf923155258df14694e |
| SHA512 | e6803aeba3e0dac752a53955cfe45d053d3f33917ec92a45ec0e8ecb446c50a535f7d16b2feff5e6563c4161a957cd1d64ff999228a65f6927b3fde70262b05d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\storage\default\https+++www.file.io\ls\usage
| MD5 | 53475b0d2103e8815e03a43bf1eab256 |
| SHA1 | 63b22a72e8723bbcf96492c2cbf182034a938daa |
| SHA256 | 7384bf3b310987c9db1c8a0d37478c6c209dc224608104b916bec8233320c771 |
| SHA512 | 15f956a3874e70eb0f227c21f3193f2f6edd3df3bafb39727207a2e1811e457da6a0717e982e32d3ee4754a87657a1dbce55595998668847b3f60f834f090af4 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\entries\ADF0CB8C1D0FDC19FA5B10D4A7DCA41966CC590E
| MD5 | 37d21de2fc20bb6eefbba815a5368bb8 |
| SHA1 | fc543369f99e4f63e16af64d7539028f4b69a6a6 |
| SHA256 | 194555f529748cf23430a2bcdbd63b1858f0ec098d356eca0bd65c69f1eae401 |
| SHA512 | 5b76af2a9bdaaeb8b38c2f6cd83a5942cdf79e02e0905260315d176e83f0eb89b43b041cba205fb1bea7591779323bfa6aa849f971ccbe5dd89e322472c0a58f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\doomed\611
| MD5 | 8423767300d95c899492518980929281 |
| SHA1 | 34b6d0a7b3e9362d035ef69304c8b14bb3fed894 |
| SHA256 | 5c52a8d73214c356da7560a9bed2e59f4e54f09fc43b3b28b8e2e36a6d156756 |
| SHA512 | 9b78dd14b09089953953014b22e76a36f5c01a18e754b68e8189e1f1a8c4cea2a8405165c990331907db8e4392e28e683b05b4d631597fde6b4100ae8e475846 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\storage\default\https+++www.file.io\ls\usage
| MD5 | dea2b45de7cb82f8409d76781133685e |
| SHA1 | d691164379e74ecd234f251459d5ec06df6f60bc |
| SHA256 | 88943964d52bd2317740df09d61b31015988c470e74f1a2ca4d895dbad641c4d |
| SHA512 | 1e992f93d5edc6842acc2dee5c431711a7aeff4d805a41a8dd4f7c274fdb5946428dc38aae6205cd5232c26797211e62343b25ae771dd7ef5fdd28fe167a00ab |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\doomed\1694
| MD5 | 3882195631d60ac0c4d6a5646a4679e8 |
| SHA1 | dc8f06a311a72baac82a08caabe98a955a8333c2 |
| SHA256 | 221a55c34e6c8d6f88d7a89dc924c20c6a23b6906a275711de2c7ca691f2d498 |
| SHA512 | a0742bfe067af06d76e72d2190f5d2d185ecc14746bc16a51f1b73a4403aee4d71d92811a3bd392e5377a3a15d4e43d3962db66aeb29cbc7ac82e9cf6208185a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\doomed\24228
| MD5 | 89df654ea59f5fe6fdd2b60d1d64c2cd |
| SHA1 | 80c4498bd731594d93eebb8861db4755c2a87fc0 |
| SHA256 | fcf1fbcffcd58167bc3738bdaa98e1522653dd15a72ed2985a3be81513c323d1 |
| SHA512 | d4d60d6269d1570f3f76039605b6bde4a145136ec2a168a79d0ae6808bfd4220b1a64c66ab1a6c0de459cd2b2e6f5be89b658537eeb1de61c88c38be0b30f3e6 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\doomed\32067
| MD5 | 0b3b4cc4f203cbb4907df05bf274787f |
| SHA1 | c19d1c9607f8ee9cb1eb4d62e2263edf00bd449d |
| SHA256 | 1b1cdb769e02005dc749318dcfa1a72d2d83ae0f65c687298548009444675645 |
| SHA512 | 497166b7041f1a872d1b18fcacf1507b477e54663ab4afd04bb8b77f56edcd173cde1c0214642334a742260976ddd99fdb3da145b99a7c68b9030f3220071e7f |
Analysis: behavioral32
Detonation Overview
Submitted
2024-04-08 16:03
Reported
2024-04-08 17:09
Platform
win11-20240221-en
Max time kernel
452s
Max time network
1174s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4392 wrote to memory of 1900 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 4392 wrote to memory of 1900 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 4392 wrote to memory of 1900 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsis7z.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsis7z.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 1900 -ip 1900
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 468
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
Files
Analysis: behavioral20
Detonation Overview
Submitted
2024-04-08 16:03
Reported
2024-04-08 16:59
Platform
win11-20240221-en
Max time kernel
439s
Max time network
1169s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4181651180-3163410697-3990547336-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4181651180-3163410697-3990547336-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\locales\es-419.pak
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 52.111.227.13:443 | tcp | |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral29
Detonation Overview
Submitted
2024-04-08 16:03
Reported
2024-04-08 17:09
Platform
win11-20240221-en
Max time kernel
435s
Max time network
1167s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\swiftshader\libGLESv2.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-08 16:03
Reported
2024-04-08 16:35
Platform
win11-20240221-en
Max time kernel
1575s
Max time network
1579s
Command Line
Signatures
Epsilon Stealer
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2eoUwG76W0btoQiKVdZhsHu1kXt\Uninstall-Node.js.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2eoUwG76W0btoQiKVdZhsHu1kXt\Uninstall-Node.js.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2eoUwG76W0btoQiKVdZhsHu1kXt\Uninstall-Node.js.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2eoUwG76W0btoQiKVdZhsHu1kXt\Uninstall-Node.js.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4280069375-290121026-380765049-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsBootManager = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\Windows\\0\\WindowsBootManager.exe" | C:\Windows\system32\reg.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Enumerates physical storage devices
Detects videocard installed
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Uninstall-Node.js.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\tasklist.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Uninstall-Node.js.exe
"C:\Users\Admin\AppData\Local\Temp\Uninstall-Node.js.exe"
C:\Users\Admin\AppData\Local\Temp\2eoUwG76W0btoQiKVdZhsHu1kXt\Uninstall-Node.js.exe
C:\Users\Admin\AppData\Local\Temp\2eoUwG76W0btoQiKVdZhsHu1kXt\Uninstall-Node.js.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic CsProduct Get UUID"
C:\Windows\System32\Wbem\WMIC.exe
wmic CsProduct Get UUID
C:\Users\Admin\AppData\Local\Temp\2eoUwG76W0btoQiKVdZhsHu1kXt\Uninstall-Node.js.exe
"C:\Users\Admin\AppData\Local\Temp\2eoUwG76W0btoQiKVdZhsHu1kXt\Uninstall-Node.js.exe" --type=gpu-process --field-trial-handle=1448,4157336913155199977,14140073819265699124,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --user-data-dir="C:\Users\Admin\AppData\Roaming\Uninstall-Node.js" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAANAAAAEAAAAAAAAAABAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1452 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\2eoUwG76W0btoQiKVdZhsHu1kXt\Uninstall-Node.js.exe
