Analysis Overview
SHA256
96d4c2c87df34d071db50cf45ce15ea36996855a4e390e75d01715c5664bae24
Threat Level: Known bad
The file BlitzedGrabberV12.zip was found to be: Known bad.
Malicious Activity Summary
Stormkitty family
Orcus
StormKitty payload
StormKitty
Orcus main payload
Orcurs Rat Executable
Obfuscated with Agile.Net obfuscator
Looks up external IP address via web service
Legitimate hosting services abused for malware hosting/C2
Command and Scripting Interpreter: PowerShell
Program crash
Unsigned PE
Checks processor information in registry
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Modifies registry class
Uses Task Scheduler COM API
Suspicious use of SendNotifyMessage
NTFS ADS
Opens file in notepad (likely ransom note)
Suspicious use of WriteProcessMemory
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-05-05 13:28
Signatures
StormKitty payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Stormkitty family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-05 13:27
Reported
2024-05-05 13:39
Platform
win7-20231129-en
Max time kernel
359s
Max time network
359s
Command Line
Signatures
Processes
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12.zip
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-05 13:27
Reported
2024-05-05 13:34
Platform
win10v2004-20240426-en
Max time kernel
291s
Max time network
356s
Command Line
Signatures
Orcus
Orcus main payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
StormKitty
StormKitty payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Orcurs Rat Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | checkip.dyndns.org | N/A | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Downloads\BlitzedGrabberV12\BlitzedGrabberV12\Resources\UltraEmbeddable.exe |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Version = "1" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = ffffffff | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\NodeSlot = "3" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0000000001000000ffffffff | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 14002e803accbfb42cdb4c42b0297fe99a87c6410000 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\BlitzedGrabberV12.rar:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\BlitzedGrabberV12.zip:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12.zip
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3876.0.1402088668\1385763666" -parentBuildID 20230214051806 -prefsHandle 1672 -prefMapHandle 1640 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e16be0c8-1522-4cdd-8366-61ba7f8c00c0} 3876 "\\.\pipe\gecko-crash-server-pipe.3876" 1868 1820bfe7958 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3876.1.688284570\1901206131" -parentBuildID 20230214051806 -prefsHandle 2424 -prefMapHandle 2412 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b90d03ca-72f2-474a-992a-fd5c54bdc33d} 3876 "\\.\pipe\gecko-crash-server-pipe.3876" 2436 1820028a258 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3876.2.1954761824\64291563" -childID 1 -isForBrowser -prefsHandle 2948 -prefMapHandle 2944 -prefsLen 22150 -prefMapSize 235121 -jsInitHandle 1076 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b4bfab5f-57e7-48e8-8061-62ab66c01a7f} 3876 "\\.\pipe\gecko-crash-server-pipe.3876" 2960 1820f7ecf58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3876.3.714839561\820520080" -childID 2 -isForBrowser -prefsHandle 4268 -prefMapHandle 4264 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1076 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f9a5823-d0e5-4133-97d9-89f7fe99f0a2} 3876 "\\.\pipe\gecko-crash-server-pipe.3876" 4280 182121eb958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3876.4.1656492720\2067089991" -childID 3 -isForBrowser -prefsHandle 5028 -prefMapHandle 5024 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1076 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a75482a-1e23-4bec-a03b-c33954ab36fd} 3876 "\\.\pipe\gecko-crash-server-pipe.3876" 4968 182139cc158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3876.5.1723795618\175408758" -childID 4 -isForBrowser -prefsHandle 4440 -prefMapHandle 5048 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1076 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {638c2968-dbe7-4609-96d8-608a4b2ad3b2} 3876 "\\.\pipe\gecko-crash-server-pipe.3876" 5148 182139eab58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3876.6.1286992252\605874785" -childID 5 -isForBrowser -prefsHandle 5376 -prefMapHandle 5380 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1076 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f82acdd-b398-41fb-a0f1-f478bd2a595b} 3876 "\\.\pipe\gecko-crash-server-pipe.3876" 5176 182139e9358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3876.7.1084136014\1059908947" -childID 6 -isForBrowser -prefsHandle 4516 -prefMapHandle 1564 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1076 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed12a8ea-6cb8-42e6-933e-0a21bfd0563f} 3876 "\\.\pipe\gecko-crash-server-pipe.3876" 5848 1820c26e958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3876.8.88975268\48675865" -childID 7 -isForBrowser -prefsHandle 5044 -prefMapHandle 4936 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1076 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d328a5f-0a56-4b75-acec-dcb100931ee6} 3876 "\\.\pipe\gecko-crash-server-pipe.3876" 5064 1821220b058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3876.9.405772828\56314619" -childID 8 -isForBrowser -prefsHandle 6420 -prefMapHandle 6300 -prefsLen 28081 -prefMapSize 235121 -jsInitHandle 1076 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6600bce1-c6b4-41df-9cba-a10cbd6caa98} 3876 "\\.\pipe\gecko-crash-server-pipe.3876" 6436 18215447258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3876.10.1422039862\1760828126" -childID 9 -isForBrowser -prefsHandle 6616 -prefMapHandle 6664 -prefsLen 28081 -prefMapSize 235121 -jsInitHandle 1076 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7caf5273-b30f-47d4-8817-d8ebd84a898a} 3876 "\\.\pipe\gecko-crash-server-pipe.3876" 6604 18213eefb58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3876.11.794389813\1285637784" -childID 10 -isForBrowser -prefsHandle 7844 -prefMapHandle 7572 -prefsLen 28217 -prefMapSize 235121 -jsInitHandle 1076 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef20c5e3-df21-4641-b011-f7a455946aeb} 3876 "\\.\pipe\gecko-crash-server-pipe.3876" 7784 1821956f758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3876.12.618245228\697643624" -childID 11 -isForBrowser -prefsHandle 6396 -prefMapHandle 6344 -prefsLen 28217 -prefMapSize 235121 -jsInitHandle 1076 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1ce91be-d772-4e63-99a9-b47ec913cfda} 3876 "\\.\pipe\gecko-crash-server-pipe.3876" 7828 18219571e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3876.13.1195333541\1111577840" -childID 12 -isForBrowser -prefsHandle 11292 -prefMapHandle 6060 -prefsLen 28217 -prefMapSize 235121 -jsInitHandle 1076 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f00d001d-cd53-4209-ba4d-5a3255adaa43} 3876 "\\.\pipe\gecko-crash-server-pipe.3876" 11276 1821aaaa558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3876.14.2099121423\1234340171" -childID 13 -isForBrowser -prefsHandle 7656 -prefMapHandle 11256 -prefsLen 28217 -prefMapSize 235121 -jsInitHandle 1076 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c486b55-fce3-4c77-93ba-60d314748e2b} 3876 "\\.\pipe\gecko-crash-server-pipe.3876" 11120 1821aaa9c58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3876.15.1236700186\1017187692" -parentBuildID 20230214051806 -prefsHandle 11072 -prefMapHandle 11068 -prefsLen 28217 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {21be0049-ddd6-4931-a618-8041707181fc} 3876 "\\.\pipe\gecko-crash-server-pipe.3876" 11080 1821af0e958 rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3876.16.279969440\199418591" -parentBuildID 20230214051806 -sandboxingKind 1 -prefsHandle 10804 -prefMapHandle 10792 -prefsLen 28217 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e310eba-8a10-49bd-a4b5-4d3b6fb310a6} 3876 "\\.\pipe\gecko-crash-server-pipe.3876" 11152 1821af0f258 utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3876.17.116248494\1020986979" -childID 14 -isForBrowser -prefsHandle 10868 -prefMapHandle 10916 -prefsLen 28217 -prefMapSize 235121 -jsInitHandle 1076 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2843246-dedf-4920-82fc-9519d1b2aa98} 3876 "\\.\pipe\gecko-crash-server-pipe.3876" 10200 1821b7e9158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3876.18.924289241\746283957" -childID 15 -isForBrowser -prefsHandle 9904 -prefMapHandle 9908 -prefsLen 28217 -prefMapSize 235121 -jsInitHandle 1076 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {369d85f3-0003-4140-bb68-a4be9228bf1a} 3876 "\\.\pipe\gecko-crash-server-pipe.3876" 9988 1821b7ea358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3876.19.912029207\159575492" -childID 16 -isForBrowser -prefsHandle 9792 -prefMapHandle 9788 -prefsLen 28217 -prefMapSize 235121 -jsInitHandle 1076 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {afcac058-8faf-4406-b8d5-7ec39cb5edc8} 3876 "\\.\pipe\gecko-crash-server-pipe.3876" 9800 1821b7e8258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3876.20.1945211135\972463060" -childID 17 -isForBrowser -prefsHandle 9504 -prefMapHandle 9508 -prefsLen 28217 -prefMapSize 235121 -jsInitHandle 1076 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {21b425ee-40d3-4dbc-bc56-75a4bbf79e5e} 3876 "\\.\pipe\gecko-crash-server-pipe.3876" 9496 1821b7e8e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3876.21.1204660061\232990429" -childID 18 -isForBrowser -prefsHandle 9372 -prefMapHandle 9364 -prefsLen 28217 -prefMapSize 235121 -jsInitHandle 1076 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {86245c51-7c4c-42cc-aa69-d64cec3eda6d} 3876 "\\.\pipe\gecko-crash-server-pipe.3876" 4460 1821c035b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3876.22.1006553170\198360960" -childID 19 -isForBrowser -prefsHandle 4448 -prefMapHandle 4452 -prefsLen 28217 -prefMapSize 235121 -jsInitHandle 1076 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {66c80980-effa-4991-8900-19a62993e1e4} 3876 "\\.\pipe\gecko-crash-server-pipe.3876" 10200 1821c032258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3876.23.290107596\999396981" -childID 20 -isForBrowser -prefsHandle 5812 -prefMapHandle 10340 -prefsLen 28217 -prefMapSize 235121 -jsInitHandle 1076 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ce5a58e-5042-404d-afbb-d855f969f04a} 3876 "\\.\pipe\gecko-crash-server-pipe.3876" 5092 1821517c358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3876.24.1069195504\1285614959" -childID 21 -isForBrowser -prefsHandle 10876 -prefMapHandle 9500 -prefsLen 28217 -prefMapSize 235121 -jsInitHandle 1076 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a90dc5ad-45c6-4f3b-b23c-2d70a81ae15e} 3876 "\\.\pipe\gecko-crash-server-pipe.3876" 9604 1821a09d258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3876.25.1765802032\1031110379" -childID 22 -isForBrowser -prefsHandle 8420 -prefMapHandle 8316 -prefsLen 28217 -prefMapSize 235121 -jsInitHandle 1076 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4b1908c-b458-4dc2-ba66-e7058a3b45d1} 3876 "\\.\pipe\gecko-crash-server-pipe.3876" 8304 1821bf38b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3876.26.1750812571\903943419" -childID 23 -isForBrowser -prefsHandle 10268 -prefMapHandle 9744 -prefsLen 28226 -prefMapSize 235121 -jsInitHandle 1076 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad35f7a3-88da-44fc-82fa-758e10812e20} 3876 "\\.\pipe\gecko-crash-server-pipe.3876" 10364 1820c26d758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3876.27.489860567\586554121" -childID 24 -isForBrowser -prefsHandle 5868 -prefMapHandle 7684 -prefsLen 28226 -prefMapSize 235121 -jsInitHandle 1076 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e9a28706-c21c-49a0-b51f-15683c480abb} 3876 "\\.\pipe\gecko-crash-server-pipe.3876" 5816 1820c26fb58 tab
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\BlitzedGrabberV12\BlitzedGrabberV12\README.txt
C:\Users\Admin\Downloads\BlitzedGrabberV12\BlitzedGrabberV12\Resources\yhyty5.exe
"C:\Users\Admin\Downloads\BlitzedGrabberV12\BlitzedGrabberV12\Resources\yhyty5.exe"
C:\Windows\SYSTEM32\cmd.exe
"cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\netsh.exe
netsh wlan show profile
C:\Windows\system32\findstr.exe
findstr All
C:\Windows\SYSTEM32\cmd.exe
"cmd.exe" /C chcp 65001 && netsh wlan show profile name=65001 key=clear | findstr Key
