Malware Analysis Report

2025-03-15 04:17

Sample ID 240824-zztsnazcjg
Target setup.exe
SHA256 e23b5f906dbc62965d4e8bdba540f2b5e9b9350c9da6dea3822df5f259323652
Tags
lumma credential_access discovery motw phishing stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e23b5f906dbc62965d4e8bdba540f2b5e9b9350c9da6dea3822df5f259323652

Threat Level: Known bad

The file setup.exe was found to be: Known bad.

Malicious Activity Summary

lumma credential_access discovery motw phishing stealer

Lumma Stealer, LummaC

Credentials from Password Stores: Credentials from Web Browsers

Drops file in Drivers directory

Executes dropped EXE

Loads dropped DLL

Checks computer location settings

Enumerates connected drives

Mark of the Web detected: This indicates that the page was originally saved or cloned.

Checks installed software on the system

Suspicious use of SetThreadContext

Program crash

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Unsigned PE

Browser Information Discovery

NTFS ADS

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Checks processor information in registry

Modifies registry class

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: MapViewOfSection

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-24 21:09

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-24 21:09

Reported

2024-08-24 21:18

Platform

win10v2004-20240802-en

Max time kernel

286s

Max time network

286s

Command Line

"C:\Users\Admin\AppData\Local\Temp\setup.exe"

Signatures

Lumma Stealer, LummaC

stealer lumma

Credentials from Password Stores: Credentials from Web Browsers

credential_access stealer

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification \??\c:\windows\system32\drivers\etc\hosts.check C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File created \??\c:\windows\system32\drivers\etc\hosts.check C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File opened for modification \??\c:\windows\system32\drivers\etc\hosts C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File opened for modification \??\c:\windows\system32\drivers\etc\hosts.rollback C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File opened for modification \??\c:\windows\system32\drivers\etc\hosts C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File opened for modification \??\c:\windows\system32\drivers\etc\hosts C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File opened for modification \??\c:\windows\system32\drivers\etc\hosts.check C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File opened for modification \??\c:\windows\system32\drivers\etc\hosts.check C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File opened for modification \??\c:\windows\system32\drivers\etc\hosts.rollback C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File opened for modification \??\c:\windows\system32\drivers\etc\hosts C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File created \??\c:\windows\system32\drivers\etc\hosts.check C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File opened for modification \??\c:\windows\system32\drivers\etc\hosts C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File created \??\c:\windows\system32\drivers\etc\hosts.check C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File opened for modification \??\c:\windows\system32\drivers\etc\hosts C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File opened for modification \??\c:\windows\system32\drivers\etc\hosts.check C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File created \??\c:\windows\system32\drivers\etc\hosts.check C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File created \??\c:\windows\system32\drivers\etc\hosts.check C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File created \??\c:\windows\system32\drivers\etc\hosts.check C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File opened for modification \??\c:\windows\system32\drivers\etc\hosts C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File opened for modification \??\c:\windows\system32\drivers\etc\hosts.rollback C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File opened for modification \??\c:\windows\system32\drivers\etc\hosts C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File opened for modification \??\c:\windows\system32\drivers\etc\hosts.rollback C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File opened for modification \??\c:\windows\system32\drivers\etc\hosts.check C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File opened for modification \??\c:\windows\system32\drivers\etc\hosts.rollback C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File opened for modification \??\c:\windows\system32\drivers\etc\hosts C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File opened for modification \??\c:\windows\system32\drivers\etc\hosts.check C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File opened for modification \??\c:\windows\system32\drivers\etc\hosts C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File created \??\c:\windows\system32\drivers\etc\hosts.check C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File opened for modification \??\c:\windows\system32\drivers\etc\hosts C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File created \??\c:\windows\system32\drivers\etc\hosts.check C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File opened for modification \??\c:\windows\system32\drivers\etc\hosts.check C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File created \??\c:\windows\system32\drivers\etc\hosts.check C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File opened for modification \??\c:\windows\system32\drivers\etc\hosts.rollback C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File opened for modification \??\c:\windows\system32\drivers\etc\hosts.check C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File opened for modification \??\c:\windows\system32\drivers\etc\hosts.check C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File opened for modification \??\c:\windows\system32\drivers\etc\hosts C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File opened for modification \??\c:\windows\system32\drivers\etc\hosts C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File created \??\c:\windows\system32\drivers\etc\hosts.check C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File opened for modification \??\c:\windows\system32\drivers\etc\hosts.check C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File opened for modification \??\c:\windows\system32\drivers\etc\hosts.rollback C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File opened for modification \??\c:\windows\system32\drivers\etc\hosts.rollback C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File created \??\c:\windows\system32\drivers\etc\hosts.check C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File opened for modification \??\c:\windows\system32\drivers\etc\hosts.rollback C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File opened for modification \??\c:\windows\system32\drivers\etc\hosts C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File opened for modification \??\c:\windows\system32\drivers\etc\hosts.check C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File opened for modification \??\c:\windows\system32\drivers\etc\hosts C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File opened for modification \??\c:\windows\system32\drivers\etc\hosts C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File created \??\c:\windows\system32\drivers\etc\hosts.check C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File opened for modification \??\c:\windows\system32\drivers\etc\hosts.rollback C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File created \??\c:\windows\system32\drivers\etc\hosts.check C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File opened for modification \??\c:\windows\system32\drivers\etc\hosts.check C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File opened for modification \??\c:\windows\system32\drivers\etc\hosts.check C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File created \??\c:\windows\system32\drivers\etc\hosts.check C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File opened for modification \??\c:\windows\system32\drivers\etc\hosts.check C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File opened for modification \??\c:\windows\system32\drivers\etc\hosts C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File opened for modification \??\c:\windows\system32\drivers\etc\hosts.check C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File opened for modification \??\c:\windows\system32\drivers\etc\hosts.backup C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File opened for modification \??\c:\windows\system32\drivers\etc\hosts C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File opened for modification \??\c:\windows\system32\drivers\etc\hosts C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File opened for modification \??\c:\windows\system32\drivers\etc\hosts C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File created \??\c:\windows\system32\drivers\etc\hosts.check C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File opened for modification \??\c:\windows\system32\drivers\etc\hosts.rollback C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File created \??\c:\windows\system32\drivers\etc\hosts.check C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
File opened for modification \??\c:\windows\system32\drivers\etc\hosts.check C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\_iu14D2N.tmp N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-PM49D.tmp\setup.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\FlushFileCache.exe N/A
N/A N/A F:\Games\FNaF - Into the Pit\unins000.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_iu14D2N.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
N/A N/A C:\Users\Admin\Downloads\✪➳S͜͡etUp✵i͜ntaller͜͡✅・5675・P͜@s$WⓞRÐ✪\「SetUp・H€RE」✔\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
N/A N/A C:\Users\Admin\Downloads\✪➳S͜͡etUp✵i͜ntaller͜͡✅・5675・P͜@s$WⓞRÐ✪\「SetUp・H€RE」✔\Setup.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-PM49D.tmp\setup.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-PM49D.tmp\setup.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-PM49D.tmp\setup.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-PM49D.tmp\setup.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-PM49D.tmp\setup.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-PM49D.tmp\setup.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-PM49D.tmp\setup.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-PM49D.tmp\setup.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-PM49D.tmp\setup.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-PM49D.tmp\setup.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-PM49D.tmp\setup.tmp N/A
N/A N/A C:\Users\Admin\Downloads\✪➳S͜͡etUp✵i͜ntaller͜͡✅・5675・P͜@s$WⓞRÐ✪\「SetUp・H€RE」✔\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\✪➳S͜͡etUp✵i͜ntaller͜͡✅・5675・P͜@s$WⓞRÐ✪\「SetUp・H€RE」✔\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\✪➳S͜͡etUp✵i͜ntaller͜͡✅・5675・P͜@s$WⓞRÐ✪\「SetUp・H€RE」✔\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\✪➳S͜͡etUp✵i͜ntaller͜͡✅・5675・P͜@s$WⓞRÐ✪\「SetUp・H€RE」✔\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\✪➳S͜͡etUp✵i͜ntaller͜͡✅・5675・P͜@s$WⓞRÐ✪\「SetUp・H€RE」✔\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\✪➳S͜͡etUp✵i͜ntaller͜͡✅・5675・P͜@s$WⓞRÐ✪\「SetUp・H€RE」✔\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\✪➳S͜͡etUp✵i͜ntaller͜͡✅・5675・P͜@s$WⓞRÐ✪\「SetUp・H€RE」✔\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\✪➳S͜͡etUp✵i͜ntaller͜͡✅・5675・P͜@s$WⓞRÐ✪\「SetUp・H€RE」✔\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\✪➳S͜͡etUp✵i͜ntaller͜͡✅・5675・P͜@s$WⓞRÐ✪\「SetUp・H€RE」✔\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\✪➳S͜͡etUp✵i͜ntaller͜͡✅・5675・P͜@s$WⓞRÐ✪\「SetUp・H€RE」✔\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\✪➳S͜͡etUp✵i͜ntaller͜͡✅・5675・P͜@s$WⓞRÐ✪\「SetUp・H€RE」✔\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\✪➳S͜͡etUp✵i͜ntaller͜͡✅・5675・P͜@s$WⓞRÐ✪\「SetUp・H€RE」✔\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\✪➳S͜͡etUp✵i͜ntaller͜͡✅・5675・P͜@s$WⓞRÐ✪\「SetUp・H€RE」✔\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\✪➳S͜͡etUp✵i͜ntaller͜͡✅・5675・P͜@s$WⓞRÐ✪\「SetUp・H€RE」✔\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\✪➳S͜͡etUp✵i͜ntaller͜͡✅・5675・P͜@s$WⓞRÐ✪\「SetUp・H€RE」✔\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\✪➳S͜͡etUp✵i͜ntaller͜͡✅・5675・P͜@s$WⓞRÐ✪\「SetUp・H€RE」✔\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\✪➳S͜͡etUp✵i͜ntaller͜͡✅・5675・P͜@s$WⓞRÐ✪\「SetUp・H€RE」✔\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\✪➳S͜͡etUp✵i͜ntaller͜͡✅・5675・P͜@s$WⓞRÐ✪\「SetUp・H€RE」✔\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\✪➳S͜͡etUp✵i͜ntaller͜͡✅・5675・P͜@s$WⓞRÐ✪\「SetUp・H€RE」✔\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\✪➳S͜͡etUp✵i͜ntaller͜͡✅・5675・P͜@s$WⓞRÐ✪\「SetUp・H€RE」✔\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\✪➳S͜͡etUp✵i͜ntaller͜͡✅・5675・P͜@s$WⓞRÐ✪\「SetUp・H€RE」✔\Setup.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\is-PM49D.tmp\setup.tmp N/A

Mark of the Web detected: This indicates that the page was originally saved or cloned.

phishing motw
Description Indicator Process Target
N/A https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html N/A N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\more.com N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\SearchIndexer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\FlushFileCache.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\more.com N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\SearchIndexer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language F:\Games\FNaF - Into the Pit\unins000.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-PM49D.tmp\setup.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\_iu14D2N.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{65B9560F-CEC2-4DFC-A04D-BEA488DA4DCC}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5965C4C-9CC3-4EA3-8079-0B9AA9389A1F}\ProxyStubClsid32 C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{10E6A3D4-CABA-4E61-BD8B-83BA76283791}\Forward C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5965C4C-9CC3-4EA3-8079-0B9AA9389A1F}\ = "cBluetoothDaemon" C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F477A542-C370-42A1-A166-F9CDAF2AF8C6}\2.1\FLAGS\ = "0" C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4F7FA487-8CC1-493E-AF0A-E7A294474F25}\ = "BtDaemon.cBluetoothDaemon" C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4F7FA487-8CC1-493E-AF0A-E7A294474F25}\ProgID\ = "BtDaemon.cBluetoothDaemon" C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F477A542-C370-42A1-A166-F9CDAF2AF8C6}\2.1\0\win32 C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{65B9560F-CEC2-4DFC-A04D-BEA488DA4DCC} C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4F7FA487-8CC1-493E-AF0A-E7A294474F25}\TypeLib C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{10E6A3D4-CABA-4E61-BD8B-83BA76283791}\ = "cBluetoothDaemon" C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4F7FA487-8CC1-493E-AF0A-E7A294474F25}\Implemented Categories C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{65B9560F-CEC2-4DFC-A04D-BEA488DA4DCC}\TypeLib C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5965C4C-9CC3-4EA3-8079-0B9AA9389A1F}\ProxyStubClsid32 C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5965C4C-9CC3-4EA3-8079-0B9AA9389A1F}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4F7FA487-8CC1-493E-AF0A-E7A294474F25}\LocalServer32 C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4F7FA487-8CC1-493E-AF0A-E7A294474F25}\TypeLib\ = "{F477A542-C370-42A1-A166-F9CDAF2AF8C6}" C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BtDaemon.cBluetoothDaemon\ = "BtDaemon.cBluetoothDaemon" C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8A84C003-E3A6-4E71-8E33-5B929D40B81D}\Forward C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F477A542-C370-42A1-A166-F9CDAF2AF8C6}\2.1\0\win32\ = "C:\\Users\\Admin\\AppData\\Roaming\\kebug\\MCYIUNRZWXHY\\StrCmp.exe" C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F477A542-C370-42A1-A166-F9CDAF2AF8C6}\2.1\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Roaming\\kebug\\MCYIUNRZWXHY" C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{65B9560F-CEC2-4DFC-A04D-BEA488DA4DCC} C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{65B9560F-CEC2-4DFC-A04D-BEA488DA4DCC}\TypeLib\ = "{F477A542-C370-42A1-A166-F9CDAF2AF8C6}" C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5965C4C-9CC3-4EA3-8079-0B9AA9389A1F}\TypeLib C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5965C4C-9CC3-4EA3-8079-0B9AA9389A1F}\ = "__cBluetoothDaemon" C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5965C4C-9CC3-4EA3-8079-0B9AA9389A1F}\TypeLib C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{10E6A3D4-CABA-4E61-BD8B-83BA76283791}\ProxyStubClsid C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F477A542-C370-42A1-A166-F9CDAF2AF8C6} C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F477A542-C370-42A1-A166-F9CDAF2AF8C6}\2.1\0 C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F477A542-C370-42A1-A166-F9CDAF2AF8C6}\2.1\HELPDIR C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{65B9560F-CEC2-4DFC-A04D-BEA488DA4DCC}\TypeLib\Version = "2.1" C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5965C4C-9CC3-4EA3-8079-0B9AA9389A1F}\TypeLib\ = "{F477A542-C370-42A1-A166-F9CDAF2AF8C6}" C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8A84C003-E3A6-4E71-8E33-5B929D40B81D}\Forward\ = "{65B9560F-CEC2-4DFC-A04D-BEA488DA4DCC}" C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{10E6A3D4-CABA-4E61-BD8B-83BA76283791} C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{65B9560F-CEC2-4DFC-A04D-BEA488DA4DCC}\TypeLib\ = "{F477A542-C370-42A1-A166-F9CDAF2AF8C6}" C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5965C4C-9CC3-4EA3-8079-0B9AA9389A1F}\ProxyStubClsid C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\_iu14D2N.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5965C4C-9CC3-4EA3-8079-0B9AA9389A1F} C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{65B9560F-CEC2-4DFC-A04D-BEA488DA4DCC}\ = "cBluetoothDaemon" C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{10E6A3D4-CABA-4E61-BD8B-83BA76283791}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4F7FA487-8CC1-493E-AF0A-E7A294474F25}\Programmable C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F477A542-C370-42A1-A166-F9CDAF2AF8C6}\2.1\FLAGS C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5965C4C-9CC3-4EA3-8079-0B9AA9389A1F}\ = "__cBluetoothDaemon" C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5965C4C-9CC3-4EA3-8079-0B9AA9389A1F}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BtDaemon.cBluetoothDaemon\Clsid\ = "{4F7FA487-8CC1-493E-AF0A-E7A294474F25}" C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8A84C003-E3A6-4E71-8E33-5B929D40B81D}\ProxyStubClsid C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8A84C003-E3A6-4E71-8E33-5B929D40B81D}\ProxyStubClsid32 C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{10E6A3D4-CABA-4E61-BD8B-83BA76283791}\Forward\ = "{F5965C4C-9CC3-4EA3-8079-0B9AA9389A1F}" C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{65B9560F-CEC2-4DFC-A04D-BEA488DA4DCC}\TypeLib\Version = "2.1" C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{65B9560F-CEC2-4DFC-A04D-BEA488DA4DCC}\ = "_cBluetoothDaemon" C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{65B9560F-CEC2-4DFC-A04D-BEA488DA4DCC}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BtDaemon.cBluetoothDaemon\Clsid C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4F7FA487-8CC1-493E-AF0A-E7A294474F25}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{65B9560F-CEC2-4DFC-A04D-BEA488DA4DCC}\TypeLib C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5965C4C-9CC3-4EA3-8079-0B9AA9389A1F}\TypeLib\Version = "2.1" C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4F7FA487-8CC1-493E-AF0A-E7A294474F25}\VERSION\ = "2.1" C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{65B9560F-CEC2-4DFC-A04D-BEA488DA4DCC}\ProxyStubClsid C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{10E6A3D4-CABA-4E61-BD8B-83BA76283791}\ProxyStubClsid\ = "{00020420-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{65B9560F-CEC2-4DFC-A04D-BEA488DA4DCC}\ = "_cBluetoothDaemon" C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4F7FA487-8CC1-493E-AF0A-E7A294474F25}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Roaming\\kebug\\MCYIUNRZWXHY\\StrCmp.exe" C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BtDaemon.cBluetoothDaemon C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8A84C003-E3A6-4E71-8E33-5B929D40B81D} C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8A84C003-E3A6-4E71-8E33-5B929D40B81D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\✪➳S͜͡etUp✵i͜ntaller͜͡✅・5675・P͜@s$WⓞRÐ✪.rar:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-PM49D.tmp\setup.tmp N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\FlushFileCache.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\FlushFileCache.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-PM49D.tmp\setup.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-PM49D.tmp\setup.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_iu14D2N.tmp N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3764 wrote to memory of 1532 N/A C:\Users\Admin\AppData\Local\Temp\setup.exe C:\Users\Admin\AppData\Local\Temp\is-PM49D.tmp\setup.tmp
PID 3764 wrote to memory of 1532 N/A C:\Users\Admin\AppData\Local\Temp\setup.exe C:\Users\Admin\AppData\Local\Temp\is-PM49D.tmp\setup.tmp
PID 3764 wrote to memory of 1532 N/A C:\Users\Admin\AppData\Local\Temp\setup.exe C:\Users\Admin\AppData\Local\Temp\is-PM49D.tmp\setup.tmp
PID 1532 wrote to memory of 4308 N/A C:\Users\Admin\AppData\Local\Temp\is-PM49D.tmp\setup.tmp C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\FlushFileCache.exe
PID 1532 wrote to memory of 4308 N/A C:\Users\Admin\AppData\Local\Temp\is-PM49D.tmp\setup.tmp C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\FlushFileCache.exe
PID 1532 wrote to memory of 4308 N/A C:\Users\Admin\AppData\Local\Temp\is-PM49D.tmp\setup.tmp C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\FlushFileCache.exe
PID 1532 wrote to memory of 1080 N/A C:\Users\Admin\AppData\Local\Temp\is-PM49D.tmp\setup.tmp F:\Games\FNaF - Into the Pit\unins000.exe
PID 1532 wrote to memory of 1080 N/A C:\Users\Admin\AppData\Local\Temp\is-PM49D.tmp\setup.tmp F:\Games\FNaF - Into the Pit\unins000.exe
PID 1532 wrote to memory of 1080 N/A C:\Users\Admin\AppData\Local\Temp\is-PM49D.tmp\setup.tmp F:\Games\FNaF - Into the Pit\unins000.exe
PID 1080 wrote to memory of 1580 N/A F:\Games\FNaF - Into the Pit\unins000.exe C:\Users\Admin\AppData\Local\Temp\_iu14D2N.tmp
PID 1080 wrote to memory of 1580 N/A F:\Games\FNaF - Into the Pit\unins000.exe C:\Users\Admin\AppData\Local\Temp\_iu14D2N.tmp
PID 1080 wrote to memory of 1580 N/A F:\Games\FNaF - Into the Pit\unins000.exe C:\Users\Admin\AppData\Local\Temp\_iu14D2N.tmp
PID 1532 wrote to memory of 736 N/A C:\Users\Admin\AppData\Local\Temp\is-PM49D.tmp\setup.tmp C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
PID 1532 wrote to memory of 736 N/A C:\Users\Admin\AppData\Local\Temp\is-PM49D.tmp\setup.tmp C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
PID 1532 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\is-PM49D.tmp\setup.tmp C:\Windows\SysWOW64\cmd.exe
PID 1532 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\is-PM49D.tmp\setup.tmp C:\Windows\SysWOW64\cmd.exe
PID 1532 wrote to memory of 2364 N/A C:\Users\Admin\AppData\Local\Temp\is-PM49D.tmp\setup.tmp C:\Windows\SysWOW64\cmd.exe
PID 2364 wrote to memory of 2984 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
PID 2364 wrote to memory of 2984 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
PID 2364 wrote to memory of 2984 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
PID 2364 wrote to memory of 2124 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
PID 2364 wrote to memory of 2124 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
PID 2364 wrote to memory of 2124 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
PID 2364 wrote to memory of 4748 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
PID 2364 wrote to memory of 4748 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
PID 2364 wrote to memory of 4748 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
PID 2364 wrote to memory of 5240 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
PID 2364 wrote to memory of 5240 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
PID 2364 wrote to memory of 5240 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
PID 2364 wrote to memory of 5396 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
PID 2364 wrote to memory of 5396 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
PID 2364 wrote to memory of 5396 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
PID 2364 wrote to memory of 5540 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
PID 2364 wrote to memory of 5540 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
PID 2364 wrote to memory of 5540 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
PID 2364 wrote to memory of 5620 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
PID 2364 wrote to memory of 5620 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
PID 2364 wrote to memory of 5620 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
PID 2364 wrote to memory of 5700 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
PID 2364 wrote to memory of 5700 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
PID 2364 wrote to memory of 5700 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
PID 2364 wrote to memory of 5824 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
PID 2364 wrote to memory of 5824 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
PID 2364 wrote to memory of 5824 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
PID 2364 wrote to memory of 5908 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
PID 2364 wrote to memory of 5908 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
PID 2364 wrote to memory of 5908 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
PID 2364 wrote to memory of 5992 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
PID 2364 wrote to memory of 5992 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
PID 2364 wrote to memory of 5992 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
PID 2364 wrote to memory of 6076 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
PID 2364 wrote to memory of 6076 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
PID 2364 wrote to memory of 6076 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
PID 2364 wrote to memory of 5124 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
PID 2364 wrote to memory of 5124 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
PID 2364 wrote to memory of 5124 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
PID 2364 wrote to memory of 5248 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
PID 2364 wrote to memory of 5248 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
PID 2364 wrote to memory of 5248 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
PID 2364 wrote to memory of 5368 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
PID 2364 wrote to memory of 5368 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
PID 2364 wrote to memory of 5368 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
PID 2364 wrote to memory of 5440 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe
PID 2364 wrote to memory of 5440 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\setup.exe"