"C:\Users\Admin\AppData\Local\Temp\2eoUwG76W0btoQiKVdZhsHu1kXt\Uninstall-Node.js.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1448,4157336913155199977,14140073819265699124,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Uninstall-Node.js" --mojo-platform-channel-handle=1920 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"
C:\Windows\system32\taskkill.exe
taskkill /IM chrome.exe /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\Software\Valve\Steam" /v SteamPath"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKCU\Software\Valve\Steam" /v SteamPath
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List"
C:\Windows\System32\Wbem\WMIC.exe
wmic /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"
C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_VideoController get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "cmd /c chcp 65001>nul && netsh wlan show profiles"
C:\Windows\system32\cmd.exe
cmd /c chcp 65001
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\netsh.exe
netsh wlan show profiles
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsBootManager /t REG_SZ /d C:\Users\Admin\AppData\Local\Microsoft\Windows\0\WindowsBootManager.exe /f"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist"
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WindowsBootManager /t REG_SZ /d C:\Users\Admin\AppData\Local\Microsoft\Windows\0\WindowsBootManager.exe /f
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\AppData\Local\Temp\2eoUwG76W0btoQiKVdZhsHu1kXt\Uninstall-Node.js.exe
"C:\Users\Admin\AppData\Local\Temp\2eoUwG76W0btoQiKVdZhsHu1kXt\Uninstall-Node.js.exe" --type=gpu-process --field-trial-handle=1448,4157336913155199977,14140073819265699124,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-data-dir="C:\Users\Admin\AppData\Roaming\Uninstall-Node.js" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAIAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAANAAAAEAAAAAAAAAABAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=808 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 104.21.40.54:443 | panelweb.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | panelweb.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | panelweb.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | panelweb.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | panelweb.equi-hosting.fr | tcp |
| US | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.4.4:443 | tcp | |
| US | 104.21.40.54:443 | panelweb.equi-hosting.fr | tcp |
| US | 52.111.229.43:443 | tcp | |
| US | 104.21.40.54:443 | panelweb.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | panelweb.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | panelweb.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | panelweb.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | panelweb.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | panelweb.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | panelweb.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | panelweb.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | panelweb.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | panelweb.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | panelweb.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | panelweb.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | panelweb.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | panelweb.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | panelweb.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | panelweb.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | panelweb.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | panelweb.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | panelweb.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | panelweb.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | panelweb.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | panelweb.equi-hosting.fr | tcp |
| US | 172.67.176.119:443 | panelweb.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | panelweb.equi-hosting.fr | tcp |
| US | 104.21.40.54:443 | panelweb.equi-hosting.fr | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\chrome_200_percent.pak
| MD5 | 6a7a9dee6b4d47317b4478dba3b2076c |
| SHA1 | e9167673a3d25ad37e2d83e04af92bfda48f0c86 |
| SHA256 | b820d19a7a8ce9d12a26837f967f983e45b07550b49e7b9a25e57b417c5f6fd9 |
| SHA512 | 67466e21a13ca449b014b511fb49bfc51df841eb5776f93b4bda2e0023da96d368ac5c65de051ed9de1899275b9f33839af2c387be903688cdb48bf08993791e |
C:\Users\Admin\AppData\Local\Temp\2eoUwG76W0btoQiKVdZhsHu1kXt\chrome_100_percent.pak
| MD5 | 4f7cf265db503b21845d2df4dc903022 |
| SHA1 | 970b35882db6670c81bd745bdeed11f011c609da |
| SHA256 | c48e6d360aee16159d4be43f9144f77d3275a87b3f77eae548e357601c55fc16 |
| SHA512 | 5645d2c226697c7ac69ce73e9124630696516fc18286a5579823588f93a936da71084a3850f1f9a7b34c624f4c502957107f5957ffba5e6c1e4da6d8da7d3348 |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\d3dcompiler_47.dll
| MD5 | 7641e39b7da4077084d2afe7c31032e0 |
| SHA1 | 2256644f69435ff2fee76deb04d918083960d1eb |
| SHA256 | 44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47 |
| SHA512 | 8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5 |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\ffmpeg.dll
| MD5 | 7977f3720aa86e0ec2ad2de44ad42004 |
| SHA1 | 04a4ef5ccd72aa5d050cc606a7597a3b388c6400 |
| SHA256 | 61c6bd5fee2c150265241a15379c4053b174b1cd7687749629afcdbd1264a02e |
| SHA512 | 8ef3b8f506b5ad7241b96d381a501033266358fb3756a457c46ed499547db1232012f849838e65f916129fab1a0d74711e9851b8e0669831acbbf4c3494e492d |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\libEGL.dll
| MD5 | 7b77074945dfe5cf0b1c5a3748058d57 |
| SHA1 | fdea507ac2be491b8ad24ddc1030ea9980c94c0d |
| SHA256 | 994972c1bc515c199552d50e97ad217ae15a3eed16db06181c7df50e743e8a56 |
| SHA512 | d637b2c7d75723601af099317a39820d3edbd3cea1e1cb20b702deb6ca7fdb0b67e1351cc8fee1c7badff957fffb848a8dce18bb25bfd60c81a588da4f68c1fd |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\libGLESv2.dll
| MD5 | 8c93e19281992a00993fc0f09e272917 |
| SHA1 | 3a2d12bc85f829775ec8c5c1f8e35a783d37b7a7 |
| SHA256 | 1ebc1da8d7e463a5d3dc127a632989ef35cfbd94cb18bf1f8ee790f172d43703 |
| SHA512 | c4ec65378d83e6645c9128825853de2d3e82c0f430cd28fdc761eaf2d011267c3794b7c1dcef017750323873d7fe976656eebf9ed7c03582741d43738f3e0c7c |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\icudtl.dat