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\netsh.exe
netsh wlan show profile name=65001 key=clear
C:\Windows\system32\findstr.exe
findstr Key
C:\Users\Admin\Downloads\BlitzedGrabberV12\BlitzedGrabberV12\Resources\yhyty5.exe
"C:\Users\Admin\Downloads\BlitzedGrabberV12\BlitzedGrabberV12\Resources\yhyty5.exe"
C:\Windows\SYSTEM32\cmd.exe
"cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\netsh.exe
netsh wlan show profile
C:\Windows\system32\findstr.exe
findstr All
C:\Windows\SYSTEM32\cmd.exe
"cmd.exe" /C chcp 65001 && netsh wlan show profile name=65001 key=clear | findstr Key
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\netsh.exe
netsh wlan show profile name=65001 key=clear
C:\Windows\system32\findstr.exe
findstr Key
C:\Users\Admin\Downloads\BlitzedGrabberV12\BlitzedGrabberV12\Resources\ww.exe
"C:\Users\Admin\Downloads\BlitzedGrabberV12\BlitzedGrabberV12\Resources\ww.exe"
C:\Windows\SYSTEM32\cmd.exe
"cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\netsh.exe
netsh wlan show profile
C:\Windows\system32\findstr.exe
findstr All
C:\Windows\SYSTEM32\cmd.exe
"cmd.exe" /C chcp 65001 && netsh wlan show profile name=65001 key=clear | findstr Key
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\netsh.exe
netsh wlan show profile name=65001 key=clear
C:\Windows\system32\findstr.exe
findstr Key
C:\Users\Admin\Downloads\BlitzedGrabberV12\BlitzedGrabberV12\Resources\ww.exe
"C:\Users\Admin\Downloads\BlitzedGrabberV12\BlitzedGrabberV12\Resources\ww.exe"
C:\Windows\SYSTEM32\cmd.exe
"cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\netsh.exe
netsh wlan show profile
C:\Windows\system32\findstr.exe
findstr All
C:\Windows\SYSTEM32\cmd.exe
"cmd.exe" /C chcp 65001 && netsh wlan show profile name=65001 key=clear | findstr Key
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\netsh.exe
netsh wlan show profile name=65001 key=clear
C:\Windows\system32\findstr.exe
findstr Key
C:\Users\Admin\Downloads\BlitzedGrabberV12\BlitzedGrabberV12\Resources\UltraEmbeddable.exe
"C:\Users\Admin\Downloads\BlitzedGrabberV12\BlitzedGrabberV12\Resources\UltraEmbeddable.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3164 -ip 3164
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 872
C:\Users\Admin\Downloads\BlitzedGrabberV12\BlitzedGrabberV12\BlitzedGrabberV12.exe
"C:\Users\Admin\Downloads\BlitzedGrabberV12\BlitzedGrabberV12\BlitzedGrabberV12.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3876.28.130716563\1083090950" -childID 25 -isForBrowser -prefsHandle 6756 -prefMapHandle 8408 -prefsLen 28226 -prefMapSize 235121 -jsInitHandle 1076 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {14ae906f-3bc2-4dd2-9fda-5b19f25e24af} 3876 "\\.\pipe\gecko-crash-server-pipe.3876" 6656 18211fa0758 tab
C:\Users\Admin\AppData\Local\Temp\mxfix.EXE
"C:\Users\Admin\AppData\Local\Temp\mxfix.EXE"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy Bypass -File mxfixer.ps1
C:\Users\Admin\AppData\Local\Temp\UnityCrashHandlerV2.exe
"C:\Users\Admin\AppData\Local\Temp\UnityCrashHandlerV2.exe"
C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12.exe
"C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3876.29.1855265369\2123642162" -childID 26 -isForBrowser -prefsHandle 7680 -prefMapHandle 5040 -prefsLen 28226 -prefMapSize 235121 -jsInitHandle 1076 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b461d04-0a2d-4022-8f67-9d9de5423b72} 3876 "\\.\pipe\gecko-crash-server-pipe.3876" 2708 1821b505e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3876.30.561766357\1617723030" -childID 27 -isForBrowser -prefsHandle 6624 -prefMapHandle 10512 -prefsLen 28226 -prefMapSize 235121 -jsInitHandle 1076 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6801246e-cdec-4a59-abb9-96d712c2a8a7} 3876 "\\.\pipe\gecko-crash-server-pipe.3876" 8428 1821b506158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3876.31.1542274762\1318368340" -childID 28 -isForBrowser -prefsHandle 5056 -prefMapHandle 5076 -prefsLen 28226 -prefMapSize 235121 -jsInitHandle 1076 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2fb46889-35cf-4763-b38c-747325ed08e8} 3876 "\\.\pipe\gecko-crash-server-pipe.3876" 5036 1821b506a58 tab
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\uoaaijku.cmdline"
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE491.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCE490.tmp"
C:\Windows\SysWOW64\WindowsInput.exe
"C:\Windows\SysWOW64\WindowsInput.exe" --install
C:\Windows\SysWOW64\WindowsInput.exe
"C:\Windows\SysWOW64\WindowsInput.exe"
C:\ProgramData\Chrome\chromedriver.exe
"C:\ProgramData\Chrome\chromedriver.exe"
C:\ProgramData\Chrome\chromedriver.exe
C:\ProgramData\Chrome\chromedriver.exe
C:\Users\Admin\AppData\Roaming\svchost.exe
"C:\Users\Admin\AppData\Roaming\svchost.exe" /launchSelfAndExit "C:\ProgramData\Chrome\chromedriver.exe" 1408 /protectFile
C:\Users\Admin\AppData\Roaming\svchost.exe
"C:\Users\Admin\AppData\Roaming\svchost.exe" /watchProcess "C:\ProgramData\Chrome\chromedriver.exe" 1408 "/protectFile"
C:\Users\Admin\Downloads\BlitzedGrabberV12\BlitzedGrabberV12\BlitzedGrabberV12.exe
"C:\Users\Admin\Downloads\BlitzedGrabberV12\BlitzedGrabberV12\BlitzedGrabberV12.exe"
C:\Users\Admin\AppData\Local\Temp\mxfix.EXE
"C:\Users\Admin\AppData\Local\Temp\mxfix.EXE"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy Bypass -File mxfixer.ps1
C:\Users\Admin\AppData\Local\Temp\UnityCrashHandlerV2.exe
"C:\Users\Admin\AppData\Local\Temp\UnityCrashHandlerV2.exe"
C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12.exe
"C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12.exe"
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\qw2blpje.cmdline"
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES9E9A.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC9E99.tmp"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.53.16.96.in-addr.arpa | udp |
| N/A | 127.0.0.1:57784 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 35.164.250.149:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| N/A | 127.0.0.1:57790 | tcp | |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | 32.140.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 172.217.16.238:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 172.217.16.238:443 | consent.google.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | private-user-images.githubusercontent.com | udp |
| US | 185.199.108.133:443 | private-user-images.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | private-user-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | private-user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | private-user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 185.199.111.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 22.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.111.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | cloudconvert.com | udp |
| FR | 52.222.169.66:443 | cloudconvert.com | tcp |
| US | 8.8.8.8:53 | cloudconvert.com | udp |
| FR | 52.222.169.66:443 | cloudconvert.com | udp |
| US | 8.8.8.8:53 | 66.169.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.cloudconvert.com | udp |
| FR | 52.222.201.56:443 | api.cloudconvert.com | tcp |
| FR | 52.222.201.56:443 | api.cloudconvert.com | tcp |
| FR | 52.222.201.56:443 | api.cloudconvert.com | tcp |
| FR | 52.222.201.56:443 | api.cloudconvert.com | tcp |
| US | 8.8.8.8:53 | api.cloudconvert.com | udp |
| US | 8.8.8.8:53 | api.cloudconvert.com | udp |
| FR | 52.222.201.56:443 | api.cloudconvert.com | udp |
| US | 8.8.8.8:53 | 56.201.222.52.in-addr.arpa | udp |
| FR | 52.222.201.56:443 | api.cloudconvert.com | udp |
| US | 8.8.8.8:53 | socketio.cloudconvert.com | udp |
| US | 8.8.8.8:53 | socketio.cloudconvert.com | udp |
| US | 8.8.8.8:53 | socketio.cloudconvert.com | udp |
| FR | 52.222.201.56:443 | socketio.cloudconvert.com | tcp |
| FR | 52.222.201.56:443 | socketio.cloudconvert.com | tcp |
| FR | 52.222.201.56:443 | socketio.cloudconvert.com | udp |
| FR | 52.222.201.74:443 | socketio.cloudconvert.com | tcp |
| US | 8.8.8.8:53 | 74.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.ezyzip.com | udp |
| US | 172.67.69.234:443 | www.ezyzip.com | tcp |
| US | 8.8.8.8:53 | www.ezyzip.com | udp |
| US | 8.8.8.8:53 | www.ezyzip.com | udp |
| US | 172.67.69.234:443 | www.ezyzip.com | udp |
| US | 8.8.8.8:53 | cdn.fuseplatform.net | udp |
| US | 8.8.8.8:53 | kit.fontawesome.com | udp |
| US | 8.8.8.8:53 | assets.pinterest.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 2.18.190.76:443 | cdn.fuseplatform.net | tcp |
| US | 8.8.8.8:53 | a1956.dscr.akamai.net | udp |
| US | 172.64.147.188:443 | kit.fontawesome.com | tcp |
| US | 8.8.8.8:53 | kit.fontawesome.com.cdn.cloudflare.net | udp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| GB | 199.232.56.84:443 | assets.pinterest.com | tcp |
| US | 8.8.8.8:53 | kit.fontawesome.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | a1956.dscr.akamai.net | udp |
| US | 8.8.8.8:53 | 234.69.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.147.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.79.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.56.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | dualstack.pinterest.map.fastly.net | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | dualstack.pinterest.map.fastly.net | udp |
| GB | 199.232.56.84:443 | dualstack.pinterest.map.fastly.net | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | ka-f.fontawesome.com | udp |
| US | 8.8.8.8:53 | www.dropbox.com | udp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 104.21.26.223:443 | ka-f.fontawesome.com | tcp |
| US | 104.21.26.223:443 | ka-f.fontawesome.com | tcp |
| US | 8.8.8.8:53 | ka-f.fontawesome.com.cdn.cloudflare.net | udp |
| US | 104.21.26.223:443 | ka-f.fontawesome.com.cdn.cloudflare.net | tcp |
| US | 104.21.26.223:443 | ka-f.fontawesome.com.cdn.cloudflare.net | tcp |
| US | 8.8.8.8:53 | cmp.inmobi.com | udp |
| GB | 162.125.64.18:443 | www.dropbox.com | tcp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | ka-f.fontawesome.com.cdn.cloudflare.net | udp |
| FR | 52.222.149.95:443 | cmp.inmobi.com | tcp |
| US | 8.8.8.8:53 | www-env.dropbox-dns.com | udp |
| US | 8.8.8.8:53 | d23sp3kzv1t6m5.cloudfront.net | udp |
| US | 104.21.26.223:443 | ka-f.fontawesome.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| GB | 216.58.212.206:443 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | www-env.dropbox-dns.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | d23sp3kzv1t6m5.cloudfront.net | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | d1ykf07e75w7ss.cloudfront.net | udp |
| US | 8.8.8.8:53 | jsdelivr.map.fastly.net | udp |
| US | 8.8.8.8:53 | d1ykf07e75w7ss.cloudfront.net | udp |
| US | 8.8.8.8:53 | jsdelivr.map.fastly.net | udp |
| US | 151.101.1.229:443 | jsdelivr.map.fastly.net | udp |
| FR | 13.249.10.203:443 | c.amazon-adsystem.com | tcp |
| GB | 216.58.204.66:443 | securepubads.g.doubleclick.net | tcp |
| FR | 52.222.149.95:443 | d23sp3kzv1t6m5.cloudfront.net | tcp |
| US | 104.21.26.223:443 | ka-f.fontawesome.com.cdn.cloudflare.net | udp |
| GB | 216.58.204.66:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 206.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.64.125.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.149.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.26.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.10.249.13.in-addr.arpa | udp |
| FR | 13.249.10.203:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| FR | 52.84.174.60:443 | config.aps.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 172.67.41.60:443 | btloader.com | tcp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| GB | 172.217.16.238:443 | www3.l.google.com | tcp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| GB | 142.250.187.234:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.187.234:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | log.pinterest.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| GB | 172.217.16.238:443 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| BE | 64.233.167.157:443 | stats.g.doubleclick.net | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| FR | 52.84.174.60:443 | config.aps.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 151.101.0.84:443 | log.pinterest.com | tcp |
| GB | 142.250.187.246:443 | i.ytimg.com | tcp |
| GB | 142.250.187.234:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| BE | 64.233.167.157:443 | stats.g.doubleclick.net | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | prod.pinterest.global.map.fastly.net | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 151.101.0.84:443 | prod.pinterest.global.map.fastly.net | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| GB | 142.250.187.246:443 | i.ytimg.com | udp |