C:\Users\Admin\AppData\Local\Temp\is-PM49D.tmp\setup.tmp

"C:\Users\Admin\AppData\Local\Temp\is-PM49D.tmp\setup.tmp" /SL5="$B0058,4738900,140800,C:\Users\Admin\AppData\Local\Temp\setup.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4276,i,13995403245988825027,7033610968827661507,262144 --variations-seed-version --mojo-platform-channel-handle=3864 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x470 0x33c

C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\FlushFileCache.exe

"C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\FlushFileCache.exe"

F:\Games\FNaF - Into the Pit\unins000.exe

"F:\Games\FNaF - Into the Pit\unins000.exe" /VERYSILENT

C:\Users\Admin\AppData\Local\Temp\_iu14D2N.tmp

"C:\Users\Admin\AppData\Local\Temp\_iu14D2N.tmp" /SECONDPHASE="F:\Games\FNaF - Into the Pit\unins000.exe" /FIRSTPHASEWND=$40296 /VERYSILENT

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bit.ly/fitgirl-repacks-site

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\host.cmd"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=4944,i,13995403245988825027,7033610968827661507,262144 --variations-seed-version --mojo-platform-channel-handle=5128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4364,i,13995403245988825027,7033610968827661507,262144 --variations-seed-version --mojo-platform-channel-handle=5140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --field-trial-handle=5408,i,13995403245988825027,7033610968827661507,262144 --variations-seed-version --mojo-platform-channel-handle=5592 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5736,i,13995403245988825027,7033610968827661507,262144 --variations-seed-version --mojo-platform-channel-handle=5776 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe

hosts.exe add fitgirlrepacks.in 109.94.209.70 # Fake FitGirl site

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=6104,i,13995403245988825027,7033610968827661507,262144 --variations-seed-version --mojo-platform-channel-handle=6128 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe

hosts.exe add www.fitgirlrepacks.in 109.94.209.70 # Fake FitGirl site

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=5112,i,13995403245988825027,7033610968827661507,262144 --variations-seed-version --mojo-platform-channel-handle=6092 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe

hosts.exe add fitgirlrepacks.co 109.94.209.70 # Fake FitGirl site

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=6444,i,13995403245988825027,7033610968827661507,262144 --variations-seed-version --mojo-platform-channel-handle=6476 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe

hosts.exe add fitgirl-repacks.cc 109.94.209.70 # Fake FitGirl site

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6588,i,13995403245988825027,7033610968827661507,262144 --variations-seed-version --mojo-platform-channel-handle=6628 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe

hosts.exe add fitgirl-repacks.to 109.94.209.70 # Fake FitGirl site

C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe

hosts.exe add fitgirl-repack.com 109.94.209.70 # Fake FitGirl site

C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe

hosts.exe add fitgirl-repacks.website 109.94.209.70 # Fake FitGirl site

C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe

hosts.exe add fitgirlrepack.games 109.94.209.70 # Fake FitGirl site

C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe

hosts.exe add www.fitgirlrepacks.co 109.94.209.70 # Fake FitGirl site

C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe

hosts.exe add www.fitgirl-repacks.cc 109.94.209.70 # Fake FitGirl site

C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe

hosts.exe add www.fitgirl-repacks.to 109.94.209.70 # Fake FitGirl site

C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe

hosts.exe add www.fitgirl-repack.com 109.94.209.70 # Fake FitGirl site

C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe

hosts.exe add www.fitgirl-repacks.website 109.94.209.70 # Fake FitGirl site

C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe

hosts.exe add ww9.fitgirl-repacks.xyz 109.94.209.70 # Fake FitGirl site

C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe

hosts.exe add www.fitgirlrepack.games 109.94.209.70 # Fake FitGirl site

C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe

hosts.exe add *.fitgirl-repacks.xyz 109.94.209.70 # Fake FitGirl site

C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe

hosts.exe add fitgirl-repacks.xyz 109.94.209.70 # Fake FitGirl site

C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe

hosts.exe add fitgirl-repack.net 109.94.209.70 # Fake FitGirl site

C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe

hosts.exe add www.fitgirl-repack.net 109.94.209.70 # Fake FitGirl site

C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe

hosts.exe add fitgirlpack.site 109.94.209.70 # Fake FitGirl site

C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe

hosts.exe add www.fitgirlpack.site 109.94.209.70 # Fake FitGirl site

C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe

hosts.exe add fitgirl-repack.org 109.94.209.70 # Fake FitGirl site

C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe

hosts.exe add www.fitgirl-repack.org 109.94.209.70 # Fake FitGirl site

C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe

hosts.exe add fitgirlrepacks.pro 109.94.209.70 # Fake FitGirl site

C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe

hosts.exe add www.fitgirlrepacks.pro 109.94.209.70 # Fake FitGirl site

C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe

hosts.exe add fitgirlrepack.games 109.94.209.70 # Fake FitGirl site

C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe

hosts.exe add www.fitgirlrepack.games 109.94.209.70 # Fake FitGirl site

C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe

hosts.exe add fitgirl-repacks-site.org 109.94.209.70 # Fake FitGirl site

C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe

hosts.exe add www.fitgirl-repacks-site.org 109.94.209.70 # Fake FitGirl site

C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe

hosts.exe add fitgirls-repacks.com 109.94.209.70 # Fake FitGirl site

C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe

hosts.exe add fitgirlrepack.cc 109.94.209.70 # Fake FitGirl site

C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe

hosts.exe add fitgirlrepacks.org 109.94.209.70 # Fake FitGirl site

C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe

hosts.exe add www.fitgirls-repacks.com 109.94.209.70 # Fake FitGirl site

C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe

hosts.exe add www.fitgirlrepack.cc 109.94.209.70 # Fake FitGirl site

C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe

hosts.exe add www.fitgirlrepacks.org 109.94.209.70 # Fake FitGirl site

C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe

hosts.exe add fitgirltorrent.org 109.94.209.70 # Fake FitGirl site

C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe

hosts.exe add www.fitgirltorrent.org 109.94.209.70 # Fake FitGirl site

C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe

hosts.exe add fitgirl-repacks.net 109.94.209.70 # Fake FitGirl site

C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe

hosts.exe add www.fitgirl-repacks.net 109.94.209.70 # Fake FitGirl site

C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe

hosts.exe add fitgirlrepack.net 109.94.209.70 # Fake FitGirl site

C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe

hosts.exe add www.fitgirlrepack.net 109.94.209.70 # Fake FitGirl site

C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe

hosts.exe rem fitgirl-repacks.site

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --field-trial-handle=6392,i,13995403245988825027,7033610968827661507,262144 --variations-seed-version --mojo-platform-channel-handle=5760 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --field-trial-handle=5624,i,13995403245988825027,7033610968827661507,262144 --variations-seed-version --mojo-platform-channel-handle=5700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --field-trial-handle=5688,i,13995403245988825027,7033610968827661507,262144 --variations-seed-version --mojo-platform-channel-handle=6380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --field-trial-handle=5272,i,13995403245988825027,7033610968827661507,262144 --variations-seed-version --mojo-platform-channel-handle=5584 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --field-trial-handle=5272,i,13995403245988825027,7033610968827661507,262144 --variations-seed-version --mojo-platform-channel-handle=5584 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1968 -parentBuildID 20240401114208 -prefsHandle 1908 -prefMapHandle 1900 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0404876-2d50-420e-8a60-5472e3d1dd45} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2392 -parentBuildID 20240401114208 -prefsHandle 2384 -prefMapHandle 2372 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {70a3f9e4-36bc-446b-8fcd-0250029a59af} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3144 -childID 1 -isForBrowser -prefsHandle 3204 -prefMapHandle 3008 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b468118-94ff-4299-9d55-29769267e126} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4276 -childID 2 -isForBrowser -prefsHandle 4268 -prefMapHandle 4264 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {66635400-7b12-4e1f-94b4-33b823f98b7b} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4900 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4920 -prefMapHandle 4892 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9a3e727-57b8-4983-b3f2-362e1f6395f0} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5308 -childID 3 -isForBrowser -prefsHandle 5300 -prefMapHandle 5172 -prefsLen 26998 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {80614f54-9202-4d86-a662-6f950e0cf700} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5540 -childID 4 -isForBrowser -prefsHandle 5460 -prefMapHandle 5464 -prefsLen 26998 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {75a15413-8098-41b6-8127-6cd35bcc9cef} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5680 -childID 5 -isForBrowser -prefsHandle 5444 -prefMapHandle 5448 -prefsLen 26998 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {12421c0a-1531-48fe-9eb5-00148bb50bb6} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6004 -childID 6 -isForBrowser -prefsHandle 6332 -prefMapHandle 6328 -prefsLen 27450 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {27db3d15-2c51-42eb-8918-1001ffd7349b} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6444 -childID 7 -isForBrowser -prefsHandle 6488 -prefMapHandle 6492 -prefsLen 27450 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {35ec0881-8779-4743-9743-d914bc067860} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6764 -parentBuildID 20240401114208 -prefsHandle 6744 -prefMapHandle 6756 -prefsLen 30147 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eede4180-7f67-4ce8-afdf-627a64584c04} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6784 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 6760 -prefMapHandle 6768 -prefsLen 30147 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c879766-362b-417c-8952-d11a2411801a} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6324 -childID 8 -isForBrowser -prefsHandle 7272 -prefMapHandle 6696 -prefsLen 27777 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ac84626-f06a-4f14-93e4-6979f4a41ef3} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7400 -childID 9 -isForBrowser -prefsHandle 7188 -prefMapHandle 7272 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a1c30c33-0111-4fa2-a18e-67300f8d6ecf} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7660 -childID 10 -isForBrowser -prefsHandle 7576 -prefMapHandle 7584 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {50a7786d-4e75-44a4-9cfe-5fb95efcc0e0} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7156 -childID 11 -isForBrowser -prefsHandle 7388 -prefMapHandle 5808 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2e61440-0e5e-4955-906d-b42030e50767} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7532 -childID 12 -isForBrowser -prefsHandle 6240 -prefMapHandle 7484 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b61c1016-8a75-4b22-95ba-c64586aac3b5} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7464 -childID 13 -isForBrowser -prefsHandle 7736 -prefMapHandle 7612 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8335bf9c-3813-453e-8989-902a00e52f1c} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5456 -childID 14 -isForBrowser -prefsHandle 7804 -prefMapHandle 7808 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {24ef2bac-aa19-41ff-8683-65de196d7dc6} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5236 -childID 15 -isForBrowser -prefsHandle 5252 -prefMapHandle 8152 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c3c05f7-f25a-4514-9d3d-e9fd269cc86a} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8344 -childID 16 -isForBrowser -prefsHandle 8348 -prefMapHandle 8352 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d88b87ce-de71-4d55-8b73-eb8bd4ada37a} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8572 -childID 17 -isForBrowser -prefsHandle 8488 -prefMapHandle 8492 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9946aa65-20a6-4c3b-8989-d1568a301c5f} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8708 -childID 18 -isForBrowser -prefsHandle 8788 -prefMapHandle 8784 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {23a18a16-483b-4682-a48b-c57050c070da} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8492 -childID 19 -isForBrowser -prefsHandle 8740 -prefMapHandle 8744 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {08bc9694-9d0e-4d20-964c-c52454c2d9f2} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8968 -childID 20 -isForBrowser -prefsHandle 8972 -prefMapHandle 9060 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {045d6628-3ea4-4b94-9454-98ad2ee6ff52} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9348 -childID 21 -isForBrowser -prefsHandle 9372 -prefMapHandle 9368 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ec5c639-bd9a-4852-b35f-59819fef67f1} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9600 -childID 22 -isForBrowser -prefsHandle 9612 -prefMapHandle 9608 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c179b829-5f4d-4c5f-94f1-ee7f82d4df5d} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9732 -childID 23 -isForBrowser -prefsHandle 9740 -prefMapHandle 9744 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {814ea2b9-b66c-4adf-a272-5bcb7d1dd476} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9952 -childID 24 -isForBrowser -prefsHandle 9960 -prefMapHandle 9964 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0bc85cac-dabf-4774-986f-f26235d808db} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10084 -childID 25 -isForBrowser -prefsHandle 10168 -prefMapHandle 10164 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {82ce15d2-3026-4c15-9962-5068cc6205b8} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10268 -childID 26 -isForBrowser -prefsHandle 10280 -prefMapHandle 10272 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed938bd6-b200-49b8-b9d2-d90e0c877def} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10004 -childID 27 -isForBrowser -prefsHandle 10252 -prefMapHandle 10508 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {484ea398-139e-4829-b532-6321d16ca7f9} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10320 -childID 28 -isForBrowser -prefsHandle 10652 -prefMapHandle 10648 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {004b4457-e4ce-4fb2-ad24-d4737ca07d52} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10840 -childID 29 -isForBrowser -prefsHandle 10872 -prefMapHandle 10784 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {941b1fd5-5dba-4f8a-b597-627b8b746cc3} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11028 -childID 30 -isForBrowser -prefsHandle 10984 -prefMapHandle 10992 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8a1bcd2-91b8-467f-8e6a-155d43357fb5} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11040 -childID 31 -isForBrowser -prefsHandle 10972 -prefMapHandle 10976 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {07d78736-f09a-4f56-bb9b-8b792a3adb9e} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11308 -childID 32 -isForBrowser -prefsHandle 11296 -prefMapHandle 11304 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {705ba5a4-230a-44b9-8fec-08e4a0a7697c} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11364 -childID 33 -isForBrowser -prefsHandle 11284 -prefMapHandle 11288 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {46956348-681c-4ec1-bc37-026da2b3fcb0} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11356 -childID 34 -isForBrowser -prefsHandle 11168 -prefMapHandle 11276 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {004f8895-076b-41db-ac30-5ff9b6d73994} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7448 -childID 35 -isForBrowser -prefsHandle 11916 -prefMapHandle 11820 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d976fa0-4db9-4596-8211-d124570153d4} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6908 -childID 36 -isForBrowser -prefsHandle 4764 -prefMapHandle 7248 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f6d7539d-5dd9-477e-99b9-257054811d82} 6120 "\\.\pipe\gecko-crash-server-pipe.6120" tab

