Malware Analysis Report

2024-10-16 03:24

Sample ID 240724-tkqvkavcrj
Target 30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.7z
SHA256 3491a946bea7d927d02ae2a28b1001f40a3058f9ec98266f3dc34d472b746a17
Tags
babuk credential_access defense_evasion discovery execution impact ransomware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

3491a946bea7d927d02ae2a28b1001f40a3058f9ec98266f3dc34d472b746a17

Threat Level: Known bad

The file 30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.7z was found to be: Known bad.

Malicious Activity Summary

babuk credential_access defense_evasion discovery execution impact ransomware stealer

Babuk Locker

Renames multiple (1405) files with added filename extension

Deletes shadow copies

Credentials from Password Stores: Windows Credential Manager

Drops startup file

Enumerates connected drives

Drops file in Windows directory

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Unsigned PE

Suspicious use of SendNotifyMessage

Uses Task Scheduler COM API

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Uses Volume Shadow Copy service COM API

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Modifies registry class

Checks SCSI registry key(s)

Checks processor information in registry

Interacts with shadow copies

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-24 16:07

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-24 16:07

Reported

2024-07-24 16:09

Platform

win10-20240404-en

Max time kernel

127s

Max time network

125s

Command Line

"C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe"

Signatures

Babuk Locker

ransomware babuk

Deletes shadow copies

ransomware defense_evasion impact execution

Renames multiple (1405) files with added filename extension

ransomware

Credentials from Password Stores: Windows Credential Manager

credential_access stealer

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\How To Restore Your Files.txt C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\4183903823\2290032291.pri C:\Windows\system32\taskmgr.exe N/A
File created C:\Windows\rescache\_merged\1601268389\715946058.pri C:\Windows\system32\taskmgr.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A

Interacts with shadow copies

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\vssadmin.exe N/A
N/A N/A C:\Windows\system32\vssadmin.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3516 wrote to memory of 168 N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe C:\Windows\System32\cmd.exe
PID 3516 wrote to memory of 168 N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe C:\Windows\System32\cmd.exe
PID 168 wrote to memory of 4524 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\vssadmin.exe
PID 168 wrote to memory of 4524 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\vssadmin.exe
PID 3516 wrote to memory of 700 N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe C:\Windows\System32\cmd.exe
PID 3516 wrote to memory of 700 N/A C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe C:\Windows\System32\cmd.exe
PID 700 wrote to memory of 1604 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\vssadmin.exe
PID 700 wrote to memory of 1604 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\vssadmin.exe
PID 3360 wrote to memory of 4400 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3360 wrote to memory of 4400 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3360 wrote to memory of 4400 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3360 wrote to memory of 4400 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3360 wrote to memory of 4400 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3360 wrote to memory of 4400 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3360 wrote to memory of 4400 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3360 wrote to memory of 4400 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3360 wrote to memory of 4400 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3360 wrote to memory of 4400 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3360 wrote to memory of 4400 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4400 wrote to memory of 1384 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4400 wrote to memory of 1384 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4400 wrote to memory of 3924 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4400 wrote to memory of 3924 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4400 wrote to memory of 3924 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4400 wrote to memory of 3924 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4400 wrote to memory of 3924 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4400 wrote to memory of 3924 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4400 wrote to memory of 3924 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4400 wrote to memory of 3924 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4400 wrote to memory of 3924 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4400 wrote to memory of 3924 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4400 wrote to memory of 3924 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4400 wrote to memory of 3924 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4400 wrote to memory of 3924 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4400 wrote to memory of 3924 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4400 wrote to memory of 3924 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4400 wrote to memory of 3924 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4400 wrote to memory of 3924 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4400 wrote to memory of 3924 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4400 wrote to memory of 3924 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4400 wrote to memory of 3924 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4400 wrote to memory of 3924 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4400 wrote to memory of 3924 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4400 wrote to memory of 3924 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4400 wrote to memory of 3924 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4400 wrote to memory of 3924 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4400 wrote to memory of 3924 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4400 wrote to memory of 3924 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4400 wrote to memory of 3924 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4400 wrote to memory of 3924 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4400 wrote to memory of 3924 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4400 wrote to memory of 3924 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4400 wrote to memory of 3924 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4400 wrote to memory of 3924 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4400 wrote to memory of 3924 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4400 wrote to memory of 3924 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4400 wrote to memory of 3924 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4400 wrote to memory of 3924 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4400 wrote to memory of 3924 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4400 wrote to memory of 3924 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4400 wrote to memory of 3924 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4400 wrote to memory of 3924 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4400 wrote to memory of 3924 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4400 wrote to memory of 3924 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe

"C:\Users\Admin\AppData\Local\Temp\30fcff7add11ea6685a233c8ce1fc30abe67044630524a6eb363573a4a9f88b8.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c vssadmin.exe delete shadows /all /quiet

C:\Windows\system32\vssadmin.exe

vssadmin.exe delete shadows /all /quiet

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c vssadmin.exe delete shadows /all /quiet

C:\Windows\system32\vssadmin.exe

vssadmin.exe delete shadows /all /quiet

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\How To Restore Your Files.txt