| GB | 142.250.178.1:443 | yt3.ggpht.com | tcp |
| US | 8.8.8.8:53 | prod.pinterest.global.map.fastly.net | udp |
| US | 8.8.8.8:53 | 60.41.67.172.in-addr.arpa | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 8.8.8.8:53 | 234.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.174.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.0.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | photos-ugc.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | photos-ugc.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| GB | 142.250.180.6:443 | static.doubleclick.net | tcp |
| GB | 142.250.178.1:443 | photos-ugc.l.googleusercontent.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| GB | 142.250.187.234:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 142.250.180.6:443 | static.doubleclick.net | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | 1.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.3.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.cmp.inmobi.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| DE | 18.158.152.241:443 | api.cmp.inmobi.com | tcp |
| DE | 18.158.152.241:443 | api.cmp.inmobi.com | tcp |
| GB | 216.58.204.67:443 | www.google.co.uk | udp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | choice-apis-prod-2120274730.eu-central-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | choice-apis-prod-2120274730.eu-central-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.152.158.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | 0080d45fe802a7db49d88f30fbb4c825.safeframe.googlesyndication.com | udp |
| GB | 142.250.187.193:443 | 0080d45fe802a7db49d88f30fbb4c825.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | pagead-googlehosted.l.google.com | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | a.teads.tv | udp |
| US | 8.8.8.8:53 | publift-d.openx.net | udp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | pagead-googlehosted.l.google.com | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 34.98.64.218:443 | publift-d.openx.net | tcp |
| US | 104.18.36.155:443 | htlb.casalemedia.com | tcp |
| US | 8.8.8.8:53 | ssc.33across.com | udp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | bidder.criteo.com | udp |
| DE | 37.252.173.215:443 | ib.adnxs.com | tcp |
| FR | 52.84.179.171:443 | aax.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | i.connectad.io | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| BE | 2.21.17.83:443 | a.teads.tv | tcp |
| DE | 3.124.64.248:443 | tlx.3lift.com | tcp |
| US | 8.8.8.8:53 | prg-apac.smartadserver.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| IE | 54.77.67.189:443 | ap.lijit.com | tcp |
| US | 8.8.8.8:53 | publift-d.openx.net | udp |
| US | 34.149.20.76:443 | ssc.33across.com | tcp |
| US | 34.149.20.76:443 | ssc.33across.com | tcp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| NL | 145.40.97.66:443 | prebid.a-mo.net | tcp |
| US | 8.8.8.8:53 | ib.anycast.adnxs.com | udp |
| NL | 185.64.189.112:443 | hbopenbid.pubmatic.com | tcp |
| US | 104.22.55.206:443 | i.connectad.io | tcp |
| GB | 142.250.187.193:443 | pagead-googlehosted.l.google.com | udp |
| US | 8.8.8.8:53 | ib.anycast.adnxs.com | udp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | publift-d.openx.net | udp |
| US | 8.8.8.8:53 | d1jvc9b8z3vcjs.cloudfront.net | udp |
| FR | 185.86.138.121:443 | prg-apac.smartadserver.com | tcp |
| FR | 185.86.138.121:443 | prg-apac.smartadserver.com | tcp |
| US | 8.8.8.8:53 | e9957.b.akamaiedge.net | udp |
| US | 8.8.8.8:53 | eu-tlx.3lift.com | udp |
| US | 8.8.8.8:53 | e9957.b.akamaiedge.net | udp |
| US | 8.8.8.8:53 | eu-tlx.3lift.com | udp |
| US | 8.8.8.8:53 | d1jvc9b8z3vcjs.cloudfront.net | udp |
| US | 8.8.8.8:53 | blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | ssc.33across.com | udp |
| US | 8.8.8.8:53 | bidder.nl3.vip.prod.criteo.com | udp |
| US | 8.8.8.8:53 | blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | ssc.33across.com | udp |
| US | 8.8.8.8:53 | bidder.nl3.vip.prod.criteo.com | udp |
| US | 34.98.64.218:443 | publift-d.openx.net | udp |
| US | 8.8.8.8:53 | am6-prebid.a-mx.net | udp |
| US | 8.8.8.8:53 | hbopenbid-ams.pubmnet.com | udp |
| US | 8.8.8.8:53 | i.connectad.io | udp |
| US | 104.22.55.206:443 | i.connectad.io | udp |
| US | 34.149.20.76:443 | ssc.33across.com | udp |
| US | 104.18.36.155:443 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | hbopenbid-ams.pubmnet.com | udp |
| US | 8.8.8.8:53 | i.connectad.io | udp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | itx5.smartadserver.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | itx5.smartadserver.com | udp |
| IE | 67.220.226.234:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| FR | 18.155.129.21:443 | tags.crwdcntrl.net | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 193.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.64.98.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.36.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.179.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.17.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.173.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.64.124.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.67.77.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.20.149.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.97.40.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.189.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.55.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.138.86.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.226.220.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.129.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | 1x1.a-mo.net | udp |
| IE | 52.49.90.166:443 | bcp.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 44.207.184.171:443 | 1x1.a-mo.net | tcp |
| US | 8.8.8.8:53 | 1x1.a-mo.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | 1x1.a-mo.net | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| GB | 142.250.179.230:443 | s0.2mdn.net | tcp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| GB | 142.250.179.230:443 | s0.2mdn.net | udp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 8.8.8.8:53 | static.nl3.vip.prod.criteo.net | udp |
| US | 8.8.8.8:53 | static.nl3.vip.prod.criteo.net | udp |
| US | 8.8.8.8:53 | 166.90.49.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.184.207.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads4.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| NL | 178.250.1.3:443 | static.nl3.vip.prod.criteo.net | tcp |
| US | 8.8.8.8:53 | googleads4.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads4.g.doubleclick.net | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | gum.nl3.vip.prod.criteo.com | udp |
| US | 8.8.8.8:53 | ml314.com | udp |
| GB | 172.217.169.66:443 | googleads4.g.doubleclick.net | tcp |
| US | 34.117.77.79:443 | ml314.com | tcp |
| US | 8.8.8.8:53 | gum.nl3.vip.prod.criteo.com | udp |
| US | 8.8.8.8:53 | ml314.com | udp |
| GB | 172.217.169.66:443 | googleads4.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | code.createjs.com | udp |
| US | 34.117.77.79:443 | ml314.com | udp |
| US | 8.8.8.8:53 | ml314.com | udp |
| NL | 96.16.53.138:443 | code.createjs.com | tcp |
| US | 8.8.8.8:53 | a1806.dscd.akamai.net | udp |
| US | 8.8.8.8:53 | a1806.dscd.akamai.net | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| US | 8.8.8.8:53 | gbc5.fr3.eu.criteo.com | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| FR | 185.235.86.161:443 | gbc5.fr3.eu.criteo.com | tcp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| NL | 185.235.87.71:443 | gem.gbc.criteo.com | tcp |
| GB | 172.217.16.225:443 | cdn.ampproject.org | tcp |
| GB | 172.217.16.225:443 | cdn.ampproject.org | tcp |
| GB | 172.217.16.225:443 | cdn.ampproject.org | tcp |
| GB | 172.217.16.225:443 | cdn.ampproject.org | tcp |
| GB | 172.217.16.225:443 | cdn.ampproject.org | tcp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gbc2.nl3.eu.criteo.com | udp |
| US | 8.8.8.8:53 | 66.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.77.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gbc5.fr3.eu.criteo.com | udp |
| US | 8.8.8.8:53 | gbc2.nl3.eu.criteo.com | udp |
| US | 8.8.8.8:53 | cdn-content.ampproject.org | udp |
| GB | 172.217.16.225:443 | cdn-content.ampproject.org | udp |
| US | 8.8.8.8:53 | cdn-content.ampproject.org | udp |
| US | 8.8.8.8:53 | 138.53.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.86.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| DE | 162.19.138.117:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | 117.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| GB | 142.250.180.2:443 | ade.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| GB | 142.250.180.2:443 | ade.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | ib.anycast.adnxs.com | udp |
| US | 8.8.8.8:53 | a.teads.tv | udp |
| US | 8.8.8.8:53 | eu-tlx.3lift.com | udp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | bidder.criteo.com | udp |
| US | 8.8.8.8:53 | bidder.nl3.vip.prod.criteo.com | udp |
| FR | 185.86.138.121:443 | itx5.smartadserver.com | tcp |
| US | 8.8.8.8:53 | ib.anycast.adnxs.com | udp |
| NL | 185.89.210.212:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com | udp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| US | 8.8.8.8:53 | blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | ssc.33across.com | udp |
| US | 8.8.8.8:53 | hbopenbid-ams.pubmnet.com | udp |
| US | 8.8.8.8:53 | e9957.b.akamaiedge.net | udp |
| US | 8.8.8.8:53 | am6-prebid.a-mx.net | udp |
| US | 8.8.8.8:53 | am6-prebid.a-mx.net | udp |
| US | 8.8.8.8:53 | e9957.b.akamaiedge.net | udp |
| US | 8.8.8.8:53 | 212.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.fuseplatform.net | udp |
| US | 8.8.8.8:53 | a1956.dscr.akamai.net | udp |
| US | 8.8.8.8:53 | a1956.dscr.akamai.net | udp |
| US | 172.67.69.234:443 | www.ezyzip.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| GB | 142.250.187.206:443 | play.google.com | udp |
| US | 8.8.8.8:53 | www.freeconvert.com | udp |
| US | 104.22.56.144:443 | www.freeconvert.com | tcp |
| US | 8.8.8.8:53 | www.freeconvert.com | udp |
| US | 8.8.8.8:53 | www.freeconvert.com | udp |
| US | 8.8.8.8:53 | 144.56.22.104.in-addr.arpa | udp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | eventexistence.com | udp |
| US | 8.8.8.8:53 | s3.us-east-2.amazonaws.com | udp |
| US | 34.149.46.224:443 | eventexistence.com | tcp |
| US | 34.149.46.224:443 | eventexistence.com | tcp |
| US | 8.8.8.8:53 | eventexistence.com | udp |
| US | 52.219.101.169:443 | s3.us-east-2.amazonaws.com | tcp |
| US | 8.8.8.8:53 | s3.us-east-2.amazonaws.com | udp |
| US | 8.8.8.8:53 | cdn.freeconvert.com | udp |
| US | 8.8.8.8:53 | eventexistence.com | udp |
| US | 8.8.8.8:53 | cdn.freeconvert.com | udp |
| US | 104.22.56.144:443 | cdn.freeconvert.com | tcp |
| US | 8.8.8.8:53 | s3.us-east-2.amazonaws.com | udp |
| US | 8.8.8.8:53 | cdn.freeconvert.com | udp |
| US | 34.149.46.224:443 | eventexistence.com | udp |
| US | 8.8.8.8:53 | static.adsafeprotected.com | udp |
| FR | 18.164.52.35:443 | static.adsafeprotected.com | tcp |
| US | 8.8.8.8:53 | d162h6x3rxav67.cloudfront.net | udp |
| US | 8.8.8.8:53 | pbjs-stream.bydata.com | udp |
| US | 8.8.8.8:53 | d162h6x3rxav67.cloudfront.net | udp |
| US | 3.18.166.74:443 | pbjs-stream.bydata.com | tcp |
| US | 3.18.166.74:443 | pbjs-stream.bydata.com | tcp |
| US | 3.18.166.74:443 | pbjs-stream.bydata.com | tcp |
| US | 3.18.166.74:443 | pbjs-stream.bydata.com | tcp |
| US | 3.18.166.74:443 | pbjs-stream.bydata.com | tcp |
| US | 8.8.8.8:53 | bydata-395154368.us-east-2.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | 224.46.149.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.101.219.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.52.164.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bydata-395154368.us-east-2.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | api.freeconvert.com | udp |
| US | 104.22.57.144:443 | api.freeconvert.com | tcp |
| US | 104.22.57.144:443 | api.freeconvert.com | tcp |
| US | 8.8.8.8:53 | api.freeconvert.com | udp |
| US | 8.8.8.8:53 | cloudflare.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| GB | 216.58.204.66:443 | securepubads.g.doubleclick.net | tcp |
| FR | 13.249.10.203:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | d1ykf07e75w7ss.cloudfront.net | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 134.122.30.244:443 | cat1.hbwrapper.com | tcp |