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\✪➳S͜͡etUp✵i͜ntaller͜͡✅・5675・P͜@s$WⓞRÐ✪\" -spe -an -ai#7zMap21052:138:7zEvent2500

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\✪➳S͜͡etUp✵i͜ntaller͜͡✅・5675・P͜@s$WⓞRÐ✪\「SetUp・H€RE」✔\" -spe -an -ai#7zMap24052:166:7zEvent27139

C:\Users\Admin\Downloads\✪➳S͜͡etUp✵i͜ntaller͜͡✅・5675・P͜@s$WⓞRÐ✪\「SetUp・H€RE」✔\Setup.exe

"C:\Users\Admin\Downloads\✪➳S͜͡etUp✵i͜ntaller͜͡✅・5675・P͜@s$WⓞRÐ✪\「SetUp・H€RE」✔\Setup.exe"

C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe

C:\Users\Admin\AppData\Roaming\kebug\MCYIUNRZWXHY\StrCmp.exe

C:\Windows\SysWOW64\more.com

C:\Windows\SysWOW64\more.com

C:\Windows\SysWOW64\SearchIndexer.exe

C:\Windows\SysWOW64\SearchIndexer.exe

C:\Users\Admin\Downloads\✪➳S͜͡etUp✵i͜ntaller͜͡✅・5675・P͜@s$WⓞRÐ✪\「SetUp・H€RE」✔\Setup.exe

"C:\Users\Admin\Downloads\✪➳S͜͡etUp✵i͜ntaller͜͡✅・5675・P͜@s$WⓞRÐ✪\「SetUp・H€RE」✔\Setup.exe"

C:\Windows\SysWOW64\more.com

C:\Windows\SysWOW64\more.com

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 5732 -ip 5732

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 376 -p 5732 -ip 5732

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5732 -s 1284

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5732 -s 1308

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 5732 -ip 5732

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5732 -s 1332

C:\Windows\SysWOW64\SearchIndexer.exe

C:\Windows\SysWOW64\SearchIndexer.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 8776 -ip 8776