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4400.0.746049787\1362833406" -parentBuildID 20221007134813 -prefsHandle 1720 -prefMapHandle 1688 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6913119f-8fee-4f37-b294-97fde1192115} 4400 "\\.\pipe\gecko-crash-server-pipe.4400" 1812 20d7f6b2e58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4400.1.470758210\1972521684" -parentBuildID 20221007134813 -prefsHandle 2140 -prefMapHandle 2136 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {229436f0-0054-457f-bc57-d73d5c29306c} 4400 "\\.\pipe\gecko-crash-server-pipe.4400" 2168 20d7c06fb58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4400.2.321195702\1101448515" -childID 1 -isForBrowser -prefsHandle 2752 -prefMapHandle 2852 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e60e16db-8b81-411c-a8fd-d2f3fdfdb096} 4400 "\\.\pipe\gecko-crash-server-pipe.4400" 2856 20d0b3a0458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4400.3.1039188971\253746285" -childID 2 -isForBrowser -prefsHandle 3448 -prefMapHandle 3440 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8379c91-3d98-4f32-81f6-c606a2707018} 4400 "\\.\pipe\gecko-crash-server-pipe.4400" 3468 20d0b93bd58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4400.4.13290909\1983670767" -childID 3 -isForBrowser -prefsHandle 4336 -prefMapHandle 4332 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {97baed6f-c943-465f-b152-cf47268d1023} 4400 "\\.\pipe\gecko-crash-server-pipe.4400" 4348 20d0d0da958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4400.5.168808167\2008343560" -childID 4 -isForBrowser -prefsHandle 4820 -prefMapHandle 4772 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {76c074db-b19a-4ee9-96c7-c0c5ec5f3733} 4400 "\\.\pipe\gecko-crash-server-pipe.4400" 4828 20d0b99a158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4400.6.328168418\1123393117" -childID 5 -isForBrowser -prefsHandle 4964 -prefMapHandle 4968 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a0d60b87-e0a7-4212-8596-1ab24bff1384} 4400 "\\.\pipe\gecko-crash-server-pipe.4400" 4956 20d0d3c4358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4400.7.378015120\1058533004" -childID 6 -isForBrowser -prefsHandle 5164 -prefMapHandle 5168 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {94b16aa5-c116-4614-ba49-d4f4749c0264} 4400 "\\.\pipe\gecko-crash-server-pipe.4400" 5156 20d0dc24e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4400.8.1977145651\673241553" -childID 7 -isForBrowser -prefsHandle 5384 -prefMapHandle 5888 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e0ab4c2-f3ef-4b7d-a93c-6c7520b24446} 4400 "\\.\pipe\gecko-crash-server-pipe.4400" 5884 20d0f336e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4400.9.1523088412\622392267" -childID 8 -isForBrowser -prefsHandle 5272 -prefMapHandle 5288 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c5964d7-c77e-42e0-9fff-c0e9bf9c3900} 4400 "\\.\pipe\gecko-crash-server-pipe.4400" 5296 20d0e79da58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4400.10.421249330\1093752379" -childID 9 -isForBrowser -prefsHandle 9896 -prefMapHandle 4632 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f77b4256-213a-4229-b594-86510cbb324c} 4400 "\\.\pipe\gecko-crash-server-pipe.4400" 9884 20d10bdb858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4400.11.1932056691\951760072" -childID 10 -isForBrowser -prefsHandle 4416 -prefMapHandle 5776 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ce29438-9dce-4d7f-b2df-6f864cffa395} 4400 "\\.\pipe\gecko-crash-server-pipe.4400" 5784 20d7c062558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4400.12.728997056\457899186" -childID 11 -isForBrowser -prefsHandle 9564 -prefMapHandle 9560 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4df3ae03-25c7-45b5-b4c3-5398dd7134be} 4400 "\\.\pipe\gecko-crash-server-pipe.4400" 9576 20d10c2fc58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4400.13.929297014\993567499" -childID 12 -isForBrowser -prefsHandle 4388 -prefMapHandle 9340 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc8526ae-3fb9-4bc9-97dc-973f80704493} 4400 "\\.\pipe\gecko-crash-server-pipe.4400" 9312 20d10f98e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4400.14.493062398\2044271331" -childID 13 -isForBrowser -prefsHandle 9324 -prefMapHandle 9328 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f6376409-ec9f-4cfd-a943-508b6d580c1b} 4400 "\\.\pipe\gecko-crash-server-pipe.4400" 9296 20d10fef358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4400.15.1627707274\1278103546" -childID 14 -isForBrowser -prefsHandle 8996 -prefMapHandle 9000 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a0b7e4ed-e5b6-4c83-b3a7-c06441f95e60} 4400 "\\.\pipe\gecko-crash-server-pipe.4400" 8988 20d0b742a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4400.16.1553801851\1252827736" -childID 15 -isForBrowser -prefsHandle 9092 -prefMapHandle 9088 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {06ae4fd9-29de-4249-aa2d-456235fff8c6} 4400 "\\.\pipe\gecko-crash-server-pipe.4400" 8644 20d10fef658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4400.17.1470311865\123982049" -childID 16 -isForBrowser -prefsHandle 9012 -prefMapHandle 9068 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dbd4cd43-dc56-4397-9ab3-abfba21044da} 4400 "\\.\pipe\gecko-crash-server-pipe.4400" 9020 20d10fef058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4400.18.1141554141\759878182" -childID 17 -isForBrowser -prefsHandle 9028 -prefMapHandle 8856 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {743ac45e-e6dd-4662-9a5c-def23a6318d2} 4400 "\\.\pipe\gecko-crash-server-pipe.4400" 8636 20d1148ce58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4400.19.995468229\164578148" -childID 18 -isForBrowser -prefsHandle 8404 -prefMapHandle 8556 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a4fcdfd-e232-4512-9197-9bca26b3139f} 4400 "\\.\pipe\gecko-crash-server-pipe.4400" 8296 20d1149c258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4400.20.778922031\411912964" -childID 19 -isForBrowser -prefsHandle 8184 -prefMapHandle 8196 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {243c491e-3a42-4e34-b886-fede453262a9} 4400 "\\.\pipe\gecko-crash-server-pipe.4400" 8312 20d1149d758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4400.21.1684777640\2020994768" -childID 20 -isForBrowser -prefsHandle 7980 -prefMapHandle 7976 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {28b3d9ba-f13b-4b36-840e-89440b879453} 4400 "\\.\pipe\gecko-crash-server-pipe.4400" 7892 20d1149f858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4400.22.695935626\970446063" -childID 21 -isForBrowser -prefsHandle 9372 -prefMapHandle 8880 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {25ffa24d-2890-4a0c-bee8-42bc721fdb24} 4400 "\\.\pipe\gecko-crash-server-pipe.4400" 9176 20d0f7be958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4400.23.773161249\43175486" -childID 22 -isForBrowser -prefsHandle 9460 -prefMapHandle 9184 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0eda9f85-be61-4684-bbba-6480349aa6fa} 4400 "\\.\pipe\gecko-crash-server-pipe.4400" 9372 20d0f58b158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4400.24.284800433\16922380" -childID 23 -isForBrowser -prefsHandle 9592 -prefMapHandle 9452 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7bab43c4-35b5-438b-8730-0affa931e26e} 4400 "\\.\pipe\gecko-crash-server-pipe.4400" 8700 20d0fa69658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4400.25.406231177\80777064" -childID 24 -isForBrowser -prefsHandle 9524 -prefMapHandle 9520 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {081beadc-21a2-4768-a978-e85842929d04} 4400 "\\.\pipe\gecko-crash-server-pipe.4400" 4304 20d0faa8558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4400.26.119588457\2133096430" -childID 25 -isForBrowser -prefsHandle 5432 -prefMapHandle 4956 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {43745e75-629f-4831-9e59-99632f958439} 4400 "\\.\pipe\gecko-crash-server-pipe.4400" 9436 20d0f6fc958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4400.27.607438663\859102994" -childID 26 -isForBrowser -prefsHandle 2592 -prefMapHandle 9520 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0faf045-137c-47c4-9b40-76882f126ff5} 4400 "\\.\pipe\gecko-crash-server-pipe.4400" 9608 20d1022c758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4400.28.119478810\785610649" -childID 27 -isForBrowser -prefsHandle 8380 -prefMapHandle 9928 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6023c9f6-1e0d-4840-a73c-cb2b1ee80cfe} 4400 "\\.\pipe\gecko-crash-server-pipe.4400" 4592 20d101f7658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4400.29.1831281102\1352074595" -childID 28 -isForBrowser -prefsHandle 9232 -prefMapHandle 9228 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {efad909d-d297-4647-bc73-02ce8d1de101} 4400 "\\.\pipe\gecko-crash-server-pipe.4400" 9220 20d10e93658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4400.30.1294271351\645372597" -childID 29 -isForBrowser -prefsHandle 9284 -prefMapHandle 9536 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2a69c03-0aa7-47fa-b355-b91a8094992d} 4400 "\\.\pipe\gecko-crash-server-pipe.4400" 8724 20d10e92a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4400.31.948133073\1736276968" -childID 30 -isForBrowser -prefsHandle 9972 -prefMapHandle 4532 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab1724b9-eda3-4106-a70d-1deb90b80b2d} 4400 "\\.\pipe\gecko-crash-server-pipe.4400" 4720 20d116b8b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4400.32.2034756476\476240221" -childID 31 -isForBrowser -prefsHandle 9204 -prefMapHandle 5080 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {440a33db-0c4e-42a9-847c-b54bd18af419} 4400 "\\.\pipe\gecko-crash-server-pipe.4400" 9508 20d0f285358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4400.33.1020936806\373662259" -childID 32 -isForBrowser -prefsHandle 5304 -prefMapHandle 9196 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b0713fc-45d3-4c0c-a11a-e999fd06ea00} 4400 "\\.\pipe\gecko-crash-server-pipe.4400" 9828 20d0f283258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4400.34.1303976817\1073931949" -childID 33 -isForBrowser -prefsHandle 8760 -prefMapHandle 8416 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7820996f-9974-45eb-9c3f-880ac09fe140} 4400 "\\.\pipe\gecko-crash-server-pipe.4400" 5152 20d0f285958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4400.35.558523549\1017417595" -childID 34 -isForBrowser -prefsHandle 9812 -prefMapHandle 9828 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {03c0f53e-a1b1-4a32-a888-abdff1e7f10f} 4400 "\\.\pipe\gecko-crash-server-pipe.4400" 9796 20d1149f858 tab