| US | 104.16.133.229:443 | cloudflare.com | tcp |
| US | 8.8.8.8:53 | jsdelivr.map.fastly.net | udp |
| US | 8.8.8.8:53 | cat1.hbwrapper.com | udp |
| US | 8.8.8.8:53 | cloudflare.com | udp |
| US | 8.8.8.8:53 | jsdelivr.map.fastly.net | udp |
| US | 8.8.8.8:53 | cat1.hbwrapper.com | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| US | 8.8.8.8:53 | cloudflare.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | 74.166.18.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.57.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.133.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.30.122.134.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | udp |
| US | 151.101.1.229:443 | jsdelivr.map.fastly.net | udp |
| GB | 216.58.204.66:443 | securepubads.g.doubleclick.net | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| BE | 64.233.167.157:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| BE | 64.233.167.157:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | sdk.birdeatsbug.com | udp |
| US | 34.120.248.16:443 | sdk.birdeatsbug.com | tcp |
| US | 34.120.248.16:443 | sdk.birdeatsbug.com | tcp |
| US | 8.8.8.8:53 | sdk.birdeatsbug.com | udp |
| US | 8.8.8.8:53 | sdk.birdeatsbug.com | udp |
| FR | 52.84.174.60:443 | config.aps.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.248.120.34.in-addr.arpa | udp |
| GB | 172.217.16.238:443 | www3.l.google.com | tcp |
| GB | 172.217.16.238:443 | www3.l.google.com | udp |
| US | 34.149.46.224:443 | eventexistence.com | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | ib.anycast.adnxs.com | udp |
| US | 8.8.8.8:53 | apex.go.sonobi.com | udp |
| US | 8.8.8.8:53 | ads.yieldmo.com | udp |
| US | 8.8.8.8:53 | hbopenbid-ams.pubmnet.com | udp |
| US | 8.8.8.8:53 | bidder.nl3.vip.prod.criteo.com | udp |
| US | 8.8.8.8:53 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | adx.adform.net | udp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| FR | 52.222.159.154:443 | aax.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | shb.richaudience.com | udp |
| US | 8.8.8.8:53 | s.seedtag.com | udp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| US | 8.8.8.8:53 | targeting.unrulymedia.com | udp |
| US | 8.8.8.8:53 | exchange.kueezrtb.com | udp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| FR | 18.244.28.86:443 | hb.yellowblue.io | tcp |
| US | 8.8.8.8:53 | iad-2-apex.go.sonobi.com | udp |
| US | 34.149.50.64:443 | s.seedtag.com | tcp |
| US | 8.8.8.8:53 | rw-yieldmo-com-tf-362867385.eu-west-1.elb.amazonaws.com | udp |
| US | 178.128.132.116:443 | exchange.kueezrtb.com | tcp |
| US | 178.128.132.116:443 | exchange.kueezrtb.com | tcp |
| US | 178.128.132.116:443 | exchange.kueezrtb.com | tcp |
| US | 178.128.132.116:443 | exchange.kueezrtb.com | tcp |
| US | 8.8.8.8:53 | eu-tlx.3lift.com | udp |
| US | 8.8.8.8:53 | iad-2-apex.go.sonobi.com | udp |
| US | 8.8.8.8:53 | rw-yieldmo-com-tf-362867385.eu-west-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | track-eu.adformnet.akadns.net | udp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| US | 8.8.8.8:53 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | track-eu.adformnet.akadns.net | udp |
| US | 8.8.8.8:53 | shb.richaudience.com | udp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| US | 8.8.8.8:53 | s.seedtag.com | udp |
| US | 8.8.8.8:53 | btlr-eu-central-1.sharethrough.com | udp |
| US | 8.8.8.8:53 | shb.richaudience.com | udp |
| US | 8.8.8.8:53 | s.seedtag.com | udp |
| US | 8.8.8.8:53 | btlr-eu-central-1.sharethrough.com | udp |
| US | 8.8.8.8:53 | tag.1rx.io | udp |
| US | 8.8.8.8:53 | istio-k8s-vidazoo-p-us-nyc1-external.vidazoo.services | udp |
| US | 8.8.8.8:53 | tag.1rx.io | udp |
| US | 8.8.8.8:53 | istio-k8s-vidazoo-p-us-nyc1-external.vidazoo.services | udp |
| US | 8.8.8.8:53 | 154.159.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.28.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.50.149.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.132.128.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| IE | 67.220.228.203:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| US | 34.149.50.64:443 | s.seedtag.com | udp |
| US | 8.8.8.8:53 | notification.freeconvert.com | udp |
| US | 8.8.8.8:53 | notification.freeconvert.com | udp |
| DE | 37.252.173.215:443 | ib.anycast.adnxs.com | tcp |
| US | 69.166.1.8:443 | iad-2-apex.go.sonobi.com | tcp |
| IE | 54.77.35.70:443 | rw-yieldmo-com-tf-362867385.eu-west-1.elb.amazonaws.com | tcp |
| NL | 185.64.189.112:443 | hbopenbid-ams.pubmnet.com | tcp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| DE | 37.252.173.215:443 | ib.anycast.adnxs.com | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | tcp |
| US | 104.18.36.155:443 | htlb.casalemedia.com | tcp |
| DK | 37.157.6.243:443 | adx.adform.net | tcp |
| DE | 157.90.0.38:443 | shb.richaudience.com | tcp |
| DE | 157.90.0.38:443 | shb.richaudience.com | tcp |
| DE | 157.90.0.38:443 | shb.richaudience.com | tcp |
| DE | 157.90.0.38:443 | shb.richaudience.com | tcp |
| DE | 18.195.237.104:443 | btlr.sharethrough.com | tcp |
| US | 172.67.25.240:443 | notification.freeconvert.com | tcp |
| DE | 18.195.237.104:443 | btlr.sharethrough.com | tcp |
| DE | 3.124.64.248:443 | eu-tlx.3lift.com | tcp |
| NL | 46.228.174.115:443 | tag.1rx.io | tcp |
| US | 104.18.36.155:443 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | widget.trustpilot.com | udp |
| NL | 46.228.174.115:443 | tag.1rx.io | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | udp |
| FR | 13.249.9.82:443 | widget.trustpilot.com | tcp |
| US | 8.8.8.8:53 | widget.trustpilot.com | udp |
| US | 8.8.8.8:53 | 203.228.220.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.252.227.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.35.77.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.0.90.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.6.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.25.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.1.166.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.237.195.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.9.249.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s109-hzde.freeconvert.com | udp |
| US | 104.22.56.144:443 | s109-hzde.freeconvert.com | tcp |
| US | 104.22.56.144:443 | s109-hzde.freeconvert.com | tcp |
| US | 104.22.56.144:443 | s109-hzde.freeconvert.com | tcp |
| US | 104.22.56.144:443 | s109-hzde.freeconvert.com | tcp |
| US | 8.8.8.8:53 | s109-hzde.freeconvert.com | udp |
| US | 8.8.8.8:53 | s109-hzde.freeconvert.com | udp |
| NL | 178.250.1.3:443 | static.nl3.vip.prod.criteo.net | tcp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| NL | 178.250.1.3:443 | static.nl3.vip.prod.criteo.net | tcp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | gbc5.fr3.eu.criteo.com | udp |
| US | 8.8.8.8:53 | gbc2.nl3.eu.criteo.com | udp |
| FR | 185.235.86.161:443 | gbc5.fr3.eu.criteo.com | tcp |
| NL | 185.235.87.71:443 | gbc2.nl3.eu.criteo.com | tcp |
| US | 8.8.8.8:53 | 8ef202b0c08af9e371a780c9b6f33e64.safeframe.googlesyndication.com | udp |
| GB | 142.250.187.193:443 | 8ef202b0c08af9e371a780c9b6f33e64.safeframe.googlesyndication.com | tcp |
| GB | 142.250.187.193:443 | 8ef202b0c08af9e371a780c9b6f33e64.safeframe.googlesyndication.com | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 172.217.16.225:443 | cdn-content.ampproject.org | tcp |
| GB | 172.217.16.225:443 | cdn-content.ampproject.org | tcp |
| GB | 172.217.16.225:443 | cdn-content.ampproject.org | tcp |
| GB | 172.217.16.225:443 | cdn-content.ampproject.org | tcp |
| GB | 172.217.16.225:443 | cdn-content.ampproject.org | tcp |
| GB | 172.217.16.225:443 | cdn-content.ampproject.org | tcp |
| GB | 172.217.16.225:443 | cdn-content.ampproject.org | udp |
| GB | 142.250.179.230:443 | s0.2mdn.net | tcp |
| GB | 142.250.179.230:443 | s0.2mdn.net | udp |
| GB | 172.217.169.66:443 | googleads4.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | googleads4.g.doubleclick.net | udp |
| GB | 172.217.169.66:443 | googleads4.g.doubleclick.net | tcp |
| GB | 172.217.169.66:443 | googleads4.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | c.bannerflow.net | udp |
| US | 104.17.46.71:443 | c.bannerflow.net | tcp |
| US | 8.8.8.8:53 | c.bannerflow.net | udp |
| US | 8.8.8.8:53 | c.bannerflow.net | udp |
| US | 8.8.8.8:53 | 71.46.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prebid.adnxs.com | udp |
| NL | 185.89.208.11:443 | prebid.adnxs.com | tcp |
| US | 8.8.8.8:53 | prebid.appnexusgslb.net | udp |
| US | 8.8.8.8:53 | prebid.appnexusgslb.net | udp |
| DE | 37.252.173.215:443 | ib.anycast.adnxs.com | tcp |
| US | 8.8.8.8:53 | 11.208.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| US | 8.8.8.8:53 | imagesync-lhrc.pubmnet.com | udp |
| GB | 185.64.190.79:443 | imagesync-lhrc.pubmnet.com | tcp |
| US | 8.8.8.8:53 | imagesync-lhrc.pubmnet.com | udp |
| US | 8.8.8.8:53 | u.openx.net | udp |
| US | 35.244.159.8:443 | u.openx.net | tcp |
| US | 8.8.8.8:53 | u.openx.net | udp |
| US | 35.244.159.8:443 | u.openx.net | udp |
| US | 8.8.8.8:53 | eb2.3lift.com | udp |
| US | 13.248.245.213:443 | eb2.3lift.com | tcp |
| US | 8.8.8.8:53 | eu-eb2.3lift.com | udp |
| US | 8.8.8.8:53 | eu-eb2.3lift.com | udp |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| GB | 142.250.180.2:443 | ade.googlesyndication.com | tcp |
| GB | 142.250.180.2:443 | ade.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 8.159.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.245.248.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d1jvc9b8z3vcjs.cloudfront.net | udp |
| US | 8.8.8.8:53 | ads.yieldmo.com | udp |
| US | 34.149.50.64:443 | s.seedtag.com | udp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| US | 8.8.8.8:53 | d1jvc9b8z3vcjs.cloudfront.net | udp |
| US | 178.128.132.116:443 | istio-k8s-vidazoo-p-us-nyc1-external.vidazoo.services | tcp |
| US | 8.8.8.8:53 | eu-tlx.3lift.com | udp |
| US | 8.8.8.8:53 | rw-yieldmo-com-tf-362867385.eu-west-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | eu-tlx.3lift.com | udp |
| US | 8.8.8.8:53 | rw-yieldmo-com-tf-362867385.eu-west-1.elb.amazonaws.com | udp |
| US | 178.128.132.116:443 | istio-k8s-vidazoo-p-us-nyc1-external.vidazoo.services | tcp |
| DE | 37.252.173.215:443 | ib.anycast.adnxs.com | tcp |
| US | 8.8.8.8:53 | ib.anycast.adnxs.com | udp |
| US | 69.166.1.8:443 | iad-2-apex.go.sonobi.com | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | udp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| NL | 46.228.174.115:443 | tag.1rx.io | tcp |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| GB | 142.250.187.193:443 | 8ef202b0c08af9e371a780c9b6f33e64.safeframe.googlesyndication.com | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.179.230:443 | s0.2mdn.net | udp |
| GB | 172.217.169.66:443 | googleads4.g.doubleclick.net | udp |
| GB | 216.58.212.206:443 | youtube-ui.l.google.com | udp |
| NL | 185.89.210.212:443 | ib.anycast.adnxs.com | tcp |
| US | 8.8.8.8:53 | ib.anycast.adnxs.com | udp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| US | 69.166.1.8:443 | iad-2-apex.go.sonobi.com | tcp |
| US | 8.8.8.8:53 | rtb.openx.net | udp |
| US | 178.128.132.116:443 | istio-k8s-vidazoo-p-us-nyc1-external.vidazoo.services | tcp |
| DE | 3.124.64.248:443 | eu-tlx.3lift.com | tcp |
| NL | 46.228.174.115:443 | tag.1rx.io | tcp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| US | 34.149.50.64:443 | s.seedtag.com | udp |
| US | 35.227.252.103:443 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| US | 8.8.8.8:53 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| GB | 216.58.204.66:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | api.anonfiles.com | udp |
| GB | 142.250.187.193:443 | 8ef202b0c08af9e371a780c9b6f33e64.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | pbjs-stream.bydata.com | udp |
| US | 8.8.8.8:53 | bydata-395154368.us-east-2.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | bydata-395154368.us-east-2.elb.amazonaws.com | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 232.138.159.162.in-addr.arpa | udp |
| US | 162.159.138.232:443 | discord.com | tcp |
| GB | 142.250.179.230:443 | s0.2mdn.net | udp |
| GB | 142.250.179.230:443 | s0.2mdn.net | udp |
| GB | 172.217.169.66:443 | googleads4.g.doubleclick.net | udp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | api.anonfiles.com | udp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | checkip.dyndns.org | udp |
| BR | 132.226.247.73:80 | checkip.dyndns.org | tcp |