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 8776 -ip 8776

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8776 -s 848

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8776 -s 1260

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 8776 -ip 8776

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8776 -s 1288

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 bit.ly udp
US 8.8.8.8:53 bit.ly udp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 8.8.8.8:53 bit.ly udp
US 67.199.248.11:80 bit.ly tcp
US 67.199.248.11:80 bit.ly tcp
US 8.8.8.8:53 bit.ly udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 bit.ly udp
US 8.8.8.8:53 bit.ly udp
US 67.199.248.11:443 bit.ly tcp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 fitgirl-repacks.site udp
US 8.8.8.8:53 fitgirl-repacks.site udp
US 8.8.8.8:53 fitgirl-repacks.site udp
GB 23.73.139.27:443 bzib.nelreports.net tcp
US 8.8.8.8:53 fitgirl-repacks.site udp
BZ 190.115.31.179:443 fitgirl-repacks.site tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 95.100.245.144:443 www.microsoft.com tcp
GB 51.11.108.188:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 56.104.245.94.in-addr.arpa udp
US 8.8.8.8:53 215.169.36.23.in-addr.arpa udp
US 8.8.8.8:53 11.248.199.67.in-addr.arpa udp
US 8.8.8.8:53 179.31.115.190.in-addr.arpa udp
US 8.8.8.8:53 27.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 stats.wp.com udp
US 8.8.8.8:53 stats.wp.com udp
US 8.8.8.8:53 i3.imageban.ru udp
US 8.8.8.8:53 i3.imageban.ru udp
US 8.8.8.8:53 i5.imageban.ru udp
US 8.8.8.8:53 i5.imageban.ru udp
RU 62.109.5.15:443 i5.imageban.ru tcp
RU 82.146.61.17:443 i3.imageban.ru tcp
US 8.8.8.8:53 fitgirl-repacks.site udp
US 8.8.8.8:53 fitgirl-repacks.site udp
US 8.8.8.8:53 i2.imageban.ru udp
US 8.8.8.8:53 i2.imageban.ru udp
RU 62.109.31.142:443 i2.imageban.ru tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 fitgirl-repacks.site udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 fitgirl-repacks.site udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 fitgirl-repacks.site udp
US 8.8.8.8:53 fitgirl-repacks.site udp
US 8.8.8.8:53 i6.imageban.ru udp
US 8.8.8.8:53 i6.imageban.ru udp
US 8.8.8.8:53 i2.imageban.ru udp
US 8.8.8.8:53 i2.imageban.ru udp
US 8.8.8.8:53 stats.wp.com udp
US 8.8.8.8:53 stats.wp.com udp
US 8.8.8.8:53 i7.imageban.ru udp
US 8.8.8.8:53 i7.imageban.ru udp
US 8.8.8.8:53 i123.fastpic.org udp
US 8.8.8.8:53 i123.fastpic.org udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
FR 216.58.214.174:443 www.youtube.com tcp
FR 216.58.214.174:443 www.youtube.com tcp
FR 216.58.214.174:443 www.youtube.com tcp
RU 62.109.31.142:443 i2.imageban.ru tcp
RU 62.109.31.142:443 i2.imageban.ru tcp
RU 80.87.200.35:443 i6.imageban.ru tcp
US 192.0.76.3:443 stats.wp.com tcp
FR 51.77.211.179:443 i123.fastpic.org tcp
FR 51.77.211.179:443 i123.fastpic.org tcp
RU 62.109.19.95:443 i7.imageban.ru tcp
US 8.8.8.8:53 i0.wp.com udp
US 8.8.8.8:53 i0.wp.com udp
US 192.0.77.2:443 i0.wp.com tcp
US 192.0.77.2:443 i0.wp.com tcp
US 192.0.77.2:443 i0.wp.com tcp
US 192.0.77.2:443 i0.wp.com tcp
US 8.8.8.8:53 i1.imageban.ru udp
US 8.8.8.8:53 i1.imageban.ru udp
RU 80.87.200.35:443 i6.imageban.ru tcp
RU 80.87.200.35:443 i6.imageban.ru tcp
RU 92.63.103.84:443 i1.imageban.ru tcp
FR 216.58.214.174:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i4.imageban.ru udp
US 8.8.8.8:53 i4.imageban.ru udp
US 8.8.8.8:53 188.108.11.51.in-addr.arpa udp
US 8.8.8.8:53 15.5.109.62.in-addr.arpa udp
US 8.8.8.8:53 17.61.146.82.in-addr.arpa udp
US 8.8.8.8:53 142.31.109.62.in-addr.arpa udp
US 8.8.8.8:53 3.76.0.192.in-addr.arpa udp
US 8.8.8.8:53 174.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 179.211.77.51.in-addr.arpa udp
US 8.8.8.8:53 35.200.87.80.in-addr.arpa udp
US 8.8.8.8:53 95.19.109.62.in-addr.arpa udp
US 8.8.8.8:53 2.77.0.192.in-addr.arpa udp
US 8.8.8.8:53 84.103.63.92.in-addr.arpa udp
US 8.8.8.8:53 144.245.100.95.in-addr.arpa udp
FR 216.58.214.86:443 i.ytimg.com tcp
GB 95.101.129.233:443 www.bing.com udp
US 8.8.8.8:53 i4.imageban.ru udp
US 8.8.8.8:53 i4.imageban.ru udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i1.imageban.ru udp
US 8.8.8.8:53 i1.imageban.ru udp
US 8.8.8.8:53 i7.imageban.ru udp
US 8.8.8.8:53 i7.imageban.ru udp
RU 37.230.117.113:443 i4.imageban.ru tcp
RU 37.230.117.113:443 i4.imageban.ru tcp
RU 37.230.117.113:443 i4.imageban.ru tcp
RU 37.230.117.113:443 i4.imageban.ru tcp
US 8.8.8.8:53 torrent-stats.info udp
US 8.8.8.8:53 torrent-stats.info udp
US 8.8.8.8:53 shared.akamai.steamstatic.com udp
US 8.8.8.8:53 shared.akamai.steamstatic.com udp
FR 87.98.254.167:443 torrent-stats.info tcp
FR 87.98.254.167:443 torrent-stats.info tcp
GB 2.18.190.133:443 shared.akamai.steamstatic.com tcp
FR 87.98.254.167:443 torrent-stats.info tcp
FR 87.98.254.167:443 torrent-stats.info tcp
FR 87.98.254.167:443 torrent-stats.info tcp
FR 87.98.254.167:443 torrent-stats.info tcp
US 8.8.8.8:53 i0.wp.com udp
US 8.8.8.8:53 i0.wp.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 fitgirl-repacks-site.disqus.com udp
US 8.8.8.8:53 fitgirl-repacks-site.disqus.com udp
US 8.8.8.8:53 pixel.wp.com udp
US 8.8.8.8:53 pixel.wp.com udp
US 8.8.8.8:53 s.w.org udp
US 8.8.8.8:53 s.w.org udp
US 192.0.77.2:443 i0.wp.com udp
FR 216.58.214.162:443 googleads.g.doubleclick.net udp
US 199.232.196.134:443 fitgirl-repacks-site.disqus.com tcp
US 192.0.77.48:443 s.w.org tcp
US 8.8.8.8:53 233.129.101.95.in-addr.arpa udp
US 8.8.8.8:53 86.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 113.117.230.37.in-addr.arpa udp
US 8.8.8.8:53 167.254.98.87.in-addr.arpa udp
US 8.8.8.8:53 133.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 162.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 131.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
FR 142.250.179.68:443 www.google.com tcp
FR 142.250.74.234:443 jnn-pa.googleapis.com tcp
FR 142.250.74.234:443 jnn-pa.googleapis.com tcp
FR 216.58.214.162:443 googleads.g.doubleclick.net tcp
FR 142.250.179.97:443 yt3.ggpht.com tcp
FR 142.250.179.97:443 yt3.ggpht.com tcp
US 8.8.8.8:53 disqus.com udp
US 8.8.8.8:53 disqus.com udp
US 8.8.8.8:53 c.disquscdn.com udp
US 8.8.8.8:53 c.disquscdn.com udp
US 8.8.8.8:53 fitgirl-repacks-site.disqus.com udp
US 8.8.8.8:53 fitgirl-repacks-site.disqus.com udp
US 151.101.192.134:443 disqus.com tcp
GB 13.224.132.33:443 c.disquscdn.com tcp
FR 142.250.74.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
FR 142.250.75.238:443 play.google.com tcp
FR 142.250.75.238:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 134.196.232.199.in-addr.arpa udp
US 8.8.8.8:53 48.77.0.192.in-addr.arpa udp
FR 142.250.75.238:443 play.google.com tcp
FR 142.250.75.238:443 play.google.com tcp
FR 142.250.75.238:443 play.google.com tcp
FR 142.250.75.238:443 play.google.com tcp
US 8.8.8.8:53 68.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.74.250.142.in-addr.arpa udp
US 8.8.8.8:53 166.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 163.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 97.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 134.192.101.151.in-addr.arpa udp
US 8.8.8.8:53 33.132.224.13.in-addr.arpa udp
US 8.8.8.8:53 24.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 238.75.250.142.in-addr.arpa udp
FR 142.250.75.238:443 play.google.com udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
FR 216.58.214.174:443 www.youtube.com udp
US 8.8.8.8:53 fitgirl-repacks.site udp
US 8.8.8.8:53 fitgirl-repacks.site udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
N/A 127.0.0.1:50685 tcp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 firefox-api-proxy.cdn.mozilla.net udp
US 34.149.97.1:443 firefox-api-proxy.cdn.mozilla.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 34.149.97.1:443 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 139.54.240.44.in-addr.arpa udp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
N/A 127.0.0.1:50692 tcp
US 8.8.8.8:53 53.121.117.34.in-addr.arpa udp
US 8.8.8.8:53 42.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 fitgirl-repacks.site udp
BZ 190.115.31.179:80 fitgirl-repacks.site tcp
US 8.8.8.8:53 fitgirl-repacks.site udp
BZ 190.115.31.179:80 fitgirl-repacks.site tcp
US 8.8.8.8:53 fitgirl-repacks.site udp
BZ 190.115.31.179:443 fitgirl-repacks.site tcp
US 8.8.8.8:53 i3.imageban.ru udp
US 8.8.8.8:53 i5.imageban.ru udp
US 8.8.8.8:53 i2.imageban.ru udp
US 8.8.8.8:53 i6.imageban.ru udp
US 8.8.8.8:53 i7.imageban.ru udp
US 8.8.8.8:53 i123.fastpic.org udp
US 8.8.8.8:53 i1.imageban.ru udp
US 8.8.8.8:53 i4.imageban.ru udp
US 8.8.8.8:53 torrent-stats.info udp
RU 62.109.31.142:443 i2.imageban.ru tcp
RU 62.109.31.142:443 i2.imageban.ru tcp
RU 62.109.31.142:443 i2.imageban.ru tcp
RU 62.109.31.142:443 i2.imageban.ru tcp
RU 92.63.103.84:443 i1.imageban.ru tcp
RU 92.63.103.84:443 i1.imageban.ru tcp
RU 62.109.5.15:443 i5.imageban.ru tcp
RU 82.146.61.17:443 i3.imageban.ru tcp
RU 80.87.200.35:443 i6.imageban.ru tcp
RU 80.87.200.35:443 i6.imageban.ru tcp
RU 80.87.200.35:443 i6.imageban.ru tcp
RU 80.87.200.35:443 i6.imageban.ru tcp
FR 51.77.211.179:443 i123.fastpic.org tcp
FR 51.77.211.179:443 i123.fastpic.org tcp
RU 62.109.19.95:443 i7.imageban.ru tcp
RU 62.109.19.95:443 i7.imageban.ru tcp
RU 37.230.117.113:443 i4.imageban.ru tcp
RU 37.230.117.113:443 i4.imageban.ru tcp
RU 37.230.117.113:443 i4.imageban.ru tcp
RU 37.230.117.113:443 i4.imageban.ru tcp
US 8.8.8.8:53 i2.imageban.ru udp
US 8.8.8.8:53 i1.imageban.ru udp
US 8.8.8.8:53 i5.imageban.ru udp
US 8.8.8.8:53 i3.imageban.ru udp
FR 87.98.254.167:443 torrent-stats.info tcp
US 8.8.8.8:53 i6.imageban.ru udp
US 8.8.8.8:53 i123.fastpic.org udp
US 8.8.8.8:53 i7.imageban.ru udp
US 8.8.8.8:53 i4.imageban.ru udp
US 8.8.8.8:53 torrent-stats.info udp
US 8.8.8.8:53 shared.akamai.steamstatic.com udp
US 8.8.8.8:53 i5.imageban.ru udp
US 8.8.8.8:53 i4.imageban.ru udp
FR 87.98.254.167:443 torrent-stats.info tcp
FR 87.98.254.167:443 torrent-stats.info tcp
US 8.8.8.8:53 i1.imageban.ru udp
GB 2.18.190.133:443 shared.akamai.steamstatic.com tcp
US 8.8.8.8:53 a1949.dscb.akamai.net udp
US 8.8.8.8:53 i123.fastpic.org udp
US 8.8.8.8:53 i6.imageban.ru udp
US 8.8.8.8:53 torrent-stats.info udp
US 8.8.8.8:53 i2.imageban.ru udp
US 8.8.8.8:53 i7.imageban.ru udp
US 8.8.8.8:53 i3.imageban.ru udp
GB 2.18.190.133:443 a1949.dscb.akamai.net tcp
FR 87.98.254.167:443 torrent-stats.info tcp
FR 87.98.254.167:443 torrent-stats.info tcp
US 8.8.8.8:53 a1949.dscb.akamai.net udp
FR 87.98.254.167:443 torrent-stats.info tcp
US 8.8.8.8:53 stats.wp.com udp
US 192.0.76.3:443 stats.wp.com tcp
US 8.8.8.8:53 stats.wp.com udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 stats.wp.com udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 8.8.8.8:53 36.56.20.217.in-addr.arpa udp
FR 142.250.179.110:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
FR 142.250.179.110:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net udp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 192.0.76.3:443 stats.wp.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 i0.wp.com udp
US 192.0.77.2:443 i0.wp.com tcp
US 192.0.77.2:443 i0.wp.com tcp
US 192.0.77.2:443 i0.wp.com tcp
US 192.0.77.2:443 i0.wp.com tcp
US 192.0.77.2:443 i0.wp.com tcp
US 192.0.77.2:443 i0.wp.com tcp
US 8.8.8.8:53 i0.wp.com udp
US 8.8.8.8:53 i0.wp.com udp
FR 142.250.179.110:443 youtube-ui.l.google.com udp
US 192.0.77.2:443 i0.wp.com udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 216.72.190.35.in-addr.arpa udp
US 8.8.8.8:53 110.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 fitgirl-repacks-site.disqus.com udp
US 8.8.8.8:53 prod.disqus.map.fastlylb.net udp
US 8.8.8.8:53 prod.disqus.map.fastlylb.net udp
FR 142.250.179.110:443 youtube-ui.l.google.com tcp
US 8.8.8.8:53 ciscobinary.openh264.org udp
US 8.8.8.8:53 pixel.wp.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 192.0.76.3:443 pixel.wp.com tcp
US 8.8.8.8:53 pixel.wp.com udp
FR 216.58.214.174:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 192.0.76.3:443 pixel.wp.com udp
US 8.8.8.8:53 pixel.wp.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 209.134.221.88.in-addr.arpa udp
US 199.232.192.134:443 prod.disqus.map.fastlylb.net tcp
FR 216.58.214.174:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-aigzrnsr.gvt1.com udp
US 8.8.8.8:53 r1.sn-aigzrnsr.gvt1.com udp
GB 74.125.175.38:443 r1.sn-aigzrnsr.gvt1.com tcp
US 8.8.8.8:53 r1.sn-aigzrnsr.gvt1.com udp
GB 74.125.175.38:443 r1.sn-aigzrnsr.gvt1.com udp
US 8.8.8.8:53 134.192.232.199.in-addr.arpa udp
US 8.8.8.8:53 38.175.125.74.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
FR 216.58.214.162:443 googleads.g.doubleclick.net tcp
FR 216.58.214.162:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
FR 142.250.74.234:443 jnn-pa.googleapis.com tcp
FR 142.250.74.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
FR 142.250.179.68:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.170:443 jnn-pa.googleapis.com tcp
FR 142.250.75.246:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
FR 142.250.179.68:443 www.google.com tcp
FR 142.250.179.68:443 www.google.com tcp
FR 142.250.75.246:443 i.ytimg.com tcp
FR 216.58.214.162:443 googleads.g.doubleclick.net udp
FR 142.250.74.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 static.doubleclick.net udp
FR 142.250.179.68:443 www.google.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
US 8.8.8.8:53 static.doubleclick.net udp
FR 142.250.179.97:443 yt3.ggpht.com tcp
FR 142.250.75.246:443 i.ytimg.com udp
US 8.8.8.8:53 photos-ugc.l.googleusercontent.com udp
US 8.8.8.8:53 play.google.com udp
FR 142.250.75.238:443 play.google.com tcp
FR 142.250.75.238:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 246.75.250.142.in-addr.arpa udp
FR 142.250.179.97:443 yt3.ggpht.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 i3.imageban.ru udp
RU 82.146.61.17:443 i3.imageban.ru tcp
RU 62.109.5.15:443 i5.imageban.ru tcp
US 8.8.8.8:53 i5.imageban.ru udp
RU 62.109.31.142:443 i2.imageban.ru tcp
US 8.8.8.8:53 i2.imageban.ru udp
RU 80.87.200.35:443 i6.imageban.ru tcp
US 8.8.8.8:53 i6.imageban.ru udp
US 8.8.8.8:53 play.google.com udp
RU 62.109.19.95:443 i7.imageban.ru tcp
US 8.8.8.8:53 i7.imageban.ru udp
FR 51.77.211.179:443 i123.fastpic.org tcp
US 8.8.8.8:53 i123.fastpic.org udp
FR 142.250.74.234:443 jnn-pa.googleapis.com udp
FR 142.250.75.238:443 play.google.com udp
US 192.0.76.3:443 pixel.wp.com tcp
US 199.232.192.134:443 prod.disqus.map.fastlylb.net tcp
US 192.0.76.3:443 pixel.wp.com tcp
US 8.8.8.8:53 stats.wp.com udp
US 8.8.8.8:53 prod.disqus.map.fastlylb.net udp
US 8.8.8.8:53 pixel.wp.com udp
FR 87.98.254.167:443 torrent-stats.info tcp
US 8.8.8.8:53 s01.riotpixels.net udp
US 8.8.8.8:53 s01.riotpixels.net udp
US 8.8.8.8:53 s01.riotpixels.net udp
US 104.21.30.45:443 s01.riotpixels.net tcp
US 104.21.30.45:443 s01.riotpixels.net tcp
US 104.21.30.45:443 s01.riotpixels.net tcp
US 104.21.30.45:443 s01.riotpixels.net tcp
US 104.21.30.45:443 s01.riotpixels.net tcp
US 104.21.30.45:443 s01.riotpixels.net tcp
US 8.8.8.8:53 45.30.21.104.in-addr.arpa udp
US 104.21.30.45:443 s01.riotpixels.net udp
US 8.8.8.8:53 disqus.com udp
US 151.101.64.134:443 disqus.com tcp
US 8.8.8.8:53 disqus.com udp
US 8.8.8.8:53 disqus.com udp
US 8.8.8.8:53 c.disquscdn.com udp
US 8.8.8.8:53 134.64.101.151.in-addr.arpa udp
DE 108.157.4.44:443 c.disquscdn.com tcp
DE 108.157.4.44:443 c.disquscdn.com tcp
DE 108.157.4.44:443 c.disquscdn.com tcp
US 8.8.8.8:53 d231vab146qzfb.cloudfront.net udp
US 8.8.8.8:53 d231vab146qzfb.cloudfront.net udp
US 8.8.8.8:53 44.4.157.108.in-addr.arpa udp
US 8.8.8.8:53 realtime.services.disqus.com udp
US 8.8.8.8:53 referrer.disqus.com udp
US 8.8.8.8:53 realtime.services.disqus.com udp
US 8.8.8.8:53 a.disquscdn.com udp
US 52.5.112.135:443 realtime.services.disqus.com tcp
US 199.232.192.134:443 referrer.disqus.com tcp
US 8.8.8.8:53 realtime.services.disqus.com udp
US 199.232.194.49:443 a.disquscdn.com tcp
US 8.8.8.8:53 l2.shared.us-eu.fastly.net udp
US 8.8.8.8:53 l2.shared.us-eu.fastly.net udp
US 8.8.8.8:53 234.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 49.194.232.199.in-addr.arpa udp
US 8.8.8.8:53 135.112.5.52.in-addr.arpa udp
US 8.8.8.8:53 fuckingfast.co udp
US 104.26.11.108:443 fuckingfast.co tcp
US 8.8.8.8:53 fuckingfast.co udp
US 8.8.8.8:53 fuckingfast.co udp
US 104.26.11.108:443 fuckingfast.co udp
US 8.8.8.8:53 challenges.cloudflare.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 104.18.94.41:443 challenges.cloudflare.com tcp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 challenges.cloudflare.com udp
US 8.8.8.8:53 challenges.cloudflare.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.18.94.41:443 challenges.cloudflare.com udp
US 8.8.8.8:53 73.80.16.104.in-addr.arpa udp
US 8.8.8.8:53 108.11.26.104.in-addr.arpa udp
US 8.8.8.8:53 41.94.18.104.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 2itt75dx.xyz udp
US 172.67.172.204:443 2itt75dx.xyz tcp
US 8.8.8.8:53 2itt75dx.xyz udp
US 8.8.8.8:53 2itt75dx.xyz udp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 204.172.67.172.in-addr.arpa udp
US 172.67.172.204:443 2itt75dx.xyz udp
US 8.8.8.8:53 hqib2ufk.net udp
US 104.21.63.134:443 hqib2ufk.net tcp
US 8.8.8.8:53 hqib2ufk.net udp
US 8.8.8.8:53 hqib2ufk.net udp
US 8.8.8.8:53 134.63.21.104.in-addr.arpa udp
US 104.21.63.134:443 hqib2ufk.net udp
US 8.8.8.8:53 rentry.co udp
US 104.26.3.16:443 rentry.co tcp
US 8.8.8.8:53 rentry.co udp
US 8.8.8.8:53 rentry.co udp
US 8.8.8.8:53 cdn4.buysellads.net udp
US 8.8.8.8:53 16.3.26.104.in-addr.arpa udp
US 8.8.8.8:53 200.20.217.172.in-addr.arpa udp
GB 159.65.211.77:443 cdn4.buysellads.net tcp
US 8.8.8.8:53 srv.buysellads.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 srv.buysellads.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 srv.buysellads.com udp
US 8.8.8.8:53 script.4dex.io udp
US 8.8.8.8:53 fastlane.rubiconproject.com udp
US 8.8.8.8:53 exchange.cootlogix.com udp
US 8.8.8.8:53 pbjs.e-planning.net udp
US 8.8.8.8:53 prg.smartadserver.com udp
US 104.22.74.216:443 btloader.com tcp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 mp.4dex.io udp
US 8.8.8.8:53 hb.yellowblue.io udp
US 8.8.8.8:53 rtb.openx.net udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 ads.servenobid.com udp
GB 54.192.139.162:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 bidder.criteo.com udp
US 8.8.8.8:53 d1ykf07e75w7ss.cloudfront.net udp
GB 159.65.211.77:443 srv.buysellads.com tcp
US 104.26.8.169:443 script.4dex.io tcp
US 8.8.8.8:53 script.4dex.io udp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
US 198.211.114.214:443 exchange.cootlogix.com tcp
US 198.211.114.214:443 exchange.cootlogix.com tcp
US 8.8.8.8:53 tagged-by.rubiconproject.net.akadns.net udp
US 8.8.8.8:53 hlno24mlb.puzztake.com udp
US 8.8.8.8:53 euw1.smartadserver.com udp
US 8.8.8.8:53 pbjs.e-planning.net udp
NL 89.149.193.80:443 euw1.smartadserver.com tcp
NL 89.149.193.80:443 euw1.smartadserver.com tcp
NL 193.3.178.4:443 pbjs.e-planning.net tcp
US 104.18.34.178:443 mp.4dex.io tcp
US 8.8.8.8:53 btloader.com udp
DE 51.89.9.251:443 onetag-sys.com tcp
DE 108.157.4.123:443 hb.yellowblue.io tcp
US 8.8.8.8:53 mp.4dex.io udp
US 35.186.253.211:443 rtb.openx.net tcp
US 8.8.8.8:53 onetag-sys.com udp
NL 185.89.210.90:443 ib.adnxs.com tcp
US 8.8.8.8:53 hb.yellowblue.io udp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
US 8.8.8.8:53 rtb.openx.net udp
US 8.8.8.8:53 ib.anycast.adnxs.com udp
US 8.8.8.8:53 hb-api-fra02.omnitagjs.com udp
NL 185.64.189.112:443 hbopenbid.pubmatic.com tcp
US 8.8.8.8:53 hbopenbid-ams.pubmnet.com udp
IE 54.154.189.36:443 ads.servenobid.com tcp
US 8.8.8.8:53 ads.servenobid.com udp
US 8.8.8.8:53 bidder.nl3.vip.prod.criteo.com udp
NL 178.250.1.8:443 bidder.nl3.vip.prod.criteo.com tcp
US 8.8.8.8:53 d1ykf07e75w7ss.cloudfront.net udp
US 8.8.8.8:53 script.4dex.io udp
US 8.8.8.8:53 hlno24mlb.puzztake.com udp
US 8.8.8.8:53 tagged-by.rubiconproject.net.akadns.net udp
US 8.8.8.8:53 euw1.smartadserver.com udp
US 8.8.8.8:53 pbjs.e-planning.net udp
US 8.8.8.8:53 ib.anycast.adnxs.com udp
US 8.8.8.8:53 hb-api-fra02.omnitagjs.com udp
US 8.8.8.8:53 mp.4dex.io udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 rtb.openx.net udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 hb.yellowblue.io udp
US 8.8.8.8:53 hbopenbid-ams.pubmnet.com udp
US 8.8.8.8:53 bidder.nl3.vip.prod.criteo.com udp
US 8.8.8.8:53 c.4dex.io udp
US 8.8.8.8:53 ad-delivery.net udp
US 35.241.34.106:443 c.4dex.io tcp
US 35.241.34.106:443 c.4dex.io tcp
US 8.8.8.8:53 cadmus.script.ac udp
US 8.8.8.8:53 c.4dex.io udp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 cadmus.script.ac udp
US 104.26.3.70:443 ad-delivery.net tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 104.18.23.145:443 cadmus.script.ac tcp
US 8.8.8.8:53 ad-delivery.net udp
DE 51.89.9.251:443 onetag-sys.com udp
US 35.186.253.211:443 rtb.openx.net udp
US 8.8.8.8:53 cadmus.script.ac udp
US 8.8.8.8:53 77.211.65.159.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 216.74.22.104.in-addr.arpa udp
US 8.8.8.8:53 162.139.192.54.in-addr.arpa udp
US 8.8.8.8:53 169.8.26.104.in-addr.arpa udp
US 8.8.8.8:53 139.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 178.34.18.104.in-addr.arpa udp
US 8.8.8.8:53 4.178.3.193.in-addr.arpa udp
US 8.8.8.8:53 80.193.149.89.in-addr.arpa udp
US 8.8.8.8:53 211.253.186.35.in-addr.arpa udp
US 8.8.8.8:53 90.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 251.9.89.51.in-addr.arpa udp