| MD5 | 2e7d2f6c3eed51f5eca878a466a1ab4e |
| SHA1 | 759bd98d218d7e392819107fab2a8fd1cfc63ddf |
| SHA256 | b62b7240837172959299dc3be44fffa83dc374353154eca1612e1bde330aa8fa |
| SHA512 | 0f1465e8efe32b0eaba628a30bbb21254a05d80f4407a1434120a55fb928cf575b3879e1b7cf754cd19b23c262ae715fa84a8049073563cb38f1855be7db1124 |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\LICENSES.chromium.html
| MD5 | 4247afa6679602da138e41886bcf27da |
| SHA1 | 3bb8c83dc9d5592119675e67595b294211ddbf6e |
| SHA256 | bf59a74b4404aa0c893ca8bbe636498629b6a3acdff4acb84de692462fd626e4 |
| SHA512 | ad3103f7fd32f0ec652bc7fcb8c303796367292a366037acad8e1312775cdd92c2f36ed8c34a809251ad044508e1e7579b79847de61025baf8bda5ad578a0330 |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\LICENSE.electron.txt
| MD5 | 4d42118d35941e0f664dddbd83f633c5 |
| SHA1 | 2b21ec5f20fe961d15f2b58efb1368e66d202e5c |
| SHA256 | 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d |
| SHA512 | 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63 |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\snapshot_blob.bin
| MD5 | c497639990ef3d4435fd721e8e855c9a |
| SHA1 | 85e7df364daab70730c756b8e24e81965d5a2255 |
| SHA256 | 5e15a82831965e521bee172e6878806bba51d410d1fdf1b4eb01385d1954502b |
| SHA512 | 63f2514d585dd7d3b988f0aaeed8106a06b67629eb54f2152e8b4a24276d9f56fc4650c8770d0ab44b4c57ca458856a0cce5f26f6226a56a807b38ce5615ead3 |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\resources.pak
| MD5 | 99c5bf0dcd43f961aa3e177f7dc42d42 |
| SHA1 | 5618abd2e7b45c50400bb4aa0c455bb0b28bc472 |
| SHA256 | 75ff04d991c2a203105525a1ccb200a461717ce7b86ada4be092fe903d95cdc8 |
| SHA512 | 2e508c46eb266301f42ee6a7d63494f3856b422df61d0b605096bf4fc4943239d3fba15161adf8cb1cdcfd3bea8608102a0abce636999cc2a9e01bda51cc77ae |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\Uninstall-Node.js.exe
| MD5 | 39bd7bb12fc69abc8d8977ab54b61fde |
| SHA1 | 450bdbe455d6af6629b493e7493e671a3da56c08 |
| SHA256 | 786e1674a442cc7e039d6801eb2f7e5c9c96532d2b9c68d5baf0fc5330a3d97f |
| SHA512 | d4d627d8218e3ce4ed77ee1a2d8ad44a86dce597b4f8f1872137a955b846bba0a5db0a88f0902b8c68ab8e10f7b0f6b629cd09d9b845d159ee223787f40440fa |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\v8_context_snapshot.bin
| MD5 | a718c9b6e5e6563e23e450a0d01b932a |
| SHA1 | 95ccb1228f024f037259e759dbac464f3c27b8cf |
| SHA256 | 315f5ed966a1f3a89c94d1b78b9bf70e59a2869601cf6551b2c1fd3e3b008447 |
| SHA512 | b04512e95ab3997bc7d5c65e2f526e124bf1895b139eb2b6c6c7b4a4aa381cd408eb2bba01f44b09b1936d24752baae288f24a32ed84687d3e7e0681b5387d01 |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\vulkan-1.dll
| MD5 | 25afbdf6701013c57b19b92225920915 |
| SHA1 | 009300dd4ab3b81794388ce7d126ae90ff97535f |
| SHA256 | 22bb65dd206ce7ee10c05557933a04a04144e1a8228d2a9d1e9d704b0b1b2f7c |
| SHA512 | 575e38b60948cb704c355ba9cf3457f2693c30f95e85f10f795e759652bf4317e18ba480bee8aafcea9108415e8e58f674b22c7513a9fabee765142486919a0e |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\vk_swiftshader.dll
| MD5 | 77f7b4f46cb3e06b53729fd1e562dfef |
| SHA1 | 223c09805220ff2b5c1dcbdd5c0396231ea34f11 |
| SHA256 | a648cd4671b12b469c4d2de20c2ba2429c9388c0f9d4b3d9d2244853d0e5acb5 |
| SHA512 | 6be9afda9320074c5842419cf8493d715ca65a3362d368d3a35e35a47d36f8197b0f19877485b41a06e21148613a77bb6275b0586c4a38da8a25efe6b5a6b571 |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\locales\am.pak
| MD5 | ebe0e7e0c78fac281a3f0196da22cee9 |
| SHA1 | 689864d898905d43b8a70bdf37c5b339daaf48eb |
| SHA256 | 08d86a45ff0a4b21e74b06509c376ab0f907cae72a3e0cbf5c17fc275d10ac5d |
| SHA512 | 89b6603e5db8ad53ee5623c2c0f7e81194278dbdf5ed49c7480049006b20744fd4642743c2b4a264cafa87e7f787d6d6cbf26f12ff2b851333b3ba7541ebd933 |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\locales\bn.pak
| MD5 | ee25e9cf28fdd35846d8a9b3c4220eed |
| SHA1 | 702342cc207ced1bb585195abcf263cbc4ea0069 |
| SHA256 | 9994b9832bce803bee8c48a8176653099df7768074e3c54d09a18593376466b9 |
| SHA512 | 2b703cd07bacc9f70e36844f148c980cb112a806b4ca11f692b9bbe6995fd5636eb9bdc84c5cfaf79790dbbb1ecf7cf2b61a7d6ff89311eb4907c586e20b7dbd |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\locales\bg.pak
| MD5 | 5ed6adc6158f554e71bdac7dc9731b16 |
| SHA1 | 394c8396c566d2b92cef881c332624be812115fa |
| SHA256 | 0a3e79a6d270d212037ccb5a8730b7abfc45c6e9175dd7e17d997daed0985726 |
| SHA512 | 796f107698e82dfad9ec8d2ac1fc3f79b1f3a339a06eccd783dcd262ddb7399f8e3c093799f16640cf7a4488f1d2eb04ba6b7cb14ac9e9fcf87488cb8305b35d |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\locales\ar.pak
| MD5 | 3a8a7a08fedb148ebee6d3300356e37a |
| SHA1 | 2e9ac1ea8b6396b909f823486538d5640ddcaa1a |
| SHA256 | 43636fc76a2da6ab562c4c3bcc1a5d548a169dc0e884484fb7e4341814c44c78 |
| SHA512 | 7951829cc7aa385bb5f8078a7af7d4f0b49fa8c05eecb2808eac3fb0e8700c63f92db888ad64f526d992a14d54948a6807bf06f9fb688aecea40311eaacea181 |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\locales\ca.pak
| MD5 | 53e3fb38f84f60b98d23b337e4f03f92 |
| SHA1 | 42e435837dd36872d2a413518a299cd293ff8536 |
| SHA256 | b00bd41c1222b3ea078df5b92cec1946e41430be241d0d57dc9baa4c70c91f3a |
| SHA512 | 98d0328e7370b1fec9e15ad0cff9e1353686fc581e3df9a8896e3c2e62ced044c4c51ea63f35ec8b7eb3e7df5c83ef5157468979b7f20e85480597042c1ac192 |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\locales\cs.pak
| MD5 | f125738776a9fb8dbf25311fa3dadbcf |
| SHA1 | 3448b58d4810e69f5c1eca4e1484308c3ceff502 |
| SHA256 | 5d5089718677f9a4e677dec72058c376a5829921cd523ecb919d0da7766d3cd4 |
| SHA512 | ca5300e5fb73ed4ee8c108e875c66ce7f105693f3ba78cb00f33218febfdb3ea27fe26f118dff3fb2e4af66f722f8348760cb576aba48887be25fdfae4991776 |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\locales\et.pak
| MD5 | fcdea2954549e5d8f1e7a5de36ae4f74 |
| SHA1 | 41dcdcefbbab3e0e908d98ec9b6bac7eacecbb99 |
| SHA256 | d875bca2e8800657306727902f4f5fceec7415ea530bfa780ece0f016f792569 |
| SHA512 | 37ea008078083a36b07b1f5d0ca6e16f62b06a19266d8042efc796bf33c53200f37d3a37f5b48d024dbfab9e6689ec9c3f22d6e37e3898fa7deb61ace1fb2df3 |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\locales\id.pak
| MD5 | b5e4e0092bd1063e8bd68d0b539ab005 |
| SHA1 | 5e3d12a6fb497687df81ed64de17b0502ea84f2a |
| SHA256 | 8d7ef1377d39fb6045c9d4b1bb064c329bd789ee33b6de530c187f1e713dd7f0 |
| SHA512 | 52b535a143bc13a03804cfda2d3f2f81f036b8d24897d1ef4a657ed290ba14e43d7cfe92c868cdef6b093b09b90119f7e50e8496eaf347c8e4fdfc13c5e306a2 |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\locales\hu.pak
| MD5 | ae13d7ddfeb82df9950c71a4ea0bd10f |