| US | 8.8.8.8:53 | api.anonfiles.com | udp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 73.247.226.132.in-addr.arpa | udp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| BR | 132.226.247.73:80 | checkip.dyndns.org | tcp |
| US | 8.8.8.8:53 | api.anonfiles.com | udp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| NL | 185.89.210.212:443 | ib.anycast.adnxs.com | tcp |
| US | 8.8.8.8:53 | d1jvc9b8z3vcjs.cloudfront.net | udp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| US | 8.8.8.8:53 | ads.yieldmo.com | udp |
| US | 8.8.8.8:53 | d1jvc9b8z3vcjs.cloudfront.net | udp |
| US | 35.227.252.103:443 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | apex.go.sonobi.com | udp |
| US | 8.8.8.8:53 | rw-yieldmo-com-tf-362867385.eu-west-1.elb.amazonaws.com | udp |
| US | 69.166.1.8:443 | apex.go.sonobi.com | tcp |
| US | 8.8.8.8:53 | iad-2-apex.go.sonobi.com | udp |
| US | 8.8.8.8:53 | rw-yieldmo-com-tf-362867385.eu-west-1.elb.amazonaws.com | udp |
| US | 178.128.132.116:443 | istio-k8s-vidazoo-p-us-nyc1-external.vidazoo.services | tcp |
| NL | 46.228.174.115:443 | tag.1rx.io | tcp |
| US | 34.149.50.64:443 | s.seedtag.com | udp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| US | 8.8.8.8:53 | eu-tlx.3lift.com | udp |
| US | 8.8.8.8:53 | eu-tlx.3lift.com | udp |
| GB | 216.58.204.66:443 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.187.193:443 | 8ef202b0c08af9e371a780c9b6f33e64.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | bydata-395154368.us-east-2.elb.amazonaws.com | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | jsdelivr.map.fastly.net | udp |
| US | 8.8.8.8:53 | bydata-395154368.us-east-2.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | jsdelivr.map.fastly.net | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | t.seedtag.com | udp |
| US | 104.16.186.87:443 | t.seedtag.com | tcp |
| US | 8.8.8.8:53 | t.seedtag.com | udp |
| US | 8.8.8.8:53 | 87.186.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | t.seedtag.com | udp |
| US | 104.16.186.87:443 | t.seedtag.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.179.230:443 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | config.seedtag.com | udp |
| US | 104.16.187.87:443 | config.seedtag.com | tcp |
| US | 8.8.8.8:53 | config.seedtag.com | udp |
| GB | 142.250.179.230:443 | s0.2mdn.net | udp |
| GB | 172.217.169.66:443 | googleads4.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | config.seedtag.com | udp |
| US | 104.16.187.87:443 | config.seedtag.com | udp |
| US | 8.8.8.8:53 | csync-global.smartadserver.com | udp |
| US | 8.8.8.8:53 | ced-ns.sascdn.com | udp |
| US | 8.8.8.8:53 | ssb-euw1.smartadserver.com | udp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| US | 2.18.190.72:443 | csync-global.smartadserver.com | tcp |
| US | 8.8.8.8:53 | a247.dscb.akamai.net | udp |
| US | 8.8.8.8:53 | ssb-euw1.smartadserver.com | udp |
| US | 8.8.8.8:53 | a1845.dscb.akamai.net | udp |
| GB | 142.250.200.2:443 | www.googletagservices.com | tcp |
| US | 2.18.190.73:443 | a1845.dscb.akamai.net | tcp |
| US | 8.8.8.8:53 | ssb-euw1.smartadserver.com | udp |
| US | 8.8.8.8:53 | a1845.dscb.akamai.net | udp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| US | 8.8.8.8:53 | csync-eu.smartadserver.com | udp |
| GB | 142.250.200.2:443 | www.googletagservices.com | udp |
| NL | 81.17.55.162:443 | ssb-euw1.smartadserver.com | tcp |
| US | 2.18.190.73:443 | csync-eu.smartadserver.com | tcp |
| US | 8.8.8.8:53 | a615.dscb.akamai.net | udp |
| NL | 81.17.55.162:443 | ssb-euw1.smartadserver.com | tcp |
| US | 8.8.8.8:53 | a615.dscb.akamai.net | udp |
| US | 8.8.8.8:53 | 87.187.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.55.17.81.in-addr.arpa | udp |
| US | 2.18.190.73:443 | a615.dscb.akamai.net | tcp |
| US | 8.8.8.8:53 | rtb-csync.smartadserver.com | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | c1.adform.net | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| US | 8.8.8.8:53 | sync.adotmob.com | udp |
| US | 8.8.8.8:53 | image6.pubmatic.com | udp |
| US | 8.8.8.8:53 | eu-u.openx.net | udp |
| US | 8.8.8.8:53 | ad.turn.com | udp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| US | 8.8.8.8:53 | dsp.adfarm1.adition.com | udp |
| NL | 198.47.127.19:443 | image6.pubmatic.com | tcp |
| US | 8.8.8.8:53 | bh.contextweb.com | udp |
| US | 8.8.8.8:53 | dis.criteo.com | udp |
| US | 35.244.159.8:443 | eu-u.openx.net | tcp |
| US | 8.8.8.8:53 | sync-tm.everesttech.net | udp |
| US | 172.64.151.101:443 | ssum-sec.casalemedia.com | tcp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| US | 8.8.8.8:53 | b1sync.zemanta.com | udp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 8.8.8.8:53 | csync.loopme.me | udp |
| US | 8.8.8.8:53 | cs.admanmedia.com | udp |
| US | 8.8.8.8:53 | s.ad.smaato.net | udp |
| US | 8.8.8.8:53 | a.audrte.com | udp |
| US | 8.8.8.8:53 | match.sharethrough.com | udp |
| US | 8.8.8.8:53 | s.company-target.com | udp |
| US | 8.8.8.8:53 | secure.insightexpressai.com | udp |
| US | 8.8.8.8:53 | rtb-csync-euw1.smartadserver.com | udp |
| NL | 35.214.237.250:443 | csync.loopme.me | tcp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 80.77.87.163:443 | cs.admanmedia.com | tcp |
| US | 8.8.8.8:53 | sync.adotmob.com | udp |
| IE | 18.202.144.73:443 | a.audrte.com | tcp |
| FR | 18.164.52.116:443 | s.ad.smaato.net | tcp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | rtb-csync-euw1.smartadserver.com | udp |
| US | 184.30.249.74:443 | secure.insightexpressai.com | tcp |
| US | 35.244.159.8:443 | eu-u.openx.net | udp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| US | 8.8.8.8:53 | user-data-eu.bidswitch.net | udp |
| US | 8.8.8.8:53 | pugm-amsfpairbc.pubmnet.com | udp |
| NL | 81.17.55.172:443 | rtb-csync-euw1.smartadserver.com | tcp |
| US | 172.64.151.101:443 | ssum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| US | 8.8.8.8:53 | user-data-eu.bidswitch.net | udp |
| US | 8.8.8.8:53 | pugm-amsfpairbc.pubmnet.com | udp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | eu-u.openx.net | udp |
| US | 8.8.8.8:53 | track.adformnet.akadns.net | udp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| US | 80.77.87.163:443 | cs.admanmedia.com | tcp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | ib.anycast.adnxs.com | udp |
| US | 8.8.8.8:53 | ad.turn.com.akadns.net | udp |
| US | 8.8.8.8:53 | dsp.adfarm1.adition.com | udp |
| US | 8.8.8.8:53 | ad.turn.com.akadns.net | udp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| DK | 37.157.6.237:443 | c1.adform.net | tcp |
| NL | 35.214.149.91:443 | user-data-eu.bidswitch.net | tcp |
| IE | 52.19.230.207:443 | match.prod.bidr.io | tcp |
| NL | 81.17.55.172:443 | rtb-csync-euw1.smartadserver.com | tcp |
| FR | 45.137.176.88:443 | sync.adotmob.com | tcp |
| DE | 37.252.171.149:443 | secure.adnxs.com | tcp |
| NL | 81.17.55.172:443 | rtb-csync-euw1.smartadserver.com | tcp |
| DE | 85.114.159.93:443 | dsp.adfarm1.adition.com | tcp |
| DE | 91.228.74.166:443 | cms.quantserve.com | tcp |
| US | 8.8.8.8:53 | dsp.adfarm1.adition.com | udp |
| US | 8.8.8.8:53 | global.px.quantserve.com | udp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| US | 8.8.8.8:53 | widget.nl3.vip.prod.criteo.com | udp |
| NL | 178.250.1.9:443 | widget.nl3.vip.prod.criteo.com | tcp |
| GB | 216.58.201.98:443 | cm.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | widget.nl3.vip.prod.criteo.com | udp |
| US | 151.101.2.49:443 | sync-tm.everesttech.net | tcp |
| DE | 162.19.138.117:443 | id5-sync.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 8.8.8.8:53 | h2.shared.global.fastly.net | udp |
| US | 8.8.8.8:53 | am1-direct-bgp.contextweb.com | udp |
| GB | 216.58.201.98:443 | cm.g.doubleclick.net | tcp |
| US | 64.202.112.255:443 | b1sync.zemanta.com | tcp |
| FR | 185.255.84.152:443 | visitor.omnitagjs.com | tcp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| US | 8.8.8.8:53 | am1-direct-bgp.contextweb.com | udp |
| US | 8.8.8.8:53 | h2.shared.global.fastly.net | udp |
| US | 8.8.8.8:53 | visitor-fra02.omnitagjs.com | udp |
| NL | 81.17.55.172:443 | rtb-csync-euw1.smartadserver.com | tcp |
| DE | 52.29.52.215:443 | match.sharethrough.com | tcp |
| US | 34.96.71.22:443 | s.company-target.com | tcp |
| US | 8.8.8.8:53 | nydc1.outbrain.org | udp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| US | 52.46.155.104:443 | s.amazon-adsystem.com | tcp |
| NL | 81.17.55.172:443 | rtb-csync-euw1.smartadserver.com | tcp |
| DE | 52.29.52.215:443 | match.sharethrough.com | tcp |
| US | 8.8.8.8:53 | wt.rqtrk.eu | udp |
| US | 8.8.8.8:53 | visitor-fra02.omnitagjs.com | udp |
| NL | 81.17.55.172:443 | rtb-csync-euw1.smartadserver.com | tcp |
| GB | 216.58.201.98:443 | cm.g.doubleclick.net | udp |
| NL | 81.17.55.172:443 | rtb-csync-euw1.smartadserver.com | tcp |
| DE | 57.129.18.111:443 | wt.rqtrk.eu | tcp |
| US | 8.8.8.8:53 | nydc1.outbrain.org | udp |
| US | 8.8.8.8:53 | envoy-hl.envoy-csync1.core-b8mf.ov1o.com | udp |
| US | 8.8.8.8:53 | cs.admanmedia.com | udp |
| US | 8.8.8.8:53 | 19.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.151.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.164.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.237.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.202.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.52.164.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.249.30.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.55.17.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.40.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.176.137.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.230.19.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.171.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.159.114.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.6.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.74.228.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 255.112.202.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.71.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.52.29.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cs.admanmedia.com | udp |
| US | 8.8.8.8:53 | envoy-hl.envoy-csync1.core-b8mf.ov1o.com | udp |
| US | 34.96.71.22:443 | s.dsp-prod.demandbase.com | udp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| NL | 81.17.55.122:443 | ssbsync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | a.audrte.com | udp |
| US | 8.8.8.8:53 | s.ad.smaato.net | udp |
| US | 8.8.8.8:53 | match-eu-central-1-ecs.sharethrough.com | udp |
| US | 8.8.8.8:53 | a.audrte.com | udp |
| US | 8.8.8.8:53 | match-eu-central-1-ecs.sharethrough.com | udp |
| US | 8.8.8.8:53 | s.ad.smaato.net | udp |
| US | 8.8.8.8:53 | s.dsp-prod.demandbase.com | udp |
| US | 8.8.8.8:53 | e7876.dscg.akamaiedge.net | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | e7876.dscg.akamaiedge.net | udp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | wt.rqtrk.eu | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | ssbsync-euw1.smartadserver.com | udp |
| US | 8.8.8.8:53 | wt.rqtrk.eu | udp |
| US | 8.8.8.8:53 | ssbsync-euw1.smartadserver.com | udp |
| US | 8.8.8.8:53 | 104.155.46.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.18.129.57.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.55.17.81.in-addr.arpa | udp |
| PL | 209.25.141.181:40489 | tcp | |
| US | 80.77.87.163:443 | cs.admanmedia.com | tcp |
| US | 80.77.87.163:443 | cs.admanmedia.com | tcp |
| NL | 81.17.55.172:443 | rtb-csync-euw1.smartadserver.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 172.67.25.240:443 | s109-hzde.freeconvert.com | tcp |
| US | 172.67.25.240:443 | s109-hzde.freeconvert.com | tcp |
| US | 8.8.8.8:53 | 15.173.189.20.in-addr.arpa | udp |
| PL | 209.25.141.181:40489 | tcp | |
| US | 8.8.8.8:53 | 163.87.77.80.in-addr.arpa | udp |
| NL | 81.17.55.172:443 | rtb-csync-euw1.smartadserver.com | tcp |
| US | 8.8.8.8:53 | ads.yieldmo.com | udp |
| US | 178.128.132.116:443 | istio-k8s-vidazoo-p-us-nyc1-external.vidazoo.services | tcp |
| US | 8.8.8.8:53 | eu-tlx.3lift.com | udp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| US | 178.128.132.116:443 | istio-k8s-vidazoo-p-us-nyc1-external.vidazoo.services | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | udp |
| NL | 185.89.210.212:443 | ib.anycast.adnxs.com | tcp |
| US | 69.166.1.8:443 | apex.go.sonobi.com | tcp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| NL | 46.228.174.115:443 | tag.1rx.io | tcp |
| US | 8.8.8.8:53 | eu-tlx.3lift.com | udp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| US | 8.8.8.8:53 | rw-yieldmo-com-tf-362867385.eu-west-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| US | 8.8.8.8:53 | rw-yieldmo-com-tf-362867385.eu-west-1.elb.amazonaws.com | udp |