US 8.8.8.8:53 151.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 112.189.64.185.in-addr.arpa udp
US 8.8.8.8:53 123.4.157.108.in-addr.arpa udp
US 8.8.8.8:53 36.189.154.54.in-addr.arpa udp
US 8.8.8.8:53 8.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 214.114.211.198.in-addr.arpa udp
US 8.8.8.8:53 106.34.241.35.in-addr.arpa udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 d1jvc9b8z3vcjs.cloudfront.net udp
DE 18.173.232.53:443 d1jvc9b8z3vcjs.cloudfront.net tcp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 d1jvc9b8z3vcjs.cloudfront.net udp
US 8.8.8.8:53 secure.cdn.fastclick.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 cdn.hadronid.net udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 104.26.3.70:443 ad-delivery.net tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 104.18.23.145:443 cadmus.script.ac tcp
US 8.8.8.8:53 e4536.g.akamaiedge.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 cdn.hadronid.net udp
US 8.8.8.8:53 e4536.g.akamaiedge.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 cdn.hadronid.net udp
US 104.26.8.169:443 script.4dex.io tcp
DE 108.157.4.57:443 config.aps.amazon-adsystem.com tcp
NL 23.218.48.210:443 e4536.g.akamaiedge.net tcp
GB 18.245.143.100:443 tags.crwdcntrl.net tcp
US 104.22.53.173:443 cdn.hadronid.net tcp
US 172.67.38.106:443 cdn.id5-sync.com tcp
US 8.8.8.8:53 api.btloader.com udp
US 130.211.23.194:443 api.btloader.com tcp
US 8.8.8.8:53 api.btloader.com udp
US 130.211.23.194:443 api.btloader.com tcp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 id.hadron.ad.gt udp
US 35.241.34.106:443 c.4dex.io udp
US 172.67.23.234:443 id.hadron.ad.gt tcp
US 172.67.23.234:443 id.hadron.ad.gt tcp
US 8.8.8.8:53 id.hadron.ad.gt.cdn.cloudflare.net udp
US 8.8.8.8:53 id.hadron.ad.gt.cdn.cloudflare.net udp
US 130.211.23.194:443 api.btloader.com udp
GB 18.245.162.116:443 static4.buysellads.net tcp
US 8.8.8.8:53 d2o0hm3gx7c7ua.cloudfront.net udp
US 8.8.8.8:53 d2o0hm3gx7c7ua.cloudfront.net udp
US 35.241.34.106:443 c.4dex.io udp
US 8.8.8.8:53 adsdk.microsoft.com udp
US 8.8.8.8:53 ams3-ib.adnxs.com udp
US 8.8.8.8:53 53.232.173.18.in-addr.arpa udp
US 8.8.8.8:53 145.23.18.104.in-addr.arpa udp
US 8.8.8.8:53 70.3.26.104.in-addr.arpa udp
US 8.8.8.8:53 100.143.245.18.in-addr.arpa udp
US 8.8.8.8:53 173.53.22.104.in-addr.arpa udp
US 8.8.8.8:53 106.38.67.172.in-addr.arpa udp
US 8.8.8.8:53 210.48.218.23.in-addr.arpa udp
US 8.8.8.8:53 57.4.157.108.in-addr.arpa udp
US 8.8.8.8:53 234.23.67.172.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 116.162.245.18.in-addr.arpa udp
US 8.8.8.8:53 prod.appnexus.map.fastly.net udp
US 8.8.8.8:53 s-part-0036.t-0009.t-msedge.net udp
US 13.107.246.64:443 s-part-0036.t-0009.t-msedge.net tcp
US 8.8.8.8:53 ams3-ib.adnxs.com udp
US 8.8.8.8:53 s-part-0036.t-0009.t-msedge.net udp
US 8.8.8.8:53 ams3-ib.adnxs.com udp
US 8.8.8.8:53 prod.appnexus.map.fastly.net udp
US 8.8.8.8:53 a.ad.gt udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 a.ad.gt.cdn.cloudflare.net udp
US 104.22.5.69:443 a.ad.gt.cdn.cloudflare.net tcp
DE 162.19.138.120:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 id5-sync.com udp
DE 162.19.138.120:443 id5-sync.com tcp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 a.ad.gt.cdn.cloudflare.net udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 cdn.adnxs-simple.com udp
NL 185.89.210.180:443 ams3-ib.adnxs.com tcp
GB 95.101.129.233:443 www.bing.com tcp
US 8.8.8.8:53 e86303.dscx.akamaiedge.net udp
GB 95.101.129.233:443 e86303.dscx.akamaiedge.net tcp
GB 95.101.129.233:443 e86303.dscx.akamaiedge.net udp
US 8.8.8.8:53 e86303.dscx.akamaiedge.net udp
US 151.101.1.108:443 cdn.adnxs-simple.com tcp
US 151.101.65.108:443 cdn.adnxs-simple.com tcp
US 8.8.8.8:53 120.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 69.5.22.104.in-addr.arpa udp
US 8.8.8.8:53 180.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 108.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 108.65.101.151.in-addr.arpa udp
US 8.8.8.8:53 static.criteo.net udp
NL 178.250.1.3:443 static.criteo.net tcp
US 8.8.8.8:53 static.nl3.vip.prod.criteo.net udp
US 8.8.8.8:53 static.nl3.vip.prod.criteo.net udp
US 8.8.8.8:53 gum.criteo.com udp
NL 178.250.1.3:443 static.nl3.vip.prod.criteo.net tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 gum.nl3.vip.prod.criteo.com udp
US 8.8.8.8:53 gum.nl3.vip.prod.criteo.com udp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 ag.gbc.criteo.com udp
US 8.8.8.8:53 gem.gbc.criteo.com udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
FR 185.235.86.74:443 ag.gbc.criteo.com tcp
US 8.8.8.8:53 gbc2.fr3.eu.criteo.com udp
NL 185.235.87.226:443 gem.gbc.criteo.com tcp
US 8.8.8.8:53 gbc8.nl3.eu.criteo.com udp
US 8.8.8.8:53 dnacdn.net udp
NL 178.250.1.11:443 dnacdn.net tcp
US 8.8.8.8:53 gbc2.fr3.eu.criteo.com udp
US 8.8.8.8:53 gbc8.nl3.eu.criteo.com udp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 eus.rubiconproject.com udp
US 8.8.8.8:53 buysellads-d.openx.net udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 8.8.8.8:53 public.servenobid.com udp
US 8.8.8.8:53 acdn.adnxs.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 34.98.64.218:443 buysellads-d.openx.net tcp
US 8.8.8.8:53 buysellads-d.openx.net udp
GB 95.100.245.251:443 eus.rubiconproject.com tcp
US 8.8.8.8:53 e8960.b.akamaiedge.net udp
US 159.223.124.226:443 sync.cootlogix.com tcp
US 8.8.8.8:53 hj5ozcalb.puzztake.com udp
US 8.8.8.8:53 visitor-fra02.omnitagjs.com udp
FR 185.255.84.152:443 visitor-fra02.omnitagjs.com tcp
US 151.101.65.108:443 acdn.adnxs.com tcp
GB 2.22.68.191:443 ads.pubmatic.com tcp
US 8.8.8.8:53 e6603.g.akamaiedge.net udp
DE 18.66.248.39:443 public.servenobid.com tcp
US 8.8.8.8:53 public.servenobid.com udp
US 8.8.8.8:53 buysellads-d.openx.net udp
US 8.8.8.8:53 hj5ozcalb.puzztake.com udp
US 8.8.8.8:53 visitor-fra02.omnitagjs.com udp
US 8.8.8.8:53 e6603.g.akamaiedge.net udp
US 8.8.8.8:53 e8960.b.akamaiedge.net udp
US 8.8.8.8:53 public.servenobid.com udp
US 34.98.64.218:443 buysellads-d.openx.net udp
US 8.8.8.8:53 secure.adnxs.com udp
US 8.8.8.8:53 dis.criteo.com udp
US 8.8.8.8:53 creativecdn.com udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 api-2-0.spot.im udp
US 8.8.8.8:53 sync.richaudience.com udp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 match.prod.bidr.io udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 image8.pubmatic.com udp
US 8.8.8.8:53 226.87.235.185.in-addr.arpa udp
US 8.8.8.8:53 218.64.98.34.in-addr.arpa udp
US 8.8.8.8:53 251.245.100.95.in-addr.arpa udp
US 8.8.8.8:53 191.68.22.2.in-addr.arpa udp
US 8.8.8.8:53 39.248.66.18.in-addr.arpa udp
US 8.8.8.8:53 152.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 226.124.223.159.in-addr.arpa udp
US 8.8.8.8:53 b1sync.zemanta.com udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 8.8.8.8:53 tracker.open-adsyield.com udp
US 8.8.8.8:53 rtb.mfadsrvr.com udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 jadserve.postrelease.com udp
US 8.8.8.8:53 74.86.235.185.in-addr.arpa udp
US 3.230.236.160:443 api-2-0.spot.im tcp
US 8.8.8.8:53 sync.richaudience.com udp
US 8.8.8.8:53 k8s-kongow-generalp-4b9a3bfec6-974801183.us-east-1.elb.amazonaws.com udp
US 8.8.8.8:53 imagsync-lhrpairbc.pubmatic.com udp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 match.prod.bidr.io udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 widget.nl3.vip.prod.criteo.com udp
US 8.8.8.8:53 bttrack.com udp
US 8.8.8.8:53 blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com udp
US 172.111.38.54:443 tracker.open-adsyield.com tcp
US 8.8.8.8:53 chidc2.outbrain.org udp
US 8.8.8.8:53 tracker-use.ortb.net udp
US 8.8.8.8:53 k8s-kongow-generalp-4b9a3bfec6-974801183.us-east-1.elb.amazonaws.com udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 8.8.8.8:53 match.prod.bidr.io udp
US 8.8.8.8:53 sync.richaudience.com udp
US 8.8.8.8:53 jadserve.postrelease.com.akadns.net udp
US 8.8.8.8:53 blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 widget.nl3.vip.prod.criteo.com udp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 bttrack.com udp
US 8.8.8.8:53 imagsync-lhrpairbc.pubmatic.com udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 id.rlcdn.com udp
US 8.8.8.8:53 user-data-eu.bidswitch.net udp
US 8.8.8.8:53 id.rlcdn.com udp
US 8.8.8.8:53 bttrack.com udp
US 8.8.8.8:53 creativecdn.com udp
US 8.8.8.8:53 ib.anycast.adnxs.com udp
US 8.8.8.8:53 user-data-eu.bidswitch.net udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 8.8.8.8:53 dorpat.geo.iponweb.net udp
US 8.8.8.8:53 chidc2.outbrain.org udp
US 8.8.8.8:53 tracker-use.ortb.net udp
US 8.8.8.8:53 creativecdn.com udp
US 8.8.8.8:53 id.rlcdn.com udp
US 8.8.8.8:53 eu-west-1-cs-rtb.openwebmp.com udp
NL 185.89.210.90:443 secure.adnxs.com tcp
NL 185.89.210.90:443 secure.adnxs.com tcp
NL 178.250.1.9:443 widget.nl3.vip.prod.criteo.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
NL 35.214.149.91:443 user-data-eu.bidswitch.net tcp
DE 168.119.72.236:443 sync.richaudience.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
IE 34.250.109.179:443 match.prod.bidr.io tcp
US 3.33.220.150:443 match.adsrvr.org tcp
GB 185.64.191.214:443 imagsync-lhrpairbc.pubmatic.com tcp
US 64.74.236.159:443 b1sync.zemanta.com tcp
US 64.74.236.159:443 b1sync.zemanta.com tcp
US 52.6.202.249:443 sync.srv.stackadapt.com tcp
NL 35.214.199.88:443 dorpat.geo.iponweb.net tcp
IE 54.229.86.110:443 blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com tcp
IE 52.49.168.145:443 jadserve.postrelease.com.akadns.net tcp
US 192.132.33.68:443 bttrack.com tcp
US 8.8.8.8:53 dorpat.geo.iponweb.net udp
GB 13.224.222.56:443 eu-west-1-cs-rtb.openwebmp.com tcp
US 8.8.8.8:53 dckrl2e5yf7xg.cloudfront.net udp
US 35.244.174.68:443 id.rlcdn.com tcp
US 8.8.8.8:53 gum.aidemsrv.com udp
US 8.8.8.8:53 dckrl2e5yf7xg.cloudfront.net udp
DE 168.119.72.236:443 sync.richaudience.com tcp
US 104.17.44.93:443 gum.aidemsrv.com tcp
US 8.8.8.8:53 gum.aidemsrv.com udp
US 35.244.174.68:443 id.rlcdn.com udp
US 8.8.8.8:53 ssc-cms.33across.com udp
US 8.8.8.8:53 gum.aidemsrv.com udp
US 8.8.8.8:53 player.aniview.com udp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
US 67.202.105.22:443 ssc-cms.33across.com tcp
US 8.8.8.8:53 pixel.33across.com udp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
GB 23.73.139.80:443 player.aniview.com tcp
US 8.8.8.8:53 a1970.dscd.akamai.net udp
US 18.214.118.225:443 cs-server-s2s.yellowblue.io tcp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
US 8.8.8.8:53 token.rubiconproject.com udp
US 8.8.8.8:53 g2.gumgum.com udp
US 8.8.8.8:53 pixel.33across.com udp
US 8.8.8.8:53 ce.lijit.com udp
US 8.8.8.8:53 pixel.33across.com udp
US 104.17.44.93:443 gum.aidemsrv.com udp
US 8.8.8.8:53 e8960.e2.akamaiedge.net udp
GB 23.215.239.190:443 e8960.e2.akamaiedge.net tcp
US 8.8.8.8:53 p.rfihub.com udp
US 8.8.8.8:53 sync.go.sonobi.com udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
NL 81.17.55.171:443 ssbsync.smartadserver.com tcp
NL 81.17.55.171:443 ssbsync.smartadserver.com tcp
US 8.8.8.8:53 ssbsync-euw1.smartadserver.com udp
NL 69.173.156.149:443 token.rubiconproject.com tcp
US 8.8.8.8:53 pixel.rubiconproject.net.akadns.net udp
US 8.8.8.8:53 e8960.e2.akamaiedge.net udp
US 67.202.105.21:443 pixel.33across.com tcp
US 8.8.8.8:53 iad-2-sync.go.sonobi.com udp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 iad-2-sync.go.sonobi.com udp
US 8.8.8.8:53 pixel.rubiconproject.net.akadns.net udp
US 8.8.8.8:53 raptor-prd-ew1-alb-2127381300.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 ssbsync-euw1.smartadserver.com udp
US 8.8.8.8:53 g2.gumgum.com udp
US 8.8.8.8:53 am6-tmp.a-mx.net udp
IE 52.50.78.192:443 g2.gumgum.com tcp
US 172.64.151.101:443 ssum-sec.casalemedia.com tcp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 a-emea.rfihub.com.akadns.net udp
US 8.8.8.8:53 160.236.230.3.in-addr.arpa udp
US 8.8.8.8:53 54.38.111.172.in-addr.arpa udp
US 8.8.8.8:53 214.191.64.185.in-addr.arpa udp
US 8.8.8.8:53 150.220.33.3.in-addr.arpa udp
US 8.8.8.8:53 9.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
US 8.8.8.8:53 179.109.250.34.in-addr.arpa udp
US 8.8.8.8:53 88.199.214.35.in-addr.arpa udp
US 8.8.8.8:53 110.86.229.54.in-addr.arpa udp
US 8.8.8.8:53 145.168.49.52.in-addr.arpa udp
US 8.8.8.8:53 56.222.224.13.in-addr.arpa udp
US 8.8.8.8:53 159.236.74.64.in-addr.arpa udp
US 8.8.8.8:53 68.174.244.35.in-addr.arpa udp
US 8.8.8.8:53 249.202.6.52.in-addr.arpa udp
US 8.8.8.8:53 68.33.132.192.in-addr.arpa udp
US 8.8.8.8:53 93.44.17.104.in-addr.arpa udp
US 8.8.8.8:53 190.239.215.23.in-addr.arpa udp
US 8.8.8.8:53 22.105.202.67.in-addr.arpa udp
US 8.8.8.8:53 171.55.17.81.in-addr.arpa udp
US 8.8.8.8:53 match.sharethrough.com udp
US 18.214.118.225:443 cs-server-s2s.yellowblue.io tcp
US 8.8.8.8:53 hbx.media.net udp
US 8.8.8.8:53 cdn.dxkulture.com udp
US 8.8.8.8:53 a1970.dscd.akamai.net udp
IE 18.202.134.149:443 raptor-prd-ew1-alb-2127381300.eu-west-1.elb.amazonaws.com tcp
NL 193.0.160.130:443 a-emea.rfihub.com.akadns.net tcp
US 69.166.1.35:443 iad-2-sync.go.sonobi.com tcp
NL 147.75.34.177:443 am6-tmp.a-mx.net tcp
US 8.8.8.8:53 g2.gumgum.com udp
NL 35.214.199.88:443 dorpat.geo.iponweb.net udp
US 8.8.8.8:53 a-emea.rfihub.com.akadns.net udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 raptor-prd-ew1-alb-2127381300.eu-west-1.elb.amazonaws.com udp
GB 23.73.139.80:443 a1970.dscd.akamai.net tcp
US 8.8.8.8:53 am6-tmp.a-mx.net udp
US 3.225.43.156:443 ssp.disqus.com tcp
US 8.8.8.8:53 hbx.media.net udp
US 8.8.8.8:53 dssp-prod-cdn.nyc3.cdn.digitaloceanspaces.com udp
GB 2.21.184.63:443 hbx.media.net tcp
US 172.64.145.29:443 dssp-prod-cdn.nyc3.cdn.digitaloceanspaces.com tcp
US 8.8.8.8:53 qvdt3feo.com udp
DE 18.197.30.174:443 match.sharethrough.com tcp
US 8.8.8.8:53 zeta-ssp-385516103.us-east-1.elb.amazonaws.com udp
US 8.8.8.8:53 dssp-prod-cdn.nyc3.cdn.digitaloceanspaces.com udp
US 172.64.151.101:443 ssum-sec.casalemedia.com udp
US 34.238.78.132:443 qvdt3feo.com tcp
US 8.8.8.8:53 qvdt3feo.com udp
GB 23.73.139.80:443 a1970.dscd.akamai.net udp
US 8.8.8.8:53 hbx.media.net udp
US 8.8.8.8:53 match-eu-central-1-ecs.sharethrough.com udp
GB 2.21.184.63:443 hbx.media.net udp
US 8.8.8.8:53 qvdt3feo.com udp
US 8.8.8.8:53 support.mozilla.org udp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 149.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 225.118.214.18.in-addr.arpa udp
US 8.8.8.8:53 21.105.202.67.in-addr.arpa udp
US 8.8.8.8:53 101.151.64.172.in-addr.arpa udp
US 8.8.8.8:53 192.78.50.52.in-addr.arpa udp
US 8.8.8.8:53 177.34.75.147.in-addr.arpa udp
US 8.8.8.8:53 80.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 130.160.0.193.in-addr.arpa udp
US 8.8.8.8:53 149.134.202.18.in-addr.arpa udp
US 8.8.8.8:53 29.145.64.172.in-addr.arpa udp
US 8.8.8.8:53 63.184.21.2.in-addr.arpa udp
US 8.8.8.8:53 35.1.166.69.in-addr.arpa udp
US 8.8.8.8:53 156.43.225.3.in-addr.arpa udp
US 8.8.8.8:53 132.78.238.34.in-addr.arpa udp
US 8.8.8.8:53 236.72.119.168.in-addr.arpa udp
US 8.8.8.8:53 sync.adkernel.com udp
US 8.8.8.8:53 c1.adform.net udp
NL 69.173.156.149:443 pixel.rubiconproject.net.akadns.net tcp
US 8.8.8.8:53 ads.dxkulture.com udp
US 8.8.8.8:53 us-u.openx.net udp
US 8.8.8.8:53 pr-bh.ybp.yahoo.com udp
US 8.8.8.8:53 sync.ipredictive.com udp
US 8.8.8.8:53 match.deepintent.com udp
US 8.8.8.8:53 bh.contextweb.com udp
NL 185.89.210.90:443 secure.adnxs.com tcp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 tg.socdm.com udp
NL 77.245.57.72:443 sync.adkernel.com tcp
US 8.8.8.8:53 1.cpm.ak-is2.net udp
DK 37.157.3.26:443 c1.adform.net tcp
DK 37.157.3.26:443 c1.adform.net tcp
US 8.8.8.8:53 track.adformnet.akadns.net udp
US 45.55.126.71:443 ads.dxkulture.com tcp
US 8.8.8.8:53 ads.dxkulture.com udp
IE 18.200.154.164:443 pr-bh.ybp.yahoo.com tcp
US 54.144.14.120:443 sync.ipredictive.com tcp
US 8.8.8.8:53 ds-pr-bh.ybp.gysm.yahoodns.net udp
US 8.8.8.8:53 sync.ipredictive.com udp
US 169.197.150.8:443 match.deepintent.com tcp
US 8.8.8.8:53 m.deepintent.com udp
US 35.244.159.8:443 us-u.openx.net tcp
US 8.8.8.8:53 us-u.openx.net udp
NL 208.93.169.131:443 bh.contextweb.com tcp
US 8.8.8.8:53 am1-direct-bgp.contextweb.com udp
US 8.8.8.8:53 usersync.gumgum.com udp
US 8.8.8.8:53 1.cpm.ak-is2.net udp
FR 142.250.178.130:443 cm.g.doubleclick.net tcp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 35.244.159.8:443 us-u.openx.net udp
IE 52.210.15.1:443 usersync.gumgum.com tcp
US 8.8.8.8:53 track.adformnet.akadns.net udp
US 8.8.8.8:53 ads.dxkulture.com udp
US 8.8.8.8:53 m.deepintent.com udp
US 8.8.8.8:53 am1-direct-bgp.contextweb.com udp
US 8.8.8.8:53 usersync.gumgum.com udp
US 8.8.8.8:53 us-u.openx.net udp
US 8.8.8.8:53 ds-pr-bh.ybp.gysm.yahoodns.net udp
JP 124.146.153.152:443 tg.socdm.com tcp
US 8.8.8.8:53 sync.ipredictive.com udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 tg.dr.socdm.com udp
US 8.8.8.8:53 usersync.gumgum.com udp
US 8.8.8.8:53 tg.dr.socdm.com udp
NL 185.89.210.90:443 secure.adnxs.com tcp
FR 142.250.178.130:443 cm.g.doubleclick.net udp
JP 124.146.153.152:443 tg.dr.socdm.com tcp
US 8.8.8.8:53 rtb.gumgum.com udp
IE 52.48.92.50:443 rtb.gumgum.com tcp
US 8.8.8.8:53 rtb.gumgum.com udp
IE 52.210.15.1:443 usersync.gumgum.com tcp
IE 52.210.15.1:443 usersync.gumgum.com tcp
US 8.8.8.8:53 72.57.245.77.in-addr.arpa udp
US 8.8.8.8:53 26.3.157.37.in-addr.arpa udp
US 8.8.8.8:53 164.154.200.18.in-addr.arpa udp
US 8.8.8.8:53 8.159.244.35.in-addr.arpa udp
US 8.8.8.8:53 131.169.93.208.in-addr.arpa udp
US 8.8.8.8:53 130.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 71.126.55.45.in-addr.arpa udp
US 8.8.8.8:53 120.14.144.54.in-addr.arpa udp
US 8.8.8.8:53 8.150.197.169.in-addr.arpa udp
US 8.8.8.8:53 1.15.210.52.in-addr.arpa udp
US 8.8.8.8:53 152.153.146.124.in-addr.arpa udp
US 8.8.8.8:53 50.92.48.52.in-addr.arpa udp
US 45.55.126.71:443 ads.dxkulture.com tcp
US 45.55.126.71:443 ads.dxkulture.com tcp
US 8.8.8.8:53 idsync.rlcdn.com udp
US 35.244.174.68:443 idsync.rlcdn.com tcp
US 8.8.8.8:53 idsync.rlcdn.com udp
US 8.8.8.8:53 idsync.rlcdn.com udp
US 35.244.174.68:443 idsync.rlcdn.com udp
US 8.8.8.8:53 mega.nz udp
US 8.8.8.8:53 mega.nz udp
LU 31.216.145.5:443 mega.nz tcp
US 8.8.8.8:53 mega.nz udp
LU 31.216.145.5:443 mega.nz tcp
US 8.8.8.8:53 5.145.216.31.in-addr.arpa udp
US 8.8.8.8:53 eu.static.mega.co.nz udp
LU 66.203.124.37:443 eu.static.mega.co.nz tcp
LU 66.203.124.37:443 eu.static.mega.co.nz tcp
US 8.8.8.8:53 eu.static.mega.co.nz udp
US 8.8.8.8:53 eu.static.mega.co.nz udp
US 8.8.8.8:53 g.api.mega.co.nz udp
LU 66.203.125.11:443 g.api.mega.co.nz tcp
US 8.8.8.8:53 lu.api.mega.co.nz udp
LU 66.203.125.11:443 lu.api.mega.co.nz tcp
US 8.8.8.8:53 37.124.203.66.in-addr.arpa udp
US 8.8.8.8:53 lu.api.mega.co.nz udp
US 8.8.8.8:53 11.125.203.66.in-addr.arpa udp
FR 142.250.75.238:443 play.google.com udp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
FR 185.206.26.43:443 gfs208n133.userstorage.mega.co.nz tcp
FR 185.206.26.43:443 gfs208n133.userstorage.mega.co.nz tcp
FR 185.206.26.43:443 gfs208n133.userstorage.mega.co.nz tcp
FR 185.206.26.43:443 gfs208n133.userstorage.mega.co.nz tcp
US 8.8.8.8:53 gfs208n133.userstorage.mega.co.nz udp
US 8.8.8.8:53 gfs208n133.userstorage.mega.co.nz udp
FR 185.206.26.43:443 gfs208n133.userstorage.mega.co.nz tcp
FR 185.206.26.43:443 gfs208n133.userstorage.mega.co.nz tcp
US 8.8.8.8:53 43.26.206.185.in-addr.arpa udp
US 8.8.8.8:53 hbopenbid-ams.pubmnet.com udp
US 8.8.8.8:53 ads.servenobid.com udp
DE 51.89.9.251:443 onetag-sys.com tcp
FR 185.255.84.151:443 hb-api-fra02.omnitagjs.com tcp
US 198.211.114.214:443 exchange.cootlogix.com tcp
NL 69.173.156.139:443 tagged-by.rubiconproject.net.akadns.net tcp
NL 178.250.1.8:443 bidder.nl3.vip.prod.criteo.com tcp
US 8.8.8.8:53 prg.smartadserver.com udp
NL 185.89.210.90:443 secure.adnxs.com tcp
US 8.8.8.8:53 ib.anycast.adnxs.com udp
US 8.8.8.8:53 hb.yellowblue.io udp
US 35.186.253.211:443 rtb.openx.net udp
NL 193.3.178.4:443 pbjs.e-planning.net tcp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 hbopenbid-ams.pubmnet.com udp
US 8.8.8.8:53 ads.servenobid.com udp
US 8.8.8.8:53 hb.yellowblue.io udp
US 8.8.8.8:53 euw2.smartadserver.com udp
FR 5.196.111.64:443 euw2.smartadserver.com tcp
US 8.8.8.8:53 d1jvc9b8z3vcjs.cloudfront.net udp
US 8.8.8.8:53 ads.servenobid.com udp
US 8.8.8.8:53 euw2.smartadserver.com udp
US 8.8.8.8:53 d1jvc9b8z3vcjs.cloudfront.net udp
US 8.8.8.8:53 hb.yellowblue.io udp
US 35.241.34.106:443 c.4dex.io udp
US 8.8.8.8:53 ams3-ib.adnxs.com udp
US 8.8.8.8:53 64.111.196.5.in-addr.arpa udp
US 8.8.8.8:53 ams3-ib.adnxs.com udp
US 8.8.8.8:53 ams3-ib.adnxs.com udp
FR 216.58.214.162:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 calcuatllitwop.shop udp
US 172.67.214.24:443 calcuatllitwop.shop tcp
US 8.8.8.8:53 potentioallykeos.shop udp
US 104.21.95.208:443 potentioallykeos.shop tcp
US 8.8.8.8:53 24.214.67.172.in-addr.arpa udp
US 8.8.8.8:53 208.95.21.104.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
FR 142.250.179.110:443 www.youtube.com udp
FR 142.250.179.110:443 www.youtube.com tcp
FR 142.250.179.110:443 www.youtube.com tcp
FR 142.250.179.110:443 www.youtube.com tcp
US 8.8.8.8:53 csm.nl3.eu.criteo.net udp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
US 8.8.8.8:53 csm.nl3.vip.prod.criteo.net udp
US 8.8.8.8:53 csm.nl3.vip.prod.criteo.net udp
US 172.67.214.24:443 calcuatllitwop.shop tcp
US 104.21.95.208:443 potentioallykeos.shop tcp