| SHA1 | 7b55315628060668f444b110031b1fc4715bda11 |
| SHA256 | 17758e2bc746f6d770fca8969ed0aa2d00658d68792d2e8bae94d7b58665d83f |
| SHA512 | f94247fecc4fda5bdbe9732f151cdffed337eee01f59aaab6e6452c570a549dfb87c0528484c1879a04af134ac883a21043c582d0a642e185e4e64e3aff830be |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\locales\hr.pak
| MD5 | feea1754a955eb61cd41763be4e5ae2e |
| SHA1 | bb6252fec9ada8bf9ed7b81f59843d5abfcac80d |
| SHA256 | 787680ecb5d5ece246894481834b30145919c22b04d2dcad2f6ea2b2254abafb |
| SHA512 | 3d24c9ccb83f6ecf976df5cf00fdb0b46d53f09c1cb08ab68bb8d9944452785f40a761a152605708d7672f7dcb24e0b7cad1cfc14b267bf5fc1393cfd05ae4d0 |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\locales\hi.pak
| MD5 | 34bcb12c154075510d9d3066ad4a8d1f |
| SHA1 | 6a3c062221db4f391f8505892f584647b05a410a |
| SHA256 | 83c6c411d75ec5c5de6984b21fdecb07c9b926c66b67c5c99380605f6fdd8928 |
| SHA512 | aba38e4a8039bbdc46b510a8370c82d3b199b4a02da7751c162c941e6d893a9cdfc0ce92db4144ecc2b2644d58b0bc6cc7cceb0533c62c131cc55be0258c3a7f |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\locales\he.pak
| MD5 | 6010987755f300c7984dd3f72f518ab2 |
| SHA1 | eb85f0849a86aa5fb585efaa070d2d7300b197a3 |
| SHA256 | 1c84a575e28e9a72335ed13409d6861995bd9859fd57a4d9509fe912db4a56a9 |
| SHA512 | 4b77f74d986c16524a3a6c7f60cdbe53ac5be59418737835a7fa186e4b6ee853cce8317cce352fe4064c75a7d27bf1303d76eabc53993ff1e4b7758a8ccc6228 |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\locales\gu.pak
| MD5 | 57cf11b4352e59f11b20b7ab754af031 |
| SHA1 | ca1716d419f175a2dd548929fd551dcbd1ef4bd7 |
| SHA256 | 55588f211c26e1deb47b04d39728ec051b99334c55d30252b94df57d0fba2f52 |
| SHA512 | c74360769323b3267aa218e994f49c7e135d4f320365a349a5362c1755c4b660050a070bec6c5446d4620be97a341270b6c01289db20ddf5199ece23117110a4 |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\locales\fr.pak
| MD5 | e609419893f1d885a2f17f94805a441c |
| SHA1 | 31083ac114fa4077a7da7c796ab3744873fb893f |
| SHA256 | 8d71c36d04f2d6062458aa2614f7ce223b2ee9b4665556803f764f384b191091 |
| SHA512 | 77f965f436a009a5aacebed3cc15adde5a1054e1c699b8a50b947a7e78a97cf43317d50b0ab7a42532c77d320b7393007e47199f31c58f7acb6f462f98fdd4c4 |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\locales\fil.pak
| MD5 | 693abd21a6855aeaa31f6c738c6b6fc9 |
| SHA1 | bb1fa375a9f0c682d9913b1c1610535eb2b4028d |
| SHA256 | f0bb231c710c025ad4643e2128867de6e111da867384082e7dc2d0769976b6ce |
| SHA512 | 03c68c45e3144a73251d950a8c7695e5b9c2c66711134016543ac07ee6eded723324d5312fad4624d35d0bfe9861ca4b7440d2445e6d3d6cff4a1a3cd5263c98 |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\locales\fi.pak
| MD5 | 4f323a2eb73ccd029e742cee4dfa9769 |
| SHA1 | b860372d21cc55eb7ddbbf9f5bac61fed39426de |
| SHA256 | e1888472c8e1330e70e514d0a1936749a7e5d39f67e7edc818661c2cbf3e301a |
| SHA512 | d07d0f74736cd32d73b3a33867e65a25b727b5c30cb743162908e23d958fb3ae97285f600a9ef8196e61be9d450da5903d1e468fceb3b05ced93aa600387fddb |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\locales\it.pak
| MD5 | a2b9cce245e754258ea187ceb3aa2670 |
| SHA1 | 50f84fbcabea10385714a3c3a2483247ac040c02 |
| SHA256 | b72f89e5d2cacbd2db7ce28ceae35faab8c4199ec993fea64e8c78df882032d0 |
| SHA512 | 5e9cca2605d4a86d4f2b39845c8396c37f88b6f1d08c8f0e2b6f0896d60754331a588d0c0fc59e9ad8fccf0d50100a2307fff2d9df784f91537b1d9e108727ad |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\locales\fa.pak
| MD5 | e3f56d4b0fa2878ed6847631d3b05dea |
| SHA1 | 627f48d5423afcb3cade0789f058d60867419041 |
| SHA256 | 2ee67a38cce9ffae1a639be17c0ef7ed7c763d9c15c9621f300bf634e1f25a64 |
| SHA512 | e29c28717f31dc57c2294857680a439acec25478913ea425b0c7b6e50f3343b21fb7983c15352f9e3c001ffa0c8e500d92a1924acde32a4b5bf3f5b6c60c4142 |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\locales\es.pak
| MD5 | 39288ea031009bb9db582cbd93c7d534 |
| SHA1 | 467f76d33e39526a4d8cb6068eaf8e2791b3a9ee |
| SHA256 | 6cd39669df96b4b5b9047f7689338d3beb9ad7f8be2fddc595ef1ecbc47481c2 |
| SHA512 | 4a635e969cf2b09aab5f8723a3380c5e226bf0546019506d18de65c1e4a599d268b9ee2e03a65b245075f899a09697b7b535f1055c19344a411100c8f29d93b2 |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\locales\es-419.pak
| MD5 | cadd9ec43e823609c4bbdc418da6009a |
| SHA1 | 91bdd44d5972a4763227ee7c127fe122aefe195f |
| SHA256 | 6c8d074047d57a79cf5cadf9caa6e9a64bce0895743a3dd89ed1350cc91c1e4c |
| SHA512 | 2b9eae4072e46024e33f000b1df1a64246f70498a557f4a03234d3dd47aadb04883b98ebf48eec21f0d6ca4c8a62065f675fdb352be680a56644ea3ae1db93a5 |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\locales\en-US.pak
| MD5 | 0dcd84e9e50a3e0819d5875ea889ced4 |
| SHA1 | 7c47f6e4e0cafec3a13c07d689d1dd6ff6516b1e |
| SHA256 | 699b6d7f05a484e76d3e1197a656247863e570f03cc02634c9dc42078a5c5007 |
| SHA512 | 153fc15f676d78d5d0f3a6862fc7eaa60c2a659c25ce87485f0253c321d9407a9b799b959104c27a8e7b5487f0de926ae8f375e2c3d313329112e48f2d001a17 |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\locales\en-GB.pak
| MD5 | 074d3dd44706502de7c33e791794b23a |
| SHA1 | 564a73ffad9232052c692eb94f560d6b17227c47 |
| SHA256 | 9c3954a5ca2cf126370a1152e9281f41a7ca97c69293f556a2c79ea6729324ae |
| SHA512 | 6e1296d04b16534274fa438643ecee6e37d17ed935623f73d5a8f3510a194e0efda9ca60fac8d51d25763c4818050e23c306f9ee18284b8600610d14f7768d98 |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\locales\el.pak
| MD5 | db449f218a705453eb10b5f418e28d7b |
| SHA1 | 7bc8fcc59c532bb086a7f081cd8d275a89dac835 |
| SHA256 | 73da35d01b91707846775bea7dc0331fc1caebd5c63d101aa8bb8bb58ca7f193 |
| SHA512 | 7dce45bc723d62498b335be0ab72dfc91c44c01f96f25c2314e9245a0eab28a92dcaa730b11f108b604545592445ed1612721416f60ae3bf55b1bd438bd04f78 |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\locales\de.pak
| MD5 | fceb00caf7e76e688007665feae99e83 |
| SHA1 | 06fece84cf7028b3871f144258b8d084faf8745b |
| SHA256 | 80e63ef1950b8438813271365a7b6a3f3aba0bacc179f5675654249f31c06a3c |
| SHA512 | 08c14eb299a035949e6b64a069cadee66c420b7d66bb00d65d6a1a08fbee08a57ab08f8e77c44387f0fe02b47aeb0bf2709a1979025613cb51af4ab82fc3b6d5 |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\locales\da.pak
| MD5 | 22134b12d90fdc00f23a1e0a6fb04eec |
| SHA1 | 17c9fc2cacb6e5ccc393d1af9bdf3e8e63ecdaaa |
| SHA256 | 62020dd01b47b696e2e11d7f5598628c07782a96ea6bc013dc2ffe8c820b7c94 |
| SHA512 | 9cce6ffb2d84cedcc5ccf200080d6a2cab691468c042e8e48a5fdd809b5c0d067c322326e49d18f66da8e0b1d28adeda4cd03e12d7aa11350b72776737aa3427 |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\locales\kn.pak
