Malware Analysis Report

2025-03-14 21:43

Sample ID 250111-bnhz1swqc1
Target luajit.exe
SHA256 1cf20b8449ea84c684822a5e8ab3672213072db8267061537d1ce4ec2c30c42a
Tags
google discovery evasion phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1cf20b8449ea84c684822a5e8ab3672213072db8267061537d1ce4ec2c30c42a

Threat Level: Known bad

The file luajit.exe was found to be: Known bad.

Malicious Activity Summary

google discovery evasion phishing

Modifies visibility of file extensions in Explorer

Modifies visiblity of hidden/system files in Explorer

Looks up external IP address via web service

Legitimate hosting services abused for malware hosting/C2

Detected potential entity reuse from brand GOOGLE.

Probable phishing domain

System Location Discovery: System Language Discovery

Unsigned PE

Uses Task Scheduler COM API

Suspicious use of AdjustPrivilegeToken

NTFS ADS

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Modifies registry class

Suspicious use of SendNotifyMessage

Checks processor information in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-01-11 01:17

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-01-11 01:17

Reported

2025-01-11 01:23

Platform

win10ltsc2021-20241211-en

Max time kernel

307s

Max time network

308s

Command Line

"C:\Users\Admin\AppData\Local\Temp\luajit.exe"

Signatures

Modifies visibility of file extensions in Explorer

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2366345620-3342093254-3461191856-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "0" C:\Windows\system32\SystemPropertiesAdvanced.exe N/A

Modifies visiblity of hidden/system files in Explorer

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2366345620-3342093254-3461191856-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" C:\Windows\system32\SystemPropertiesAdvanced.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A pastebin.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A pastebin.com N/A N/A
N/A pastebin.com N/A N/A
N/A pastebin.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A pastebin.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A

Detected potential entity reuse from brand GOOGLE.

phishing google

Probable phishing domain

Description Indicator Process Target
HTTP URL https://pastebin.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=9001163fde1d94a2 N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\luajit.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Nezur\luajit.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Nezur\luajit.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2366345620-3342093254-3461191856-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\Nezur-Executor-2024-main.zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\Nezur.zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4400 wrote to memory of 1248 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4400 wrote to memory of 1248 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4400 wrote to memory of 1248 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4400 wrote to memory of 1248 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4400 wrote to memory of 1248 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4400 wrote to memory of 1248 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4400 wrote to memory of 1248 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4400 wrote to memory of 1248 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4400 wrote to memory of 1248 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4400 wrote to memory of 1248 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4400 wrote to memory of 1248 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 4200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 4200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 4200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 4200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 4200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 4200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 4200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 4200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 4200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 4200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 4200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 4200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 4200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 4200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 4200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 4200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 4200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 4200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 4200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 4200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 4200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 4200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 4200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 4200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 4200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 4200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 4200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 4200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 4200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 4200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 4200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 4200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 4200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 4200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 4200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 4200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 4200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 4200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 4200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 4200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 4200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 4200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 4200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 4200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 4200 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 2224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 2224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 2224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 2224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 2224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 2224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 2224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1248 wrote to memory of 2224 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\luajit.exe

"C:\Users\Admin\AppData\Local\Temp\luajit.exe"

C:\Windows\system32\SystemPropertiesAdvanced.exe

"C:\Windows\system32\SystemPropertiesAdvanced.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1980 -parentBuildID 20240401114208 -prefsHandle 1888 -prefMapHandle 1880 -prefsLen 23839 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f16fdad-be12-4985-b57e-a3b68cd2a489} 1248 "\\.\pipe\gecko-crash-server-pipe.1248" gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2372 -prefMapHandle 2368 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f4d133f-317e-4ead-a038-79b81f03af5f} 1248 "\\.\pipe\gecko-crash-server-pipe.1248" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3032 -childID 1 -isForBrowser -prefsHandle 2976 -prefMapHandle 3004 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bbe7f7f5-8946-4f26-b601-afb6cbb8485e} 1248 "\\.\pipe\gecko-crash-server-pipe.1248" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4228 -childID 2 -isForBrowser -prefsHandle 4220 -prefMapHandle 4216 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {30e3e21e-c671-4ad2-8338-11035163623c} 1248 "\\.\pipe\gecko-crash-server-pipe.1248" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4848 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 2752 -prefMapHandle 4828 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad2494f4-b58c-4943-a789-03df49ca8479} 1248 "\\.\pipe\gecko-crash-server-pipe.1248" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4988 -childID 3 -isForBrowser -prefsHandle 4856 -prefMapHandle 5216 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {90b5f9da-f737-4325-89d8-37aee078b780} 1248 "\\.\pipe\gecko-crash-server-pipe.1248" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5148 -childID 4 -isForBrowser -prefsHandle 5224 -prefMapHandle 5220 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b25e18af-15ce-4954-84f1-48b4609cf124} 1248 "\\.\pipe\gecko-crash-server-pipe.1248" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5496 -childID 5 -isForBrowser -prefsHandle 5484 -prefMapHandle 5480 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a50290b8-b3f6-4e5a-aa3d-b6ab498e84a9} 1248 "\\.\pipe\gecko-crash-server-pipe.1248" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2736 -childID 6 -isForBrowser -prefsHandle 4636 -prefMapHandle 4632 -prefsLen 27318 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b4058072-3693-477c-bdfa-ed5a0f4d771c} 1248 "\\.\pipe\gecko-crash-server-pipe.1248" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6412 -childID 7 -isForBrowser -prefsHandle 6388 -prefMapHandle 6400 -prefsLen 28105 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c69065f-1d98-4c15-9cd0-a1d9cbf8023a} 1248 "\\.\pipe\gecko-crash-server-pipe.1248" tab