| PL | 209.25.141.181:40489 | tcp | |
| PL | 209.25.141.181:40489 | tcp |
Files
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ntkangc5.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 82dccdf7d0d5e1f16b8088a9a0044b97 |
| SHA1 | b702107e93e118cef0ee5710a55de3dcb5a11e0d |
| SHA256 | 5d1866b8bbc3b206ce23ab523e0111bd8dce9422e386f8ec9dc8559bbfdb963d |
| SHA512 | 6b5d100b9724c940c194580c253e503032214a9ccb97e134036354870be5e118a142e4431ad468849cbf95130cbccc9d35bc15bffafc3c55547aa6bc64a35906 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\prefs.js
| MD5 | 239a4024882a798bec28cb99b14ca94c |
| SHA1 | ba08a21f72aa9e9ff949986db8c1eecdc72c9de6 |
| SHA256 | bbf16bee7a12b84f709cda8dce7e40832bf65e4bad50e7f3b41fd249a2258a66 |
| SHA512 | 8b58e8c187a7bf8ae94d10fada25682945475fa0b477b01b86611d4af501248343fd29c23ea792e4728d054a8162ea41b7ba50dba60380d9b639f8d5fa28d211 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\prefs-1.js
| MD5 | b2da9e5dd2dea7082124414b105ccce7 |
| SHA1 | 1cdd97b84d039eb5c4335716223ee6b9594dc76f |
| SHA256 | 274ee43fcfb9f5c518a082358f7d68ef086ae2279a42999a31cf8b67b3579371 |
| SHA512 | 24685b37e0d8a27e6bdfebfb898ea87811af1a91b9e3f2f0ad833402399f23175859cd092c532fba5f68353f9f53aa9e8b501668f0760ff1541e1c11decca735 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 98da3fab072dc25aafad47388c40af4e |
| SHA1 | a4213828b046685141c559f2d4c556a33b284a75 |
| SHA256 | cdc49e7d086629bd50c3c34ee7602868701b500802cf9401c2a6aa3b37d40f50 |
| SHA512 | 54c921692ccc2f5f5877d4d24f4f10d8e336f3013608bc7d4bf9acd471217ed790e550097b15152aeee3edc6fa89e0d038a6a064bed793543d4c6ec99ff06ef3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\prefs-1.js
| MD5 | bc23e8d745c2012ab5849ab9512ddd34 |
| SHA1 | acf56ceabb362b3c593584197a406de3209912f9 |
| SHA256 | b33f1028dcc5f9fa90379ff0893367322690f78e17cb673b15aca8e11aeabbbd |
| SHA512 | 5209b6595f35aec94dca59ef2335d982a6258315558cf13f6ac6ef2aa9fff80bd361b1fc68631fca546f114931c6c63941387dcc4f121c4157b8133c91bbcfd3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | e37c4d20547d9644d20aa7c898a281c8 |
| SHA1 | 9437c969cee51eff96613cffaea58ab7babecccd |
| SHA256 | 560a9ce839ebbdd72b8f5a571a0546b68f1f4d1c691ea10041eea08fe6e46d48 |
| SHA512 | 4eb16ef1b865089e06326e7bff4e74557da0a086a5c31e32afd622a6b4e60e5f806bf70e8e4e3e1c4fb2a001775f551cd2806719f6e11945396392ee2e2f64b9 |
C:\Users\Admin\Downloads\BlitzedGrabberV12.0ZceY2Nd.rar.part
| MD5 | 39768e6ff0da55fb460c7a3c51cff6ca |
| SHA1 | 2786ad0da4f35033e612bc843093810ba59d8e0d |
| SHA256 | 0c35a07478260ded5674a683a88bb93bfbb35d0b253e4acdcef619568a30986c |
| SHA512 | 58cd9726587d4799a4c62f4c2687c48c18e7ed2e3419563651760ea9cb2544c0be4b94080463e31deca1fd825d147f4cb4a520f02ef2fe2d7ab934fe0487d14e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ntkangc5.default-release\cache2\doomed\16151
| MD5 | 8231dbafd73614abb61c38e0c8badf42 |
| SHA1 | 3603bb9f6c377634c30d4580c2c7cd4caf6d2b22 |
| SHA256 | 639f663032d7bae5815a03292e83e57dd1d760cb27564d4b713dcece005e5715 |
| SHA512 | 33c86b91ca867a26bfb88ff5663bab1f9ed22512247f9ccb9531d5f89d7e04ad621346a2e18dea7a12a2dadcdbdba25bdedc08da0dac4fe7556f7c60084ab181 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 3d56107e5ce3d71916bc472c32610d3d |
| SHA1 | e4e3c72f57f256504b70c16619a18eea44b59647 |
| SHA256 | 42da04b4bc0ec513d6b593f51a816f1765f3e735f6a72a70e9ec8ad46de21d8b |
| SHA512 | 7d8725828d6746a06c6f31a39d38d3765c2719f0eb1447b1d472ffeef253237f2ad7d94e62dba6ba3ac68505f67075142456cb277fbf728fec63bb9285028555 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | dfab50c9c7915eaad6d25a8df559f7c2 |
| SHA1 | 0fb85fe60c0afda6d5ced7da9bc910b03583d365 |
| SHA256 | c0249f6b708c07b1f609afa3f1a06289134beac2b471821fd42d73b6b60b7830 |
| SHA512 | b179d39652c365e6f7f744efd28018b9c70a0d7240251cc37b81299428ffd06c9154b786f3a2e6ecd51d62bdb9f6fbfbb4e84d48862e31c89f5db14d9ccc0105 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ntkangc5.default-release\cache2\doomed\16312
| MD5 | cdc1047154432672c69151f3e89c96ce |
| SHA1 | 8ddb2197850d113afcb9cf9e521b59996e67173e |
| SHA256 | 28589a58a642602b36d3429dde649c3ee2b7176fc37845a6b45ed3854c5da088 |
| SHA512 | 477ac681a7e2836625e55bcb90422743ae18ca70204a8caf3f7c0ad4c7b1a98c235b11c3ced589c51d92bfc6baba88a9221572b2ba9ff2dcae1a73de7b1e0601 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ntkangc5.default-release\cache2\entries\5B23235D54208C34AFF88FC6F18585FD8A8F8FAD
| MD5 | ba6af5d6b826cd7947cba1cecd9b1402 |
| SHA1 | c0bdba0b1f9dee811a8110f386e61bd0ca7bf3b9 |
| SHA256 | 395b68ef593134a67fd118f0ed844ac1b210a8717fc2d11c8cdba0625f2173c9 |
| SHA512 | 4e7a49b07121162e0ea59b987512d152b436603fad8d938a2fb79cc15160536677d869f4aa85a2de5891e33c44f4d02748e56ea12845ae5dc112e9851fad8f24 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | b9200e9bd7e1aeb3dd81a1143de13ec6 |
| SHA1 | f8d871f7cc8f76319b140b61fbb8498e42716f95 |
| SHA256 | 11e50dc03af07a9ff00cbe127d842eb3cbacdf1f821f41d8033a05de69c12b79 |
| SHA512 | ea77dee94e91d6db6237baeb7efdaf86bc6ccdaec137ea306388dfa872dcb107190e6dbaa3c3155a3fd0cff552050a0147bd16274dc205f53e14608fed9e8f0d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ntkangc5.default-release\cache2\entries\265758A57862C39DEDE111BA7971C6AEB77F3520
| MD5 | e23432e296d0467f15d0769c5db4d81a |
| SHA1 | 09190ae204e754095ae10140272ec723e4aa1ee7 |
| SHA256 | 46af370af4f224ba5267a2109c16e8a711f5a732418757fcc332ae9b9ae0d2bf |
| SHA512 | 674704f57ca1da61e5ce7129ee977d40a5748077ab2d245b51413822bf51ccce30888b3fef435c5ff5665fdd5671034754e84a791f19bde0a3fbe251f6f23fb3 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ntkangc5.default-release\cache2\entries\794EEFC6B5BC1519B8B38D878919D9D125F6EC1B
| MD5 | b7152f5ee5d09999f800916257eb312d |
| SHA1 | e7563238d62ed6ac72aef88f82033112ee1547b2 |
| SHA256 | 38fbbb10d2318b3baa47a37a1c6fc840ca6db2665897b57eab89632ddfa419b4 |
| SHA512 | 408f94294ff2047ca7fc46bc34fd590ec541e37d0a1924fe71a159616f8915901f1b0f3b468a74a0feed44dad315f3f97a353e076360ea57a1826bbb1f96cdb6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | a28aaa655b4f45a3bc513c9d8017ab87 |
| SHA1 | c1c85552f63beb05d9022276f06d6d9c621eef43 |
| SHA256 | cebdb17709a033985b01875d20189a8284e8d3137cb59083f71b3a9ad2bcf40d |
| SHA512 | 203d6bbb64c1faf146a5ec091ffd9929ff9d0f15b6758059dd2564b63be40bf2749b2c1f0c6de480e066f09cb8047a47a2bd6b7fc69981911e736c019899942c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ntkangc5.default-release\cache2\entries\07EA8F4BCF73BA88D7E634E96A3F68EB91540594
| MD5 | 635438a51206fb8c2f318c6805b0619e |
| SHA1 | 85cb44fddf2606a9ba806f14ba37b7b3f077c4ed |
| SHA256 | 55beb7ffab93e044cce57f234a390311dd9f49f854386bd73f4ff92e44892de5 |
| SHA512 | e40343c33e9b48c7344a71e25932b5f429bd026fd7ff1a7b7f826ec0843cd67c13a3c30978f1300e8246892d5900d1fa92658e336ca084a67044407b6f7aae10 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ntkangc5.default-release\cache2\doomed\21768
| MD5 | 482e2b298d066de38d4cdc90b8c5c1c3 |
| SHA1 | 39763c474480ecce88a7e4ed0fc741b351c2a042 |
| SHA256 | 607b1a32ec0b51cf800d5544871ebf8055b30fcf8a3792e246859b812ddf84a3 |
| SHA512 | 55f5b733736a7380ccddb6143c47010254f09be43955e2243c91bc6284037d02bac6db336f8f776ec031209117abaac0a9e7e4a873a586ba4ffd9733b6c217b7 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ntkangc5.default-release\cache2\entries\30EE66A8791A207CE53808EEB38145AB5719A12E
| MD5 | 5f4f0efdfd7d00f992e0a933e6773a4f |
| SHA1 | c2ae844bad1933d4e31254a9b1e9c64ac183a499 |
| SHA256 | fd89118c85821cef1f7ae4770aa0f3737eaa90400adb730d9ba2cfa6a79203ec |
| SHA512 | 9d479b6a8cbf7a00cf4b871f81042241c110aa2ba1ed0e62a03b49df2171f285ce0871b6de3966444d8a556c32d15c2c201f301d243f80dec1ab0a36d78427ae |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ntkangc5.default-release\cache2\entries\80DF840928EB88085FE9996068AF08F803C41B04
| MD5 | b69b825852e7ce94a024da9a170a35c2 |
| SHA1 | d79308766c35585751c3344b87255b674612686f |
| SHA256 | ddd652624433a961697b3ec5721b4114da806e8ee8fb67caa25cf82f9ece4a90 |
| SHA512 | 80f9905e37fd19880997928eef78efaed43b61ac5843f6d1c91ebf72cf0c096f8eb5cfa706c94d4df4e371d8d7ba4ddab80012b32217bf3d92d1f9ac18ca769c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ntkangc5.default-release\cache2\entries\401AD01DE9687711A02918239623DFFA05CEC4DB
| MD5 | 3181fbda8fc1b21619f2953e19af5109 |
| SHA1 | 1458ac4bb0d391691b8bf5c95bc8d29b72901ae2 |
| SHA256 | b4118e05d982eb306e63d09480594322e1ff56032215ed2534d21b055ab09a76 |
| SHA512 | b5b4e01486e621d2ca0c6dc6f99b734a313f06d5464abbc0cd74b6c26ae4715cf3bad36baf6435952cb9cc3b0b16da3f96ce06e0c7dbc0168e58a7dc4849c2f9 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ntkangc5.default-release\cache2\entries\8FE6BB5B069E32193FA90551D0CABC9D6A7D8B08
| MD5 | 6d86e1a228e1638f18fcd19eb6cc9c2e |
| SHA1 | ddbfebd0691730ae1a095c50215f9176cb3b9697 |
| SHA256 | d734418eac1bba275dc3ce436363b09ece90b730d23f4effb219bc21654de03b |
| SHA512 | 83f6fc97a5803d7868764650a3c15906f0cd43cbd6585c6d60e73ebfcca2c42cdb1bf03c79a86c7ea8e6c0af69c333e0517326109b1c40c6b3acc1f7e71f3f32 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ntkangc5.default-release\cache2\entries\D44F67E3A2132F692B2B88A719E8004194F74FCA
| MD5 | 78efe9a2171880270b9c7f53955687be |
| SHA1 | 2a2edcd19aea292f2f26e11727bc54df69053325 |
| SHA256 | d56f7cc2f1b0cd123aa4688907ee00be868e96bd0f3c149555e3c3f83b695a05 |
| SHA512 | c4ee78eea17e5b1d72bf0d9e248a2f3d091a299e320e5a20631848653c31d2bc53b29f759a96cfb1b4a02255ea9f26f42e80912fa0cbdac60f8e36af58ae6045 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ntkangc5.default-release\cache2\entries\108F7E01FE5D1FB9FDB51CDEA07227229AB6B223
| MD5 | b673e05d2887942c00ff2c5eabe1930f |
| SHA1 | 70906c475f9359fc5a9ba12d49d1e074fc941c5a |
| SHA256 | ef6f5cc4c196ccbfae6abc84e54156d8ae8daf5ba9040b65109349de1d752675 |
| SHA512 | b084b653b888b4a513c49ea1baea75a679a89fbcc562c51b50d9f238c26b9168f7245f23a92b99ae3e0ff189d800051fb197fba3f4a32cb265e3515d60230c3a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\sessionstore-backups\recovery.jsonlz4.tmp
| MD5 | a344eb8e28c8cbbfd24ea9d7f457e255 |
| SHA1 | c90dd0f20031ee80e8068c82eb4faf92f0312d41 |
| SHA256 | eb8b810d63c2f708730767d030f4eb1a84ff0fbfc69afdc8933ed6b7eb0d23e6 |
| SHA512 | 21b0bf68b33f19225dbd41c1343cd520253e75e158d98ad09510512ea00d1df7a7b6894326f8220302d8c25dc603ffb785e309b0ef8b672affba6ee64fa1a7e0 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ntkangc5.default-release\cache2\entries\C2F311523207802106B9BA757D21DEAC6ED22FBE
| MD5 | bada4d94da472e37299a95404275fe24 |
| SHA1 | ad92b181d3d55c561cc7b392114bd2b9657f0450 |
| SHA256 | dc5c31f77dc967c9c8397b39c7227f762cefd896fee8185db54b0fc274503a27 |
| SHA512 | 37f151589d574cb486aa410eb719fa4560a52adf8ff8dd1b620a8e33928f48c27c2513958f1912420a422232f537236c5ff4a1036f9d5b329bc017de8eab7c2a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ntkangc5.default-release\cache2\entries\A5C18F93E30CF7CA1FB50E3DEBD82E3B321830A4
| MD5 | 914083fab8ceafbb0a35e796a9673425 |
| SHA1 | 0fbd8334d4fc59ce7ab8e1e7cfe740a8402274bf |
| SHA256 | e7756a1f4f3fabd52a1547ad510135ab78d72a4c8de21946198f726ca1223dbe |
| SHA512 | 4835e91ab1049f4b451c1f2bef563e45f2e261f128cc9d408c32dde2b8d3eacd3a5cab41f9b9643d55fd269928eb9fc3fc4bc9f4ccefd0b842cd916f01a7a292 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ntkangc5.default-release\cache2\entries\A28E07FF61C86024A044F892358DC9D7975CC6B5
| MD5 | 93d4d79745dd5b0aa43adaca8dd2ecef |
| SHA1 | 7c62788679d511b130c2b6039fd6a538b851d0cd |
| SHA256 | 77206ced61a17db078f6a67df652683b8b96247b040a44939b2c61832fdf91b2 |
| SHA512 | 0fd1d591c9ae6ab87151d072c7f63b96815666159f6ddc10ebd326dc2ac143f60d327526cdf3aeda37c499eb7299a0175a9acd3b6694b0648023b6c7b8e07a9a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ntkangc5.default-release\cache2\entries\BB4DE047F15E3DB87E10A0F6ECD87863F33875EC
| MD5 | 6c0aff0a7eea5d080d48686b46772c38 |
| SHA1 | 2afb722d568f459cb500adf7e14162881cd198a7 |
| SHA256 | 6f4140784f6a06ee60af48a2844371088ccf40a56e3ed219ccd7d79a68154dc7 |
| SHA512 | 0e770cfd11987ce41c07d1e58868d86d6faaa03d63178b8485a371a9e3997b101d3dce2369c8a343062589f97b8f85943da236e6abad5051714b7d4c97302d08 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ntkangc5.default-release\cache2\doomed\4898
| MD5 | 12e89f1a0c396f6ed29aaa1adb0f6028 |
| SHA1 | ddf6b3fc30c6307bf74c97b9b510e981866d8090 |
| SHA256 | 87a8fe618bdf16c0b46eff9510c9f3a059bea1c72ff17f61981d99de0996fe15 |
| SHA512 | 1bffcb618177e02b9bcd9e64cf368bd7676cb6c881fb934a8b8d5d5bd95832ddf7ec5208eeeb3363eef78d83e1b5dc7123712b3a707a12a9d64420411216e764 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ntkangc5.default-release\cache2\doomed\24716
| MD5 | 65b4121ad95bca7d345d5886f19ae478 |
| SHA1 | 239448cd12275e46c028d7be212d479d793ddecb |