Network

Country Destination Domain Proto
N/A 127.0.0.1:50971 tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 166.188.117.34.in-addr.arpa udp
US 8.8.8.8:53 228.192.238.44.in-addr.arpa udp
N/A 127.0.0.1:50977 tcp
US 8.8.8.8:53 i.imgur.com udp
US 199.232.196.193:443 i.imgur.com tcp
US 8.8.8.8:53 ipv4.imgur.map.fastly.net udp
US 8.8.8.8:53 ipv4.imgur.map.fastly.net udp
US 8.8.8.8:53 imgur.com udp
US 8.8.8.8:53 imgur.com udp
US 199.232.192.193:443 imgur.com tcp
US 8.8.8.8:53 imgur.com udp
US 8.8.8.8:53 d3c8j8snkzfr1n.cloudfront.net udp
US 8.8.8.8:53 ced.sascdn.com udp
US 8.8.8.8:53 js.assemblyexchange.com udp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 s.imgur.com udp
US 8.8.8.8:53 ced-ns.sascdn.com udp
US 199.232.192.193:443 s.imgur.com tcp
US 8.8.8.8:53 stretchsquirrel.com udp
US 199.232.192.193:443 s.imgur.com tcp
US 199.232.192.193:443 s.imgur.com tcp
US 199.232.192.193:443 s.imgur.com tcp
US 8.8.8.8:53 a1184.b.akamai.net udp
US 8.8.8.8:53 btloader.com udp
US 104.22.74.216:443 btloader.com tcp
US 151.101.64.193:443 js.assemblyexchange.com tcp
US 8.8.8.8:53 medialab.map.fastly.net udp
GB 18.245.206.96:443 d3c8j8snkzfr1n.cloudfront.net tcp
US 8.8.8.8:53 a1184.b.akamai.net udp
US 104.18.24.111:443 stretchsquirrel.com tcp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 medialab.map.fastly.net udp
US 8.8.8.8:53 d3c8j8snkzfr1n.cloudfront.net udp
US 8.8.8.8:53 d3c8j8snkzfr1n.cloudfront.net udp
US 8.8.8.8:53 a1845.dscb.akamai.net udp
US 8.8.8.8:53 stretchsquirrel.com udp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 a1845.dscb.akamai.net udp
US 130.211.23.194:443 api.btloader.com tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 8.8.8.8:53 stretchsquirrel.com udp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 i.clean.gg udp
US 8.8.8.8:53 ad-delivery.net udp
US 104.18.24.111:443 stretchsquirrel.com udp
US 8.8.8.8:53 static.adsafeprotected.com udp
US 34.95.69.49:443 i.clean.gg tcp
US 34.95.69.49:443 i.clean.gg tcp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 ads.assemblyexchange.com udp
US 8.8.8.8:53 js.media-lab.ai udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 193.196.232.199.in-addr.arpa udp
US 8.8.8.8:53 193.192.232.199.in-addr.arpa udp
US 8.8.8.8:53 216.74.22.104.in-addr.arpa udp
US 8.8.8.8:53 193.64.101.151.in-addr.arpa udp
US 8.8.8.8:53 8.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 96.206.245.18.in-addr.arpa udp
US 8.8.8.8:53 111.24.18.104.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 70.3.26.104.in-addr.arpa udp
US 8.8.8.8:53 i.clean.gg udp
GB 18.244.155.61:443 js.media-lab.ai tcp
US 35.201.64.137:443 ads.assemblyexchange.com tcp
US 8.8.8.8:53 d162h6x3rxav67.cloudfront.net udp
US 8.8.8.8:53 js.media-lab.ai udp
US 8.8.8.8:53 i.clean.gg udp
US 8.8.8.8:53 d162h6x3rxav67.cloudfront.net udp
US 8.8.8.8:53 o435357.ingest.sentry.io udp
US 8.8.8.8:53 ads.assemblyexchange.com udp
US 130.211.23.194:443 api.btloader.com udp
US 8.8.8.8:53 api.imgur.com udp
US 8.8.8.8:53 js.media-lab.ai udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 34.120.195.249:443 o435357.ingest.sentry.io tcp
US 8.8.8.8:53 ads.assemblyexchange.com udp
US 199.232.196.193:443 api.imgur.com tcp
US 8.8.8.8:53 d1ykf07e75w7ss.cloudfront.net udp
US 34.95.69.49:443 i.clean.gg udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 o435357.ingest.sentry.io udp
US 8.8.8.8:53 o435357.ingest.sentry.io udp
US 8.8.8.8:53 d1ykf07e75w7ss.cloudfront.net udp
US 35.201.64.137:443 ads.assemblyexchange.com udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 34.120.195.249:443 o435357.ingest.sentry.io udp
GB 2.18.190.144:443 a1184.b.akamai.net tcp
GB 2.18.190.145:443 a1845.dscb.akamai.net tcp
GB 52.84.90.96:443 d162h6x3rxav67.cloudfront.net tcp
GB 142.250.187.194:443 securepubads.g.doubleclick.net tcp
GB 13.224.223.9:443 d1ykf07e75w7ss.cloudfront.net tcp
GB 142.250.187.194:443 securepubads.g.doubleclick.net tcp
GB 18.165.242.4:443 sb.scorecardresearch.com tcp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 8.8.8.8:53 firebase.googleapis.com udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 8.8.8.8:53 firebase.googleapis.com udp
US 8.8.8.8:53 firebase.googleapis.com udp
GB 142.250.187.194:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 49.69.95.34.in-addr.arpa udp
US 8.8.8.8:53 xeno-soswcrde4a-uc.a.run.app udp
US 8.8.8.8:53 61.155.244.18.in-addr.arpa udp
US 8.8.8.8:53 137.64.201.35.in-addr.arpa udp
US 8.8.8.8:53 249.195.120.34.in-addr.arpa udp
US 8.8.8.8:53 144.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 6.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 145.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 96.90.84.52.in-addr.arpa udp
US 8.8.8.8:53 9.223.224.13.in-addr.arpa udp
US 8.8.8.8:53 4.242.165.18.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 216.239.34.53:443 xeno-soswcrde4a-uc.a.run.app tcp
US 216.239.34.53:443 xeno-soswcrde4a-uc.a.run.app tcp
US 8.8.8.8:53 xeno-soswcrde4a-uc.a.run.app udp
US 130.211.23.194:443 api.btloader.com udp
US 8.8.8.8:53 xeno-soswcrde4a-uc.a.run.app udp
US 8.8.8.8:53 cobaltoverture.com udp
US 8.8.8.8:53 p.imgur.com udp
US 199.232.192.193:443 p.imgur.com tcp
US 104.18.25.111:443 cobaltoverture.com tcp
US 8.8.8.8:53 cobaltoverture.com udp
US 216.239.34.53:443 xeno-soswcrde4a-uc.a.run.app udp
US 8.8.8.8:53 cobaltoverture.com udp
US 104.18.25.111:443 cobaltoverture.com udp
GB 52.84.90.86:443 config.aps.amazon-adsystem.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 104.18.25.111:443 cobaltoverture.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 216.239.34.36:443 region1.google-analytics.com udp
GB 142.250.180.14:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 53.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 111.25.18.104.in-addr.arpa udp
US 8.8.8.8:53 86.90.84.52.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 216.239.34.53:443 xeno-soswcrde4a-uc.a.run.app udp
GB 142.250.180.14:443 www3.l.google.com udp
GB 142.250.180.14:443 www3.l.google.com udp
GB 142.250.180.14:443 www3.l.google.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 googlehosted.l.googleusercontent.com udp
US 8.8.8.8:53 googlehosted.l.googleusercontent.com udp
GB 172.217.16.225:443 googlehosted.l.googleusercontent.com udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 35.201.64.137:443 ads.assemblyexchange.com udp