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6932 -childID 8 -isForBrowser -prefsHandle 6140 -prefMapHandle 4784 -prefsLen 28145 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9302c4de-bb9a-4c69-8cc3-b18e2cf23491} 1248 "\\.\pipe\gecko-crash-server-pipe.1248" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5204 -childID 9 -isForBrowser -prefsHandle 5564 -prefMapHandle 6676 -prefsLen 28145 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {afd16b51-fd2b-475f-bf87-7a93193acd66} 1248 "\\.\pipe\gecko-crash-server-pipe.1248" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6960 -childID 10 -isForBrowser -prefsHandle 5544 -prefMapHandle 6656 -prefsLen 28145 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a231e85c-89fd-4629-bed8-ddac03e4f5ed} 1248 "\\.\pipe\gecko-crash-server-pipe.1248" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6068 -childID 11 -isForBrowser -prefsHandle 6468 -prefMapHandle 6464 -prefsLen 28145 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7fc98a76-377e-4ed9-b046-546dd72300f3} 1248 "\\.\pipe\gecko-crash-server-pipe.1248" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6088 -parentBuildID 20240401114208 -prefsHandle 6060 -prefMapHandle 5492 -prefsLen 33945 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb419901-72a7-40b1-a527-e46f553393e9} 1248 "\\.\pipe\gecko-crash-server-pipe.1248" rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8176 -childID 12 -isForBrowser -prefsHandle 8184 -prefMapHandle 8180 -prefsLen 28145 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9d2eede-5e9a-4402-af4d-2e8a655b39a5} 1248 "\\.\pipe\gecko-crash-server-pipe.1248" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7992 -childID 13 -isForBrowser -prefsHandle 7972 -prefMapHandle 8196 -prefsLen 28145 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {30aeb033-d503-4cb3-8607-611c760f6749} 1248 "\\.\pipe\gecko-crash-server-pipe.1248" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8384 -childID 14 -isForBrowser -prefsHandle 8392 -prefMapHandle 8396 -prefsLen 28145 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb1e146a-5be5-4881-8190-7cfdde04d121} 1248 "\\.\pipe\gecko-crash-server-pipe.1248" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8652 -childID 15 -isForBrowser -prefsHandle 8440 -prefMapHandle 8444 -prefsLen 28145 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {084d78cf-4104-4fb1-8e26-36e3e43e4a20} 1248 "\\.\pipe\gecko-crash-server-pipe.1248" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8852 -childID 16 -isForBrowser -prefsHandle 8440 -prefMapHandle 8468 -prefsLen 28145 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bca299aa-f527-4a70-8ec0-a6232636e8b0} 1248 "\\.\pipe\gecko-crash-server-pipe.1248" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8780 -childID 17 -isForBrowser -prefsHandle 8792 -prefMapHandle 8788 -prefsLen 28145 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a9ea707-d2cf-47a6-a6bb-5d30585465ba} 1248 "\\.\pipe\gecko-crash-server-pipe.1248" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8728 -childID 18 -isForBrowser -prefsHandle 8204 -prefMapHandle 8268 -prefsLen 28145 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1946d71-3437-4cec-b8d2-fb5af07106ed} 1248 "\\.\pipe\gecko-crash-server-pipe.1248" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6672 -childID 19 -isForBrowser -prefsHandle 8556 -prefMapHandle 6668 -prefsLen 28145 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ab91d91-ebb7-4a4f-baa8-c48dba0fd977} 1248 "\\.\pipe\gecko-crash-server-pipe.1248" tab

C:\Users\Admin\Downloads\Nezur\luajit.exe

"C:\Users\Admin\Downloads\Nezur\luajit.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Nezur\Launcher.bat" "

C:\Windows\system32\cacls.exe

"C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"