| SHA256 | 3841284c609dc75e45ae137d3b57a4cbd96b59de4028781d1723c6bb46178da6 |
| SHA512 | f0a8bfd38df40cc5705c48bde7cfe81d9b977435be41168f22341314801141d22846ae61ad4438026cc19027977bdc1032d562e48f3b6a16145ef67ee2550adf |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ntkangc5.default-release\cache2\doomed\18184
| MD5 | 1b362dac859d0e592f4c72902757859d |
| SHA1 | cd1a554e6d403014948f6b1a05f7076fed704cf5 |
| SHA256 | 0a6c374a6076db4bc8f21ed7a300e23c990a59f35893872c078165cde295a006 |
| SHA512 | b1aef38f31f5be25bf0c183210549da31da0a9e6f87d7bc26a0f81a271ae3fc73060349add88bb1bb9f8db5188956cf84b8b22ba035d173b8d7fb0db7d61d3a3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 30153f3372f7ee77da66642616b960b8 |
| SHA1 | 6ef4c3e44fd3920addaa29dd559d9ca1f39ead19 |
| SHA256 | 6f29e37fa9e3d10987f885dc8cb94fdbcb125c7fa05a37e7cebe2387e57ed8be |
| SHA512 | f28f4fdb7ba41e3a390effd96a88867763cd7a448ba21f9578a92be920020c89670d51c0aadcddbe975bcc95ccb1bdb8622847a9a02adb4b31ffd8863ce1fa75 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ntkangc5.default-release\cache2\entries\9A7879AA5C382114F7842E8E49BFC609EC9E39B2
| MD5 | 6bc2fac17efdb2ae3df9356379f35b51 |
| SHA1 | cdf144c3036964d90fb35bf2297e408b8bb6336e |
| SHA256 | 560e7783e08f14640b616f758afefdec183b3ed6141adcef3aa0e472135a0afe |
| SHA512 | 8b354bb31d7614a635841b87fe10f921a7332b00a00da9334910cdba0a4d780e13bac16b3300e682d38c1d65969828b9322e51a5aeb060a2cc88c21fa0097838 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ntkangc5.default-release\cache2\entries\69D5E8F619F1F874CF7AE21D2D13F10D9BB5E3FC
| MD5 | 78ff483a926c46623acc952da1d1f4dc |
| SHA1 | 45bc3093be461c02eacd42bda34a7b09e4caf20e |
| SHA256 | 5653bbd4482cf6999e7a769ecc47a8ca738c622fb4e9d63804a672b263560617 |
| SHA512 | ec0a6c65c3ce85388d3beb347e4f46e00d02aaf3d725cf676dfb520dad0da93f357b01c49a431d69aa4c3fb75ec6862ea9b50c499c6ae32f2e347528012d15f1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ntkangc5.default-release\cache2\doomed\11297
| MD5 | 37e69c61a3a9ffc7f8c3df14f146b92d |
| SHA1 | 1acc5bed32b3b77ad594d3ccec61392698c29ec2 |
| SHA256 | 56a6dd55d23f663bcfb0b3117be8322cb86615015b7bdea3f221ed9bee464016 |
| SHA512 | b2ec7eb96b6f7f0c68e0b3f09a65315bc6f2d146a94d65f278fa121012a55bccdd52496d8627cb024e6fe11cb661047afdde6f0104d370a647409fc0edaa1aba |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\storage\default\https+++www.freeconvert.com\idb\3726513721bkidrSdgEuaBts.sqlite
| MD5 | 251e5b13da9456a6811065afeb127bbd |
| SHA1 | 1a143625712578cb60e60b5fc638bdcb8a6e00ce |
| SHA256 | 181e8ad56a1b18b4815ab974083c8fbfe6fd8d6f097da2270718dd63c4fdf741 |
| SHA512 | 734b2b39a88842007fdff6e54a716249fc71a8cfb81835498d5be69b74a8633849e584028ded184b491974498d5e55bacf89714e054cbe0326f86709b7bae61d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | eb42929414240afdfa20b1dbaf2ebb2e |
| SHA1 | a4221a0cf2f26cd2c805834f33ce78d63e2040e7 |
| SHA256 | d9ab8bfe22d9c49631ea8d7b66dfcb8a82365b4ac91401c3c8a582056534d99d |
| SHA512 | 8b262d1ecfb14a1a97de2df1443c188a47d6c184bfee0dede7a91efac9f93b78962cde7f68dbad88c757c0d0c754feaed2f520ef0d8abcce046908f5dafa77e7 |
C:\Users\Admin\Downloads\BlitzedGrabberV12.jZQ_iU6M.zip.part
| MD5 | cd1807365e65a13cbf34e051cd35ea78 |
| SHA1 | 462ede569ff1b87b8badc9851637ecb646c5e583 |
| SHA256 | f0199b3e3043da1c302fc315794746dd608587ea3970960e3048056cd005de70 |
| SHA512 | a7ad86ffd1e36054e82dddec45fa86d92d72a27dae54c9f7a1e458e5cfe1e028ae0baec19b08c015b42d33f1c14d38a08bfd17eebb7a1f6950fd960e464e0c30 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ntkangc5.default-release\cache2\entries\5B3F509D93FC392F76956931BD1FC574B8BE4BBA
| MD5 | 31873c6d6119c07ada12687cf0345f08 |
| SHA1 | 5c75abd72408cbdae0ba6ac58db56e21854dcae1 |
| SHA256 | e3626d5a84ba6e9b1d3ffaa2dbf7e0b1ee019b5a258bd83937a8ab169ebf9950 |
| SHA512 | afaa94995e6b0aa9425a0f7cf408de8a47ff9f5342b2581bac0271de9fc386ad124c2222f67888f282f4f2aa6f2e26e9eb7e61f65378f6dc3b4d47be93f95dc7 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ntkangc5.default-release\cache2\entries\4DD30D036E0715199BEF4F1EB400D6784ABF4432
| MD5 | 9d0e1606bc25332fb0c987872d52d181 |
| SHA1 | 6edda386a7497fef32e4266084ee11ccbee4b337 |
| SHA256 | d45a291453add2a408fedc4ecdb27c0fdeec5a3450a8df04351459640c16d713 |
| SHA512 | 8b664fc4e6f43def09ecb3a4e43c75c6c5e6ebb3f2bbd9e78615ac0716cbb763319761fe6af48f391f40261404d71ca7f2f05c62e170244895432f2e47cc1ea0 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ntkangc5.default-release\cache2\entries\C6B2FD276938C4346F237C0E0B3F66A7FA1D013B
| MD5 | 1053e478d8517406f92a98d7cf98ee69 |
| SHA1 | ccd97e84438bdb9dda090ce00d71d8a4670d0250 |
| SHA256 | ef58151d0709128e7ba8f1e83ca2502fc19bee18fe001744efca040e9fe5dab5 |
| SHA512 | 5ff8c5dcd4b6181b3bf7c11171a30bcae98adfc16c2f4c9cd1f21401820adbd799b5fb52f99deabea503b94dc0365debcd0773cdcef2590c0eb2b6fc8744ddcf |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ntkangc5.default-release\cache2\entries\010F609379971B3BA63B2AC259E6879A2A8E2C74
| MD5 | d30ec4bd4a62765da503f0538d226359 |
| SHA1 | 0bc2fcafde9f19323f2ec544b5974b4f8ffb0691 |
| SHA256 | dde40bdb7645c0bfd92823a4eb6a9ba140fc3223a85a7e10159f1d5f2d7f3733 |
| SHA512 | 706c640f92244f40bb4f1bfe16245e1bb88f6e94e78468265831dfa80fec44e54566dabf9ae32629290d5f16580dfbae134b5264bcb12aed7a18401b3d09c140 |
memory/5000-2445-0x0000000000610000-0x0000000000626000-memory.dmp
memory/5000-2447-0x0000000002760000-0x000000000276A000-memory.dmp
memory/5000-2448-0x0000000002790000-0x00000000027AA000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\passwords.txt
| MD5 | 68b329da9893e34099c7d8ad5cb9c940 |
| SHA1 | adc83b19e793491b1c6ea0fd8b46cd9f32e592fc |
| SHA256 | 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b |
| SHA512 | be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ntkangc5.default-release\cache2\entries\CB18116D33B0AD10CD55816C47CDF5476CD89CF3
| MD5 | 534ada714ab2113048d16cc1c6275910 |
| SHA1 | 7d36cf785d6e76ff5780edd2c85d6e6783ada8f4 |
| SHA256 | c9ea70bfee551090f8d2acccb02a9f5332424658553b750ed5b9f0927a18ec7b |
| SHA512 | 3fb33dfc0ee1416c663cebff1f65c3496ca551d9fd4755e2f591ed4d3303159bfbe7e78f6e8e639e79d180372f054f89e9f5003668ee5878e77dc606e43238ed |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ntkangc5.default-release\cache2\entries\438353632BBEB1524690CA9E4374B0824C5692F3
| MD5 | b79419da3cdfd4157ece8e5bedc7b7d9 |
| SHA1 | fc0a38f9ebbf9cd4f8cd4ed3aed88c00d4c1e441 |
| SHA256 | d2e4122da823a5a204bbe33c358d2b80e080861ec1a40617a1be5a5ba30519c1 |
| SHA512 | ac6dab61501caa396340b3f33e4071c75c899a4d9e4c799b878de72a9cf404fec11d6c80f5105108ab4a46ce4d2b0fedc5254e2eb97a833f4d2b381758d984da |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ntkangc5.default-release\cache2\entries\65ADBF8B56900C0D5D21878EBA0CBB1D33DB0CCB
| MD5 | 6c5bf630069c57d1e34f133279d222c5 |
| SHA1 | 18b5b9487d950678f4fb8e43beb8ed0dd2644d49 |
| SHA256 | 8dc2805856a03e399193b20770258b7bc78cd21be7e5d1a4f7f1b50c074a08d9 |
| SHA512 | e7d7e3c4416ca425a513016980224dc43fa6d154915e51f7013c6d195538eea83d2643c3869f88ba31959debe00c940478457e8950cad1f9eb3d763cd6c53f65 |
memory/5000-2554-0x000000001B260000-0x000000001B272000-memory.dmp
memory/5000-2555-0x000000001C420000-0x000000001C45C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\yhyty5.exe.log
| MD5 | aa5e10ba513d67a6cb6027291d4a10fa |
| SHA1 | a1aad42b594ba7d9acf955285dfe178c57c4f3e2 |
| SHA256 | 5fb3dee804190de9ddde4915e6201cb8542c88d3b06fd0b521adb2536a23988f |
| SHA512 | 247433e3247a0240e2769554d050783cc9343c61a1eaa9d4770c94592097654aa28d86a67f0cd70e0207e380841594d3196c73f37fa4d840ebc5c1f1a0a2bc33 |
C:\Users\Admin\AppData\Local\Temp\Capture.jpg
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/3960-2624-0x0000000000670000-0x0000000000686000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmp76B3.tmp.dat
| MD5 | 8f5942354d3809f865f9767eddf51314 |
| SHA1 | 20be11c0d42fc0cef53931ea9152b55082d1a11e |
| SHA256 | 776ecf8411b1b0167bea724409ac9d3f8479973df223ecc6e60e3302b3b2b8ea |
| SHA512 | fde8dfae8a862cf106b0cb55e02d73e4e4c0527c744c20886681245c8160287f722612a6de9d0046ed1156b1771229c8950b9ac036b39c988d75aa20b7bac218 |
C:\Users\Admin\AppData\Local\Temp\tmp782B.tmp.dat
| MD5 | fe7f1430f6bbc149ff1e211f28c9674a |
| SHA1 | fb9fbfec9e80acd8088200b402c9d60bd27140b2 |
| SHA256 | 41b860622a64fc22804e22a9519100d437397b1c1da5255906ee2234cdbe7ce8 |
| SHA512 | d52b68ba3df1bb5611b9ab39a03f988089ffb810d08da4abbdf795681ccd2c15c1590c797c623f3a93bc4c92e6181c3982fa464e62d4614d00bb8261f22a12c1 |
C:\Users\Admin\AppData\Local\Temp\tmp782C.tmp.dat
| MD5 | 73bd1e15afb04648c24593e8ba13e983 |
| SHA1 | 4dd85ca46fcdf9d93f6b324f8bb0b5bb512a1b91 |
| SHA256 | aab0b201f392fef9fdff09e56a9d0ac33d0f68be95da270e6dab89bb1f971d8b |
| SHA512 | 6eb58fb41691894045569085bd64a83acd62277575ab002cf73d729bda4b6d43c36643a5fa336342e87a493326337ed43b8e5eaeae32f53210714699cb8dfac7 |
C:\Users\Admin\AppData\Local\Temp\Capture.jpg
| MD5 | 86f56567a3130465fa94a36875f28872 |
| SHA1 | a629c9b1c9b46f9f838b18e5ba7f40fe5463dcdb |
| SHA256 | 330fd9c737fff275995b81d7e36acffc6b6f6cfa5898fd763d4a66ae76bf4cff |
| SHA512 | f66d043027faf3120ba7b48c8878630d79a713a57383ca210e618b4dd13c68b48ddad7250a226244afd37ca8d886befca673d8fbd7bbf75f6aa98f710471f88d |
C:\Users\Admin\AppData\Local\Temp\NordAccounts.txt
| MD5 | d5f3a22de66e2e5ae394d7fb2ff28f9d |
| SHA1 | a17d58d1c2ed96f1605ad2525bc373c3fefce5a0 |
| SHA256 | bfdaf06c736251290c0ca8bf4c28808cbcb9959e381ed2bf24bccf473382bb20 |
| SHA512 | 09d3b0fe75b28f782a19e8c83ce28bbe7892da32607035569447bea131990750a7ee8973d8e4a5296fb3b2f8db93bb8eae9ccffbb414a7925b9fc22603e56c63 |
memory/3164-2693-0x00000000006B0000-0x000000000072A000-memory.dmp
memory/5460-2713-0x00000000007B0000-0x00000000009F4000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ntkangc5.default-release\cache2\doomed\29751
| MD5 | 9ef3ae4b22c05a987da120f6d429b9ec |
| SHA1 | d956bff22e7da5aaae4a26d68669166856547d24 |
| SHA256 | 080fe6b7e1b3e9986eb7ebff230bd8925e965fb63ec4f077763290a6f4d79ba1 |
| SHA512 | bc4ddb20832e263c243547e4cc9af6d5238c5fbfa51c07a68bb4030aa076493a2427621420bf6c7c9571fbf3ab22ee60cfb3698d8b55d3a35045c5d79038f8de |
C:\Users\Admin\AppData\Local\Temp\mxfix.EXE
| MD5 | b4ec612c441786aa614ce5f32edae475 |
| SHA1 | 3a264f8daeec9b156ddb5ed576d490dd8fbd8e7d |
| SHA256 | e18ba6573b9aa2d139ed5c30f18ac2ece3ce8287d1651db4bc632dbc816f53bd |
| SHA512 | c6800371cdc2b571061e6e755a2c95f49dcb233c3999976f180cb7cf95fa2c62d03b52a3c497a2cd7ae46ec72eaf823db25bd291ca676724194c05966f2bce16 |
C:\Users\Admin\AppData\Local\Temp\UnityCrashHandlerV2.exe
| MD5 | 3926c7b8fdfb0ab3b92303760b14d402 |
| SHA1 | b33e12ef4bdcd418139db59d048609c45fe8f9eb |
| SHA256 | c101904ec19b45612213c2b398892a4523f63862bb3e24c245509db2417585e7 |
| SHA512 | 4a022be27f58b1735f3a0ac9abdedbd769adb4e3ca1dacdcdc98700b17e138b647f9059585c8ef37fdd7072ad6283e95f10def171584097eb8c70e7d1212ce0e |
C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12.exe
| MD5 | 228a69dc15032fd0fb7100ff8561185e |
| SHA1 | f8dbc89fed8078da7f306cb78b92ce04a0bdeb00 |
| SHA256 | 920bec9d500f6446b84399ab4c84858d0f0d7d1abb2e0377399ebbc4bafad709 |
| SHA512 | 373621c4743fa72571b3c8375aa6f7852303a821558b016b002d2af07154787d978f66696db89eeed8fe41f4aed5d66b690d4f87469939f9b1dea2ac2b9101f1 |
memory/4336-2870-0x0000000000480000-0x000000000062C000-memory.dmp
memory/4336-2873-0x0000000004EC0000-0x0000000004F52000-memory.dmp
memory/4336-2872-0x0000000005570000-0x0000000005B14000-memory.dmp
memory/4512-2875-0x000000001B200000-0x000000001B25C000-memory.dmp
memory/4336-2874-0x0000000004F60000-0x0000000004F6A000-memory.dmp
memory/4512-2915-0x000000001B8F0000-0x000000001BDBE000-memory.dmp
memory/4336-2925-0x00000000717F0000-0x0000000071827000-memory.dmp
memory/4336-2938-0x0000000005220000-0x000000000540E000-memory.dmp
memory/4336-2988-0x0000000005220000-0x000000000540E000-memory.dmp
memory/4336-2986-0x0000000005220000-0x000000000540E000-memory.dmp
memory/4352-3173-0x00000170EB860000-0x00000170EB882000-memory.dmp
memory/4336-2984-0x0000000005220000-0x000000000540E000-memory.dmp
memory/4336-2982-0x0000000005220000-0x000000000540E000-memory.dmp
memory/4336-2981-0x0000000005220000-0x000000000540E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_lg5bl4en.va5.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/4336-2978-0x0000000005220000-0x000000000540E000-memory.dmp
memory/4336-2976-0x0000000005220000-0x000000000540E000-memory.dmp
memory/4336-2974-0x0000000005220000-0x000000000540E000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 7aae512aab7d119fea694d336725832b |
| SHA1 | 40500542eec89c07fab4922e4d80e332622c3894 |
| SHA256 | 728b640594abce8f9dcb41596642469854ee58ff0b815f0428d1a9bd78e3b7d1 |
| SHA512 | 8130551425e0044dc02be27c7a0ccf8f4524a905109dd5354db39a346d84361d01bade3b42e72e46de35a54c4b491dcb9c32d3eca17c1b4986a4483ef8d0b948 |