US 8.8.8.8:53 api.rlcdn.com udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 34.120.133.55:443 api.rlcdn.com tcp
US 8.8.8.8:53 api.rlcdn.com udp
GB 18.154.87.148:443 aax.amazon-adsystem.com tcp
GB 18.154.87.148:443 aax.amazon-adsystem.com tcp
GB 18.154.87.148:443 aax.amazon-adsystem.com tcp
GB 18.154.87.148:443 aax.amazon-adsystem.com tcp
US 8.8.8.8:53 d1jvc9b8z3vcjs.cloudfront.net udp
US 8.8.8.8:53 api.rlcdn.com udp
US 8.8.8.8:53 d1jvc9b8z3vcjs.cloudfront.net udp
US 34.120.133.55:443 api.rlcdn.com udp
US 8.8.8.8:53 ssc-cms.33across.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 openrtb-us-east-1.axonix.com udp
US 8.8.8.8:53 rtb.gumgum.com udp
US 8.8.8.8:53 sync.inmobi.com udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 67.202.105.24:443 ssc-cms.33across.com tcp
US 8.8.8.8:53 pixel.33across.com udp
NL 185.89.210.82:443 ib.adnxs.com tcp
US 8.8.8.8:53 ib.anycast.adnxs.com udp
US 155.204.117.12:443 openrtb-us-east-1.axonix.com tcp
US 8.8.8.8:53 openrtb-dc11.axonix.com udp
US 104.18.36.155:443 ssum-sec.casalemedia.com tcp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 20.253.0.30:443 sync.inmobi.com tcp
IE 54.73.255.200:443 rtb.gumgum.com tcp
US 8.8.8.8:53 pixel.33across.com udp
US 8.8.8.8:53 ib.anycast.adnxs.com udp
IE 52.95.126.160:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 openrtb-dc11.axonix.com udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 pixel-sync.trafficmanager.net udp
US 8.8.8.8:53 4f60845b27126ff51022f103eaa2d8d8.safeframe.googlesyndication.com udp
US 8.8.8.8:53 rtb.gumgum.com udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 pixel-sync.trafficmanager.net udp
GB 142.250.187.225:443 4f60845b27126ff51022f103eaa2d8d8.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 rtb.gumgum.com udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 104.18.36.155:443 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 pagead-googlehosted.l.google.com udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
GB 142.250.187.225:443 pagead-googlehosted.l.google.com udp
US 8.8.8.8:53 pagead-googlehosted.l.google.com udp
US 8.8.8.8:53 secure.adnxs.com udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 us-u.openx.net udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 8.8.8.8:53 pr-bh.ybp.yahoo.com udp
US 8.8.8.8:53 sync.ipredictive.com udp
US 8.8.8.8:53 match.deepintent.com udp
US 8.8.8.8:53 b1sync.zemanta.com udp
US 34.98.64.218:443 us-u.openx.net tcp
US 8.8.8.8:53 bh.contextweb.com udp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 52.73.59.20:443 sync.srv.stackadapt.com tcp
US 8.8.8.8:53 c1.adform.net udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
DE 37.252.171.21:443 secure.adnxs.com tcp
US 52.45.1.83:443 sync.ipredictive.com tcp
US 8.8.8.8:53 ads.pubmatic.com udp
IE 34.250.15.254:443 pr-bh.ybp.yahoo.com tcp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 tg.socdm.com udp
US 169.197.150.7:443 match.deepintent.com tcp
US 70.42.32.127:443 b1sync.zemanta.com tcp
US 8.8.8.8:53 creativecdn.com udp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 us-u.openx.net udp
US 8.8.8.8:53 user-data-eu.bidswitch.net udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
DK 37.157.6.254:443 c1.adform.net tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
NL 89.149.192.196:443 ssbsync.smartadserver.com tcp
JP 124.146.153.150:443 tg.socdm.com tcp
GB 172.217.16.226:443 cm.g.doubleclick.net tcp
US 35.71.131.137:443 match.adsrvr.org tcp
NL 185.184.8.90:443 creativecdn.com tcp
US 8.8.8.8:53 55.133.120.34.in-addr.arpa udp
US 8.8.8.8:53 148.87.154.18.in-addr.arpa udp
US 8.8.8.8:53 82.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 155.36.18.104.in-addr.arpa udp
US 8.8.8.8:53 160.126.95.52.in-addr.arpa udp
US 8.8.8.8:53 200.255.73.54.in-addr.arpa udp
US 8.8.8.8:53 24.105.202.67.in-addr.arpa udp
US 8.8.8.8:53 12.117.204.155.in-addr.arpa udp
US 8.8.8.8:53 30.0.253.20.in-addr.arpa udp
US 8.8.8.8:53 225.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 us-u.openx.net udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 8.8.8.8:53 user-data-eu.bidswitch.net udp
GB 2.18.108.192:443 ads.pubmatic.com tcp
GB 142.250.200.1:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 sync.ipredictive.com udp
GB 23.215.239.190:443 secure-assets.rubiconproject.com tcp
US 34.98.64.218:443 us-u.openx.net udp
US 8.8.8.8:53 ds-pr-bh.ybp.gysm.yahoodns.net udp
US 8.8.8.8:53 m.deepintent.com udp
US 8.8.8.8:53 218.64.98.34.in-addr.arpa udp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
US 8.8.8.8:53 21.171.252.37.in-addr.arpa udp
US 8.8.8.8:53 254.15.250.34.in-addr.arpa udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 137.131.71.35.in-addr.arpa udp
US 8.8.8.8:53 196.192.149.89.in-addr.arpa udp
US 8.8.8.8:53 20.59.73.52.in-addr.arpa udp
US 8.8.8.8:53 83.1.45.52.in-addr.arpa udp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
US 8.8.8.8:53 254.6.157.37.in-addr.arpa udp
US 8.8.8.8:53 7.150.197.169.in-addr.arpa udp
US 8.8.8.8:53 127.32.42.70.in-addr.arpa udp
US 8.8.8.8:53 ds-pr-bh.ybp.gysm.yahoodns.net udp
US 8.8.8.8:53 m.deepintent.com udp
US 8.8.8.8:53 sync.ipredictive.com udp
US 8.8.8.8:53 nydc1.outbrain.org udp
NL 208.93.169.131:443 bh.contextweb.com tcp
JP 124.146.153.150:443 tg.socdm.com tcp
US 8.8.8.8:53 track.adformnet.akadns.net udp
US 8.8.8.8:53 am1-direct-bgp.contextweb.com udp
US 8.8.8.8:53 nydc1.outbrain.org udp
US 8.8.8.8:53 am1-direct-bgp.contextweb.com udp
GB 172.217.16.226:443 cm.g.doubleclick.net udp
US 8.8.8.8:53 track.adformnet.akadns.net udp
US 8.8.8.8:53 ssbsync-euw1.smartadserver.com udp
US 8.8.8.8:53 tg.dr.socdm.com udp
GB 142.250.200.1:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 ssbsync-euw1.smartadserver.com udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 tg.dr.socdm.com udp
US 8.8.8.8:53 mp.imgur.com udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 creativecdn.com udp
US 8.8.8.8:53 usersync.gumgum.com udp
US 8.8.8.8:53 match.adsrvr.org udp
US 199.232.196.193:443 mp.imgur.com tcp
US 8.8.8.8:53 creativecdn.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
IE 52.210.15.1:443 usersync.gumgum.com tcp
IE 52.210.15.1:443 usersync.gumgum.com tcp
US 8.8.8.8:53 e6603.g.akamaiedge.net udp
US 8.8.8.8:53 e8960.e2.akamaiedge.net udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 ipv4.imgur.map.fastly.net udp
US 8.8.8.8:53 e8960.e2.akamaiedge.net udp
US 8.8.8.8:53 usersync.gumgum.com udp