C:\Users\Admin\Downloads\Nezur\luajit.exe

luajit.exe conf

Network

Country Destination Domain Proto
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 202.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
N/A 127.0.0.1:49799 tcp
US 8.8.8.8:53 checkappexec.microsoft.com udp
GB 51.140.242.104:443 checkappexec.microsoft.com tcp
US 8.8.8.8:53 203.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 104.242.140.51.in-addr.arpa udp
US 8.8.8.8:53 www.mozilla.org udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 firefox-api-proxy.cdn.mozilla.net udp
US 151.101.195.19:443 www.mozilla.org tcp
US 151.101.195.19:443 www.mozilla.org tcp
US 8.8.8.8:53 www-mozilla.fastly-edge.com udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 34.149.97.1:443 firefox-api-proxy.cdn.mozilla.net tcp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 www-mozilla.fastly-edge.com udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.149.97.1:443 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 19.195.101.151.in-addr.arpa udp
US 8.8.8.8:53 64.50.235.44.in-addr.arpa udp
N/A 127.0.0.1:49808 tcp
US 8.8.8.8:53 ac.duckduckgo.com udp
IE 52.142.124.215:443 ac.duckduckgo.com tcp
US 8.8.8.8:53 duckduckgo.com udp
US 8.8.8.8:53 duckduckgo.com udp
IE 52.142.124.215:443 duckduckgo.com tcp
US 8.8.8.8:53 181.129.81.91.in-addr.arpa udp
US 8.8.8.8:53 215.124.142.52.in-addr.arpa udp
US 8.8.8.8:53 duckduckgo.com udp
IE 52.142.124.215:443 duckduckgo.com tcp
IE 52.142.124.215:443 duckduckgo.com tcp
US 8.8.8.8:53 links.duckduckgo.com udp
IE 20.223.54.233:443 links.duckduckgo.com tcp
IE 20.223.54.233:443 links.duckduckgo.com tcp
US 8.8.8.8:53 links.duckduckgo.com udp
US 8.8.8.8:53 links.duckduckgo.com udp
US 8.8.8.8:53 external-content.duckduckgo.com udp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
US 8.8.8.8:53 external-content.duckduckgo.com udp
US 8.8.8.8:53 233.54.223.20.in-addr.arpa udp
US 8.8.8.8:53 external-content.duckduckgo.com udp
US 8.8.8.8:53 improving.duckduckgo.com udp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
US 8.8.8.8:53 222.125.142.52.in-addr.arpa udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.190.72.216:443 location.services.mozilla.com tcp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
GB 142.250.180.14:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.180.14:443 redirector.gvt1.com udp
US 8.8.8.8:53 r5---sn-4g5ednkl.gvt1.com udp
DE 173.194.10.106:443 r5---sn-4g5ednkl.gvt1.com tcp
US 8.8.8.8:53 r5.sn-4g5ednkl.gvt1.com udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 216.72.190.35.in-addr.arpa udp
US 8.8.8.8:53 155.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 r5.sn-4g5ednkl.gvt1.com udp
DE 173.194.10.106:443 r5.sn-4g5ednkl.gvt1.com udp
US 8.8.8.8:53 106.10.194.173.in-addr.arpa udp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.110.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 private-user-images.githubusercontent.com udp
US 8.8.8.8:53 private-user-images.githubusercontent.com udp
US 185.199.110.133:443 private-user-images.githubusercontent.com tcp
US 8.8.8.8:53 private-user-images.githubusercontent.com udp
US 8.8.8.8:53 154.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.112.22:443 collector.github.com tcp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 140.82.112.22:443 collector.github.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 22.112.82.140.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 185.199.109.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.110.133:443 private-user-images.githubusercontent.com tcp
US 8.8.8.8:53 codeload.github.com udp
GB 20.26.156.216:443 codeload.github.com tcp
US 8.8.8.8:53 codeload.github.com udp
US 8.8.8.8:53 codeload.github.com udp
US 8.8.8.8:53 216.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 improving.duckduckgo.com udp
US 8.8.8.8:53 duckduckgo.com udp
US 8.8.8.8:53 duckduckgo.com udp
IE 52.142.124.215:443 duckduckgo.com tcp
US 8.8.8.8:53 gist.github.com udp
GB 20.26.156.215:443 gist.github.com tcp
GB 20.26.156.215:443 gist.github.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 185.199.111.133:443 camo.githubusercontent.com tcp
US 185.199.111.133:443 camo.githubusercontent.com tcp
US 185.199.111.133:443 camo.githubusercontent.com tcp
US 185.199.111.133:443 camo.githubusercontent.com tcp
US 185.199.111.133:443 camo.githubusercontent.com tcp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
IE 52.142.124.215:443 duckduckgo.com tcp
US 8.8.8.8:53 pastebin.com udp
US 104.20.4.235:443 pastebin.com tcp
US 8.8.8.8:53 pastebin.com udp
US 8.8.8.8:53 pastebin.com udp
US 8.8.8.8:53 challenges.cloudflare.com udp
US 104.18.94.41:443 challenges.cloudflare.com tcp
US 8.8.8.8:53 challenges.cloudflare.com udp
US 8.8.8.8:53 challenges.cloudflare.com udp
US 104.18.94.41:443 challenges.cloudflare.com udp
US 104.18.94.41:443 challenges.cloudflare.com tcp
US 8.8.8.8:53 235.4.20.104.in-addr.arpa udp
US 8.8.8.8:53 41.94.18.104.in-addr.arpa udp
US 8.8.8.8:53 services.vlitag.com udp
US 104.22.58.199:443 services.vlitag.com tcp
US 8.8.8.8:53 services.vlitag.com udp
US 8.8.8.8:53 services.vlitag.com udp
US 104.22.58.199:443 services.vlitag.com udp
US 104.22.58.199:443 services.vlitag.com tcp
US 8.8.8.8:53 199.58.22.104.in-addr.arpa udp
US 8.8.8.8:53 72.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 104.22.58.199:443 services.vlitag.com udp
US 8.8.8.8:53 dsp.vlitag.com udp
US 8.8.8.8:53 cmp.inmobi.com udp
US 8.8.8.8:53 s3.vlitag.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 imasdk.googleapis.com udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 104.22.59.199:443 s3.vlitag.com tcp
US 8.8.8.8:53 dsp.vlitag.com udp
US 104.22.59.199:443 dsp.vlitag.com tcp
US 8.8.8.8:53 s3.vlitag.com udp
US 104.22.59.199:443 s3.vlitag.com tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
GB 216.58.201.106:443 imasdk.googleapis.com tcp
US 8.8.8.8:53 imasdk.googleapis.com udp
US 8.8.8.8:53 d23sp3kzv1t6m5.cloudfront.net udp
US 8.8.8.8:53 d1ykf07e75w7ss.cloudfront.net udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 dsp.vlitag.com udp
US 8.8.8.8:53 s3.vlitag.com udp
US 104.22.59.199:443 s3.vlitag.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 imasdk.googleapis.com udp
US 8.8.8.8:53 d23sp3kzv1t6m5.cloudfront.net udp
US 8.8.8.8:53 d1ykf07e75w7ss.cloudfront.net udp
US 104.22.59.199:443 s3.vlitag.com udp
GB 216.58.201.106:443 imasdk.googleapis.com udp
NL 18.239.36.42:443 d23sp3kzv1t6m5.cloudfront.net tcp
GB 172.217.16.226:443 securepubads.g.doubleclick.net tcp
NL 18.239.70.135:443 d1ykf07e75w7ss.cloudfront.net tcp
GB 172.217.16.226:443 securepubads.g.doubleclick.net tcp
GB 172.217.16.226:443 securepubads.g.doubleclick.net udp
NL 18.239.70.135:443 d1ykf07e75w7ss.cloudfront.net tcp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 px.vliplatform.com udp
US 8.8.8.8:53 199.59.22.104.in-addr.arpa udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 42.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 135.70.239.18.in-addr.arpa udp
US 151.101.129.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 jsdelivr.map.fastly.net udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 cdn.hadronid.net udp