\??\c:\Users\Admin\AppData\Local\Temp\uoaaijku.0.cs
| MD5 | 8bdcfcfb7204565e8c5e3243480e61f9 |
| SHA1 | 3c7c4527e789519252dd6c7bfddec39e4cb7c801 |
| SHA256 | 33aa41ea71bf10d8ed66001edb423964f6b149e891568b512f19a1aca24d8165 |
| SHA512 | 2934c1415250fe5aec722388ac21c4ff0e5eefefece50364a936e1b63a5545efc5634370bfd28107b27868d18d5c233b216c76cbf9c85035cb7bc3306a3cab1d |
\??\c:\Users\Admin\AppData\Local\Temp\uoaaijku.cmdline
| MD5 | 3233fb0d8e2bf58caf5ec39a8e2f841e |
| SHA1 | 1ecf32da793cc522de5f2becda9c1beaaf3c8be9 |
| SHA256 | aab58b01b20b657815a46ddae0c1e3bce26c476dc3cfde860308e68ee9275ee3 |
| SHA512 | 32c445c088703ba7068e9b95543a4a2da1bc3dfa5a44c5263dcef940bf9345c02ab3ed88326eafec19c1d35edd43bda1643a2b30f4c33507aa36034ffe829cdf |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 5464e6c0da02fa3d8ed1d1939dda6cdc |
| SHA1 | 4fc8c4bdeda2c3f9cf048b5f51e704d875e7b749 |
| SHA256 | b429536ba6b65fc2df18a1af492035dd9fec11cb7bc039c90298c64a2aeac0af |
| SHA512 | 536aecbd6c690b5a836394bfc8b8c8fd3c65b80b93023869ec352e896b68035e9ec6953ef594c6a5684333aa0e6393acc699b99507527c2bdda7f6427ab804aa |
memory/4336-2972-0x0000000005220000-0x000000000540E000-memory.dmp
\??\c:\Users\Admin\AppData\Local\Temp\CSCE490.tmp
| MD5 | 2167fecc915099a191e097ad7ec3a109 |
| SHA1 | 60f9abc3a1da3f495d119b167b28455a425bf973 |
| SHA256 | 62ef5b453b262644964fe8168297d56e561ce5c56db3fe09c1194da87b458047 |
| SHA512 | adca9681313e0bb122c1b1d3790556c2d4d3a4c1e6456660885955e0e191a52423ac1d4bf101bcf81c985d81c703f964dab9af216a3a8fa2ffa27fb0b1dd154a |
memory/4512-4835-0x000000001C500000-0x000000001C516000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\uoaaijku.dll
| MD5 | 7e392eee331f7df70adb7745b7842a82 |
| SHA1 | 812959a7e020cbb78a270b7240f5d0e3b45ad3d1 |
| SHA256 | 289c03af84d8b2f81800bb6c5c54d38dfb252fb26d55c322d629cdfd2dee9470 |
| SHA512 | c595591c0f0339fa635c3453fe643f8131b01459eb1f216d4e28d074fc14415ad3f8968282d11434cb10030057c57226e0aff58f804a6199507b4bd0f05fbb4d |
C:\Users\Admin\AppData\Local\Temp\RESE491.tmp
| MD5 | b7d38e716420faf48e95a651c2309634 |
| SHA1 | 0008ee2e1611af1482f4ab9d28b572cdd14a00d5 |
| SHA256 | d66ef31cade9899829852a1d49590a3467c0bf3cb5a886295e9e4e4c9d7d84ab |
| SHA512 | 7a52b5f044de05962a065523abd2a5728e730cca01fe98db880d4eb06884cec735c4e00408a44613fdc3a1647e816df6fe7ccbb3a07718625eb370222a376771 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\mxfixer.ps1
| MD5 | 5d792fc7c4e2fd3eb595fce4883dcb2d |
| SHA1 | ee2a88f769ad746f119e144bd06832cb55ef1e0f |
| SHA256 | 41eccaa8649345b33e57f5d494429276e9f2eb23ca981f018da33a34aabfd8eb |
| SHA512 | 4b85fe8205c705914867227c97aa1333421970d8e6f11b2ac6be8e95fef1a0f31f985547eafe52e382f13c2a16afa05462bd614b75bee250464c50734d59a92e |
memory/4512-5169-0x000000001C540000-0x000000001C560000-memory.dmp
memory/4512-5168-0x000000001B0D0000-0x000000001B0D8000-memory.dmp
memory/4512-5167-0x000000001B160000-0x000000001B172000-memory.dmp
C:\Windows\SysWOW64\WindowsInput.exe
| MD5 | e6fcf516d8ed8d0d4427f86e08d0d435 |
| SHA1 | c7691731583ab7890086635cb7f3e4c22ca5e409 |
| SHA256 | 8dbe814359391ed6b0b5b182039008cf1d00964da9fbc4747f46242a95c24337 |
| SHA512 | c496cf8e2e222fe1e19051b291e6860f31aae39f54369c1c5e8c9758c4b56e8af904e3e536e743a0a6fdbbf8478afba4baee92e13fc1b3073376ac6bf4a7948e |
memory/4336-2970-0x0000000005220000-0x000000000540E000-memory.dmp
memory/7176-5618-0x0000000000340000-0x000000000034C000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ntkangc5.default-release\cache2\entries\DF56DBE5EEB1E7EF7D34B1E8B6CAB0377A1A6BB5
| MD5 | 08518b492e05114ee78f399e3105208a |
| SHA1 | d06f37ffc97e16641b742147fbe95a1997c0a5a0 |
| SHA256 | b1a7dad214190f09b450805e1ebff43760e3518a867dafb5f79b9e787051edc2 |
| SHA512 | 0ca8ff358e4aab63f104d939557dfcd7e302a06cf832cfa178198ff448b0776c9306d6b949d85312984f40c284a745ff6087c9d9fbc17893f335f7b4d5f98212 |
C:\Windows\SysWOW64\WindowsInput.exe.config
| MD5 | a2b76cea3a59fa9af5ea21ff68139c98 |
| SHA1 | 35d76475e6a54c168f536e30206578babff58274 |
| SHA256 | f99ef5bf79a7c43701877f0bb0b890591885bb0a3d605762647cc8ffbf10c839 |
| SHA512 | b52608b45153c489419228864ecbcb92be24c644d470818dfe15f8c7e661a7bcd034ea13ef401f2b84ad5c29a41c9b4c7d161cc33ae3ef71659bc2bca1a8c4ad |
memory/7240-6188-0x000000001ADF0000-0x000000001AEFA000-memory.dmp
memory/4336-2968-0x0000000005220000-0x000000000540E000-memory.dmp
memory/4336-2967-0x0000000005220000-0x000000000540E000-memory.dmp
memory/4336-2964-0x0000000005220000-0x000000000540E000-memory.dmp
memory/4336-2962-0x0000000005220000-0x000000000540E000-memory.dmp
memory/4336-2960-0x0000000005220000-0x000000000540E000-memory.dmp
memory/4336-2958-0x0000000005220000-0x000000000540E000-memory.dmp
memory/1408-6936-0x00000000002D0000-0x00000000003CC000-memory.dmp
memory/4336-2957-0x0000000005220000-0x000000000540E000-memory.dmp
memory/4336-2954-0x0000000005220000-0x000000000540E000-memory.dmp
memory/4336-2952-0x0000000005220000-0x000000000540E000-memory.dmp
memory/1408-7327-0x0000000002560000-0x00000000025AE000-memory.dmp
memory/1408-7325-0x00000000023E0000-0x00000000023F2000-memory.dmp
memory/1408-7526-0x000000001B0E0000-0x000000001B0F8000-memory.dmp
memory/4336-2950-0x0000000005220000-0x000000000540E000-memory.dmp
memory/4336-2948-0x0000000005220000-0x000000000540E000-memory.dmp
memory/1408-7691-0x000000001B100000-0x000000001B110000-memory.dmp
memory/1408-7734-0x000000001B8C0000-0x000000001BA82000-memory.dmp
memory/4336-2946-0x0000000005220000-0x000000000540E000-memory.dmp
memory/4336-2945-0x0000000005220000-0x000000000540E000-memory.dmp
memory/4336-2942-0x0000000005220000-0x000000000540E000-memory.dmp
memory/4336-2940-0x0000000005220000-0x000000000540E000-memory.dmp
memory/4336-2936-0x0000000005220000-0x000000000540E000-memory.dmp
C:\Users\Admin\AppData\Roaming\svchost.exe
| MD5 | 913967b216326e36a08010fb70f9dba3 |
| SHA1 | 7b6f8c2eb5b443e03c212b85c2f0edb9c76ad2bf |
| SHA256 | 8d880758549220154d2ff4ee578f2b49527c5fb76a07d55237b61e30bcc09e3a |
| SHA512 | c6fcb98d9fd509e9834fc3fba143bd36d41869cc104fbce5354951f0a6756156e34a30796baaa130dd45de3ed96e039ec14716716f6da4569915c7ef2d2b6c33 |
memory/4336-2934-0x0000000005220000-0x000000000540E000-memory.dmp
memory/7492-8285-0x0000000000780000-0x0000000000788000-memory.dmp
memory/4336-2932-0x0000000005220000-0x000000000540E000-memory.dmp
memory/4336-2930-0x0000000005220000-0x000000000540E000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\svchost.exe.log
| MD5 | 4eaca4566b22b01cd3bc115b9b0b2196 |
| SHA1 | e743e0792c19f71740416e7b3c061d9f1336bf94 |
| SHA256 | 34ba0ab8d1850e7825763f413142a333ccbc05fa2b5499a28a7d27b8a1c5b4bb |
| SHA512 | bc2b1bf45203e3bb3009a7d37617b8f0f7ffa613680b32de2b963e39d2cf1650614d7035a0cf78f35a4f5cb17a2a439e2e07deaefd2a4275a62efd0a5c0184a1 |
memory/4336-2927-0x0000000005220000-0x000000000540E000-memory.dmp
memory/4336-2928-0x0000000005220000-0x000000000540E000-memory.dmp
memory/4336-2926-0x0000000073B00000-0x0000000073B89000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\dcfb00f9-5ae7-4197-ba59-e48107e40d35\GunaDotNetRT.dll
| MD5 | 9af5eb006bb0bab7f226272d82c896c7 |
| SHA1 | c2a5bb42a5f08f4dc821be374b700652262308f0 |
| SHA256 | 77dc05a6bda90757f66552ee3f469b09f1e00732b4edca0f542872fb591ed9db |
| SHA512 | 7badd41be4c1039302fda9bba19d374ec9446ce24b7db33b66bee4ef38180d1abcd666d2aea468e7e452aa1e1565eedfefed582bf1c2fe477a4171d99d48772a |
memory/4512-2919-0x000000001BE60000-0x000000001BEFC000-memory.dmp
memory/4336-2916-0x0000000005220000-0x0000000005412000-memory.dmp
memory/4512-2914-0x000000001B3E0000-0x000000001B3EE000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ntkangc5.default-release\cache2\entries\082964D8F5B868C711BDF35142EEB3A2F635F408
| MD5 | 98d31f61bce758fbcebaf8ede99551ec |
| SHA1 | 1957a15de6895f87a8ddaa633dcf60aef4b93a1f |
| SHA256 | 24f980619ec74634e2ce8b0fa71a56afde655d337d40d087833612b6c64c3c64 |
| SHA512 | 6527f452ac61407078ea337f072c74f3be3f9e2c34a58b7d50c920059a3ebc74d8c6bac58ed215706c2bcbb15445612e6483cfd15296a079c8b291648745a8f8 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\BlitzedGrabberV12.exe.log
| MD5 | 2ff39f6c7249774be85fd60a8f9a245e |
| SHA1 | 684ff36b31aedc1e587c8496c02722c6698c1c4e |
| SHA256 | e1b91642d85d98124a6a31f710e137ab7fd90dec30e74a05ab7fcf3b7887dced |
| SHA512 | 1d7e8b92ef4afd463d62cfa7e8b9d1799db5bf2a263d3cd7840df2e0a1323d24eb595b5f8eb615c6cb15f9e3a7b4fc99f8dd6a3d34479222e966ec708998aed1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 82ae2f221766960bed4fdc22d424f226 |
| SHA1 | d7ae9a5e33c811f62ce6ea5a766c2ca629f9dc2a |
| SHA256 | 6d405c2509d4ebb529d9e169d0e88703b1fc75d1be37493acf01a420328cbf10 |
| SHA512 | 12abc6eff7f29b5b0ea079045011534a74f1f97d775b077c8542ef438571a43321cacaf954b51a6802bd88618ace3f3f5d47f8ac072f53317c408d75669da136 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\UnityCrashHandlerV2.exe.log
| MD5 | 36462beaa9367f9d8fa312dc91007da9 |
| SHA1 | f1d192892e71d12f7d7abfba4a4539e009c50d3d |
| SHA256 | 4d28aaf66460bdf3d14da4ec568c8d1fb1fb8ab3df381d40493b10067fa7d008 |
| SHA512 | 92271cfe98692108107695387f8f28007676fbc23930b16f8149e73fbf903c1227df75588f7c226d23a7398822e909b4f17218d191764d2d951acf1927f59bbf |
C:\Users\Admin\AppData\Local\Temp\UnityCrashHandlerV2.exe
| MD5 | 62541b98e5313163f042c40455b49775 |
| SHA1 | b881a026fbd37defd7e4caa35b92fee887cf1479 |
| SHA256 | c5aaaa724f21e9c63a149a214a268dc53bc794b614f6f69e9a25af8e0f8f251a |
| SHA512 | ae397edecadf5c754ab1dc7c82d0eb94394310b421d8bc6592df944b8f868320aa88426f9832b9b75b4e3d6b43a6e7a0c0d20b1865979bcf3e7985bcbdff6785 |
C:\Users\Admin\AppData\Local\Temp\UnityCrashHandlerV2.exe
| MD5 | edc0767bb4b86263e9442b2803e3f45d |
| SHA1 | c0325c8edc49eb9e7ba5ff7493f96280c6e5764e |
| SHA256 | 1804205b47a06365b252c2138030e0261749f5a91d84bd588dcad92f09e8d301 |
| SHA512 | c9d2aa344e0fe6c7191d315b77a67caab5e0170d8764bcfcbf90a92890c7cfc5c3238e32c8eb625b3a5ec12ec8954dd1b1498d1b6a33e8f348cf4b26d16a1330 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\prefs.js
| MD5 | 316001216483af9964b3f220653dce91 |
| SHA1 | 20a8699f81ccbd0f72984068e73120152c94756d |
| SHA256 | 2178c9a0ebe4e4c86a8268f5256d2d4061a894e82c78bf64ff316d65da84475a |
| SHA512 | 7203c2c27d598eb08b5a7cf154bbcd1fd26dc4c364727fdf06adb45ca2e3729239ca3b9f73b8a1906cc57e834216dcb8116109a700bdb150cf4efc920330828b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\prefs-1.js
| MD5 | 852971d8e07af613038b70bd3e3f887b |
| SHA1 | 33bc557667d67cdfa15cc373f106cacd9fab3e43 |
| SHA256 | f60decd56afa13165929c7db427f76f2bc996010e4145c0f7b2197ef2b2a604e |
| SHA512 | 523846a1c2d0aa507573b18e270477b88a3ae873bf93094b9adaaaf53e8a117181eaae0b6dff9196142f0a258dab6bb638d961d7f11b88b7d344e7f40eaf0777 |
memory/7960-12701-0x00000000717F0000-0x0000000071827000-memory.dmp
\??\c:\Users\Admin\AppData\Local\Temp\qw2blpje.cmdline
| MD5 | aea5cefb30539bb1b9f4bfae8644d737 |
| SHA1 | d8be5344e5df150ec3c6f4214e53e652649c5551 |
| SHA256 | 564951f8e8e34be8fcc9893a1f20b5aaa511bb4d0a7e4a8cc52d90ef73ac7b67 |
| SHA512 | 05c6c05f60c4462f6cd85f21326d6b4164c466be0e2c5cf379ee1313a73610f60f721aee65028ed6ea796199e8e3cab87595261659fc1b3aabbde65c2fa44d87 |
memory/4336-17091-0x00000000060C0000-0x000000000615C000-memory.dmp
\??\c:\Users\Admin\AppData\Local\Temp\qw2blpje.0.cs
| MD5 | 61dabcd64e43aff2fe207181b4aed10f |
| SHA1 | cf65752248971d8abdf4a504df55be54c69b94aa |
| SHA256 | dbeb4e45947087ae548167cf5fd0012d085ec2841db44cfa96f486c06bbe8f0c |
| SHA512 | 09b2cab3f060f9b763135996b5631b456369036644dce6ac0fb1d8af86412f06c513c33ef099e4f2b3bb879cb51cc339f6c68f3d9530ac8de72d6a0a66756cbe |
\??\c:\Users\Admin\AppData\Local\Temp\CSC9E99.tmp
| MD5 | 62fa9894f6c1c18e7dfcf70988d63940 |
| SHA1 | aa43645e44b4f19b30e856d35d579a3144fd8a88 |
| SHA256 | db3ac47d2e615561142bd5eca815f08a9fe6cfdc02fe2d0f183e5ff994380fbf |
| SHA512 | d100114a5c965bae11b5ba9c576811265e73cbce6f7742dc30d284a2f4254cb0b8d42a5767f37fa32367f2db28214eb16538fbe8c24db4ecb326d25856383506 |
C:\Users\Admin\AppData\Local\Temp\RES9E9A.tmp
| MD5 | 3dea4b9c8c0e303ccf90a1aff52913b8 |
| SHA1 | 53f0bae30d61cda62ad1d2db864c261186572934 |
| SHA256 | f52ab795726d0836be8bf69db20ddc4a6c4f119631773570b68f87778da76e41 |
| SHA512 | f10b516b91dc29170acba289f416f66682acf43d649123b93daac74755ae925d1ae9bd49c632e0548bd9598126668cec234752c8ad016129a49a1d6a17354d9a |
memory/7308-18016-0x000000001C450000-0x000000001C466000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\qw2blpje.dll
| MD5 | 7c35f368b1ef1799c6534aa432cdbf0e |
| SHA1 | 060277c1f10442f7e37a61ae79b24437b75c051e |
| SHA256 | af1b2004c6e095257a95fc6068662ddcbfec0f31b4117e24e29f4940722fc44e |
| SHA512 | f14ae5bd4fde327dbd209fc50c7a14b1e4fcc6a35252d08f2f7f750187e94fabe26799498e913da8e32dbf61ca4db5e9144bfb4c16b89907fe3849af15c59f9a |