US 8.8.8.8:53 usersync.gumgum.com udp
US 8.8.8.8:53 192.108.18.2.in-addr.arpa udp
US 8.8.8.8:53 1.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 190.239.215.23.in-addr.arpa udp
US 8.8.8.8:53 150.153.146.124.in-addr.arpa udp
US 8.8.8.8:53 1.15.210.52.in-addr.arpa udp
US 8.8.8.8:53 eus.rubiconproject.com udp
US 8.8.8.8:53 qvdt3feo.com udp
IE 52.210.15.1:443 usersync.gumgum.com tcp
US 8.8.8.8:53 cdn.ampproject.org udp
GB 216.58.213.1:443 cdn.ampproject.org tcp
GB 216.58.213.1:443 cdn.ampproject.org tcp
GB 216.58.213.1:443 cdn.ampproject.org tcp
GB 216.58.213.1:443 cdn.ampproject.org tcp
GB 216.58.213.1:443 cdn.ampproject.org tcp
GB 216.58.213.1:443 cdn.ampproject.org tcp
US 8.8.8.8:53 cdn-content.ampproject.org udp
US 100.24.231.128:443 qvdt3feo.com tcp
US 8.8.8.8:53 qvdt3feo.com udp
GB 23.46.73.76:443 eus.rubiconproject.com tcp
US 8.8.8.8:53 e8960.b.akamaiedge.net udp
GB 216.58.213.1:443 cdn-content.ampproject.org udp
US 8.8.8.8:53 cdn-content.ampproject.org udp
US 8.8.8.8:53 qvdt3feo.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.228:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.228:443 www.google.com udp
US 8.8.8.8:53 1.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 76.73.46.23.in-addr.arpa udp
US 8.8.8.8:53 128.231.24.100.in-addr.arpa udp
US 8.8.8.8:53 228.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 token.rubiconproject.com udp
NL 69.173.156.148:443 token.rubiconproject.com tcp
US 8.8.8.8:53 pixel.rubiconproject.net.akadns.net udp
US 8.8.8.8:53 pixel.rubiconproject.net.akadns.net udp
US 8.8.8.8:53 148.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 34.120.195.249:443 o435357.ingest.sentry.io udp
US 8.8.8.8:53 131.169.93.208.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
GB 216.58.201.98:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 ced.sascdn.com udp
US 8.8.8.8:53 medialab.map.fastly.net udp
US 8.8.8.8:53 ced-ns.sascdn.com udp
US 8.8.8.8:53 a1845.dscb.akamai.net udp
US 8.8.8.8:53 medialab.map.fastly.net udp
US 8.8.8.8:53 a1184.b.akamai.net udp
US 8.8.8.8:53 a1845.dscb.akamai.net udp
US 34.95.69.49:443 i.clean.gg udp
US 8.8.8.8:53 i.clean.gg udp
US 8.8.8.8:53 ads.assemblyexchange.com udp
US 8.8.8.8:53 js.media-lab.ai udp
US 8.8.8.8:53 merequartz.com udp
US 8.8.8.8:53 adserver.adtech.advertising.com udp
US 104.18.24.111:443 merequartz.com tcp
US 8.8.8.8:53 merequartz.com udp
US 8.8.8.8:53 fp30c8.wpc.thetacdn.net udp
US 8.8.8.8:53 fp30c8.wpc.thetacdn.net udp
US 152.199.19.33:443 fp30c8.wpc.thetacdn.net tcp
US 8.8.8.8:53 merequartz.com udp
US 104.18.24.111:443 merequartz.com udp
US 8.8.8.8:53 cs-rtb.minutemedia-prebid.com udp
US 8.8.8.8:53 s.hb.selectmedia.asia udp
US 8.8.8.8:53 u.openx.net udp
US 8.8.8.8:53 match.sharethrough.com udp
GB 54.192.137.24:443 cs-rtb.minutemedia-prebid.com tcp
US 8.8.8.8:53 dheoaz9svaqd1.cloudfront.net udp
DE 142.132.249.187:443 s.hb.selectmedia.asia tcp
US 8.8.8.8:53 s-unoadsrv-com.geodns.me udp
US 35.244.159.8:443 u.openx.net tcp
US 8.8.8.8:53 u.openx.net udp
DE 54.93.109.96:443 match.sharethrough.com tcp
NL 69.173.156.148:443 pixel.rubiconproject.net.akadns.net tcp
US 8.8.8.8:53 u.openx.net udp
US 8.8.8.8:53 dheoaz9svaqd1.cloudfront.net udp
US 8.8.8.8:53 s-unoadsrv-com.geodns.me udp
US 8.8.8.8:53 match-eu-central-1-ecs.sharethrough.com udp
US 8.8.8.8:53 match-eu-central-1-ecs.sharethrough.com udp
US 8.8.8.8:53 5eb07a8ec7204f870b29c6d4adf90109.safeframe.googlesyndication.com udp
US 35.244.159.8:443 u.openx.net udp
US 8.8.8.8:53 33.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 8.159.244.35.in-addr.arpa udp
US 8.8.8.8:53 24.137.192.54.in-addr.arpa udp
US 8.8.8.8:53 187.249.132.142.in-addr.arpa udp
US 8.8.8.8:53 96.109.93.54.in-addr.arpa udp
GB 142.250.187.225:443 5eb07a8ec7204f870b29c6d4adf90109.safeframe.googlesyndication.com tcp
GB 142.250.187.225:443 5eb07a8ec7204f870b29c6d4adf90109.safeframe.googlesyndication.com udp
US 8.8.8.8:53 eb2.3lift.com udp
US 8.8.8.8:53 image8.pubmatic.com udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 imgsync-amsfpairbc.pubmnet.com udp
US 76.223.111.18:443 eb2.3lift.com tcp
NL 198.47.127.18:443 imgsync-amsfpairbc.pubmnet.com tcp
DE 37.252.171.21:443 secure.adnxs.com tcp
IE 52.19.15.103:443 ap.lijit.com tcp
US 8.8.8.8:53 blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 imgsync-amsfpairbc.pubmnet.com udp
US 8.8.8.8:53 eu-eb2.3lift.com udp
US 8.8.8.8:53 cs.minutemedia-prebid.com udp
IE 52.16.74.63:443 cs.minutemedia-prebid.com tcp
US 8.8.8.8:53 cs.digbearings.com udp
US 8.8.8.8:53 cs.digbearings.com udp
IE 52.16.74.63:443 cs.digbearings.com tcp
US 8.8.8.8:53 18.111.223.76.in-addr.arpa udp
US 8.8.8.8:53 18.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 103.15.19.52.in-addr.arpa udp
US 8.8.8.8:53 63.74.16.52.in-addr.arpa udp
US 8.8.8.8:53 csi.gstatic.com udp
US 8.8.8.8:53 csi.gstatic.com udp
US 74.125.21.120:443 csi.gstatic.com tcp
US 8.8.8.8:53 csi.gstatic.com udp
US 8.8.8.8:53 120.21.125.74.in-addr.arpa udp
US 74.125.21.120:443 csi.gstatic.com udp
US 8.8.8.8:53 s.ad.smaato.net udp
NL 89.149.192.196:443 ssbsync-euw1.smartadserver.com tcp
US 8.8.8.8:53 sync.go.sonobi.com udp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 iad-2-sync.go.sonobi.com udp
US 69.166.1.66:443 iad-2-sync.go.sonobi.com tcp
GB 108.156.39.10:443 s.ad.smaato.net tcp
US 8.8.8.8:53 s.ad.smaato.net udp
NL 46.228.174.117:443 sync.1rx.io tcp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 iad-2-sync.go.sonobi.com udp
US 8.8.8.8:53 s.ad.smaato.net udp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 10.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 66.1.166.69.in-addr.arpa udp
US 8.8.8.8:53 ipv4.imgur.map.fastly.net udp
US 104.18.24.111:443 merequartz.com udp
US 8.8.8.8:53 i.clean.gg udp
US 8.8.8.8:53 ads.assemblyexchange.com udp
US 8.8.8.8:53 js.media-lab.ai udp
US 8.8.8.8:53 api.imgur.com udp
US 8.8.8.8:53 ipv4.imgur.map.fastly.net udp
US 8.8.8.8:53 ipv4.imgur.map.fastly.net udp
US 152.199.19.33:443 fp30c8.wpc.thetacdn.net tcp
US 8.8.8.8:53 e0fe9bd9793f79b88f934fa58d12e884.safeframe.googlesyndication.com udp
GB 142.250.187.225:443 e0fe9bd9793f79b88f934fa58d12e884.safeframe.googlesyndication.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
GB 142.250.187.225:443 e0fe9bd9793f79b88f934fa58d12e884.safeframe.googlesyndication.com udp
GB 142.250.187.228:443 www.google.com udp
US 8.8.8.8:53 ipv4.imgur.map.fastly.net udp