US 141.101.120.10:443 px.vliplatform.com tcp
US 8.8.8.8:53 px.vliplatform.com udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 jsdelivr.map.fastly.net udp
US 8.8.8.8:53 cdn.hadronid.net udp
US 8.8.8.8:53 px.vliplatform.com udp
US 8.8.8.8:53 cdn.hadronid.net udp
US 151.101.129.229:443 jsdelivr.map.fastly.net udp
US 141.101.120.10:443 px.vliplatform.com udp
NL 18.238.243.129:443 config.aps.amazon-adsystem.com tcp
US 104.22.52.173:443 cdn.hadronid.net tcp
US 8.8.8.8:53 api.cmp.inmobi.com udp
DE 3.127.93.12:443 api.cmp.inmobi.com tcp
US 8.8.8.8:53 choice-apis-prod-2120274730.eu-central-1.elb.amazonaws.com udp
US 8.8.8.8:53 choice-apis-prod-2120274730.eu-central-1.elb.amazonaws.com udp
US 8.8.8.8:53 229.129.101.151.in-addr.arpa udp
US 8.8.8.8:53 10.120.101.141.in-addr.arpa udp
US 8.8.8.8:53 173.52.22.104.in-addr.arpa udp
US 8.8.8.8:53 129.243.238.18.in-addr.arpa udp
US 8.8.8.8:53 12.93.127.3.in-addr.arpa udp
US 8.8.8.8:53 id.a-mx.com udp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 a.ad.gt udp
US 8.8.8.8:53 id.hadron.ad.gt udp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
US 8.8.8.8:53 cdn-ima.33across.com udp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 oa.openxcdn.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
NL 79.127.227.46:443 id.a-mx.com tcp
US 8.8.8.8:53 id.a-mx.com udp
US 8.8.8.8:53 gum.nl3.vip.prod.criteo.com udp
US 8.8.8.8:53 75bcbfdbee9afe2d8418e528344ac942.safeframe.googlesyndication.com udp
US 8.8.8.8:53 id5-sync.com udp
US 104.22.4.69:443 id.hadron.ad.gt tcp
US 104.22.4.69:443 id.hadron.ad.gt tcp
US 8.8.8.8:53 id.hadron.ad.gt.cdn.cloudflare.net udp
US 8.8.8.8:53 a.ad.gt.cdn.cloudflare.net udp
GB 172.217.16.226:443 ep1.adtrafficquality.google tcp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
US 8.8.8.8:53 oa.openxcdn.net udp
US 8.8.8.8:53 cdn-ima.33across.com.cdn.cloudflare.net udp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
US 8.8.8.8:53 id.a-mx.com udp
US 8.8.8.8:53 gum.nl3.vip.prod.criteo.com udp
US 8.8.8.8:53 static.nl3.vip.prod.criteo.net udp
US 8.8.8.8:53 id.hadron.ad.gt.cdn.cloudflare.net udp
US 8.8.8.8:53 a.ad.gt.cdn.cloudflare.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
GB 172.217.169.1:443 75bcbfdbee9afe2d8418e528344ac942.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 pagead-googlehosted.l.google.com udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 oa.openxcdn.net udp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
US 8.8.8.8:53 cdn-ima.33across.com.cdn.cloudflare.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 static.nl3.vip.prod.criteo.net udp
US 8.8.8.8:53 pagead-googlehosted.l.google.com udp
US 8.8.8.8:53 c3.a-mo.net udp
GB 172.217.16.226:443 ep1.adtrafficquality.google udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
GB 172.217.169.1:443 pagead-googlehosted.l.google.com udp
GB 216.58.201.97:443 ep2.adtrafficquality.google tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 46.227.127.79.in-addr.arpa udp
US 8.8.8.8:53 69.4.22.104.in-addr.arpa udp
US 8.8.8.8:53 1.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 97.201.58.216.in-addr.arpa udp
GB 216.58.201.97:443 ep2.adtrafficquality.google udp
NL 178.250.1.11:443 gum.nl3.vip.prod.criteo.com tcp
DE 141.95.98.65:443 id5-sync.com tcp
US 104.22.5.69:443 a.ad.gt.cdn.cloudflare.net tcp
US 104.18.29.101:443 cdn-ima.33across.com.cdn.cloudflare.net tcp
NL 178.250.1.3:443 static.nl3.vip.prod.criteo.net tcp
US 34.102.146.192:443 oa.openxcdn.net tcp
NL 18.239.18.33:443 tags.crwdcntrl.net tcp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
DE 79.127.216.47:443 c3.a-mo.net tcp
NL 178.250.1.11:443 gum.nl3.vip.prod.criteo.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 34.102.146.192:443 oa.openxcdn.net udp
US 8.8.8.8:53 oajs.openx.net udp
US 34.96.70.87:443 invstatic101.creativecdn.com udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 oajs.openx.net udp
US 34.120.107.143:443 oajs.openx.net tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 px.pocpoc.io udp
US 8.8.8.8:53 adsystem.pocpoc.io udp
IE 34.246.77.188:443 bcp.crwdcntrl.net tcp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
DE 162.19.138.82:443 lb.eu-1-id5-sync.com tcp
US 104.26.14.167:443 adsystem.pocpoc.io tcp
US 104.26.14.167:443 adsystem.pocpoc.io tcp
US 8.8.8.8:53 px.pocpoc.io udp
US 104.26.14.167:443 px.pocpoc.io tcp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 104.26.14.167:443 px.pocpoc.io tcp
US 104.26.14.167:443 px.pocpoc.io tcp
US 104.26.14.167:443 px.pocpoc.io tcp
US 8.8.8.8:53 adsystem.pocpoc.io udp
US 8.8.8.8:53 ids.ad.gt udp
US 8.8.8.8:53 ids4.ad.gt udp
US 8.8.8.8:53 secure.adnxs.com udp
US 8.8.8.8:53 u.openx.net udp
US 8.8.8.8:53 image2.pubmatic.com udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 token.rubiconproject.com udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 sync.go.sonobi.com udp
US 8.8.8.8:53 ad.360yield.com udp
US 8.8.8.8:53 sync.smartadserver.com udp
US 8.8.8.8:53 p.ad.gt udp
US 8.8.8.8:53 px.pocpoc.io udp
US 8.8.8.8:53 ids4.ad.gt udp
US 8.8.8.8:53 euw-ice.360yield.com udp
US 8.8.8.8:53 u.openx.net udp
US 8.8.8.8:53 ib.anycast.adnxs.com udp
US 8.8.8.8:53 adsystem.pocpoc.io udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 pixel.rubiconproject.net.akadns.net udp
US 8.8.8.8:53 pug-lhr-bc.pubmnet.com udp
US 8.8.8.8:53 ids.ad.gt.cdn.cloudflare.net udp
US 8.8.8.8:53 iad-2-sync.go.sonobi.com udp
US 8.8.8.8:53 ids4.ad.gt udp
US 8.8.8.8:53 p.ad.gt.cdn.cloudflare.net udp
US 8.8.8.8:53 rtb-csync-euw1.smartadserver.com udp
US 34.120.107.143:443 oajs.openx.net udp
US 8.8.8.8:53 ib.anycast.adnxs.com udp
US 8.8.8.8:53 u.openx.net udp
US 8.8.8.8:53 euw-ice.360yield.com udp
US 8.8.8.8:53 p.ad.gt.cdn.cloudflare.net udp
US 8.8.8.8:53 ids.ad.gt.cdn.cloudflare.net udp
US 8.8.8.8:53 rtb-csync-euw1.smartadserver.com udp
US 8.8.8.8:53 pug-lhr-bc.pubmnet.com udp
US 8.8.8.8:53 iad-2-sync.go.sonobi.com udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 pixel.rubiconproject.net.akadns.net udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 google-bidout-d.openx.net udp
US 104.26.14.167:443 adsystem.pocpoc.io udp
US 34.98.64.218:443 google-bidout-d.openx.net tcp
US 8.8.8.8:53 google-bidout-d.openx.net udp
US 8.8.8.8:53 google-bidout-d.openx.net udp
US 104.26.14.167:443 adsystem.pocpoc.io udp
US 8.8.8.8:53 static.vliplatform.com udp
US 34.98.64.218:443 google-bidout-d.openx.net udp
US 141.101.120.10:443 static.vliplatform.com tcp
US 8.8.8.8:53 static.vliplatform.com udp
US 141.101.120.10:443 static.vliplatform.com udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 odb.outbrain.com udp
US 8.8.8.8:53 static.vliplatform.com udp
NL 18.239.70.176:443 aax.amazon-adsystem.com tcp
US 8.8.8.8:53 d1jvc9b8z3vcjs.cloudfront.net udp
US 151.101.194.132:443 odb.outbrain.com tcp
US 8.8.8.8:53 outbrain.map.fastly.net udp
US 8.8.8.8:53 69.5.22.104.in-addr.arpa udp
US 8.8.8.8:53 101.29.18.104.in-addr.arpa udp
US 8.8.8.8:53 192.146.102.34.in-addr.arpa udp
US 8.8.8.8:53 87.70.96.34.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 33.18.239.18.in-addr.arpa udp
US 8.8.8.8:53 65.98.95.141.in-addr.arpa udp
US 8.8.8.8:53 47.216.127.79.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 143.107.120.34.in-addr.arpa udp