| MD5 | 90107e2353e707a6d071c9aabb5adefa |
| SHA1 | e4dfe445ca7830b3a56af38af1d73e3cb94abc73 |
| SHA256 | 9155b06ccaefbea6461f5c51e25ce25d85ca7bd557e76dae00a4d6a09a4bc424 |
| SHA512 | dead3b94638afbf4ef27e1cb5283ad2d0af73ab8996e7d2e8202ad174796121799992f577c974fc0ec53fe2b8f6fb4d37c3bef70b72c29b5b721377a0cf3b093 |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\locales\ja.pak
| MD5 | e720738027460b044429705f7ea1d25c |
| SHA1 | 851b59efad4ae074849fe41f40a56c5534caaf72 |
| SHA256 | c78fde77efbca1b3cc0cd12bda718d1a113bf6b6f3ed558b5c9a452dc974edfa |
| SHA512 | 08b0fd0ceff7ddfed26985bf84b54d75cead1f6fd4d5971da9e40996af6dc5fe9455c402f62e758020a6ccdb1ee0213cc2a5ddfa28a2bfb1e8064c6a4401c3a2 |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\locales\mr.pak
| MD5 | fd3452d812a6129b8b6db620423adca0 |
| SHA1 | 9bfe47a0e9f1843c90875f28d8873d592098024c |
| SHA256 | c9704a3e528092ef676be4a653cb14b906e7c32424d59c8e4f22981014bd9111 |
| SHA512 | 7ec30343e985f7bdc6a64fc13d50bfe58ae098b03e18afeaeb4c89073059698cdf40477f2323a52c5e8f07f37b28608c54734501d14ad6ae0c9a0f2f4ab0e689 |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\locales\nb.pak
| MD5 | e5546ac3407546d6b786e24c7bc21ab1 |
| SHA1 | 7a9e44a525ae005d0b41020c403c4e1e49d237b7 |
| SHA256 | 751521cbf27777bc99f2039b987686f921cb27e02c959f6cbeb976799e45066e |
| SHA512 | becf51540db5a0893e6f44d588be98142bab5c2a0f37c0212348e3cf39da52def2fd104c039229b52767a9345890f5768ed897b4bde5c6feccd75036d8b4f363 |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\locales\ms.pak
| MD5 | 0bb952597b170dd4dd76e9d9d546ac3d |
| SHA1 | 101aafdf6a4ac0cdba7bd88538e7ac395e715e3e |
| SHA256 | f6721ce0d4d601ffeff011d652a9bf2518386cd8c1d2317763e37512451534ff |
| SHA512 | 46c9b63273d6ea30ee63ff230d6b5600018ae54032e04a6707f5873ebd383d0d59645f8d0b44b8ce9a4d40d5acd3453b618b9c4fd3c1b958adb5aefba3465464 |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\locales\ml.pak
| MD5 | 21aee42070f9eace2a8e14759526f05f |
| SHA1 | fedd83251a3fdb1846bf0e7e49a3a78cd77fae02 |
| SHA256 | 393d2dcd5c7c33945626fcf10ea4457649fa7b4c100c039898385133c26395cc |
| SHA512 | 60cc85a5a638d370710680bd39a6946d04660a0856bde49190fbc0002acf91617cfc3f3087a37cf592c047550ed2c5b73c2a769fbdffcacf4ad3ffa129c929e3 |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\locales\lv.pak
| MD5 | 7313fab584b7561b1fa63de07b972118 |
| SHA1 | 3a44d445f57a78867d37638a80ab39add3fcaa4a |
| SHA256 | 7b92238240c31c197029d41fdffc244f68caeb8002854f65ee3125bd95643598 |
| SHA512 | 05b067847a63c0419298616278678ade6a4fec4008323121ace5a09e22f6dae409494474f5a88adc703833691a7d4810546d012d4311e176fe58812f166b8ae3 |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\locales\lt.pak
| MD5 | 02e9c88d9d5e58d135c9a92effcce38d |
| SHA1 | 92421a5fac68d506fa904075ea7cf39a3da8efc3 |
| SHA256 | 38ad40532287da53fcdb6076b9cdb841bbb4f30162681707295bcab448149e65 |
| SHA512 | f0897d62e81eb6e2c56cf1a5b5ad5124521c345f70cab841071c7b70b16130984700d694a32dfa010460244d8b520ba1b217ffd76f75c074b5b3a9ccda26b02b |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\locales\ko.pak
| MD5 | f21c6033fa73bc7d3358c2467c9048d2 |
| SHA1 | 939f209f00e6664294872e0dc3b33a9015a2f1fb |
| SHA256 | d19cfa8ae07f23b81c0d40d7e751628844fc1aafb83d4bb4dcbe71caecf6ea2e |
| SHA512 | a4a4909ca56d3d924639cf1adab6d9ee512132c99c8e3dd37f2b949a1c816ab29ce81c01c658022e680344516201fdb0440abb97e577e6946e2731411674566d |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\locales\nl.pak
| MD5 | a17bff141aec095625d0420c7a609b08 |
| SHA1 | edf3746b20ff9e3bdbf09b195e7781da1f799a91 |
| SHA256 | 7482c28c2a42a94615118b6b8cc7d002415923ca104ef86a95a4ad05c8db36b9 |
| SHA512 | 903c50c39160e40920bdcce0dc337e83b03bba00481f82ebc8ac1cf6927ebfaa75b1f9791038a71632c5e79bf7331bbf7468cc626e303929801c08f54d092c8b |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\locales\pt-PT.pak
| MD5 | e9f8bc9fd1e845551fe3bb63c9149726 |
| SHA1 | 0bfbe46e8ffd62493c019e890a30ebc666838796 |
| SHA256 | 50cadb4da4e61fc335d145374511c34e5a0e40f9c26363614cd907cc7942a777 |
| SHA512 | 1d3761caadc3ac750c0a89c64db472bcb0764fc1c4b1108a9443fa71633ec7fdd945120a6f05e76221d9c58103cc9865b4857877d57d60b623f92a0235ed15fb |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\locales\pt-BR.pak
| MD5 | 3b70cbf1aa47436b78a5e8c7672ce775 |
| SHA1 | ff9f2820e5782f9eae0ea1d5ede61665fa62cc06 |
| SHA256 | 8b4a8a3b8741610c279283a6cb843cb274223f720edac1c73296340b02569fbe |
| SHA512 | 41e3b3264d8034edf9ee1ab696ca4612ee6ef4e8537b4598805362c4a250f81274425cfa2c9c62330fed73a683e6d3b2ff537b51d869d7da19c4422728da7c0a |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\locales\pl.pak
| MD5 | 41fd7c76e30b333027e86e20a65283a8 |
| SHA1 | 81afebdfd62255d0b0ca508141dcd7b67982f4c1 |
| SHA256 | 5de95dc2236f896e66debfe2cc7553a5bfeaa7ffea2820fe1f2f67368af84f7e |
| SHA512 | c59132dc329ee72fa8e9e9c653da597b5fa40a6eb0a7988cf62b1bdaa646a9f09f504219bfbc5af394a12c9ab6050a39740460a3e5c3ed0946b556c33f608219 |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\locales\sk.pak
| MD5 | befec33f564454253ad90d6cc06ecf62 |
| SHA1 | 1fa0e082c89f9aa397551421a35b7dfc941f5250 |
| SHA256 | 9db30eeac7f1814158283affa0af6451c6f7966896cd6d6df8eab14a37e58c9f |
| SHA512 | a581faf67311eb8d81b481d1e3348f579745331f87523650a4fc35ddbe6d5033e726feab0ca3911ef76a21aceabc3e2122d16333d1b7840a933b5231a9e2d157 |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\locales\ru.pak
| MD5 | fd441a4b72397f5d76915ebcdef45aa1 |
| SHA1 | 94a0ab5704e7303c6ef1c2ee5be0b6f4a52d146e |
| SHA256 | df41fb92e4d682d47b5adf942600b4f23c1aa5274b31b844cd4c4b6f0ec86a86 |
| SHA512 | 5fab517ec0141bb67b4b5ac868100b770fc0b7773b94f977af9205294da9305a2079327a4ece1ff1d9a3b3c805c8d8676c2b0505bf190d1c57c4ed0c14a1cfdb |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\locales\sl.pak
| MD5 | cfb094955a5a8f655ce8a598d5a89706 |
| SHA1 | 181ace68b0c3be132ab73302ba7f7c8750f9adae |
| SHA256 | 15489195e92cf11354a9a02895aad2ba8f17aecb676dd77942054a4f3f0fd623 |
| SHA512 | a31e131663072c1192a4146321db5f0f457d27e14afc8ae40a92a4f255df4cd5302774534fed5247e145c73739a709dd5852af35750f35ecbab0fd4c1a612e2f |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\locales\ro.pak
| MD5 | 4d1ed9e347de9351454d11132c06e916 |
| SHA1 | e3734d17a579ac423ec5fdc5829a211c7b76e049 |
| SHA256 | 57dc80c76c535c645893c9d3b4d0c4779aaa877445383abec79e32cf02c41276 |
| SHA512 | bd3d0841678879a24eb6f2f15c27bcb64a5d7ad171debbb51e7601a3898b830b1985b365363a01d22967969d4d4ddf89a130a5a33ff6a94cef6410b0e89f1849 |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\locales\th.pak