Files

\Device\HarddiskVolume1\Boot\da-DK\How To Restore Your Files.txt

MD5 4696310ca321ce5a34e879b4e8b0611a
SHA1 89082071a1e6d3379a923ef6a39903cc05dfe495
SHA256 1f366b81cfa615b53eb24345d09abee973b2b82778f5f21f8ee31fbe13e7d92a
SHA512 94bfbe6b23e73435a30c6f1bb94970bf9eaa1d9cea0e38d654e23be28ff3802dbabb3984087784a3a99b12f6517389378f1d4c3016b15b6b05a498293480c7d5

C:\Users\Admin\AppData\Local\Microsoft\Windows\PRICache\4183903823\2290032291.pri

MD5 b8da5aac926bbaec818b15f56bb5d7f6
SHA1 2b5bf97cd59e82c7ea96c31cf9998fbbf4884dc5
SHA256 5be5216ae1d0aed64986299528f4d4fe629067d5f4097b8e4b9d1c6bcf4f3086
SHA512 c39a28d58fb03f4f491bf9122a86a5cbe7677ec2856cf588f6263fa1f84f9ffc1e21b9bcaa60d290356f9018fb84375db532c8b678cf95cc0a2cc6ed8da89436

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\b36c6b8f-d371-4dd2-9af9-df9f205323ec

MD5 025ca7ea17ba65659c3522091ea2c088
SHA1 d2c7cee2b6afdcf25960b52fb803efadd83da315
SHA256 7ea27703ead16444511cb2abd5d90acf5267bb027c6607bc27747e1c7927bc8a
SHA512 ba0018ac62c697cc2e9ffd2f513a444ebb742ec7d9ebb9b89cd7e1f737c627824401aba799e53b7fd9a9fb2d7de54b8088127dfe107f182fa12a660d490eddfe

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\3fdd84d4-10da-476d-8120-3e45246158fc

MD5 86fc2f91592b8599f10832bf83a0b5df
SHA1 9615c4f6c9a83d065b3625bf5341b25fe0fc8d02
SHA256 02fa30e289ad913af08393ce01a528eb58b1e936df7105b5600f74af5579b758
SHA512 337eccbff0b9aa1ca14a803a90e2067809a6163b4259dc9610e9c81d5f25bfd234ab599a79f97848679e6f00549e1da719fd0d77da3e99d9a3d8ad6a1dae6d99

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\db\data.safe.bin

MD5 e31a969ce4ee4d6a1a0074f1b3c71e08
SHA1 685bc4d734c448a6441cc70af1eaa8d14e9688d1
SHA256 647ca20a5e846521697ce5ba34883b0311fee2008b8cc8362800c1e662334b5a
SHA512 eb1095de67fd543912beb7408a4093b4236b385a64ffac6ec25bdae25d7a5b5d903d7a32f106c0e9ec3d4cb7a953191b882bc4cee78436f151f8717f9633ea95