Files

memory/3764-0-0x0000000000400000-0x000000000042D000-memory.dmp

memory/3764-2-0x0000000000401000-0x0000000000417000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-PM49D.tmp\setup.tmp

MD5 ae9890548f2fcab56a4e9ae446f55b3f
SHA1 e17c970eebbe6d7d693c8ac5a7733218800a5a96
SHA256 09af8004b85478e1eca09fa4cb5e3081dddcb2f68a353f3ef6849d92be47b449
SHA512 154b6f66ff47db48ec0788b8e67e71f005b51434920d5d921ac2a5c75745576b9b960e2e53c6a711f90f110ad2372ef63045d2a838bc302367369ef1731c80eb

memory/1532-7-0x0000000000400000-0x0000000000579000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\idp.dll

MD5 af555ac9c073f88fe5bf0d677f085025
SHA1 5fff803cf273057c889538886f6992ea05dd146e
SHA256 f4fc0187491a9cb89e233197ff72c2405b5ec02e8b8ea640ee68d034ddbc44bb
SHA512 c61bf21a5b81806e61aae1968d39833791fd534fc7bd2c85887a5c0b2caedab023d94efdbbfed2190b087086d3fd7b98f2737a65f4536ab603dec67c9a8989f5

C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\innocallback.dll

MD5 1c55ae5ef9980e3b1028447da6105c75
SHA1 f85218e10e6aa23b2f5a3ed512895b437e41b45c
SHA256 6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f
SHA512 1ec4d52f49747b29cfd83e1a75fc6ae4101add68ada0b9add5770c10be6dffb004bb47d0854d50871ed8d77acf67d4e0445e97f0548a95c182e83b94ddf2eb6b

memory/1532-21-0x00000000033B0000-0x00000000033C5000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\ISDone.dll

MD5 63dc27b7bc65243efaa59a9797a140ba
SHA1 22f893aefcebecc9376e2122a3321befa22cdd73
SHA256 c652b4b564b3c85c399155cbb45c6fb5a9f56f074e566bfd20f01da6e0412c74
SHA512 3df72dc171baa4698dfd0c324a96dde79eb1c8909f2ff7d8da40e5ca1de08f1fc26298139ab618e0bb3fa168efe5d6059398b90d8ff5f88e54c7988c21fb679e

memory/1532-28-0x0000000003530000-0x0000000003595000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\wintb.dll

MD5 9436df49e08c83bad8ddc906478c2041
SHA1 a4fa6bdd2fe146fda2e78fdbab355797f53b7dce
SHA256 1910537aa95684142250ca0c7426a0b5f082e39f6fbdbdba649aecb179541435
SHA512 f9dc6602ab46d709efdaf937dcb8ae517caeb2bb1f06488c937be794fd9ea87f907101ae5c7f394c7656a6059dc18472f4a6747dcc8cc6a1e4f0518f920cc9bf

C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\BASS.dll

MD5 8005750ec63eb5292884ad6183ae2e77
SHA1 c83e31655e271cd9ef5bff62b10f8d51eb3ebf29
SHA256 df9f56c4da160101567b0526845228ee481ee7d2f98391696fa27fe41f8acf15
SHA512 febbc6374e9a5c7c9029ccbff2c0ecf448d76927c8d720a4eae513b345d2a3f6de8cf774ae40dcd335af59537666e83ce994ec0adc8b9e8ab4575415e3c3e206

memory/1532-69-0x0000000011000000-0x000000001104C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\CallbackCtrl.dll

MD5 f07e819ba2e46a897cfabf816d7557b2
SHA1 8d5fd0a741dd3fd84650e40dd3928ae1f15323cc
SHA256 68f42a7823ed7ee88a5c59020ac52d4bbcadf1036611e96e470d986c8faa172d
SHA512 7ed26d41ead2ace0b5379639474d319af9a3e4ed2dd9795c018f8c5b9b533fd36bfc1713a1f871789bf14884d186fd0559939de511dde24673b0515165d405af

memory/1532-78-0x0000000006AF0000-0x0000000006AFF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\botva2.dll

MD5 67965a5957a61867d661f05ae1f4773e
SHA1 f14c0a4f154dc685bb7c65b2d804a02a0fb2360d
SHA256 450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105
SHA512 c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b

C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\MusicButton.png

MD5 473a683962d3375a00f93dd8ce302158
SHA1 1c0709631834fd3715995514eef875b2b968a6be
SHA256 7f4ad4d912cdabdfbb227387759db81434e20583687737f263d4f247326f0c1a
SHA512 24ffe03b5de8aec324c363b4be1d0ae4c8981176a9f78a359f140de792251e4f2e3e82e2a6f3c19ff686de5588e8665409ddc56fc9532418f6d476869f3f1f9e

memory/1532-85-0x0000000000400000-0x0000000000579000-memory.dmp

memory/3764-86-0x0000000000400000-0x000000000042D000-memory.dmp

memory/1532-92-0x0000000006AF0000-0x0000000006AFF000-memory.dmp

memory/1532-91-0x0000000011000000-0x000000001104C000-memory.dmp

memory/1532-89-0x0000000003530000-0x0000000003595000-memory.dmp

memory/1532-90-0x000000006B080000-0x000000006B08D000-memory.dmp

memory/1532-88-0x00000000033B0000-0x00000000033C5000-memory.dmp

memory/1532-93-0x0000000011000000-0x000000001104C000-memory.dmp

memory/1532-94-0x0000000000400000-0x0000000000579000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\FlushFileCache.exe

MD5 df77f2b6126f4f258f2e952b53b22879
SHA1 fedda8401ebfe872dd081538deec58965e82f675
SHA256 a4cc6683393795f7b84d0b49eea2d7d7fbe1392bb7612cf39896af6832ffe0b8
SHA512 623c5a2b3382b610bf2a2812db94ea77e52051f307fd1ba7767927719277a7d99e844f9286a52549f888ad818c4d4d09759c031a8ab6dbc58911257987028a37

memory/4308-124-0x0000000000400000-0x0000000000410000-memory.dmp

memory/1532-126-0x00000000033B0000-0x00000000033C5000-memory.dmp

memory/1532-129-0x0000000011000000-0x000000001104C000-memory.dmp

memory/1532-130-0x0000000006AF0000-0x0000000006AFF000-memory.dmp

memory/1532-127-0x0000000003530000-0x0000000003595000-memory.dmp

memory/1532-125-0x0000000000400000-0x0000000000579000-memory.dmp

F:\Games\FNaF - Into the Pit\unins000.exe

MD5 eaf7c2bac7c2e9110f9c157f7615a7b8
SHA1 2391a9319d4a2adabbb52598204ca286c40d0a48
SHA256 4352e6ef476d5147f8c377540a660136154164ea0eb7a72dc487a41128742d9f
SHA512 fe34ae324e4adcbfe67d3752ed146b27ecb881f36a81537da9c9525d8bc9d295d0cdc1533b739214ac315743a27754d0110d4c1dd98ec4da0a2d4edcc783294c

F:\Games\FNaF - Into the Pit\unins000.dat

MD5 c473120133f93a20d0a967d4ce039d31
SHA1 c20ba4032a71acfdec1e30a54b97404a90a1fb06
SHA256 e88b4a1862b27f139aac2af412d4ec5fb9335a8a084fa84dfc7c1609b6bd481f
SHA512 49876bf61b12c09f0924673e22e000b801b5c77f03ba0f71497d50fe7e4a07374224ead5a51e96861c1cec8388308f3369dbda99d236fe9c10fb24ac1f92d1a9

C:\Users\Admin\AppData\Local\Temp\is-ST7K6.tmp\_isetup\_shfoldr.dll

MD5 92dc6ef532fbb4a5c3201469a5b5eb63
SHA1 3e89ff837147c16b4e41c30d6c796374e0b8e62c
SHA256 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
SHA512 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

C:\Users\Public\Desktop\FNaF - Into the Pit.lnk

MD5 0cc98284b0083ee7865da446ccbccb72
SHA1 c046c5ccf9fe0cdeb1a2b7714b453e00545f341d
SHA256 1192586197cddbe021ca6f876916d595d4418df40e3ef1e5eb53949a85df0934
SHA512 e63a1bc266c0771b24ec028ffc4a4cc4e21bfd69109179d8708e2746a34b4efe50522263b8116534e252e20d755b13de6c88ecef3774b4893cff8f7e899f2351

F:\Games\FNaF - Into the Pit\_Redist\fitgirl.md5

MD5 570afae8ea7f0fade6c5ceeef6d8c11c
SHA1 629b7f66bf4aedf5574345b1c19cc3e2e015630f
SHA256 d7dc9009cfdec136602e61d016872e75eabf60c04e5c07985b4d0e1e629aa3e9
SHA512 7701f6d36d19d0d6f7f8d08f3ae9f98a5535dc6b7a6ad74117ddfca7bd95d68753d28392a03579272ec70a323792188e76a945fb046ce6751359cc98f52b3bac

F:\Games\FNaF - Into the Pit\_Redist\dxwebsetup.exe

MD5 56d52c503adf02184f19eee4767ef60a
SHA1 ca133f67a286f4f20282e19837b53b38a27a1caa
SHA256 ed79c8f65b02ed83d5db8c355328294a73dc447f08f657312bf8f3a5b40c7494
SHA512 246f35664a9af548d402878a3e6ce6d8901a0978477b145db5fd4e5857021efc4016369e9e02e709a27cf5c84f44a32e106008668ba96e2b45d4d06599090d8f

F:\Games\FNaF - Into the Pit\_Redist\QuickSFV.EXE

MD5 4b1d5ec11b2b5db046233a28dba73b83
SHA1 3a4e464d3602957f3527727ea62876902b451511
SHA256 a6371461da7439f4ef7008ed53331209747cba960b85c70a902d46451247a29c
SHA512 fcd653dbab79dbedca461beb8d01c2a4d0fd061fcfba50ffa12238f338a5ea03e7f0e956a3932d785e453592ce7bb1b8a2f1d88392e336bd94fb94a971450b69

F:\Games\FNaF - Into the Pit\_Redist\QuickSFV.ini

MD5 c5c28798bca6e9ed5d84fa67b656065a
SHA1 4b6fa3465f1b393e22e9f083b177462028a48e93
SHA256 74ca5a42469197eded04f5a0bf34ca251c72f7cc06a3416ac035230cb8e81629
SHA512 c06baa4b31e2866fc3f298826930f43fb1d9c2de24e0984594e41f72f022a9090712b478e84d3cb46e0cb0f45d4e81d6c6443b69c7513775340324d9eda92963

memory/1080-150-0x0000000000400000-0x0000000000579000-memory.dmp

memory/1580-153-0x0000000000400000-0x0000000000579000-memory.dmp

memory/1532-159-0x0000000011000000-0x000000001104C000-memory.dmp

memory/1532-157-0x0000000003530000-0x0000000003595000-memory.dmp

memory/1532-155-0x0000000000400000-0x0000000000579000-memory.dmp

memory/1532-156-0x00000000033B0000-0x00000000033C5000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\host.cmd

MD5 fb489cd440c176d00ccc026513be727a
SHA1 486de4c536f9fdf93564867090067a27f529bb85
SHA256 08e8437535454586b63855382bc4ce90bc2348ddecced2f7d1ebd87b9923fa2a
SHA512 441b9b8419d0fd0008156171683df806af28a6ad5cfeaaa7e0ce42cb2db82036c348cda0ddfb84e736bef69da54080befcad3b8091703727d7df75c0f86d1c16

C:\Users\Admin\AppData\Local\Temp\is-PANMR.tmp\hosts.exe

MD5 a7f30bb876775a914422675a13dd56b3
SHA1 3ea28fe66a04ebbad2507a7dfdebf1622c701d43
SHA256 49bdf4c437cf51ed0b369db9935d2f09883859d96a64593247c89c70e6840119
SHA512 6decbf54a3b62cfe549f1e45d1e5e99b2c33c792a67e9f29b9be3cb51d7e89ff0238cc4479f4a004d2b70989517531ccbbd6e420675fd3d37949cc20c90a6656

memory/2984-165-0x0000000000A60000-0x0000000000A6E000-memory.dmp

C:\Windows\System32\drivers\etc\hosts.check

MD5 008fba141529811128b8cd5f52300f6e
SHA1 1a350b35d82cb4bd7a924b6840c36a678105f793
SHA256 ab0e454a786ef19a3ae1337f10f47354ffa9521ea5026e9e11174eca22d86e84
SHA512 80189560b6cf180a9c1ecafc90018b48541687f52f5d49b54ca25e040b3264da053e3d4dbb0cd38caaf496e23e516de18f500b333e3cda1fd1b25c6e9632defc

\??\c:\windows\system32\drivers\etc\hosts

MD5 58c038bdfa1029309ac8934d58dabc67
SHA1 a5c07b734be2e1f22a88d88c303146eb419f96a7
SHA256 09a37ae03d23e382c5c07d8bf8bad4eb426ca9abc37a2e74d1547c425a7a5171
SHA512 efc8a28931256ccdd8adc1f6b7105059d015aab030ad2de43a319d46c6fe3a7118f0747767769c73259bc03d695389ac7f1340cbdb1852d00d063d25953ed370

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\hosts.exe.log

MD5 f8ec7f563d06ccddddf6c96b8957e5c8
SHA1 73bdc49dcead32f8c29168645a0f080084132252
SHA256 38ef57aec780edd2c8dab614a85ce87351188fce5896ffebc9f69328df2056ed
SHA512 8830821ac9edb4cdf4d8a3d7bc30433987ae4c158cf81b705654f54aaeba366c5fa3509981aceae21e193dd4483f03b9d449bc0a32545927d3ca94b0f9367684

\??\c:\windows\system32\drivers\etc\hosts

MD5 b05b62045ed529ecb9b6ebda9c7a03ca
SHA1 863d797d748b9e21ca61f29104353f5030070adf
SHA256 3be6bd7ba208511027f993fa34267df2381e66ac0cc0588081a52336ba975406
SHA512 e087677905998ee05faa64bcc4b1f1f35db6e18303353c3b4d9f85b8d5dfb3824f70bac91f1448a87790d6c0036bc091f32c2a392de20216612bfcb9ed2f60e0

C:\Windows\System32\drivers\etc\hosts

MD5 90098a89e470bd12f2ab7e3e46190346
SHA1 5ea45e12a80ab1cbb560be1823dc68260cacd84d
SHA256 f5a2d2df78c0920e4a3917939f169f39aa31be1df429404336341d3fa0efe6dc
SHA512 7e75c1775c840b0f7c4cc29ec69c5b72be84d008979cedcab243f32fde18286479ef7ca2efe607edbc73a7d328166d99b1948738261cb5c0139a20e135ff1970

\??\c:\windows\system32\drivers\etc\hosts

MD5 29476e3e293379d1bf00cb5cca2867cb
SHA1 0df705b8f203736cba3d2fbb7938e87867f9eeb0
SHA256 7a06a579c327934bec75b39bca99d09969f210e323946817ac257ad80c24959d
SHA512 5986b1b5086158917308d88aae7695f84d363fa93711b959d69be5d91447b7cd3faa1f09bfa6ed217d9b52c235f7a4d3eb9d95d231d68dc682a6d4962c3edf77