US 8.8.8.8:53 188.77.246.34.in-addr.arpa udp
US 8.8.8.8:53 82.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 167.14.26.104.in-addr.arpa udp
US 8.8.8.8:53 218.64.98.34.in-addr.arpa udp
US 8.8.8.8:53 d1jvc9b8z3vcjs.cloudfront.net udp
US 8.8.8.8:53 outbrain.map.fastly.net udp
US 104.22.4.69:443 p.ad.gt.cdn.cloudflare.net tcp
US 52.43.19.44:443 ids4.ad.gt tcp
DE 37.252.171.52:443 ib.anycast.adnxs.com tcp
US 34.98.64.218:443 google-bidout-d.openx.net tcp
GB 185.64.191.210:443 pug-lhr-bc.pubmnet.com tcp
NL 69.173.156.148:443 pixel.rubiconproject.net.akadns.net tcp
US 52.223.40.198:443 match.adsrvr.org tcp
GB 216.58.213.2:443 cm.g.doubleclick.net tcp
US 69.166.1.67:443 iad-2-sync.go.sonobi.com tcp
US 104.22.4.69:443 p.ad.gt.cdn.cloudflare.net tcp
IE 34.248.231.166:443 ad.360yield.com tcp
NL 81.17.55.172:443 rtb-csync-euw1.smartadserver.com tcp
US 104.22.5.69:443 p.ad.gt.cdn.cloudflare.net tcp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 8.8.8.8:53 images.outbrainimg.com udp
US 8.8.8.8:53 widgets.outbrain.com udp
US 34.98.64.218:443 google-bidout-d.openx.net udp
IE 67.220.226.233:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 8.8.8.8:53 e15144.d.akamaiedge.net udp
GB 2.23.222.8:443 images.outbrainimg.com tcp
US 8.8.8.8:53 e10883.g.akamaiedge.net udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 8.8.8.8:53 e15144.d.akamaiedge.net udp
US 8.8.8.8:53 e10883.g.akamaiedge.net udp
US 23.192.25.236:443 widgets.outbrain.com tcp
US 23.192.25.236:443 widgets.outbrain.com tcp
GB 216.58.213.2:443 cm.g.doubleclick.net udp
US 52.43.19.44:443 ids4.ad.gt tcp
US 8.8.8.8:53 pixels.ad.gt udp
US 8.8.8.8:53 shb.richaudience.com udp
US 8.8.8.8:53 exchange.cootlogix.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 prebid-eu.creativecdn.com udp
US 8.8.8.8:53 pixels.ad.gt.cdn.cloudflare.net udp
US 8.8.8.8:53 prebid-eu.creativecdn.com udp
US 8.8.8.8:53 vidazoo-openrtb-prebid-saas-p-us-nyc1b-lb.vidazoo.services udp
US 8.8.8.8:53 shb.richaudience.com udp
US 8.8.8.8:53 pixels.ad.gt.cdn.cloudflare.net udp
US 8.8.8.8:53 prebid-eu.creativecdn.com udp
US 8.8.8.8:53 vidazoo-openrtb-prebid-saas-p-us-nyc1b-lb.vidazoo.services udp
US 8.8.8.8:53 shb.richaudience.com udp
US 104.22.4.69:443 pixels.ad.gt.cdn.cloudflare.net tcp
DE 49.12.86.152:443 shb.richaudience.com tcp
DE 49.12.86.152:443 shb.richaudience.com tcp
US 174.138.109.225:443 vidazoo-openrtb-prebid-saas-p-us-nyc1b-lb.vidazoo.services tcp
NL 185.89.211.84:443 ib.adnxs.com tcp
NL 185.184.8.90:443 prebid-eu.creativecdn.com tcp
US 8.8.8.8:53 2.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 176.70.239.18.in-addr.arpa udp
US 8.8.8.8:53 148.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 198.40.223.52.in-addr.arpa udp
US 8.8.8.8:53 172.55.17.81.in-addr.arpa udp
US 8.8.8.8:53 166.231.248.34.in-addr.arpa udp
US 8.8.8.8:53 52.171.252.37.in-addr.arpa udp
US 8.8.8.8:53 67.1.166.69.in-addr.arpa udp
US 8.8.8.8:53 8.222.23.2.in-addr.arpa udp
US 8.8.8.8:53 233.226.220.67.in-addr.arpa udp
US 8.8.8.8:53 44.19.43.52.in-addr.arpa udp
US 8.8.8.8:53 236.25.192.23.in-addr.arpa udp
US 8.8.8.8:53 210.191.64.185.in-addr.arpa udp
US 8.8.8.8:53 132.194.101.151.in-addr.arpa udp
US 104.22.5.69:443 pixels.ad.gt.cdn.cloudflare.net tcp
US 8.8.8.8:53 84.211.89.185.in-addr.arpa udp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
US 8.8.8.8:53 152.86.12.49.in-addr.arpa udp
US 8.8.8.8:53 225.109.138.174.in-addr.arpa udp
US 141.101.120.10:443 static.vliplatform.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
GB 172.217.169.3:443 www.google.co.uk tcp
US 8.8.8.8:53 www.google.co.uk udp
US 216.239.34.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 www.google.co.uk udp
US 216.239.34.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
GB 172.217.169.3:443 www.google.co.uk udp
US 151.101.129.229:443 jsdelivr.map.fastly.net udp
US 8.8.8.8:53 jsdelivr.map.fastly.net udp
US 8.8.8.8:53 script.4dex.io udp
BE 64.233.184.157:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 script.4dex.io udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 157.184.233.64.in-addr.arpa udp
US 8.8.8.8:53 script.4dex.io udp
BE 64.233.184.157:443 stats.g.doubleclick.net udp
US 104.26.9.169:443 script.4dex.io tcp
DE 79.127.216.47:443 c3.a-mo.net tcp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 cadmus.script.ac udp
FR 178.250.7.13:443 dnacdn.net tcp
US 8.8.8.8:53 dnacdn.net udp
US 104.18.23.145:443 cadmus.script.ac tcp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 cadmus.script.ac udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 bh.contextweb.com udp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 dpm.demdex.net udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 am1-direct-bgp.contextweb.com udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 6805db11d93e6cff287a1076353016d7.safeframe.googlesyndication.com udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 am1-direct-bgp.contextweb.com udp
US 8.8.8.8:53 dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 169.9.26.104.in-addr.arpa udp
US 8.8.8.8:53 13.7.250.178.in-addr.arpa udp
US 8.8.8.8:53 145.23.18.104.in-addr.arpa udp
GB 172.217.169.1:443 6805db11d93e6cff287a1076353016d7.safeframe.googlesyndication.com tcp
GB 172.217.169.1:443 6805db11d93e6cff287a1076353016d7.safeframe.googlesyndication.com udp
IE 34.253.9.95:443 ap.lijit.com tcp
IE 34.253.9.95:443 ap.lijit.com tcp
NL 208.93.169.131:443 am1-direct-bgp.contextweb.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
US 104.18.27.193:443 ssum-sec.casalemedia.com tcp
DE 51.89.9.252:443 onetag-sys.com tcp
IE 52.210.142.110:443 dpm.demdex.net tcp
US 8.8.8.8:53 a.ad.gt udp
DE 51.89.9.252:443 onetag-sys.com udp
US 104.18.27.193:443 ssum-sec.casalemedia.com udp
US 104.26.14.167:443 adsystem.pocpoc.io udp
US 141.101.120.10:443 static.vliplatform.com udp
US 8.8.8.8:53 193.27.18.104.in-addr.arpa udp
US 8.8.8.8:53 95.9.253.34.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 252.9.89.51.in-addr.arpa udp
US 8.8.8.8:53 c.4dex.io udp
US 8.8.8.8:53 c.4dex.io udp
US 8.8.8.8:53 c.4dex.io udp
US 8.8.8.8:53 external-content.duckduckgo.com udp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
US 8.8.8.8:53 external-content.duckduckgo.com udp
US 8.8.8.8:53 duckduckgo.com udp
US 8.8.8.8:53 links.duckduckgo.com udp
US 8.8.8.8:53 external-content.duckduckgo.com udp
IE 20.223.54.233:443 links.duckduckgo.com tcp
US 8.8.8.8:53 links.duckduckgo.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 gitlab.com udp
US 8.8.8.8:53 gitlab.com udp
US 172.65.251.78:443 gitlab.com tcp
US 8.8.8.8:53 78.251.65.172.in-addr.arpa udp
US 8.8.8.8:53 gitlab.com udp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 92.123.241.137:443 www.microsoft.com tcp
DE 193.233.164.80:80 tcp
US 8.8.8.8:53 1.112.95.208.in-addr.arpa udp
US 8.8.8.8:53 137.241.123.92.in-addr.arpa udp
DE 194.87.199.37:80 tcp
US 104.20.4.235:443 pastebin.com tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.178.3:80 c.pki.goog tcp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 91.16.208.104.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9enwga8g.default-release\datareporting\glean\db\data.safe.tmp