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs.js

MD5 d36dd95191ed0fc50ec5124db7460588
SHA1 ae80052282f8598f6d53e63ffc7673198a70ccee
SHA256 57c4dcfdfd173858252d8d22279a30f42b9f7d37d6ed4bf30020c5caca59ebba
SHA512 b37423cfca856fa3f24a8e368caa27aedea2e3c8a5525c9a0ed80a6dad6bfaa9e4f9805c79be7d4b92d94d40ed6693bc1488cbf7480edc22c77a4eedb0c32583

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 731c0e733fe1e3123d366af7c8e578ae
SHA1 9756304ea773dd9cd96e5996dc79de2ed6a9ae9c
SHA256 8f426b4be5e3440fa14d37480f018b7dc3d1a547b0e91c2fbfc6e31d9054a359
SHA512 d29e0f2356a3226f64692b390c122d4d70f09f677d9f5d086f2babaeba6574d670171edb24ff52f928871ec489680f57910e21fac1ca8ec08783a07d21b1f427

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs.js

MD5 2d392cdfcd0cf1f62883d393a79f8b60
SHA1 10731794dd4fcd531c786258d9b1c56795c37388
SHA256 56f3d24f0d4a6f891d794456ce194da396a31f70c65cbf5ca0c426960cfbaf8f
SHA512 e14aded4031479c36430c3affdb83855e46d7d5d9833e39b07614f424087003ae00e565b98d6ec2976676570625bd640673c7c2680ff83fcfa099484dee20d3e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\storage\default\https+++imgur.com\idb\2926346687feisraebbaatsaed--hte.sqlite

MD5 6000796965b6657d7880bf15d1cf73e5
SHA1 a119f457828d4140028671612ce8db3e59920fed
SHA256 35da9425f197bf5e71c931269cbe244832e5e29a6ee9f7d251acab5d44618eb1
SHA512 5ef55de84fe9514044cfe390fb746e077da82bba39d051d85edb424e98fdcf17c26b71ade4d272cb468cfd99b5f8821a93047a11a21f4d8325a416dcf037268a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 dac5ee4cca19e866e4b4f5e27c584980
SHA1 58d1660339ed2ef369402adbcd531f7fe6b65b75
SHA256 50c1a92b2a90fd15765e9ec942542f9e0199192d50a497780882f92e82066b95
SHA512 7ccffe3d05c894dda7c337e1c769a62ff84987ba8c05989ecd6c5f8366980a09f0e6948530f856089e4d11d9f6567cd17b918b08b208f45b1f46ff51bb9e0747

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 772e3a4355d270fc9f8adb3611c6f157
SHA1 f9eb1e64c3f85104d5a1a3abf117b824f0cc6f94
SHA256 d939e55353ac581a03352e7dfd56caae2db33ad2b67d9bec90211d7ea6f891b7
SHA512 27da97246c379c8df1dd11ee5d79b7d10debdcef7ea3ace1d1ad743082e7f15b96ec6441ca3154b107aa115d7a86902e2cded52636f018b4ede37d2d99303e55

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\8983

MD5 34043dfd1a7a043bad32f824450eb2d5
SHA1 b66594b7421cb1c7a3b1a55ddd07b94ccd9b1e67
SHA256 b3eb306083025360dd3c56475d41ada50a5f70987ddac8b1656474fcc622d31b
SHA512 c4cd39383b6992b66622d2529eb00c4e5c83d74e85e5bf6f1246d4d61fbf5055baa5a115369de6db9786035f0727161707b397dcdd9bdcf1733cfc027378bd6e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\23292

MD5 4106a2efc88828163d937d41db8f26a2
SHA1 7dc441e4a960147e1ff9997d13701b3dde6df69e
SHA256 baeacbb5d6d2e03bf7aeae7a98d7fd307825934c80d226e93fd799523a5c0829
SHA512 650663116faad7cc8391982a077bf087ff999b619c44f83fd394abc39d73e0671d41e8a72a5e78f38615b49c083c28c694f01cc5e79b737d4ed8d4754fc22275

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\26108

MD5 75262b6579485247a30445dcce579bbd
SHA1 1303a8811aeb910013b1ae2c0f57e862876b60b8
SHA256 20e403a15a071c6919d78d57b6bdbd7b88c7f1c19fdf5492552637e6e3740894
SHA512 98b2eab166f89534aebe6b423340e3243cbd492654fe285b3502a7ea9a1585d869f0031b3e5213b1f1cf893bd8e73efae93e2a67a2276b8fc4aec29d2cdb3d51

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\27130

MD5 72eefdda7c9233322e51489d31759b26
SHA1 bce4644ee383459aa5a5da608292461796bc859d
SHA256 4b85951e91f7d69b07c632a946e1a05c03fce0bfdd076dd84f1b75e4b226f218
SHA512 7ccb8dd4f9aceed6721cacc11366739c2e1b2e0affef891c9be4e31669547609f8421eac9d7ad0f4dfc977882d1a8570b5e229cbdc9ebb87c7604fe8d49a699c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\3710

MD5 bdd7f26c60dc56e75d68d3d17997fe4e
SHA1 c719fe0e2861851456f1d8676ff9a1b321432f1d
SHA256 71fbd7059f8b195e1e3e36bf5897642d8872f2ca902ad2f95cc0f248db8df4b9
SHA512 9d374bc0b386dd192bbbc27baeb0518524b1b2b3ea3a2135dd309ae5fde94670b06c6ec5b046b87e18f5c91462a0bb28aa7f8c0d225daa6195e29b3d05016c69

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\10612

MD5 42f57b7e441426cf629a51cdef5b0a7b
SHA1 8d9d10749a9a5eeda2b3db284389092c170628f1
SHA256 d919db20b99d56effc597c583ff467cbb602552f47742a05c3c38050bba71f82
SHA512 202cd80f454bb86d3640733ea5006e8987cc6ced7053c1fe3b8d793e42b72938793a3de60b80bf9f115f451cec2bcfe8a71dc255188f99bbadd9136bb9372b5a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\15696

MD5 eef34b60ba1796f3bddbebd3442e7937
SHA1 7c52d07a2178222fdabd88d27c63a00402f4a61c
SHA256 f5171b541f83bb037dbb513d82b95a067132f6ada8aac8cd3ba944f63a7360d5
SHA512 f2d067499fac80f16166445008257ef98f97f175426d6abea571301456c07048414a35b2d596d9bcf2c4d94c7d3bf7f5f15871c358de0db9c771a598b83f15b6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\3017

MD5 a087092c904fd8f507c6687cc5b02164
SHA1 2220594302d7f9acbe7aa7a0b17bfe50f7cb8638
SHA256 a9899b376fe8a266eb8a0e7b1942822f2297b49135fe498b729f0aac96bc908a
SHA512 1e9b3414c61e1412e4089d8e414e56375e5054f82d02405751c36be2bbbaa917f92ca53de290d3b836c0b661ad9f9dbae124b559655b64998cc336a460fbe5b1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\227BA0E44A82E8EE64366FA896C3668C8A08804B