| MD5 | 96212a5191b7062d1620388acf1d09cd |
| SHA1 | d3616b6c4649dcfa347df0473e64219ccd63e63a |
| SHA256 | fa5f97bf433df481a6257fa39ef8dcc7961c5d5a83008b02c9773836d7bfc96c |
| SHA512 | 5192c36317c3a50696796c7286f77b1a02b7a0f83abb16ff7d47ec94281b85ee2fb29b9ddff7c4ad8b28a2a757772bd2bc726b10c19658ab672966679d391508 |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\locales\tr.pak
| MD5 | 4e7c047364c7c4809242741b98b28092 |
| SHA1 | 4ff1b303476cb75d8190568c346e8cc2e452da14 |
| SHA256 | 6a25be43b786ab853f8081c53012be623543830cce5ccd246ec040d98f22b852 |
| SHA512 | 4624cec04114c15a72a804fa4966fe61303effe97039337273ed0dc99e8a6a685ca5cf5fa901a84c8b219d443f1a89e6e7cbe09eb21e7ecff662301067a6cefb |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\locales\te.pak
| MD5 | 93edec428bdaa1f84f5c9478f440997a |
| SHA1 | e03f6bd50b0e0d888f9dfbdc87c98ff567e6a91a |
| SHA256 | a499f50e452ca02ea476fab8954e7ff58d2ee0c6263b8a4657b6ebddeecd2520 |
| SHA512 | ae34e29f1e8d23dacca66036e355b12ebb1117ec6e5e99413c792a0dc8b772eb63578b2406730b014fb4ffe32b05dfd9fab8adcf38ab3f5b9bfd0cf054ed09f7 |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\locales\ta.pak
| MD5 | 8a1a245b43af1f174f262d8f53014d59 |
| SHA1 | 655045f5c71aa2589851a66d5387d4125bbce1ec |
| SHA256 | 85d8ef6fb5fdbd1d689aa6cdbbb768376b08b03ff39f7528a3804a3b4bd82af1 |
| SHA512 | d71b73fd2b5658acf5825f142130c49c278c801fd8beb5fb2039a3c209a1214a9cc00fb6896735fa4d020bc2279afca1577f35fb0a96a315631d46656d2055d3 |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\locales\sw.pak
| MD5 | 70510abd3079bf26caf327989e810216 |
| SHA1 | ea640cb8b3c63d71d9b3a0d377fef5540b04fe81 |
| SHA256 | a11017a3e0e7f48338d4515ec9e79c1764387232a0d9a05fecc4b594bff40091 |
| SHA512 | ecbc97397557e27e66536a97ddf78a744c104b258d40d6f31972e6e5c6615699dd24eb02144ae0d3d53764da0f83a06f561ba95bbf08da4bf4a548b0e7f8c052 |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\locales\sv.pak
| MD5 | 773fc8c89b093c40191fc233730188c1 |
| SHA1 | 28001794144bdb76f62044d57e2d52c8ae1635c6 |
| SHA256 | 6aab29795a36a0234c6d447fb1fdd9011da505c348b934346a27b6a2ddb92ff3 |
| SHA512 | f9bfd3e72955104b922c34352ec16d56939eea634b9abd549d4a3342dd72f8768c85bff59814e419aee6469f6521f4f71fcfe9b8a81c1824187ba818f6d6caac |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\locales\sr.pak
| MD5 | f4041623ce5e06d2dea58d532edb120a |
| SHA1 | 2d7ee3ef60b39e3508427c7bc12e046d7bf5e928 |
| SHA256 | f2f80d7325d259811afea1e7648c42d3ef3eebfeddaec27ee2817f4e68ab541b |
| SHA512 | 18691f4cee3eeaa2305d1c978d803fdf757d9c4e87e88e36d7b1fff482cfddd820568b39a1108065f61dd2cf10d7219c27813aad4d64e71695ab91084ec3c694 |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\locales\zh-TW.pak
| MD5 | 03ade5ba27cd3ae9bab6ab3a5cb721c2 |
| SHA1 | a747311a5f6c2e0e535efd52bc96f3c4d12d5c3f |
| SHA256 | 0c4abf7a66026068cd4f458d504cb04f3e04cf9fae45419ddc2d592f24899a2a |
| SHA512 | 33e122328773039595248a85dc0940841a1e273957ec9a4e175871b3ada48008b608ca6569b495275abb8e2a8844ee0c4d90b48af915a3f5a6aa44f3c37e51f3 |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\locales\zh-CN.pak
| MD5 | 20b6d54de42cf9c56f0a85fdc27d82e8 |
| SHA1 | cecb82b4afe8544876f443fcf578453358ab59a8 |
| SHA256 | 4140caf95939f116993ecd8bc5f7681991f96735d2397c9c7b4c66e3013eed24 |
| SHA512 | 646af407dfb85863f4555961f37f706c18b5c1e68b3111eda9f9b531ba2bb60cf67211ad634037b872156f0ddd04d50d68c49173a27a78ce59f75cbc2bb6c3bf |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\locales\vi.pak
| MD5 | 98cb45f0555aee1985710196db17d72e |
| SHA1 | 1362238c253bc2a0e50c8dde6c95deb027fd6348 |
| SHA256 | 39a130557fea33a9c899f347fa3ed455e58bd51acc0b3b4586f76694b0f34646 |
| SHA512 | 93125310ade0c7029f0406aab291c35d2b7d1941f85bfd3d6071f85ff347c46e793a5ef164c08ebfcba252269a4aa84bf7a3b8779a36ee2f3da303411becc27d |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\locales\uk.pak
| MD5 | 33f02db055c3f91148feee375acabfb7 |
| SHA1 | ca1dc284f41bc55cf35f94a4039008df9970d411 |
| SHA256 | 1968e9ed7722089330e7a8ae2c08f241aa106ed2be8948461439e6a92c330688 |
| SHA512 | ad16973e4103ced979276c6de175eb600241491ec9c441168e6375f68f8867d3f0eba422dd0ef6404208564015119f1e5e2500d5cf4ff2d8da45d713ed8c251d |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\resources\app.asar
| MD5 | fce47a98dbd20dffaf3a6723760eeca5 |
| SHA1 | 47a3c03a378bb7a46a290071fe805a556135898f |
| SHA256 | d13e4cb61a63cd76369804644c0a948a5a472f83a77b49199c12575434261b93 |
| SHA512 | dfe841643191c8302aa4986fb58a879230338ffe5c90224d727a9452d44f32e4e96d096b7c0df250c66022b6abb8218611a4ee7393f5cbca5853321cbda57bb6 |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\resources\elevate.exe
| MD5 | 792b92c8ad13c46f27c7ced0810694df |
| SHA1 | d8d449b92de20a57df722df46435ba4553ecc802 |
| SHA256 | 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37 |
| SHA512 | 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40 |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\swiftshader\libGLESv2.dll
| MD5 | 1e401ccda5b723ab8a595a54f7d2531c |
| SHA1 | 127716680dd16f776b19c2306d716935e54c5100 |
| SHA256 | c167a458174e2a280c39d7af31bd109e8e2921032a687097b584653adc33ab21 |
| SHA512 | 1f2f35021f338aa7c5a0ae83c196217fbca6b1d017ac1bb4f1eebb93bd6e18c5d74c1a14bd4899d7a91d054b0139b2c4fc3271c35148ad1d8b71139aff0132fc |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\swiftshader\libEGL.dll
| MD5 | be1b6fe26a1b5a3e1302c26ce5ce53f3 |
| SHA1 | c3cac08e89c4cc91eae1cc87e33a1dea723f1d78 |
| SHA256 | 162abe61314e720384d8cdd43190a89df8a96de52f3ede7b6c58998f615d8546 |
| SHA512 | 07dca111391dfb6b7e90d4be02071bc625128eeca0b9d9a3cebdc7916baec9f95cbbf906f2533befd6b62b9bbc69488ffa720f8d40c9710dd3b7d540d9dcaa55 |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.bat
| MD5 | da0f40d84d72ae3e9324ad9a040a2e58 |
| SHA1 | 4ca7f6f90fb67dce8470b67010aa19aa0fd6253f |
| SHA256 | 818350a4fb4146072a25f0467c5c99571c854d58bec30330e7db343bceca008b |
| SHA512 | 30b7d4921f39c2601d94a3e3bb0e3be79b4b7b505e52523d2562f2e2f32154d555a593df87a71cddb61b98403265f42e0d6705950b37a155dc1d64113c719fd9 |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\index.js
| MD5 | d226502c9bf2ae0a7f029bd7930be88e |
| SHA1 | 6be773fb30c7693b338f7c911b253e4f430c2f9b |
| SHA256 | 77a3965315946a325ddcf0709d927ba72aa47f889976cbccf567c76cc545159f |
| SHA512 | 93f3d885dad1540b1f721894209cb7f164f0f6f92857d713438e0ce685fc5ee1fc94eb27296462cdeede49b30af8bf089a1fc2a34f8577479645d556aaac2f8e |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\app.manifest
| MD5 | 8951565428aa6644f1505edb592ab38f |