\??\c:\windows\system32\drivers\etc\hosts

MD5 4dfdcceb3a21e723d5eff18a6d1504f2
SHA1 6860f1e5d159ce202dd104db7d288b23f3580222
SHA256 5ed94bc1c5b7cd111711306682ee9ddfaaa71967e2626d936d87755be7cbb96b
SHA512 934b303382ae250deb838de9c13852555e6862ca9ef4d9c18ac7d2d53e520111d928fa5c7e7026864490028f2d8b38bad00a809557fd19bf6147261ed6f59731

\??\c:\windows\system32\drivers\etc\hosts

MD5 d4311f9afc2b6a3abdac082a777b863e
SHA1 ad58b01cabc00391fadd177fbd2619b44ea510c5
SHA256 52abe4e9a74d2129d860536fac246f8b3746b0d3636348bcb1bf4b8ced0858b5
SHA512 3c482ec2e2760f16409dca398b1a1a6d9959716805bb0df5969858697ac581231d57701997ac70f28b9344ea93eb0c45fa94be52a68d09cf78402c471bb0f9a1

\??\c:\windows\system32\drivers\etc\hosts.rollback

MD5 9fb2798481ae865b8b50c179bdbca26e
SHA1 f8f17fc83ab37645eeeb698c3cf81b46a245b656
SHA256 2468e5f2ffde0f1c564257a2cdcfe9f3a02dc61566879c16c1cde32826f3ea16
SHA512 175e60002fa666c9e0404fe8413ca9b8699c32ff15c573c5954ef466ebfc128b74c2ac401ecc62303d61dc84b826bb725dfbc5676513f4f7e6ed9dcc577c75bd

\??\c:\windows\system32\drivers\etc\hosts

MD5 e503bbdc60f908008d2b48c11f8fa4b7
SHA1 52d54408cf1bd659f18f03583ec006b034e030c6
SHA256 420f4ab3460810eb2297082d96e197b57fbcb916de7b207e7617e4c53d3303a5
SHA512 593843f1dc1fbeb2ba82afebf4c7b7603155b24c2aafd98347dcbbb1b646bfaf941d0c392bedd765db76cbe50392f793b23be481e1cea984ada02206e9c9eb0e

\??\c:\windows\system32\drivers\etc\hosts

MD5 ccd5727329626b06ec141a1bc31aaff0
SHA1 5b2b26a9f8ac7f157c2b8023b14f5bc10f7c7422
SHA256 4e492b443673a224cd26615c61bd5898a807a3df2922ac6068c18a88e31c724d
SHA512 040ee693a767c80b133571f080d357d2c996b7b83503a9feabfd4e66118e2fb8defcbd10829932fbe4473f8adffd9276e06fad8797c1f169ad406957faeb5914

\??\c:\windows\system32\drivers\etc\hosts

MD5 a191caf190dade435e0855c3abd9eef4
SHA1 5923f980f3a0f21d02f9a94b85bdfd6001d67d32
SHA256 45b2d1d6aa2aa63746d5fd7caf5faa05602c4e2339fb366ddd29cc1404a45189
SHA512 cabfbfed58b2866ced3d9f002cf1be253a259bdf0535ef4eb56abb25f6c270897cd003fb872a0f4721320d4decdfda8217e2e332f2d36c9c2cd08177f431ad6b

C:\Windows\System32\drivers\etc\hosts.check

MD5 76df54f2193b02a222ad9c85f8d7fb55
SHA1 fd053ecf306d42937fd89b141c1f01bbb858ff17
SHA256 20eedea1fb760160310acfa78346d539fa75339788ae09a5d9718fb5a5031af2
SHA512 12e1ddfa8d3fe3d406eaa95e2038a6c79e01c6ebb1369f0dc39886c5644769c96ea66d6fdd771278dc7870297fdb2288ee83d13f3fc90a60977da69228261cd0

C:\Windows\System32\drivers\etc\hosts

MD5 2822640948756371fc7d41952cd2914b
SHA1 0abcc59e9d1bd629d2449f31ea881984b2803a98
SHA256 938cbcb2c9eb962234c88692dc36305675f0e3ddd65fce639c52478cc7aba1d9
SHA512 95bc2e034a1151b71dbd505eef4122a1ff39b1fa6697a9a1346e5aa2c344c914aa7d3ee2a7c71d014257d58de3ba97f49c43d8df9e1ef6f26470005e595e995b

C:\Windows\System32\drivers\etc\hosts

MD5 ee5fa31908c65132abeecf0ecaa722e6
SHA1 2abeaa7758e4d3b5b8e4f858045d2f2ea7b829ea
SHA256 f26284764b781d9acee11569257cc2316928e3a86a316e30d4c30fd30be2b7da
SHA512 7b91c0094a970c14de43a24ac70d49236088572eeed7d316e337f0363e91ca1a7870a68795e71ebea0ee4067820014a4347fe67566f3a27f2b8d88bad5b86441

C:\Windows\System32\drivers\etc\hosts.check

MD5 b1472a2418ef16f2b5a082c36d0e4539
SHA1 ea1cd76485753e4ad9a4ba42beed90a9c50701b5
SHA256 8ca1133d16ea6da99d4dc459989548000f71a577a331e0003acfc693f834b676
SHA512 3d673f2627e5c14047d78e987f5ff86666eaeef8c53eff0d5138a66968186f2a250fbf96df9988f9672386b89e31c3aa04e139e22a0a964b19f3b46ab48fd235

C:\Windows\System32\drivers\etc\hosts.check

MD5 e0d5ba1421bdbf0e8ed19776dab4906f
SHA1 d7677d5210503b57b03f6eea3cff77346664d7bc
SHA256 00a54adedbd15a9eb9853471cf73ada6c78cd9e0cb4d98ef9d43ae6b2dea0929
SHA512 bb2bad26f9e426f62f1c7427367e8b07b2255b81fd230830a073447536d191ba317f2fa2ec79e38e63e1e3c3f040bb3f8e5e066ff4d84b18362e1d0a8be64b0b

C:\Windows\System32\drivers\etc\hosts

MD5 c36742ef5dd70ea36cda6ecd81a4d678
SHA1 041cd3d88289e0861fb9b8f04690493d8c291687
SHA256 bc3b6ae133168da1f690d81f19e97f077276951338a7af60c2912d54a311f03a
SHA512 1429e7bb515e02574c4ac135be6285540a5506d33a06dea1c94f17f8e43d0c828351b57ab62331d0020ba83ddb28f10a2cc62550047a1fc364936047152e07d3

C:\Windows\System32\drivers\etc\hosts.check

MD5 9fe103c8d91f6c65c4ce548c693fe8d7
SHA1 b659ee8b4bd2b905e7e243bab666e3556ce967d0
SHA256 c0d3da88706fa36012a9a96229a7441abffc22ffd5d0c286cd1eb48061f4a30a
SHA512 ae8e8fb6a3693681c81b1d46c42c063d51672b60f06b94413b4ec35c7779acd0f2a65aab1a46142c7343354018fe8152889de6a4d1af2882f320605f6bfbd4d4

C:\Windows\System32\drivers\etc\hosts.check

MD5 40ebd45eb7d4a0c9603aa570ff23699c
SHA1 1c20ff81dfc6d415a40347464693f66d7a311be5
SHA256 53cf5077e2cb700bd51f38f72686bf757bf161f0999436dd32f66c4be11213cd
SHA512 44254fa44271e09f6561d76ae2fd4a74d9f80a7fdbc0656717d8c885fe3ceeacf7d54e903c41b20bd0556802fd005b24289d59f8525a3fafdab67ce2a56e0d42

C:\Windows\System32\drivers\etc\hosts.check

MD5 76dcc66dc5aa7c9474994d8575cff494
SHA1 c5a0b49af7bf4d5e87ff6c7b3866de434c49e68c
SHA256 6903a643d986cfbd82febc96295c85b4c89979ef167173765846c4580061137a
SHA512 ba1587a2e1425f354bd48d3234e141b54d98d4e835e8e3652660ebf03b0ec5a94de5f2d00148f304c12286db52401fb6b920a4b258c3d623d072820ffff0c428

C:\Windows\System32\drivers\etc\hosts.check

MD5 3c781d3b80218762351bb9a42d0782ce
SHA1 6e63bff29632824dff4d89e0aab745782ddbbdec
SHA256 0fe32c6fe4eae1a50afdd77a6e3e5d96dbf017759220c37127b1090c32ba3fe8
SHA512 91546cf62b3b99f8d44ea40dc3f7eff9b6aaed6071ecef8d75fece17a7ea3555a42cc3e0011c990995b5e1c0142b6dde12f9223571f9979ef4f0ee0fcf36b223

C:\Windows\System32\drivers\etc\hosts.check

MD5 b705643cb2d0b85a62ae1e969f03d4af
SHA1 9ecce839b40d8652e4e2a247928e944e75d022ba
SHA256 5ecfb130b3f71d25e2786be35154ce930dadcd9dddf4f59c326a4bf12b4b54e8
SHA512 e8709629811f1c9a643e5a98c86cf782ac7d525cfe96865336d86705fe4f852badebf71a97de3a5091569b0844e2b25be430b3d11f6c19982f0ea6437a57fd54

C:\Windows\System32\drivers\etc\hosts.check

MD5 b453c765987ab09641e08c11ca1c96a3
SHA1 73376779128b7d7709d1e71b2d2b346e2bbfb83d
SHA256 c5c14ef79433042544f4a8be7286529805f5d2df6a078c6f634e35934f0d2388
SHA512 846f70338325e9177d18338e312b218fd60fca1a3b807f44bc7743b0e2f0648ebde32d1fa2d6f4e47e4fe4c8397ad3bd3544c6ca69955c47e50a0957e4ea6e23

C:\Windows\System32\drivers\etc\hosts.check

MD5 24429e530db973ac391584f32d251117
SHA1 978e31ede27cef77146dc238852ceac088126097
SHA256 6b2d23196fa840bb86693326707540bd5cb1f7718cc6b6a509afcfd82343ea8f
SHA512 d0afb69ca561c666015cfc9f9252e6419a84f84173538131883f84570e164cf37cf36a314068c86ec1572fd63a2d1a67f9285d5dd066707664414aa9ea6ac3a4

C:\Windows\System32\drivers\etc\hosts.check

MD5 955e4fd52c5b602983814fb8c2d127a7
SHA1 bccbbac46be1201fea8ea8c1a17268c943308178
SHA256 3217c186a99f21287a7c0e510be7efb23649d0d55e1502a40284c9e2ce0ecad2
SHA512 87e1f12c9c1f3a2363a2c1566bc77ff0c5653d640802024bac62b2be27ea3d8d939a023bf01df58347badb3cb61ac700458cd6208b3f09524a6dadaac25f5aa4

C:\Windows\System32\drivers\etc\hosts.check

MD5 dedc56f4ac087819621973bd70a8eec5
SHA1 664a54ac32ec07ceb6407090d642ddb3f3604f32
SHA256 5e931c67e3eb0e883b5cfd939ffdf85c9cc5a1b2fcd7e86bbb51348928e884ac
SHA512 c27716482bea59d12ee659068873d26c86cdf796357384b747948cc0392b5b9b525a8e705ffee4efb3001bee9b666d8035f07f667e5ee57a20be535bf9773867

C:\Windows\System32\drivers\etc\hosts

MD5 097dd503c6d9267ff3306caed5743e94
SHA1 3ed9bab5ee45b07c0d7fe0db4a9908811345aafd
SHA256 9a61237fb8426a395166cbe7cf5702bb2299b88f05661a5c329f677bd2f021e8
SHA512 50605e6e2ed8167ed17edef7a407d9c770900476f74f3366b13c5adbffa54f55a87e354e1f11b11c3e49885625d90f23f1ea3e515a1677cc52a3cf2bec80688a

C:\Windows\System32\drivers\etc\hosts.check

MD5 84b9d630222ead75430a862dcefee055
SHA1 6cdc8aee22eff83d48d1879c44452df3931ba6b7
SHA256 c4dd120b15404d66afbcac20d8493dae34bf9222ea404fa9f2c2d81e757e6a5d
SHA512 c4fcdf8a6a7784ee07cbeca0ba641efafd0252b846a778f03154788be02130e852965d65a3a6718813d1fa1949fdeee4f19704da34a7f04e98412dcc1c6e3918

C:\Windows\System32\drivers\etc\hosts

MD5 250a948fce681cb3131493e8c233fb27
SHA1 798a29b7001f9c9d8fa56514194cb2a4c3f959bb
SHA256 839176460146f24f49b45f3240d4943549baaf19086dfadf93144df4dd66f66c
SHA512 acb91ca69c850397a4a9c681ea849a01075ee626ae824a5693c49230623092eb12372a00f07c5c8cded746dd24038f005432881dbab721443f49f963a29bfe39

C:\Windows\System32\drivers\etc\hosts

MD5 959fdb365b7d1b64645413d950fff4e7
SHA1 9e61bf4612e23da89abbe6ae1bc16c5e73f2d0aa
SHA256 86dd104082f76b2664ab471b7cc450cbc151a4f17fc4ab6d729ad6a622b125bb
SHA512 666a251a21e2d5a233ff9999245f3bfc040b3a92db3ed5fb1799c22faacfd7e1b8a938115a23e5d9a010056870e62f56996bedecc6d2427debec74c1d6cb6beb

C:\Windows\System32\drivers\etc\hosts.check

MD5 5187a3f340b117e9b3ad4780a2bd06b7
SHA1 abfe1dcc97d413d1bc7cbaed246a1ce5ea1cdc21
SHA256 b10ae0b1c945d26e1c96030ee0a0fe74153ff4e3ff6e363319733997037aeca4
SHA512 e80843c9abcf61142345d2dc9e31d8cc0ebf8e02781e54682dd3031f4bcda06bbcc96934624be33ddd12255665dc54a05ac285cf6b42269a25971308b49491c6

C:\Windows\System32\drivers\etc\hosts

MD5 9bae2070267583bd0d3f6a5ca8ea1375
SHA1 78c0232e8924bd7f71820f2598a591b6c192ac05
SHA256 f593417272bbb8901fdd4aec3c558d0175710cd59c5a91d80977e4beeaf6e578
SHA512 1e7bc6c1b06c2bf1b2298041c6416b3589d14064cd3fec6b2eae354f4dbfea857cee4df1cedfb5957e2aa01636df8746f58996fd5d1d954ccd12194207ed4676

C:\Windows\System32\drivers\etc\hosts.check

MD5 4c743f2eb9ea8f9f3176b27ab223e294
SHA1 05ea0b494246d9b8fc34b299e5638be78bf10411
SHA256 f55726b45b9f9e128fff22569c615200b35c618f925ab5583f523e16a15c4b40
SHA512 a519f658a9aea54533873823f6cace16ad6679cdd103e55fb28db33a9b12ef07b39477d3e4cd720ae8ff4f93ec3f7946224a389531c994775705727505537c85

C:\Windows\System32\drivers\etc\hosts.check

MD5 f91180849ef997303475bc82f2ef53a6
SHA1 379df016ab7577ab5840e1440a6d0bd59f8c0f7d
SHA256 40de925dd2e5a427c1386d4e999af24044d94eaa8b8664047c71632416866543
SHA512 aa5be5a7452a655989881966572378c95259f219c14a7ac252de36614d36d8ce3e15d91fea6035367ae9a3595bede128fbe03c613820d1280764b5f8cc02ca8d

memory/1532-616-0x0000000011000000-0x000000001104C000-memory.dmp

memory/1532-612-0x0000000000400000-0x0000000000579000-memory.dmp

C:\Windows\System32\drivers\etc\hosts

MD5 9bc7eb1af1b129edb93b45e3755230b2
SHA1 a0c4a7ecd3d20f3be4ddfbbafe8b34b01399e1e9
SHA256 ae75844e29ca72189018260f9599a8af22b6b3189532d17121adfb20897da5b2
SHA512 b85d13f0d15b605167e33726ebe057d23904366d335c75630c2f28bf371189a80bc78c4a62e915bd7e21221e1c1f46c99f4a645ff0332078e114afd793af4a22

memory/1532-613-0x00000000033B0000-0x00000000033C5000-memory.dmp

C:\Windows\System32\drivers\etc\hosts.check

MD5 82bdb136d48d64932a046f3d76e8ae8f
SHA1 8861439ed236f5e634b76e4f51cb6b80c03b5380
SHA256 a4b181cf19e9fd43f31a2e00e14107c2b93d9dff2e6e00e1b700602709630572
SHA512 fa24c4aaef40dc3e4e1b6d09a438917a100d96b3285293bad37d7eeceb755b2e8d0eadbd05104d81201b32e8e6d0f444910743aa65d4d09fd36b2b265ef444db

C:\Windows\System32\drivers\etc\hosts.check

MD5 e1df35c45e15a1ada379ae188e0be704
SHA1 4288f48d73bd50ac474cfe132c48557db39ba929
SHA256 36acfa3aa442b34d8ad58c19bab276df6bcafb55a60210147f9b3041a651d1fb
SHA512 53e871a5921df53dee1283fe6dd0d6a9d71bbd405eb56ab58bb18622228af23be4fa9c7154c54af3194711524e15ec1438bb0cea596d49719a8a7d838602c83a

memory/1532-659-0x0000000000400000-0x0000000000579000-memory.dmp

memory/1532-663-0x0000000011000000-0x000000001104C000-memory.dmp

memory/1532-705-0x0000000000400000-0x0000000000579000-memory.dmp

memory/3764-706-0x0000000000400000-0x000000000042D000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\pending_pings\72eacf4a-0dac-4603-810e-2d654627a549

MD5 b4dcdf9c8ce28a4e737560a977fdd6e2
SHA1 3cab8bd303bfe13cfb806347a8825d89e98ed729
SHA256 3fd5dba21eafdbbd4c08d55b7f4ce1d7444a318ca64f44f1d513d81601d96df7
SHA512 9c878e8db0d1145756aa24c46208bb430f6fe75d58832ebaff6a57f9281021a398e9f97f3a41f70bd3e4ebe862a8e2f0ed0b38ce8366be04717632bf3efbd754

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\pending_pings\65a2af07-b003-4717-be89-8acc89a0225f

MD5 66d726d256980622d655983ef37324d9
SHA1 5bbb139b3c85fef4427260d0b4e179fb4584e83e
SHA256 2bea12d039362c5dd6528d60eaedc5089649ca6cdcf5b7eae9bfc060793d3f69
SHA512 6c80fc1367d47c38a6d50b0838fd605732a7f0d2f315722e588ab272bec2b4eecae227392046d30a4f3876409948ff78de58dcebdd13f532ab78c8df06c3693e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\pending_pings\3fc59039-5e8e-4719-9263-c026b82c1681