MD5 c3653e6c8df520b4b62969424332d8bc
SHA1 0af5baf05f5487d1c8cd8a4f7e83fc4ec5bc1f46
SHA256 de456b7b343a07b7b8feb19d4fab345d95fd86b887177346cdd30bba8876ca46
SHA512 3f321f644c30ad6691d9801d3d0f5a2772ce709cce02a1f7786a50bdecdb6aa9f6ce34c48c01f7e60db59a90364dceb7125cb782311637a0c4a35b363a83a755

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9enwga8g.default-release\datareporting\glean\db\data.safe.tmp

MD5 08386d88a410197e20cd30a6b8e8edde
SHA1 407d16798af3c08729561f5f984ee7be88243fc2
SHA256 f40dfc92663079e9797095ed9f30f5274c2ae062999de9402f57c93aa529fa62
SHA512 cb5074f3855f1e0fac28b33669827769264a029654c0247f8222d04b130f5e08a2a9287900e56e58ce9f472cc73bcae341b43851e16148b498035a2cea3d648f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9enwga8g.default-release\datareporting\glean\pending_pings\130ff200-bea7-4ac5-b0a5-9a028b0906dd

MD5 26c7345b69383bdefc83cbb2d11191f9
SHA1 ded6a07c00408cef4db34021ff874a2b2584fc7e
SHA256 259ee63e3d58f49e5c60c5df80d882524a3f0fe56930891abf0388c0b936adb2
SHA512 7620476a5fc31a095af9ad03d7fa4dd480c14c783ebb0128e77e31d54288f7dba9b3440a8b7fe72ad46eeff431c9958beebeacea614c3df96c82a38b182b869f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9enwga8g.default-release\datareporting\glean\pending_pings\b998cb8b-9cc9-4b31-9557-c4705fad0954

MD5 108fd86c8701bbd0264fc04d9d711864
SHA1 1daffba61d09c1739e04bc7afc418497c512ef14
SHA256 3270eb0b145f90dedf648b4b333340e4fc4fc45ed7ec2eee706396383ff588c8
SHA512 c78148674c7ecaeb05afd0d545f7956679c8cb2c25a575710432e9fe15d1d32e55d38a37141b89079bd6e58a2c8de74b03eeef0d4914596f6abfd9b0dd60e9a5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9enwga8g.default-release\datareporting\glean\db\data.safe.tmp

MD5 140e7d99814e7d0923e5a5545df06779
SHA1 e286a1b0a44691e283011c355e37bb9fd809b70c
SHA256 99bc0c5f32731477e4eaf0d692cecb25f9408b81459c745c4fb02541dcce6507
SHA512 d2044852cbd95ef6b8f734e370bd950de7b9b548dc11affc9e2e516529de842b37f721d0eac3d614590233992ed0b4df23ef256fca982396abe71345a9b7acb0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9enwga8g.default-release\activity-stream.discovery_stream.json

MD5 789d4b8dcf5ccd85abd5e5d0afe68e93
SHA1 cf2a5c8dac2f1fdcac953d16dcfee4c2de829def
SHA256 dc0181c071147e8995efe35a11dc12251cb8539bd73e3a6b588d2c943e728d00
SHA512 06c3469dc92600841a0c75d34a763908b2f3beb65bd5aa4fe4572f12d3335efb0fc46d568cc7783e42ee2cea1ffd7d9c1bdb84baee6005b90d96b2c4d4cc69f9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9enwga8g.default-release\prefs.js

MD5 bbcacf7f73b0a507ac3add53d54ae5cf
SHA1 a20b164adae0381a1eefea8c6a541bb944946cce
SHA256 59cb63aab569b8f37d995f7c1b22d7eca60c5b4cfaea937e3636b09b443aa2ca
SHA512 bd9c4cc2f97944affff9e516591352c9da7fef4b904a9992687b985eb3beafe6118d3bcc865c5ebbf56842e4a6a9275d10feca8cd23f4bc3c89957d82a64823c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9enwga8g.default-release\prefs.js

MD5 070f9891b07d233e41f5255e20b4da14
SHA1 cd1f6b29506fdf052a385e2a44459d36b1e22f6a
SHA256 990fb1bca13a6c12946159a48c06539e8914bef813cb4e04f9b37dfe86726314
SHA512 d8ba452be765b1c742866b3bf5dfc8bc84f225df47280c43fdd85038aa35ce6c81ffa15164e58a94e97a731e3c2509f0f161f93bb65d5209455453642513ff41

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9enwga8g.default-release\sessionstore-backups\recovery.baklz4

MD5 0feb3ff29c622255fea9de1ad9796d5c
SHA1 adeacc1429fd9fcf73c04858e72dc9c18d9f5633
SHA256 0a548cb00e1074d4afa244540731ebeeb6fa9cb10d3d00d92d28b8ce55294087
SHA512 43fc4b6c0968e59f63ee4d1134ae67848c8fb2d7992670d0495b33ba9079934f4aa1df1789732a81a132ca155bf6ff310af1faad29b3cbd3a64f026b5f4e5eb0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9enwga8g.default-release\datareporting\glean\db\data.safe.tmp

MD5 4f3c3424b3e604f64048cac0950edf41
SHA1 4a500888a1dd20eb89d3f506fa14bafc18d25a0b
SHA256 9a4028162456ed746c83e920a1b7e012c324f31cd126d8fe906374263d01ece3
SHA512 bdfd50bbfafe37563c5cb7c0eb3aebcb64161f06ca011752ebe7934688453d62fe82961b38e40dea52d39fca9b13d57db4e5daf8b74197f443f0a883293daa45

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 09372174e83dbbf696ee732fd2e875bb
SHA1 ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256 c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512 b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9enwga8g.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

MD5 2a461e9eb87fd1955cea740a3444ee7a
SHA1 b10755914c713f5a4677494dbe8a686ed458c3c5
SHA256 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA512 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9enwga8g.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

MD5 842039753bf41fa5e11b3a1383061a87
SHA1 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256 d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512 d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9enwga8g.default-release\prefs-1.js

MD5 2ef9a19a0d218538ba340b6af558452d
SHA1 5195ef52b841162e493702dd0cf38e15e52b71b1
SHA256 d0eb2f4bedb453f7a58e1b3c4fae92d1cca28136749bc492d03c97e969b40957
SHA512 152cf9da9b1c684691adc42f1e9e0c439ec9197873d2c7b166c6848b9e852f92d954976c103c70d1bc27eeb77a02e22a4065851e791880d567c75d03dc610b99

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9enwga8g.default-release\AlternateServices.bin

MD5 64a750fc5fcac3205d8d1da15952422d
SHA1 7bcd9fe27dff222e4f8790bd17e334090b20777c
SHA256 69bbf721918cf4af9dde99ba4fc553e0eed72bd23f33c64d071a7189eb5ebd3f
SHA512 030dd7859d6d11a8c088ca79b2c4402e41e2fae37cab1ae19052f90a3d0ba3b780e0e152ee58ccb5078106848a897e6b0756e5fb4ead8649407ced0892c30886

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9enwga8g.default-release\sessionstore-backups\recovery.baklz4

MD5 e7b7ef441f3782fdfe8e402451da3836
SHA1 b1bf6e445faeadbd2b226dc4d02f3fcfdcfb1234
SHA256 f4dbb55dfc6617de6206999fec7f3d3cf077bbae8fd858bc47c03956d1992b1a
SHA512 eee39e24d36dc17f94c65de1b180eaaf502c5e8944425f861a80e2872c6fd0ac4740495468ae1eb6f58f6bf2f7770d216479329d4efea11c9a235ea2b949a1ea

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 0a8747a2ac9ac08ae9508f36c6d75692
SHA1 b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA256 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA512 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9enwga8g.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

MD5 bf957ad58b55f64219ab3f793e374316
SHA1 a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256 bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA512 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9enwga8g.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

MD5 daf7ef3acccab478aaa7d6dc1c60f865
SHA1 f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256 bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA512 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9enwga8g.default-release\sessionstore-backups\recovery.baklz4

MD5 f9b5203d5d6e0a9d9bbef82bbd5d68cf
SHA1 d0f3d7bdbe0a7bb8722245797a91e85660d034f0
SHA256 2230990b7a83a8dac879bfa7948d788ee75c20286612c359f9faa7df86bbcbf2
SHA512 ccc6b7dbaea6cd39069885d2790404cde994924979a6b544e41cf96cf13a850260bde6448e413f73e57ef265f00b0e12664f6c02459d9bb8089f73751a0d1691

C:\Users\Admin\Downloads\ZRaC6I4I.zip.part

MD5 ec4664390448337d71769194af639955
SHA1 4d8a4f28ec06e40cd2fd8b640e5dc0c11a49bc49
SHA256 b86ea670802afdf90e83214e6c8867d52729771cf1a71520c6470ebe2d1976ae
SHA512 f883472bd94a4ebdc89d10e30ce9bc3411f5f13cb6f35dab959574342e6bdeff7de0c7bc3a7c9887310bdbbd6aab534a831f7773804a37c840b165755b4612b1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9enwga8g.default-release\sessionstore-backups\recovery.baklz4

MD5 3e2ec3d79f6b54f04324cfeb23f48fc0
SHA1 ea9deefbc231355b89079520e080cd0cc107fbfe
SHA256 b80d937480428a5015fb52de7aed77018466b8004d2526e897fd789baa204693
SHA512 18d4afba93adbf78edd1d7fb59bec3b5dcd0133b54cc34cc5fad2e16990152fb3199b0baaf6f09bb07df19e3592e708949898fbf1ed02bf2e9ca2b40ff311a78

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9enwga8g.default-release\sessionstore-backups\recovery.baklz4

MD5 f5fdde97dfe89fa5a246caed192af498
SHA1 456354d2e1d1539f240404d3b69f8b7987ab99db
SHA256 4f7ed7a1d4cda718aef8c1e6f2f8839a88992a3029a80a5ec9fb6ea86912b0a0
SHA512 90de3ff99f1abd318134ac805f89d1264031aba02e126ebfed11b0d99d3d6d0eb174b92de2de074af8092162dcb97e5952df903ce08ae4ca28551591681d0314

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9enwga8g.default-release\sessionstore-backups\recovery.baklz4

MD5 bb117f078cf6541408b5dd63cdf219fb
SHA1 49312a28b9326c74c0eced49ced7544dcfcd842d
SHA256 38c7fea40ec170898216c8fd5aae0c77bb2e12f68e539dd4e425c1ce362179dd
SHA512 7bcefddfd74347ab5de7fbbae5290a83ea19ffa5a21a815eda4931bc42694c553ec7232af687a00c955dcd02758f9dedfb80e57bd80f8073d21bbe313a2af031

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9enwga8g.default-release\sessionstore-backups\recovery.baklz4

MD5 6671fc8bde1033bbbeac07bcbad995e1
SHA1 a4f7858cbc2d104ec70bc3d78b908549581f3020
SHA256 ddcbf2fd9117afb55c8b969bdafdd875e537dd5689aea56557cc85c9d0901523
SHA512 bb386aa32368bb09845fc8a539967842ed70bd0bcd355711a08a1a6bcc506013cc193280a879c39b4b47b66458a485b7af24307528b2c8fc8863ced0fee5ff04

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9enwga8g.default-release\sessionstore-backups\recovery.baklz4

MD5 e3a2435580634d20b8096c6d1098a28d
SHA1 47ef139daf55976ab87375a9e6a1a2bc294f948f
SHA256 97ee4cab30b4b457c0e156bf66a6f29a8ae4e787f06791a208cd92a0fe318a2a
SHA512 3f680c5e0d77f2846e6563aca0f4ccfba35a82b5d4786062b3aace29143c00183251c3da0fb6accd8ecf8eb83635685fb445d32bf17f5534472f100d5e60f8a2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9enwga8g.default-release\sessionstore-backups\recovery.baklz4

MD5 870a60c2b89c5c94aaeee8dc564a8d73
SHA1 0a419d6ae9152b132bc68b71067d6dab8b6c8ade
SHA256 61ebff2740ab95c035451f151192616183f35418ea1d2e732033fd5833cd2b88
SHA512 337460b11104248e5f51fa24c4e82b17543ccebaee50de37470a7bfe01982ab5944ff1a3b93064df6bbb33acf207a98bbccb95b04d5adad4680cf33c72d8991e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9enwga8g.default-release\sessionstore-backups\recovery.baklz4

MD5 e8dbbb144bc599f185190fdc80bf2f70
SHA1 73e504cffe11df1e660271201a6dd4a664621522
SHA256 7c61cd0bab6715be6b27feefbef9c8029948f925f1c40a21631a74dfc6adb151
SHA512 5b7c71c2caa552d3916a0b912c352cedc141e217395a163a3bf46ddd2a5cb862e68731d4e7abe82e19bdabe41d74a225e6f910aa46c622edebf46e81fdcd8bd1

C:\Users\Admin\Downloads\Nezur.VNK1QDE8.zip.part

MD5 291dd685dd75efefce8e6f5acf073e02
SHA1 7f22a5c24a99e4fa9d1e70d9dfc846ba186e8cb4
SHA256 f173df317a0168b9306f6167ac00bffafa15ee10a820b22f1ce0a2411a087cd2
SHA512 af04fcd1ef61b31f889cf970cc00f801324f8035564becb9d4bd7e5939e13ba5baba8ce8de8586e4982655fab863fddfc20f4f69b54618a338687bcd5fdd42e3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9enwga8g.default-release\sessionstore-backups\recovery.baklz4

MD5 a7d94f1ccf2fe6178b81322508937eb8
SHA1 eec3f3d98c313d3c4b1b2b171f6b8683a7be5d06
SHA256 f717da3d8801728ddcf35b67d560bc4edc368e53a0c6a1d89c14c14ba3a15dbb
SHA512 5f2f6c2cced94c8a955b6b19e702b2fd4b5dc4e32276934b1f53e542497d31cd1318f395bccabc88ef6c4943d2373eea3af2f114f036aa78dc7b376b081d1259

memory/3172-1671-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1701-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1700-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1712-0x0000000002BE0000-0x0000000002BE1000-memory.dmp

memory/3172-1713-0x0000000002BE0000-0x0000000002BE1000-memory.dmp

memory/3172-1711-0x0000000002BE0000-0x0000000002BE1000-memory.dmp

memory/3172-1699-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1698-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1697-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1696-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1695-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1694-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1693-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1692-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1691-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1690-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1689-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1688-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1687-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1686-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1685-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1684-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1683-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1682-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1681-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1680-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1679-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1678-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1677-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1676-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1675-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1674-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1673-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1672-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1670-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1669-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1668-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1667-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1666-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1665-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1664-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1663-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1662-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1661-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1660-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1659-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1658-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1657-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1656-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1655-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1654-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1653-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1652-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1651-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1650-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1649-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1648-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1647-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1646-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1645-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1644-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1643-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1642-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1641-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1640-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1639-0x000000007F240000-0x000000007F250000-memory.dmp

memory/3172-1638-0x000000007F240000-0x000000007F250000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 17471269bc647d0fa40a4e33026d1a40
SHA1 4553e5d5a88f7e37bfb008e823a759b3468ac5a8
SHA256 9dfae44ae9c07085910e7460ef15ac07968273d80ba4e4ae3991172852dd09de
SHA512 5264c553b47de52a1ade772673e79c0bd512f1987f08661517f1513555701b8895025cd95e1c39220e0fbfe03ea604934374b0d75345c23e6c5202b61e53f734

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 e761c395817eae5802abad6ed3df515c
SHA1 73405f271bc6294c626f999d8eadd5a722e5c71b
SHA256 6550f3d3da574fe543fc0ff03e7dfa773d1d5f8aaa521a25f85c380190aaaab3
SHA512 955d0bdf5ae76f2d34699a581401d138e8cd69c48d8573b34cef8a288915666903fb30d9abbdb0866c3375a3e457450e8a57ed2e3e524a30550e743d28b536de