| SHA1 | 9c4bee78e7338f4f8b2c8b6c0e187f43cfe88bf2 |
| SHA256 | 8814db9e125d0c2b7489f8c7c3e95adf41f992d4397ed718bda8573cb8fb0e83 |
| SHA512 | 7577bad37b67bf13a0d7f9b8b7d6c077ecdfb81a5bee94e06dc99e84cb20db2d568f74d1bb2cef906470b4f6859e00214beacca7d82e2b99126d27820bf3b8f5 |
C:\Users\Admin\AppData\Local\Temp\nsn5B8E.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
C:\Users\Admin\AppData\Local\Temp\d3a45f81-77cc-4016-a8be-b141b506ce75.tmp.node
| MD5 | cbfd7db780f0bcc87f3d6ae5e6a8e6f9 |
| SHA1 | faf3d9d3b3c0ace6bf4300bd0d8cbca4cf473f10 |
| SHA256 | 74a90e6a0ce155c1f2e7f45339ccbd6c1d302e591f76c53fea2ec2f85e12740d |
| SHA512 | d1319c6c0d5959282e186377a158479bf5769144b6f127450dc741f16ca996152e2927b1b4d5060c8df8c838640f9453d376d354d728ab605953b52ca0e67cd0 |
memory/1856-568-0x00007FF80BC20000-0x00007FF80BC21000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\805a1a4e-2433-476b-b1f9-134594c38e8d.tmp.node
| MD5 | d4e6004197508892d18fc47645b25f62 |
| SHA1 | 1afceda2531e593c00de7ab994f928a150de5b4d |
| SHA256 | dc29d32decbd161ea4ff1e645d3fdf7a1ce3db0ee25e5485bc19fc775922b71c |
| SHA512 | 0be017eaba3764eb9f38e78248528a9e025958e713a8eb4a8f9b03d087267e107ceef8525a4ecfcbb684b077145fb0161e5dbe05f9fd95f8f94a140fe3ceb8a4 |
C:\Users\Admin\AppData\Local\Temp\epsilon-Admin\Credit Cards\All Credit Cards.txt
| MD5 | dec2be4f1ec3592cea668aa279e7cc9b |
| SHA1 | 327cf8ab0c895e10674e00ea7f437784bb11d718 |
| SHA256 | 753b99d2b4e8c58bfd10995d0c2c19255fe9c8f53703bb27d1b6f76f1f4e83cc |
| SHA512 | 81728e3d31b72905b3a09c79d1e307c4e8e79d436fcfe7560a8046b46ca4ae994fdfaeb1bc2328e35f418b8128f2e7239289e84350e142146df9cde86b20bb66 |
C:\Users\Admin\AppData\Local\Temp\epsilon-Admin\AutoFill Data\All Autofill Data.txt
| MD5 | 810ae82f863a5ffae14d3b3944252a4e |
| SHA1 | 5393e27113753191436b14f0cafa8acabcfe6b2a |
| SHA256 | 453478914b72d9056472fb1e44c69606c62331452f47a1f3c02190f26501785c |
| SHA512 | 2421a397dd2ebb17947167addacd3117f666ddab388e3678168075f58dc8eee15bb49a4aac2290140ae5102924852d27b538740a859d0b35245f505b20f29112 |
memory/1892-650-0x000001B4F7730000-0x000001B4F7731000-memory.dmp
memory/1892-649-0x000001B4F7730000-0x000001B4F7731000-memory.dmp
memory/1892-648-0x000001B4F7730000-0x000001B4F7731000-memory.dmp
memory/1892-658-0x000001B4F7730000-0x000001B4F7731000-memory.dmp
memory/1892-657-0x000001B4F7730000-0x000001B4F7731000-memory.dmp
memory/1892-660-0x000001B4F7730000-0x000001B4F7731000-memory.dmp
memory/1892-659-0x000001B4F7730000-0x000001B4F7731000-memory.dmp
memory/1892-656-0x000001B4F7730000-0x000001B4F7731000-memory.dmp
memory/1892-655-0x000001B4F7730000-0x000001B4F7731000-memory.dmp
memory/1892-654-0x000001B4F7730000-0x000001B4F7731000-memory.dmp
Analysis: behavioral6
Detonation Overview
Submitted
2024-04-08 16:03
Reported
2024-04-08 16:39
Platform
win11-20240221-en
Max time kernel
441s
Max time network
1196s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\chrome_100_percent.pak
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral12
Detonation Overview
Submitted
2024-04-08 16:03
Reported
2024-04-08 16:51
Platform
win11-20240221-en
Max time kernel
451s
Max time network
1175s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\locales\bn.pak
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
Files
Analysis: behavioral15
Detonation Overview
Submitted
2024-04-08 16:03
Reported
2024-04-08 16:54
Platform
win11-20240221-en
Max time kernel
1314s
Max time network
1145s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3852399462-405385529-394778097-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3852399462-405385529-394778097-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\locales\da.pak
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral17
Detonation Overview
Submitted
2024-04-08 16:03
Reported
2024-04-08 16:57
Platform
win11-20240221-en
Max time kernel
437s
Max time network
1170s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\locales\el.pak
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-04-08 16:03
Reported
2024-04-08 16:40
Platform
win11-20240221-en
Max time kernel
450s
Max time network
1178s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\chrome_200_percent.pak
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-04-08 16:03
Reported
2024-04-08 16:43
Platform
win11-20240221-en
Max time kernel
1328s
Max time network
1158s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3852399462-405385529-394778097-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3852399462-405385529-394778097-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\locales\am.pak
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-04-08 16:03
Reported
2024-04-08 16:48
Platform
win11-20240221-en
Max time kernel
435s
Max time network
1160s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4181651180-3163410697-3990547336-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4181651180-3163410697-3990547336-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\locales\ar.pak
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
Files
Analysis: behavioral31
Detonation Overview
Submitted
2024-04-08 16:03
Reported
2024-04-08 17:09
Platform
win11-20240214-en
Max time kernel
449s
Max time network
1174s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\vulkan-1.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-04-08 16:03
Reported
2024-04-08 16:39
Platform
win11-20240221-en
Max time kernel
429s
Max time network
1171s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3084248216-1643706459-906455512-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2380 wrote to memory of 756 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\NOTEPAD.EXE |
| PID 2380 wrote to memory of 756 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\NOTEPAD.EXE |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\LICENSE.electron.txt
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\LICENSE.electron.txt
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral21
Detonation Overview
Submitted
2024-04-08 16:03
Reported
2024-04-08 17:01
Platform
win11-20240221-en
Max time kernel
438s
Max time network
1170s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\locales\es.pak
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
Files
Analysis: behavioral24
Detonation Overview
Submitted
2024-04-08 16:03
Reported
2024-04-08 17:05
Platform
win11-20240221-en
Max time kernel
457s
Max time network