MD5 79f358338e0e065a98a040e4ffe9814c
SHA1 16d2b4a4b37a5839f84a0239e963dd11f04b4e86
SHA256 cc603dd5853c63b93136b9c608bce1402ac09722850ca8b8f958cbde27e3b8af
SHA512 e59348884d5600bd5f265e556d8374dc2b5d525c648ef047f92d4895de9a9cddb003659b801c83a1c827112ac1e6aa56028335772962927fcd19ae35fdc47173

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\db\data.safe.tmp

MD5 4ab0504accd8087b2b926e75afb84643
SHA1 943a245b6ac1b1ab33a3cf08f6c233b786704584
SHA256 ff07dff6324236fa81d9ace2e7f97b354a6c26fd53e8f3e3ccd255a3d6a92e73
SHA512 e23d8e16728685110fc805fabe340da2a9569e0bb2cf84d7368e2e1a86724a146a09e5f0bb2c2425d43c0c2080561b27536a6c76271f28c311d80c9333dff120

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\db\data.safe.tmp

MD5 a4d6b6bf1b13212c050dc4e0798e0315
SHA1 5dd47e412d40c189b5c4802bde4ef7b742e7c367
SHA256 b0faac855241b7f1013fec53654bf1e4b538955197c172b7b7f5f31fc3b90bd6
SHA512 55fce7c80313705dfebab24e3fd5d0b689801d98dd0a114777a022be1e4313df86a3bfb9aadc91b1d5ab68068bae7412d5aeee460e9c04701358fba379a9f53d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\activity-stream.discovery_stream.json

MD5 cd237194d172f72edea2dbb15fdc38a0
SHA1 54c84b281fa079ed5f46914971f3e9af88a28066
SHA256 efb36fda5cc0371318275cecc222cd68bb33c0dcbf0eb7558d6bf05c48765c9e
SHA512 cf2f830a44d293c5a216a3bbbf1f66ad24f08df66161facc544c1cb68033b331e7e999ac76c7ad2e8c800bf1dc61c759b1301ed407f017118319a7b667574d7f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

MD5 c460716b62456449360b23cf5663f275
SHA1 06573a83d88286153066bae7062cc9300e567d92
SHA256 0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0
SHA512 476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs.js

MD5 f322c1f8bf2370cd36fdf4b32e1da22f
SHA1 69f27606bafbd8c2ac06d619808be826fbe300ef
SHA256 d33bf578e237596a572c3930339cba23e504cd754e9a5880c955300b4a6349e1
SHA512 f2e79165b60ef0b2d2870bc9b1dc6b87820b352ff39f1debc5b516e4fffb9c2c338b57da0df2e30ff9ffcea10bcad718463d61230d888c66bb736f27b0776834

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs-1.js

MD5 e6c33225f1c81c5f9548295505e7e1c4
SHA1 0bc1e8d64df0c8ae1836a3b480e45640bb8c3585
SHA256 2e93d5a3a56dd770a5e5599e681cc9f3f95fc104eb1b248e77869f7e937b19a5
SHA512 753dc991579b7b91e9f56250bebcd6ef4744915cdf42ec7fca82a793157471fcb1f5f7d0bde848a01387f4ea95f8d8af564e3e12acef62c295e550cd7bcdfb7f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\db\data.safe.tmp

MD5 961b17cd595162459147a085c0ac0f35
SHA1 f8abdbf95e6aaf8690f76573a85c7c0aad714c97
SHA256 6c392d55377f8d7946a3fb3aecf3062ee7ac22eae1ff6f6e4df703d4a74af62c
SHA512 1f854e0787452514a409ce87e4b088587e28cb0ef70294010cf22e0b011214c874dfcd7df9634a6745f51a8019359c3893cff7d41624a884cbdac6abdcc4b3bd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\AlternateServices.bin

MD5 1f84923775480ec1d448351db5e04265
SHA1 1db5c2a76d108ac81f94c1d271b611702cfe554a
SHA256 01db4fcae0c5d308e2e22464c4f6b6d31d51b560c27d89ae2e66b026c3f751ba
SHA512 4429bd0ef6b54277d50b96525c378eb128967a3a3dc40dee83fb97ed6dd5afbd278ddcbb8cbd8f7b69b327e292bdfc0742b042c63e853b55b3ceb6aa89120e74

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs-1.js

MD5 fd11d691562250a0cf466ca3c0ce10ce
SHA1 eded6ae20e1adcdaad2aa0e211d563f7eced0b5b
SHA256 fb35cbb11f2c2ac3113f47aa663403e4e4030136445c318d6985ed5a369d8f3f
SHA512 e04aa88f8180057f46bca81ce2ee283faafb4b5a00984546d96a8683a18d4547ce65ed3710d38894b49ed666a035f1eb5facb516dfbaebe289fcf3802c23a773

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\sessionstore-backups\recovery.baklz4

MD5 d3dd1a4974c1aedbe57cf4f31dfa1d4a
SHA1 259b616a97b0ef96df49251d7c4ad7acf0fc3768
SHA256 736d87197c4262d2fd5a652b7f9acf08cd4fca88c9c9cdcec0dd2c4d576b54d0
SHA512 713f53368c56f5985da83d872ffe34c50a97ce918f910a31f6cb043943b9a4d5b81ba8417485d777471e72947da0d728c09a423cc18981aff2b70c59c40a0706

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 09372174e83dbbf696ee732fd2e875bb
SHA1 ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256 c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512 b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

MD5 2a461e9eb87fd1955cea740a3444ee7a
SHA1 b10755914c713f5a4677494dbe8a686ed458c3c5
SHA256 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA512 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

MD5 842039753bf41fa5e11b3a1383061a87
SHA1 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256 d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512 d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\storage\default\https+++www.youtube.com^partitionKey=%28https%2Cfitgirl-repacks.site%29\idb\1236241214LCo7g%sCD7a%t8a9b6a2s.sqlite

MD5 440377c9ba3e08805b21209078c7ddc4
SHA1 9c215fb82ab0efabcf349e3482fffbfe0584425c
SHA256 e794d35ae8592bb1c1cc1147888c155093d18dc7a13a1f3da5e891d43fc8e1f6
SHA512 7e504223988f2e90cac9c2344aa82c2fa1150b1e79d4e7c4b099ba29c4e554d0ccb9201924a77e88d012cf24510dd08ddab1709b3edfba0bb39537e8cf2f0713

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 0a8747a2ac9ac08ae9508f36c6d75692
SHA1 b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA256 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA512 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

MD5 bf957ad58b55f64219ab3f793e374316
SHA1 a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256 bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA512 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

MD5 daf7ef3acccab478aaa7d6dc1c60f865
SHA1 f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256 bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA512 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\E60B9BD4DBC486130F50AECFEBA70A537A92204D

MD5 71cf5a07310dd2c9ba279264a92775d4
SHA1 2699dbbbb3b83f54b24427b72f2d558f73746ee8
SHA256 ca81ff8965e967913291b86b59bcd49b9452076d48cbac7bef9737c91e5ef231
SHA512 b3829ddf392e906dbbd1e4d9222937dee9e410b2cc46c3b05d4ddfe00ef98ceb8bfc0977454e184bd2668930c640cb593034c0dd63e29d6126e9485e2abb299e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\5A41639711E573091BF78E4298A4F67CFA882D33

MD5 7ba22bef5b2d5a8d6330a2a1109e63f6
SHA1 73d86276dbd8bef3a8bc536e69a61dd87cd73a3b
SHA256 806a7de96740ba33132253d8d12069c54516615350aa5a6df183ef378dd49bdb
SHA512 302385c03f3ab518a9f56fbdad0a4ea825fc7490c033517cb204fc6d21875cafc8d5388e8dcb55d21c524b02e76ad21dc0c226d708625fea0694e204de45a2e6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\D05E0DA9C38C303B2006DB7C5D1D134A10912417

MD5 f7e607386c33df6ec045f647378ec2dc
SHA1 5bba10496d6b26f51029c728cba78e28f82a3ee4
SHA256 c1f376aad738a5222ea0a216a62045a546ce8315e53e2f176d896bbfdd39f373
SHA512 1d0ac099fd7bed2f1c353ece47bbee485698bd2d3f9e3b85a72ca7c5cbd57c393a214f40468473e1e9d496b3950417a82c00a2e8f881f665b3cd1aa5660a01ae

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\4E8AAC7122F78D6826D546E0A58FEA3E79D6FAC5

MD5 39f2d4886cc5fba4a53a2ffc8f507a69
SHA1 e55e21b3a7bedc9fcd1735a1b11a6538c5c393d6
SHA256 610d2ec133cb510de067df7d6c70ddf83133022cd7a1db7f7253812ffd9bc865
SHA512 43cb5f86ff20e95c151f9c188b513d293a66a88c2495562dcefb934359c31b4bc54a221410a432809d551ca420abcfac9d963dde850c5c93aad1582ea80ed358

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\2679881610408803C3BF3065544651AFEABA36E3

MD5 9a79e69e92a6230767b5b99d246d4808
SHA1 3f74ead63c9b3b640d5df3bb9c3c4185db97f504
SHA256 6ec229e1e91617c00a454b707a3264cb203468b3778a54e0ef1fff7520ad82fe
SHA512 1521b34e226fa9d7f12def9d3c5c6a824d0b480fa26bd61f9b6066d1e65ddcc9e44fa0d5591e370c27cb6a23e347658c1b6354aa1709b90318e678cc533fdc9a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\BFA5A844BCB09249ADA832920B2A74CCE4612F5F

MD5 dbd1327b857dd2a5cc206cf428b9d195
SHA1 a73aa1f05311db8246b3fcd8953f58e3a643754b
SHA256 24ccab97e8d1445e5722da7d1a348e84649fd420a631e64095b15779e4bca46e
SHA512 e1579e16d80e7b797099f98fe688ebf1b98163a26e83fa7fc8b50b1d07091c1a980062a219b3d464a21042ff49a90ef5eb527b7f2ec6b59dda68e7c613d8980b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\BD2EA932DB66538B1875D1039566B67DA73DCEF6

MD5 96aef61b35f9b98379a1b18aa545ce9c
SHA1 7db12c7f02a3ddea176c676520b92ea16cc4f8b2
SHA256 c9afc38f6ee7d2f3ae3fa27f7bdd9b1c2e952cc52f5677a118188148a8714905
SHA512 fa2dad35b5d4e0d4188c3d3b93d7c9e6304f6dcaafcac58a10c808b535cb808308d8a0e0d26a3c5d14cc6cfb7abd7adfffc6797e2c16331b38a6916972b7955c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\FACD6FA34F814668BCD168261B476F214CB0689D

MD5 f1f30fc4bdfba3398cb228e7a232c7f4
SHA1 06715d39e1ea59a864d1e38b95eb0c7039ede6e1
SHA256 af9916d01f16ca8b5796ffc49b3a427479a2a4321cf54fceb72e985119fc2a28
SHA512 09eba24027004a8926aad002de6b2bb36c95691238ac0f7a49e43db5bf7f786cb870092e1b86a1a9eb0d6f7c7314f08e941174d19fed3b972f0e5dd448be1354

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\sessionstore-backups\recovery.baklz4

MD5 aba1aed36c3499ea94e1b4b7db4b0fad
SHA1 1e022c9c2016a561a21e62b6a09adb8178d824d4
SHA256 f3a58cedd52c99316148178545b4626b296c03ae57d644c6d64c61854cc082cd
SHA512 54802f5814690c4bfa9978d5650687c0349acec9069de64e2190df9afb0d707d0b7a0eef109e70f74487adf22f23b5de1d5bc201d08dce9d21408b0525226993

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\sessionstore-backups\recovery.baklz4

MD5 1aa40e5018e0972c61ad56658b019186
SHA1 902c9bbe5c59c1c7aa241eee2c9cf115883b44a7
SHA256 a0dd15cab164082d9992f496a5764954a40e4351a8b0752b255b7c433e5f6b01
SHA512 bb1ad3a99d3d93dc0c59b87525789693d77ecbefa46327c302c9d7202290d42aef0ac642e69cbc659a3a99f72815d996c1f38e29a398e764e15f69a9f2e7997b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\5ED438B0A36BF37D7ED3284C3EE40A912B44EC57

MD5 35c64949ee1542ce4d1d1f782695f5fe
SHA1 30323f2437789c6a85a70990a961644f9b66e6c6
SHA256 8873c20580380ed846d7cc89e5d788ad5b9da8ae6c61269e09c0f08d00c488a8
SHA512 f9ec1e09f0a89fd2fb26e78bc2c04bbba990179141aba7a6aaefd030b8ccfaa0e5650d11df9bfdd4bc8918ec6bdff115600e28bdcbb55a4d4b882e7cecd2b921

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\storage\default\https+++mega.nz\cache\morgue\49\{dfb019db-6a89-40e5-8b24-f2601f788131}.final

MD5 3efa9abd92666265dd81c4f4311a96f9
SHA1 41b6b716d67b93555e444cd453f3c6e3f8c9522c
SHA256 5066b1841e8877db31312ef3af86f9bc9234c95071119e025764f45241a4e2e7
SHA512 5961950f077501608a0f2975e7f69c483eeacc4eec4ac77fd650cc1131609501f87819f93ed23aa508a90426156abf038a859fac4112d2d4435bbb634027cd6c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\sessionstore-backups\recovery.baklz4

MD5 11e80281c0b2ae2729680fb784e06303
SHA1 b2eebe89f51b2070dcc2e6acc86eb306efacc33d
SHA256 96d774db9f83b80ca16fe9b21d53659e6baf98349fd7a70c591468ada834ef23
SHA512 5b9e4bbfafd0bb64fcbb1c963e2bfd649da2eb76d870f94728d785ae9066fc08ac0a0e3b19038fcdef9ec1416abda58f6c3ff5e001c4dc092c03e065f87e433b

C:\Users\Admin\Downloads\✪➳S͜͡etUp✵i͜ntaller͜͡✅・5675・P͜@s$WⓞRÐ✪.jdjvGzEy.rar.part

MD5 c830e95afed75a34ccdbfdcfb39f7548
SHA1 fb8f44a79c22086c1f24b75ec963ed04ad8d673a
SHA256 5b4f74b5949cbc4dc965e218646f03e2a8f3621770a96cad66f793609bf1869a
SHA512 2a696d8d122d0f038aedc7269e32eae30f144bc27d4536219be6b080e502589b3371882fcc94748a587bfb01597e9a077e24c23a3374e8a7f3a9d96b0e6cae09

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\sessionstore-backups\recovery.baklz4

MD5 5f60de6dc3e9089cfccb8f181b298bb9
SHA1 bb1e7c05cb88e27501a9f5fae22cc7f6dd8f956f
SHA256 fbdae67d378322a7f23b6359e7f38a9727edd4cdb1bbb1fcfe0cfa527caa2506
SHA512 780dcc465be5d9ea6a7825914d88f954d04fa06f520ee9ca5ac2acb86dfc9f926f0d858668387f47e427714e526f747b5eda376417c90dfc37b9d8b26558f65f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\sessionstore-backups\recovery.baklz4

MD5 0e7070992b988c227ebd7f145deac2c8
SHA1 e31934b6ab21cf48bc209b54b078b7052c8089e3
SHA256 ae7ecd8ded71cb48123516e125fde7c9a5fd48036f4327d8f944eb7ce6f2e0f2
SHA512 45752b6fea0d94d74271a04f2b9e2da6154d780f84174a531cc692a10e573570b7575f3546c4284d36c1663cea0d0b473303300d2b84cbf6cda8dea34ba16c32

memory/9120-2175-0x00007FFF7B8D0000-0x00007FFF7BA42000-memory.dmp

memory/9120-2188-0x00007FFF7B8D0000-0x00007FFF7BA42000-memory.dmp

memory/9120-2210-0x00007FFF7B8D0000-0x00007FFF7BA42000-memory.dmp

memory/4672-2220-0x00007FFF9B5D0000-0x00007FFF9B7C5000-memory.dmp

memory/4672-2222-0x0000000074AC0000-0x0000000074C3B000-memory.dmp

memory/1640-2224-0x00007FFF7BFC0000-0x00007FFF7C132000-memory.dmp

memory/5732-2237-0x00007FFF9B5D0000-0x00007FFF9B7C5000-memory.dmp

memory/1640-2238-0x00007FFF7BFC0000-0x00007FFF7C132000-memory.dmp

memory/7972-2242-0x00007FFF9B5D0000-0x00007FFF9B7C5000-memory.dmp

memory/5732-2243-0x0000000000250000-0x00000000002B7000-memory.dmp

memory/8776-2246-0x00007FFF9B5D0000-0x00007FFF9B7C5000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\db\data.safe.tmp

MD5 2acc10f8bd06f529a001aa9f99c6902b
SHA1 b4ef02a09becdcc5a130041a4ace2320cce7d185
SHA256 bfab74a21aaaf82e56286dff124a976191a952fba3868b91374876ed0764accd
SHA512 5c43a2841f1211c05c416cdf4acb8d652aba616c43581f10113c72dbadcc6fa6fea422714e06d7c116cc0ffe99e51befde9921d1d0a5d273d59e1ae47feb0e62

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\pending_pings\01c5dded-c77e-4912-9c09-9972b96884cd

MD5 8c4b044b3c2f035491eca8a0226a2c1d
SHA1 a73ecfceb46e9512c5720976a87b9f4c09243689
SHA256 75718bcce021779783fe8e1ed0be5c4eaa07b0f0b3e95aae6a291bd37f889053
SHA512 829818f421d44d4ffe5e447e647632aa79633ff129cab5bdf9c871ffe38a15353ec2b1333a5182e8836d6467096050064f60f400a4c77a0d01d267b6ca4d44a8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs-1.js

MD5 d5e6ca649439f363bcb4c81d65fcfe34
SHA1 d504d86f5711aa48f1d79283d38c2d946c24574a
SHA256 23e454ec5967134e97f0186675f06b1ea4c37468dde09dda86383b08668d2cc1
SHA512 450864b637653b7f0cfad333abd3fe836c611033d50899f4a53e81376dab26d6c1580b418e8ad7088d8d4df8118cc1b4f568d0e85bbb381a586321f0d8fab14c

memory/8776-2381-0x0000000000130000-0x0000000000197000-memory.dmp

memory/8776-2384-0x0000000000130000-0x0000000000197000-memory.dmp