MD5 5069186b10b1ed54152ca42d20727be4
SHA1 b89b7e8b676401ac92d65d9fdff79f2c42b10b17
SHA256 7d81d6829b11fe70433969e4f8e0e6354c80663117766bd51529c346b9fc99d9
SHA512 37a2573c070d6ce604488b5024fa08fc723e6b5dc25e02c9dcece1a27cff49cc3bbd64144912c8c1960f49fc282b51e97975ba54ea2e339221cf6e27ccff7953

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js

MD5 88efa99ee5127e6519688f81b8a475a2
SHA1 6b18f3d4c5f4b47eea836b808ee6434e4b86e029
SHA256 1f3fec0981458afca1e911dac17697525cc67ee4701db1e0a1300db659deef1c
SHA512 7c8e52be2542562ba9152b31719e7579b98ca1ff29b72eaf4802d0e23b1f9d1defc7ee47a8566fb095a94cc26c27adeb7b871aaa426420712c7cfe6e0b29ecb2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 d491a693c52b9c1de5099cdfeb45d65c
SHA1 4dccde5157aa757a3d877a442cc9e4e726fd32f6
SHA256 8937a33f202691e22fcbfcb7f6be9e64343fee56e1f24567595b4ee097778de8
SHA512 6b6acd39e38cc46be4b128e49e4d153e08e3abd2b4552798ee49280ffdde7fafd113d448ba1b5da6e61f699b1cfb534e61dac980acdd4951c5f47cda42bda016

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\DFC53E7C94AE5A235CA013AE98D7B970BAE8AE83

MD5 f044e3af8ac95ca16e01ba1afe22311d
SHA1 c9bb1d1a4d3e40a7d4b9c68d70b1660c915c8848
SHA256 20c88efa6673f0d4116e691adffa8de477fd82162d2ba57d1a7ba48882e55f80
SHA512 2494ef988b52e91c46f570980be931d2a3d7a22793ee9856501917e8c2ba86db9a708cfedf59c3fd7948f2d2487a68930165f87875bb8a4281a99c68a552f2dc

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\25366

MD5 c766e82ca6a741dddae7036269959bcb
SHA1 ae79bdc29144c280d44e265c4476c2b3bff51c24
SHA256 c76533c791cc44e7420d00db03ecbb5648b9bfc3d737d2c5fff5efd1b7fef070
SHA512 004cf34b6ab612fe07f427bfb46f9712abcff0402e85dff24f3286ed8782b5ecbe0dc7d46591548dd2cbebb70ab4777bc9a723b078b32444cf66451a1b416c47

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\2642

MD5 60806d9ea9e1490111de1f144a3b2fb1
SHA1 0c181858b7bc439f46d9a2ce8d167e357741ff27
SHA256 df7307c412bd55854d160e9141aa8e59e1d2a3aab237ade7e64b0cc7dacd98fb
SHA512 4338ca9d47873074cf96a549679322631b4320742cd7f69fc73cb9eda2ad2e116802c0886e30bdc92823d1257f13b9f2e2ee555e3c477e14c1c16c0a59e29bf9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\11317

MD5 e259d2e88f996062185b0ad735f11d5f
SHA1 56f4663e9e49dfb4a2aae54ae676eeaabf6d1ef7
SHA256 b58fcd559fee187cf840289b7e1e69a14b8dbbea28f379bce044974962faadc5
SHA512 1392fc42060a780b69da82e77c9c8e6750e0c8889822e84365bbba3fb56dfe28487291189014eea37b5e00b3bf2bc0a87fea32435e49530e28236f2ce1a47709

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\7749

MD5 547360255733db3e39ba01f77686d602
SHA1 faca65743841d299d6e9092433470e1de6dfd9cf
SHA256 1ae8c82e645e5849eb9418651de8b36c3bc4de9930a12d485529ad59b2c6e28d
SHA512 4af5f5512798b898eb91eec1833d1441cc94994bacdb0e0e10492136570a930b52cfe44832b45acbc62db165e485c6c70e7275c3684f0487b26713140cb477c6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\27366

MD5 112c44c3677d107a59e908fcd007198e
SHA1 1ac78c3bac332da7f663798ab1a3b26073ce0d82
SHA256 07069325d9ade1be11de3b529e531d0989c650fba3fa23868890898c7ec15a66
SHA512 d7459d08f32468e6f3f31737d6c66551bc5246bba894dc1747e2caf100a441072859413dd12b9d18fb0e42ceb107d523b64f17f48436edc9a70ea960384ba54d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\592E8EB9DE42B95465ED97DE22293436BB0EF5D4

MD5 e69c0e1d7455953f00ebb8a766950d90
SHA1 9bde3f9da59ca0f146a0ff08f59882f39784fe4e
SHA256 b481f0f1cc0b7302e596a190f9363f227413ac39bbaba2a224cdbf22097d919a
SHA512 ef337a90af754aea62d8365d9b19e9cfc351553e83c416086827f2c103b8b41b66da8e4e024198228f851bb6f609e3630417ee014dac02420721e9d1d130c10b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\28E2DB8CAB39CFF3369B764B632A7AB6BED3B48A

MD5 8b77ea8599ee8990aaa959821d61b7ec
SHA1 2930d9382d86f8c123577818de7faf8b192cc0be
SHA256 91bcd7c42d5af7d8be678d90ccb563ab767e3faa49de36acc5452e46d4da989d
SHA512 45f85c44451e3109ea747e249aba81b3d7c73ba3e588da2618a03bae0b6bb8b973412eb0054deb6bfdfdaa0d451b4b2ce27dca04a5c1bf0e72d80bbabfcaf38c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\51940E684772D37040AE9FEB9F8B55CF19A74512

MD5 3372ccd358fd5895c30146c78868e95b
SHA1 d4b6d1069c058ae7afc9c0bdfad70fa1d39a862e
SHA256 3e58073fd0a91d0681323a6e134e2df67cb5e4517c3051828e80b70a1a63c876
SHA512 cc3c16abc3d7d491d7ac2d11aac31e4232700de1a91ed2e4591bfa1fcff6e820fb620fd60da04682247532ec66b4f009bae5c052d6ca312932024283fadbf0a1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 c58c4e82df5c130e0587eeda05daa1a2
SHA1 97be645ea78aa31e167b66a8f2bd5c9e1856a84a
SHA256 368e158b70dfc0d5a80da682d36df4a2b51de0fc9b2244356ca86d403953accd
SHA512 b87fa6badc33fcea28d4c82383ff32096f0e262a0ad80d1c7b258cf3d402667b18ef7dfdcbbf380785a1e3cf43141274c35d186d5d372b59c6e38e805f811b4b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore.jsonlz4

MD5 c324339ce0db082d0098767800fe7330
SHA1 986f33ec33647b7f73463ba9f24fe558b6702ab4
SHA256 678f41bd4b5d5e5ef32d9b72c6e5561c6bed150a3e756ae766afc0fcb1b79f5c
SHA512 7619fce2dfa8f208d41255afa28ae9c38fe268b429b4f8e495bb5ad6b99461cbf1588f2370d170580b6c09ede275215cd37857857159465f99e88aa78dfda8e5