1182s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4280069375-290121026-380765049-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4280069375-290121026-380765049-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\locales\fi.pak
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| NL | 52.111.243.29:443 | tcp |
Files
Analysis: behavioral26
Detonation Overview
Submitted
2024-04-08 16:03
Reported
2024-04-08 17:09
Platform
win11-20240221-en
Max time kernel
443s
Max time network
1179s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.bat"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\RESOUR~1\APPASA~1.UNP\NODE_M~1\SCREEN~1\lib\win32\SCREEN~1.BAT"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES92F9.tmp" "c:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\CSC46762BFBA4074E78A1A22A33D0BE480.TMP"
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe
screenCapture_1.3.2.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
Files
\??\c:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\CSC46762BFBA4074E78A1A22A33D0BE480.TMP
| MD5 | a6f2d21624678f54a2abed46e9f3ab17 |
| SHA1 | a2a6f07684c79719007d434cbd1cd2164565734a |
| SHA256 | ab96911d094b6070cbfb48e07407371ddb41b86e36628b6a10cdb11478192344 |
| SHA512 | 0b286df41c3887eecff5c38cbd6818078313b555ef001151b41ac11b80466b2f4f39da518ab9c51eeff35295cb39d52824de13e026c35270917d7274f764c676 |
C:\Users\Admin\AppData\Local\Temp\RES92F9.tmp
| MD5 | 436408bb2c890eb014ef0ffea1ecd49b |
| SHA1 | fa473aeb348fde0b1e9f3a23e59c6ac2e9ec5502 |
| SHA256 | 2fe222eca11bdf82d1096e35424f265f94425efc078c767a53ec92c29251966d |
| SHA512 | df47db759abeb97dc3824c15fba363c4f9cb3efbab616ee531863e9a35d546e77cadc54870e169dc322f30309be3d2be03dca17681a29c73fd5f8fc6d51dad4e |
C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe
| MD5 | 4d946514bd59cce0d763f29b60457d15 |
| SHA1 | bd911152fbbc65dad7eaa78e7672df39c0f9b179 |
| SHA256 | a715f533ad150618afc0c90bf6417b00586b3e740d56ba23a9c2567e263031db |
| SHA512 | 20f7a279c8f23c5c3e2f5f6a8ffcbb16beb9235aa6f95e63e82012db0a6a38ea07fc8180e3f3f98de48a3cfbc232bbec6ca4a4401d920ae8ebd54ff3d98ecf98 |
memory/4996-9-0x0000000000E80000-0x0000000000E8A000-memory.dmp
memory/4996-11-0x00007FF9D06A0000-0x00007FF9D1162000-memory.dmp
memory/4996-12-0x00007FF9D06A0000-0x00007FF9D1162000-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2024-04-08 16:03
Reported
2024-04-08 16:38
Platform
win11-20240221-en
Max time kernel
441s
Max time network
1176s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2128 wrote to memory of 2104 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2128 wrote to memory of 2104 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2128 wrote to memory of 2104 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 204 -p 2104 -ip 2104
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 460
Network
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-04-08 16:03
Reported
2024-04-08 16:40
Platform
win11-20240221-en
Max time kernel
454s
Max time network
1178s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4280069375-290121026-380765049-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4280069375-290121026-380765049-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\icudtl.dat
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-04-08 16:03
Reported
2024-04-08 16:49
Platform
win11-20240221-en
Max time kernel
449s
Max time network
1176s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4181651180-3163410697-3990547336-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4181651180-3163410697-3990547336-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\locales\bg.pak
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
Files
Analysis: behavioral19
Detonation Overview
Submitted
2024-04-08 16:03
Reported
2024-04-08 16:59
Platform
win11-20240221-en
Max time kernel
1329s
Max time network
1175s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\locales\en-US.pak
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
Files
Analysis: behavioral25
Detonation Overview
Submitted
2024-04-08 16:03
Reported
2024-04-08 17:08
Platform
win11-20240221-en
Max time kernel
449s
Max time network
1176s
Command Line
Signatures
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\index.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral28
Detonation Overview
Submitted
2024-04-08 16:03
Reported
2024-04-08 17:09
Platform
win11-20240214-en
Max time kernel
447s
Max time network
1170s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\swiftshader\libEGL.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 52.111.227.14:443 | tcp | |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
Files
Analysis: behavioral30
Detonation Overview
Submitted
2024-04-08 16:03
Reported
2024-04-08 17:09
Platform
win11-20240221-en
Max time kernel
448s
Max time network
1172s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\vk_swiftshader.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 52.111.229.43:443 | tcp |
Files
Analysis: behavioral14
Detonation Overview
Submitted
2024-04-08 16:03
Reported
2024-04-08 16:54
Platform
win11-20240221-en
Max time kernel
1452s
Max time network
1477s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3852399462-405385529-394778097-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3852399462-405385529-394778097-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\locales\cs.pak
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral16
Detonation Overview
Submitted
2024-04-08 16:03
Reported
2024-04-08 16:55
Platform
win11-20240221-en
Max time kernel
451s
Max time network
1179s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\locales\de.pak
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
Files
Analysis: behavioral22
Detonation Overview
Submitted
2024-04-08 16:03
Reported
2024-04-08 17:01
Platform
win11-20240221-en
Max time kernel
454s
Max time network
1180s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\locales\et.pak
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral23
Detonation Overview
Submitted
2024-04-08 16:03
Reported
2024-04-08 17:05
Platform
win11-20240221-en
Max time kernel
434s
Max time network
1172s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\locales\fa.pak
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
Files
Analysis: behavioral27
Detonation Overview
Submitted
2024-04-08 16:03
Reported
2024-04-08 17:08
Platform
win11-20240221-en
Max time kernel
451s
Max time network
1174s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe
"C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe"