Malware Analysis Report

2025-03-14 21:44

Sample ID 250205-tnydtatne1
Target https://xenoexecutor.com/
Tags
google defense_evasion discovery execution motw persistence phishing privilege_escalation spyware stealer upx
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://xenoexecutor.com/ was found to be: Likely malicious.

Malicious Activity Summary

google defense_evasion discovery execution motw persistence phishing privilege_escalation spyware stealer upx

Stops running service(s)

Creates new service(s)

Downloads MZ/PE file

Checks computer location settings

Reads user/profile data of web browsers

Event Triggered Execution: Component Object Model Hijacking

Loads dropped DLL

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Enumerates connected drives

Mark of the Web detected: This indicates that the page was originally saved or cloned.

Looks up external IP address via web service

Checks installed software on the system

Detected potential entity reuse from brand GOOGLE.

UPX packed file

Subvert Trust Controls: Mark-of-the-Web Bypass

Launches sc.exe

Drops file in Program Files directory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Suspicious use of WriteProcessMemory

Kills process with taskkill

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious behavior: GetForegroundWindowSpam

Modifies registry class

Enumerates system info in registry

Modifies system certificate store

Checks processor information in registry

NTFS ADS

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Uses Task Scheduler COM API

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-02-05 16:12

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-02-05 16:12

Reported

2025-02-05 16:24

Platform

win10ltsc2021-20250128-en

Max time kernel

602s

Max time network

683s

Command Line

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://xenoexecutor.com/"

Signatures

Creates new service(s)

persistence execution

Stops running service(s)

defense_evasion execution

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-556946243-3021397321-2334405592-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\is-F06HF.tmp\advanced-systemcare-setup.tmp N/A
Key value queried \REGISTRY\USER\S-1-5-21-556946243-3021397321-2334405592-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\is-EG8P2.tmp\Installer\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-556946243-3021397321-2334405592-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-556946243-3021397321-2334405592-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\convertmasterapp.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-556946243-3021397321-2334405592-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\convertmasterapp.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-556946243-3021397321-2334405592-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\is-2CLPA.tmp\advanced-systemcare-setup.tmp N/A
Key value queried \REGISTRY\USER\S-1-5-21-556946243-3021397321-2334405592-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\is-8RV1E.tmp\itop-easy-desktop-setup.tmp N/A
Key value queried \REGISTRY\USER\S-1-5-21-556946243-3021397321-2334405592-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\is-4BE42.tmp\itop-easy-desktop-setup.tmp N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\convertmasterapp.exe N/A
N/A N/A C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe N/A
N/A N/A C:\Users\Admin\Downloads\OperaSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS48617CCD\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS48617CCD\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS48617CCD\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS48617CCD\setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe N/A
N/A N/A C:\Users\Admin\Downloads\convertmasterapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202502051619251\assistant\Assistant_116.0.5366.21_Setup.exe_sfx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202502051619251\assistant\assistant_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202502051619251\assistant\assistant_installer.exe N/A
N/A N/A C:\Users\Admin\Downloads\advanced-systemcare-setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-2CLPA.tmp\advanced-systemcare-setup.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-KDBN7.tmp\Installer\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\itop-easy-desktop-setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-8RV1E.tmp\itop-easy-desktop-setup.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-EG8P2.tmp\Installer\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\itop-easy-desktop-setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-4BE42.tmp\itop-easy-desktop-setup.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-U5NAA.tmp\IEDInit.exe N/A
N/A N/A C:\Users\Admin\Downloads\advanced-systemcare-setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-F06HF.tmp\advanced-systemcare-setup.tmp N/A
N/A N/A C:\Program Files\iTop Easy Desktop\LocalLang.exe N/A
N/A N/A C:\Program Files\iTop Easy Desktop\IedInit.exe N/A
N/A N/A C:\Program Files\iTop Easy Desktop\UninstallInfo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-O3L58.tmp\ASCUpgrade.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-O3L58.tmp\ASCUpgrade.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\LocalLang.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTimebase.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS48617CCD\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS48617CCD\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS48617CCD\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS48617CCD\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-KDBN7.tmp\Installer\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-KDBN7.tmp\Installer\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-EG8P2.tmp\Installer\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-EG8P2.tmp\Installer\Setup.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe N/A

Reads user/profile data of web browsers

spyware stealer

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\W: C:\Users\Admin\Downloads\convertmasterapp.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\7zS48617CCD\setup.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\Downloads\convertmasterapp.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\Downloads\convertmasterapp.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\Downloads\convertmasterapp.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\Downloads\convertmasterapp.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\Downloads\convertmasterapp.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\Downloads\convertmasterapp.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\Downloads\convertmasterapp.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\Downloads\convertmasterapp.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\Downloads\convertmasterapp.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\7zS48617CCD\setup.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\Downloads\convertmasterapp.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\Downloads\convertmasterapp.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\Downloads\convertmasterapp.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\Downloads\convertmasterapp.exe N/A
File opened (read-only) \??\D: C:\Users\Admin\Downloads\convertmasterapp.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\Downloads\convertmasterapp.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\Downloads\convertmasterapp.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\Downloads\convertmasterapp.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\Downloads\convertmasterapp.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\Downloads\convertmasterapp.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\Downloads\convertmasterapp.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\Downloads\convertmasterapp.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\Downloads\convertmasterapp.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\Downloads\convertmasterapp.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\Downloads\convertmasterapp.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\Downloads\convertmasterapp.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\Downloads\convertmasterapp.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\Downloads\convertmasterapp.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\Downloads\convertmasterapp.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\Downloads\convertmasterapp.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\Downloads\convertmasterapp.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\Downloads\convertmasterapp.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\Downloads\convertmasterapp.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\7zS48617CCD\setup.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\Downloads\convertmasterapp.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\Downloads\convertmasterapp.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\Downloads\convertmasterapp.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\Downloads\convertmasterapp.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\Downloads\convertmasterapp.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\Downloads\convertmasterapp.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\Downloads\convertmasterapp.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\Downloads\convertmasterapp.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\Downloads\convertmasterapp.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\Downloads\convertmasterapp.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\7zS48617CCD\setup.exe N/A
File opened (read-only) \??\D: C:\Users\Admin\Downloads\convertmasterapp.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\Downloads\convertmasterapp.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\Downloads\convertmasterapp.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A download.itopupdate.com N/A N/A
N/A download.itopupdate.com N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A

Mark of the Web detected: This indicates that the page was originally saved or cloned.

phishing motw
Description Indicator Process Target
N/A https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html C:\Program Files\Mozilla Firefox\firefox.exe N/A

Detected potential entity reuse from brand GOOGLE.

phishing google
Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\IObit\Advanced SystemCare\Toolbox_Language\is-GC7A6.tmp C:\Users\Admin\AppData\Local\Temp\is-F06HF.tmp\advanced-systemcare-setup.tmp N/A
File opened for modification C:\Program Files\iTop Easy Desktop\Lang.dat C:\Program Files\iTop Easy Desktop\LocalLang.exe N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\is-LDUDI.tmp C:\Users\Admin\AppData\Local\Temp\is-F06HF.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\History\is-9M9AR.tmp C:\Users\Admin\AppData\Local\Temp\is-F06HF.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\BrowerProtect\images\is-JTJIF.tmp C:\Users\Admin\AppData\Local\Temp\is-F06HF.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files\iTop Easy Desktop\Language\is-2C7VO.tmp C:\Users\Admin\AppData\Local\Temp\is-4BE42.tmp\itop-easy-desktop-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\is-I3HK0.tmp C:\Users\Admin\AppData\Local\Temp\is-F06HF.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\is-DFSPN.tmp C:\Users\Admin\AppData\Local\Temp\is-F06HF.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win7_ia64\is-F0MP0.tmp C:\Users\Admin\AppData\Local\Temp\is-F06HF.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\Toolbox_Language\is-G399K.tmp C:\Users\Admin\AppData\Local\Temp\is-F06HF.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\is-TJV5N.tmp C:\Users\Admin\AppData\Local\Temp\is-F06HF.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Language\is-UTGIN.tmp C:\Users\Admin\AppData\Local\Temp\is-F06HF.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files\iTop Easy Desktop\is-O4267.tmp C:\Users\Admin\AppData\Local\Temp\is-4BE42.tmp\itop-easy-desktop-setup.tmp N/A
File created C:\Program Files\iTop Easy Desktop\Language\is-I6P87.tmp C:\Users\Admin\AppData\Local\Temp\is-4BE42.tmp\itop-easy-desktop-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\Language\is-AIHCJ.tmp C:\Users\Admin\AppData\Local\Temp\is-F06HF.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\Update\is-IHS4V.tmp C:\Users\Admin\AppData\Local\Temp\is-F06HF.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\DrvInstall\is-715P2.tmp C:\Users\Admin\AppData\Local\Temp\is-F06HF.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files\iTop Easy Desktop\is-VQIBN.tmp C:\Users\Admin\AppData\Local\Temp\is-4BE42.tmp\itop-easy-desktop-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\History\is-1MCQ3.tmp C:\Users\Admin\AppData\Local\Temp\is-F06HF.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files\iTop Easy Desktop\Language\is-ICHG6.tmp C:\Users\Admin\AppData\Local\Temp\is-4BE42.tmp\itop-easy-desktop-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\Language\is-CN7PR.tmp C:\Users\Admin\AppData\Local\Temp\is-F06HF.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\BrowerProtect\is-4Q8LF.tmp C:\Users\Admin\AppData\Local\Temp\is-F06HF.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\BrowerProtect\is-2GAT4.tmp C:\Users\Admin\AppData\Local\Temp\is-F06HF.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\is-2KHVI.tmp C:\Users\Admin\AppData\Local\Temp\is-F06HF.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\is-NP3R0.tmp C:\Users\Admin\AppData\Local\Temp\is-F06HF.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\is-GAC11.tmp C:\Users\Admin\AppData\Local\Temp\is-F06HF.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Adblock\db\is-U58NJ.tmp C:\Users\Admin\AppData\Local\Temp\is-F06HF.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\Toolbox_Language\is-LL94V.tmp C:\Users\Admin\AppData\Local\Temp\is-F06HF.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Language\is-3P4N9.tmp C:\Users\Admin\AppData\Local\Temp\is-F06HF.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Database\is-GJP5J.tmp C:\Users\Admin\AppData\Local\Temp\is-F06HF.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files\iTop Easy Desktop\DataBase\is-92N6I.tmp C:\Users\Admin\AppData\Local\Temp\is-4BE42.tmp\itop-easy-desktop-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\Language\is-FA9DB.tmp C:\Users\Admin\AppData\Local\Temp\is-F06HF.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win7_amd64\is-G1GPH.tmp C:\Users\Admin\AppData\Local\Temp\is-F06HF.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\Language\is-KO0CC.tmp C:\Users\Admin\AppData\Local\Temp\is-F06HF.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\Toolbox_Language\is-T5ALT.tmp C:\Users\Admin\AppData\Local\Temp\is-F06HF.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Adblock\update\is-CUSF5.tmp C:\Users\Admin\AppData\Local\Temp\is-F06HF.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files\iTop Easy Desktop\is-DKBT9.tmp C:\Users\Admin\AppData\Local\Temp\is-4BE42.tmp\itop-easy-desktop-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\Toolbox_Language\is-0J65K.tmp C:\Users\Admin\AppData\Local\Temp\is-F06HF.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files\iTop Easy Desktop\is-2QBOA.tmp C:\Users\Admin\AppData\Local\Temp\is-4BE42.tmp\itop-easy-desktop-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\is-TNVIQ.tmp C:\Users\Admin\AppData\Local\Temp\is-F06HF.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\is-DVM4H.tmp C:\Users\Admin\AppData\Local\Temp\is-F06HF.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-F06HF.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\is-SQFLC.tmp C:\Users\Admin\AppData\Local\Temp\is-F06HF.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\BrowerProtect\images\is-FOJ5H.tmp C:\Users\Admin\AppData\Local\Temp\is-F06HF.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Language\is-UNT9L.tmp C:\Users\Admin\AppData\Local\Temp\is-F06HF.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\Rinside.dat C:\Users\Admin\AppData\Local\Temp\is-F06HF.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\Toolbox_Language\is-614HC.tmp C:\Users\Admin\AppData\Local\Temp\is-F06HF.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\is-BRRVB.tmp C:\Users\Admin\AppData\Local\Temp\is-F06HF.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\is-00GVA.tmp C:\Users\Admin\AppData\Local\Temp\is-F06HF.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\is-DKVN6.tmp C:\Users\Admin\AppData\Local\Temp\is-F06HF.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\BrowerProtect\images\is-54SEQ.tmp C:\Users\Admin\AppData\Local\Temp\is-F06HF.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Language\is-39JE5.tmp C:\Users\Admin\AppData\Local\Temp\is-F06HF.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files\iTop Easy Desktop\Language\is-8U1K3.tmp C:\Users\Admin\AppData\Local\Temp\is-4BE42.tmp\itop-easy-desktop-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\BrowerProtect\images\is-9AMQA.tmp C:\Users\Admin\AppData\Local\Temp\is-F06HF.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Language\is-1VJBN.tmp C:\Users\Admin\AppData\Local\Temp\is-F06HF.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\Database\is-QLDNB.tmp C:\Users\Admin\AppData\Local\Temp\is-F06HF.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\Database\InBoxDriverFeature\is-6KK56.tmp C:\Users\Admin\AppData\Local\Temp\is-F06HF.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\BrowerProtect\images\is-S22BH.tmp C:\Users\Admin\AppData\Local\Temp\is-F06HF.tmp\advanced-systemcare-setup.tmp N/A
File opened for modification C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.log C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\Language\is-24CVF.tmp C:\Users\Admin\AppData\Local\Temp\is-F06HF.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\Language\is-HSKH3.tmp C:\Users\Admin\AppData\Local\Temp\is-F06HF.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\Toolbox_Language\is-UPVQJ.tmp C:\Users\Admin\AppData\Local\Temp\is-F06HF.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\Database\is-D1BLD.tmp C:\Users\Admin\AppData\Local\Temp\is-F06HF.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\is-JTR8N.tmp C:\Users\Admin\AppData\Local\Temp\is-F06HF.tmp\advanced-systemcare-setup.tmp N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File created C:\Users\Admin\Downloads\OperaSetup.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\advanced-systemcare-setup.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\itop-easy-desktop-setup.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\convertmasterapp.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files\iTop Easy Desktop\UninstallInfo.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS48617CCD\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-KDBN7.tmp\Installer\Setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Wbem\wmic.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-8RV1E.tmp\itop-easy-desktop-setup.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-F06HF.tmp\advanced-systemcare-setup.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-O3L58.tmp\ASCUpgrade.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS48617CCD\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\advanced-systemcare-setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\itop-easy-desktop-setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\advanced-systemcare-setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-2CLPA.tmp\advanced-systemcare-setup.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-EG8P2.tmp\Installer\Setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-4BE42.tmp\itop-easy-desktop-setup.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files\iTop Easy Desktop\LocalLang.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTimebase.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS48617CCD\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202502051619251\assistant\Assistant_116.0.5366.21_Setup.exe_sfx.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-U5NAA.tmp\IEDInit.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files\iTop Easy Desktop\IedInit.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-O3L58.tmp\ASCUpgrade.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS48617CCD\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202502051619251\assistant\assistant_installer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202502051619251\assistant\assistant_installer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\IObit\Advanced SystemCare\LocalLang.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\OperaSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\itop-easy-desktop-setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\is-KDBN7.tmp\Installer\Setup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Temp\is-KDBN7.tmp\Installer\Setup.exe N/A

Kills process with taskkill

defense_evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-556946243-3021397321-2334405592-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-556946243-3021397321-2334405592-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Acrobat_Pro_DC_Set-Up.exe = "11001" C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556946243-3021397321-2334405592-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-556946243-3021397321-2334405592-1000_Classes\.json C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-556946243-3021397321-2334405592-1000\{BE9807F8-4A7D-4C7E-A5B9-647CE10696A7} C:\Users\Admin\Downloads\convertmasterapp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{609ED1DF-1540-4F2E-BAAC-C2C9CDB64C00}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\iTop Desktop Manager\ = "{609ED1DF-1540-4F2E-BAAC-C2C9CDB64C00}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-556946243-3021397321-2334405592-1000_Classes\json_auto_file\shell\edit\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556946243-3021397321-2334405592-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{609ED1DF-1540-4F2E-BAAC-C2C9CDB64C00}\ = "iTop Desktop Manager" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556946243-3021397321-2334405592-1000_Classes\ÉŽ C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556946243-3021397321-2334405592-1000_Classes\json_auto_file\shell C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-556946243-3021397321-2334405592-1000_Classes\json_auto_file\shell\open\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1" C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.lnk\ShellEx\iTop Desktop Manager\ = "{609ED1DF-1540-4F2E-BAAC-C2C9CDB64C00}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\iTop Desktop Manager\ = "{609ED1DF-1540-4F2E-BAAC-C2C9CDB64C00}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\iTop Desktop Manager C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556946243-3021397321-2334405592-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-556946243-3021397321-2334405592-1000_Classes\.json\ = "json_auto_file" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556946243-3021397321-2334405592-1000_Classes\json_auto_file\shell\edit C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\iTop Desktop Manager\ = "{609ED1DF-1540-4F2E-BAAC-C2C9CDB64C00}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\iTop Desktop Manager\ = "{609ED1DF-1540-4F2E-BAAC-C2C9CDB64C00}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.lnk\shellex\iTop Desktop Manager C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\iTop Desktop Manager C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556946243-3021397321-2334405592-1000_Classes\json_auto_file C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556946243-3021397321-2334405592-1000_Classes\json_auto_file\shell\edit\command C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{609ED1DF-1540-4F2E-BAAC-C2C9CDB64C00}\InprocServer32\ = "C:\\PROGRA~1\\ITOPEA~1\\IEDMenu.dll" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556946243-3021397321-2334405592-1000_Classes\json_auto_file\shell\open\command C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{609ED1DF-1540-4F2E-BAAC-C2C9CDB64C00} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\iTop Desktop Manager C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556946243-3021397321-2334405592-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556946243-3021397321-2334405592-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-556946243-3021397321-2334405592-1000_Classes\ÉŽ\ = "json_auto_file" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\iTop Desktop Manager C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\iTop Desktop Manager C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556946243-3021397321-2334405592-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-556946243-3021397321-2334405592-1000\{92E5D207-E72C-48F2-A423-B4E2A2647F40} C:\Users\Admin\Downloads\convertmasterapp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{609ED1DF-1540-4F2E-BAAC-C2C9CDB64C00}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556946243-3021397321-2334405592-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-556946243-3021397321-2334405592-1000_Classes\json_auto_file\shell\open C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\background\shellex\ContextMenuHandlers\iTop Desktop Manager\ = "{609ED1DF-1540-4F2E-BAAC-C2C9CDB64C00}" C:\Windows\system32\regsvr32.exe N/A

Modifies system certificate store

defense_evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\Temp\7zS48617CCD\setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\Temp\7zS48617CCD\setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b90f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e404000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\Temp\7zS48617CCD\setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c00000001000000040000000010000004000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\Temp\7zS48617CCD\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 C:\Users\Admin\AppData\Local\Temp\7zS48617CCD\setup.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\OperaSetup.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\advanced-systemcare-setup.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\itop-easy-desktop-setup.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\Xeno-v1.1.4-x64.zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\convertmasterapp.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Xeno-v1.1.4-x64\Xeno-v1.1.4-x64\Xeno.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xeno-v1.1.4-x64\Xeno-v1.1.4-x64\Xeno.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xeno-v1.1.4-x64\Xeno-v1.1.4-x64\Xeno.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xeno-v1.1.4-x64\Xeno-v1.1.4-x64\Xeno.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xeno-v1.1.4-x64\Xeno-v1.1.4-x64\Xeno.exe N/A
N/A N/A C:\Users\Admin\Downloads\Xeno-v1.1.4-x64\Xeno-v1.1.4-x64\Xeno.exe N/A
N/A N/A C:\Users\Admin\Downloads\convertmasterapp.exe N/A
N/A N/A C:\Users\Admin\Downloads\convertmasterapp.exe N/A
N/A N/A C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe N/A
N/A N/A C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe N/A
N/A N/A C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe N/A
N/A N/A C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe N/A
N/A N/A C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe N/A
N/A N/A C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe N/A
N/A N/A C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe N/A
N/A N/A C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe N/A
N/A N/A C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe N/A
N/A N/A C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe N/A
N/A N/A C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe N/A
N/A N/A C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe N/A
N/A N/A C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe N/A
N/A N/A C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe N/A
N/A N/A C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe N/A
N/A N/A C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe N/A
N/A N/A C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe N/A
N/A N/A C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe N/A
N/A N/A C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe N/A
N/A N/A C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe N/A
N/A N/A C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe N/A
N/A N/A C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe N/A
N/A N/A C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe N/A
N/A N/A C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe N/A
N/A N/A C:\Users\Admin\Downloads\convertmasterapp.exe N/A
N/A N/A C:\Users\Admin\Downloads\convertmasterapp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-KDBN7.tmp\Installer\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-KDBN7.tmp\Installer\Setup.exe N/A
N/A N/A C:\Windows\SysWOW64\Wbem\wmic.exe N/A
N/A N/A C:\Windows\SysWOW64\Wbem\wmic.exe N/A
N/A N/A C:\Windows\SysWOW64\Wbem\wmic.exe N/A
N/A N/A C:\Windows\SysWOW64\Wbem\wmic.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-EG8P2.tmp\Installer\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-EG8P2.tmp\Installer\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-U5NAA.tmp\IEDInit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-U5NAA.tmp\IEDInit.exe N/A
N/A N/A C:\Program Files\iTop Easy Desktop\IedInit.exe N/A
N/A N/A C:\Program Files\iTop Easy Desktop\IedInit.exe N/A
N/A N/A C:\Program Files\iTop Easy Desktop\UninstallInfo.exe N/A
N/A N/A C:\Program Files\iTop Easy Desktop\UninstallInfo.exe N/A
N/A N/A C:\Program Files\iTop Easy Desktop\UninstallInfo.exe N/A
N/A N/A C:\Program Files\iTop Easy Desktop\UninstallInfo.exe N/A
N/A N/A C:\Program Files\iTop Easy Desktop\UninstallInfo.exe N/A
N/A N/A C:\Program Files\iTop Easy Desktop\UninstallInfo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-O3L58.tmp\ASCUpgrade.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-O3L58.tmp\ASCUpgrade.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-O3L58.tmp\ASCUpgrade.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-O3L58.tmp\ASCUpgrade.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-O3L58.tmp\ASCUpgrade.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-O3L58.tmp\ASCUpgrade.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-O3L58.tmp\ASCUpgrade.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-O3L58.tmp\ASCUpgrade.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-O3L58.tmp\ASCUpgrade.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-O3L58.tmp\ASCUpgrade.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\convertmasterapp.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Downloads\convertmasterapp.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Downloads\convertmasterapp.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Downloads\convertmasterapp.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Downloads\convertmasterapp.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Downloads\convertmasterapp.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Downloads\convertmasterapp.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Downloads\convertmasterapp.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Downloads\convertmasterapp.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Downloads\convertmasterapp.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Downloads\convertmasterapp.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Downloads\convertmasterapp.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Downloads\convertmasterapp.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Downloads\convertmasterapp.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Downloads\convertmasterapp.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Downloads\convertmasterapp.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Downloads\convertmasterapp.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\convertmasterapp.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\convertmasterapp.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\convertmasterapp.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS48617CCD\setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zS48617CCD\setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\convertmasterapp.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Downloads\convertmasterapp.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Downloads\convertmasterapp.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Downloads\convertmasterapp.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Downloads\convertmasterapp.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Downloads\convertmasterapp.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Downloads\convertmasterapp.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-KDBN7.tmp\Installer\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-KDBN7.tmp\Installer\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-KDBN7.tmp\Installer\Setup.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-KDBN7.tmp\Installer\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-KDBN7.tmp\Installer\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-KDBN7.tmp\Installer\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-KDBN7.tmp\Installer\Setup.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe N/A
N/A N/A C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3444 wrote to memory of 3252 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3444 wrote to memory of 3252 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3444 wrote to memory of 3252 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3444 wrote to memory of 3252 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3444 wrote to memory of 3252 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3444 wrote to memory of 3252 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3444 wrote to memory of 3252 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3444 wrote to memory of 3252 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3444 wrote to memory of 3252 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3444 wrote to memory of 3252 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3444 wrote to memory of 3252 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3252 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3252 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3252 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3252 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3252 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3252 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3252 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3252 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3252 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3252 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3252 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3252 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3252 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3252 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3252 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3252 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3252 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3252 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3252 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3252 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3252 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3252 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3252 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3252 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3252 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3252 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3252 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3252 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3252 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3252 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3252 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3252 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3252 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3252 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3252 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3252 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3252 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3252 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3252 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3252 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3252 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3252 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3252 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3252 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3252 wrote to memory of 2236 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3252 wrote to memory of 2408 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3252 wrote to memory of 2408 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3252 wrote to memory of 2408 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3252 wrote to memory of 2408 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3252 wrote to memory of 2408 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3252 wrote to memory of 2408 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3252 wrote to memory of 2408 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3252 wrote to memory of 2408 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://xenoexecutor.com/"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://xenoexecutor.com/

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2016 -parentBuildID 20240401114208 -prefsHandle 1932 -prefMapHandle 1924 -prefsLen 27175 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {24956687-5c68-410e-8d44-93b2b40ac88e} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2448 -parentBuildID 20240401114208 -prefsHandle 2424 -prefMapHandle 2420 -prefsLen 28095 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {25a34549-d8ce-4c44-aa78-932f3a87108a} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3056 -childID 1 -isForBrowser -prefsHandle 3048 -prefMapHandle 3044 -prefsLen 22746 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {15b2dbe1-5804-4793-ac47-cf8b4dea4cda} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4124 -childID 2 -isForBrowser -prefsHandle 4116 -prefMapHandle 4112 -prefsLen 32585 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {284f62ef-44d7-407f-98a4-2ea354a5eef8} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4868 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4900 -prefMapHandle 4896 -prefsLen 32585 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a05430e-5d15-47e5-b608-0fab072b20ee} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5228 -childID 3 -isForBrowser -prefsHandle 5256 -prefMapHandle 5240 -prefsLen 27145 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3bf629dd-009a-4011-8276-bb9b46d2050f} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5400 -childID 4 -isForBrowser -prefsHandle 5200 -prefMapHandle 5204 -prefsLen 27145 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {958212b7-6397-4cb2-b076-4e4f252e0c99} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5564 -childID 5 -isForBrowser -prefsHandle 5572 -prefMapHandle 5576 -prefsLen 27145 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {12dd452c-dd3f-4c4c-ae66-1410052829ab} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6212 -parentBuildID 20240401114208 -prefsHandle 6272 -prefMapHandle 6268 -prefsLen 32777 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eca13020-7864-44f2-a45f-4ac692e10357} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6436 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 6432 -prefMapHandle 6272 -prefsLen 32777 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {45b77d0d-eac7-4d04-af41-69ba12c9bde8} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6652 -childID 6 -isForBrowser -prefsHandle 6644 -prefMapHandle 6624 -prefsLen 27226 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d53dc36-f63d-471e-b2c0-64dec477d7af} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5320 -childID 7 -isForBrowser -prefsHandle 5292 -prefMapHandle 5308 -prefsLen 27226 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c491c4d-c460-413b-9d56-f39f1be43c51} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6988 -childID 8 -isForBrowser -prefsHandle 6980 -prefMapHandle 6976 -prefsLen 34262 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {52a64b53-714f-49ad-83f9-766c9437454a} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\ed50f6bd-7264-4e49-b9ef-f416f04c2663_Xeno-v1.1.4-x64.zip.663\Xeno-v1.1.4-x64\XenoUI.deps.json

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\5dfccf62-e8da-4f50-8bee-79bb07de2b6a_Xeno-v1.1.4-x64.zip.b6a\Xeno-v1.1.4-x64\XenoUI.runtimeconfig.json

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\3683605f-80d8-4d3a-8e79-b006063ed06f_Xeno-v1.1.4-x64.zip.06f\Xeno-v1.1.4-x64\XenoUI.deps.json

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\35ee4b15-c8bf-46a6-9b16-4ba91de34999_Xeno-v1.1.4-x64.zip.999\Xeno-v1.1.4-x64\Xeno.dll

C:\Users\Admin\AppData\Local\Temp\7320d721-d26d-4740-a7b3-f82d0840ef45_Xeno-v1.1.4-x64.zip.f45\Xeno-v1.1.4-x64\Xeno.exe

"C:\Users\Admin\AppData\Local\Temp\7320d721-d26d-4740-a7b3-f82d0840ef45_Xeno-v1.1.4-x64.zip.f45\Xeno-v1.1.4-x64\Xeno.exe"

C:\Users\Admin\Downloads\Xeno-v1.1.4-x64\Xeno-v1.1.4-x64\Xeno.exe

"C:\Users\Admin\Downloads\Xeno-v1.1.4-x64\Xeno-v1.1.4-x64\Xeno.exe"

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Xeno-v1.1.4-x64\Xeno-v1.1.4-x64\XenoUI.runtimeconfig.json

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7384 -childID 9 -isForBrowser -prefsHandle 7268 -prefMapHandle 1184 -prefsLen 28671 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f020400a-4ee3-45d1-8173-9a4e1aa2d7c6} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2792 -childID 10 -isForBrowser -prefsHandle 4728 -prefMapHandle 4788 -prefsLen 28671 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e9cfff5-fcb1-4d1c-b6c6-9cb7ee8853cd} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4728 -childID 11 -isForBrowser -prefsHandle 5764 -prefMapHandle 3040 -prefsLen 28671 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3f7a30f-70b9-45ff-a3b4-b0622f859f44} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4728 -childID 12 -isForBrowser -prefsHandle 7652 -prefMapHandle 7644 -prefsLen 28671 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d81a0be-c1c0-48c0-b2e5-ca50fc79674b} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4816 -childID 13 -isForBrowser -prefsHandle 7932 -prefMapHandle 6248 -prefsLen 28796 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {94f6a249-43ae-4fa7-8926-c21725ce8e49} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8648 -childID 14 -isForBrowser -prefsHandle 8636 -prefMapHandle 8516 -prefsLen 28796 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a15c998c-b659-427f-9bc9-b0e6cd3ccd7f} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8668 -childID 15 -isForBrowser -prefsHandle 8804 -prefMapHandle 8808 -prefsLen 28796 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {76f3a05a-5cbc-4d6f-97ec-1029671adbd5} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9128 -childID 16 -isForBrowser -prefsHandle 9120 -prefMapHandle 9104 -prefsLen 28796 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8436917f-b084-446d-b4b9-bcae6eaaeab8} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7768 -childID 17 -isForBrowser -prefsHandle 8080 -prefMapHandle 8084 -prefsLen 28796 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {46d258f4-fc16-4ad1-a8de-e8cf1e5e0810} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9068 -childID 18 -isForBrowser -prefsHandle 8732 -prefMapHandle 8744 -prefsLen 28796 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4781c0c-f2b9-45ce-be8f-8071096fb347} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4648 -childID 19 -isForBrowser -prefsHandle 5260 -prefMapHandle 6880 -prefsLen 28796 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9d1a8b9a-c975-4ae5-be76-4480a8612bf8} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2892 -childID 20 -isForBrowser -prefsHandle 8068 -prefMapHandle 7788 -prefsLen 28796 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f78a3ad3-4eb0-40ab-8900-c8116fc91c66} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7592 -childID 21 -isForBrowser -prefsHandle 6844 -prefMapHandle 3500 -prefsLen 28796 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {349ef130-4b15-47b8-9aef-f28aadeb860b} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8764 -childID 22 -isForBrowser -prefsHandle 9044 -prefMapHandle 8684 -prefsLen 28796 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9165d2a8-7461-4639-ad80-c043b071436c} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9544 -childID 23 -isForBrowser -prefsHandle 8672 -prefMapHandle 7560 -prefsLen 28796 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {997f1762-9c83-4097-b786-9f7bc76539b8} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3144 -childID 24 -isForBrowser -prefsHandle 3148 -prefMapHandle 5496 -prefsLen 28796 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {704a57f5-f209-473c-a51f-482114150247} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10076 -childID 25 -isForBrowser -prefsHandle 3312 -prefMapHandle 3108 -prefsLen 28796 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e445f54-1711-417b-b3de-54c3e438e12b} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10064 -childID 26 -isForBrowser -prefsHandle 7588 -prefMapHandle 6240 -prefsLen 28796 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab7156d7-8e5b-4e98-8569-6f288822c88e} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10272 -childID 27 -isForBrowser -prefsHandle 10216 -prefMapHandle 10376 -prefsLen 28796 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {89e24900-abce-445a-a7c4-b58362ea0f97} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10564 -childID 28 -isForBrowser -prefsHandle 10572 -prefMapHandle 10576 -prefsLen 28796 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7919df7d-1cd8-42d6-9048-7479e67d84c9} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10416 -childID 29 -isForBrowser -prefsHandle 10432 -prefMapHandle 10408 -prefsLen 28796 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d32abe8-00c8-4d76-bfe8-1884dac6272f} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10364 -childID 30 -isForBrowser -prefsHandle 10308 -prefMapHandle 10304 -prefsLen 28796 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {780f778e-834e-45d5-9e1e-c581ee6a03b1} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9940 -childID 31 -isForBrowser -prefsHandle 10128 -prefMapHandle 9696 -prefsLen 28796 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {30820e80-0295-4ffd-9a28-161f534449a1} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10980 -childID 32 -isForBrowser -prefsHandle 10752 -prefMapHandle 10744 -prefsLen 28796 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {929842c0-4066-4050-bbcc-b9fa4d8cc4dd} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11436 -childID 33 -isForBrowser -prefsHandle 11428 -prefMapHandle 11424 -prefsLen 28796 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6858cd12-cf61-45bf-b50c-ef3a5743cf38} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Users\Admin\Downloads\convertmasterapp.exe

"C:\Users\Admin\Downloads\convertmasterapp.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9412 -childID 34 -isForBrowser -prefsHandle 11656 -prefMapHandle 7860 -prefsLen 28796 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eda43ec4-f436-4a36-99b8-53b8bb98f1ce} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8768 -childID 35 -isForBrowser -prefsHandle 9260 -prefMapHandle 9132 -prefsLen 28796 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bfa9c67a-32c1-44bf-9b03-188224582019} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11392 -childID 36 -isForBrowser -prefsHandle 10932 -prefMapHandle 10920 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91ba5073-d045-4b45-a249-d16a5992d247} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11664 -childID 37 -isForBrowser -prefsHandle 5784 -prefMapHandle 3132 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5caaa243-1d62-4872-81f3-ad7ca6d30ac1} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8152 -childID 38 -isForBrowser -prefsHandle 12164 -prefMapHandle 3052 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {50a36aa5-1375-4cbc-98df-4500501fe40e} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://convertmasterapp.com/thankyou/?tyid=6228bdeb-8e91-4fe9-a02d-eec2c339c1f9

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://convertmasterapp.com/thankyou/?tyid=6228bdeb-8e91-4fe9-a02d-eec2c339c1f9

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=12112 -childID 39 -isForBrowser -prefsHandle 10960 -prefMapHandle 11216 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f61c0f79-47bf-4aaa-b57e-1eaffdde0706} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10840 -childID 40 -isForBrowser -prefsHandle 8820 -prefMapHandle 3132 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c0b0e1ad-c883-4968-8daf-ceb48c7c8fd0} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=12172 -childID 41 -isForBrowser -prefsHandle 6220 -prefMapHandle 8676 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {77541964-acfe-4b90-b01e-b58709cf78ee} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11012 -childID 42 -isForBrowser -prefsHandle 9024 -prefMapHandle 12120 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7140cabe-e692-4e20-b290-47bdeb6522e1} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe

"C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10896 -childID 43 -isForBrowser -prefsHandle 8676 -prefMapHandle 2752 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {83fd4009-1470-4eeb-abc2-dededb5a7478} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=12460 -childID 44 -isForBrowser -prefsHandle 8632 -prefMapHandle 12464 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {22c36e03-361e-4760-bb27-ee29bba67f4d} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=12068 -childID 45 -isForBrowser -prefsHandle 12560 -prefMapHandle 12344 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {12bafe05-cb0d-45fe-a2c1-acf6579c218f} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=12408 -childID 46 -isForBrowser -prefsHandle 12392 -prefMapHandle 12396 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {42e4b696-0e61-4c57-b4d7-88c9e101d1de} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=12680 -childID 47 -isForBrowser -prefsHandle 12664 -prefMapHandle 12528 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e227c6e3-b977-4f5c-a089-a7458e983fb5} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9660 -childID 48 -isForBrowser -prefsHandle 9648 -prefMapHandle 9632 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {959f6a53-0f07-419a-a916-9ac4a547b4b6} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8632 -childID 49 -isForBrowser -prefsHandle 8184 -prefMapHandle 12556 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7cd79507-713c-4705-a7a1-2d780ea2bb42} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10372 -childID 50 -isForBrowser -prefsHandle 8748 -prefMapHandle 9608 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c72c2518-167d-4c50-b96a-aa4427d3b8b1} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=12772 -childID 51 -isForBrowser -prefsHandle 9560 -prefMapHandle 10892 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3eadacf3-096e-47e1-b989-be185d9c4a3d} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=12344 -childID 52 -isForBrowser -prefsHandle 9396 -prefMapHandle 9036 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {832f1003-9014-48c2-a59a-791c2f8e3ec7} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5260 -childID 53 -isForBrowser -prefsHandle 9504 -prefMapHandle 9500 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {71ab5712-afc9-4ee2-844a-94c35ca3dac0} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9960 -childID 54 -isForBrowser -prefsHandle 9496 -prefMapHandle 9036 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9053029a-84ff-4248-ab3b-2750b42a5881} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9704 -childID 55 -isForBrowser -prefsHandle 10144 -prefMapHandle 10156 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {360d4f11-f802-4fb0-980c-37a99298c05e} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9568 -childID 56 -isForBrowser -prefsHandle 9652 -prefMapHandle 12556 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {75414fe5-8081-4dfe-aaaf-f17ef1050a28} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10056 -childID 57 -isForBrowser -prefsHandle 10532 -prefMapHandle 9704 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {14ce22a6-e1dc-4f57-8418-b3c6438da3b9} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=12648 -childID 58 -isForBrowser -prefsHandle 8724 -prefMapHandle 8696 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1cad3aa2-875d-41a7-a6d0-0d73a838e07b} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=12472 -childID 59 -isForBrowser -prefsHandle 10188 -prefMapHandle 10172 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {222cebb2-c68e-4579-8571-c271bb32fb48} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10972 -childID 60 -isForBrowser -prefsHandle 5776 -prefMapHandle 6384 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c8ef132-f019-4e6d-8a3d-3626a16503d2} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9628 -childID 61 -isForBrowser -prefsHandle 6384 -prefMapHandle 5776 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {58ad2c53-66df-4dbd-8d7c-9f458438692c} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9816 -childID 62 -isForBrowser -prefsHandle 10972 -prefMapHandle 10848 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a33def9a-b971-4ae6-af50-2518c7a3ba4c} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10192 -childID 63 -isForBrowser -prefsHandle 9808 -prefMapHandle 10520 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {453b6185-9e74-4a6f-bd90-c2ea0c19375e} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=12072 -childID 64 -isForBrowser -prefsHandle 10100 -prefMapHandle 8988 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f0e9f79-933b-41e2-83f5-01ab3248c915} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8696 -childID 65 -isForBrowser -prefsHandle 9680 -prefMapHandle 10444 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ccffdfc-6c5b-4c26-b93f-272bdf927430} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7832 -childID 66 -isForBrowser -prefsHandle 3148 -prefMapHandle 9512 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff7502ec-ce48-4e73-b3e7-a87779e43f46} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=12768 -childID 67 -isForBrowser -prefsHandle 5304 -prefMapHandle 5320 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c6daca4-f683-462b-a2c8-88df33fe50fb} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=12428 -childID 68 -isForBrowser -prefsHandle 8892 -prefMapHandle 9380 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b223f52-20d5-4bd1-8764-a0bdc4d7fa78} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=13092 -childID 69 -isForBrowser -prefsHandle 7788 -prefMapHandle 13044 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {27961ad5-7e6e-45f5-b59a-9d39eaa21c5b} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3148 -childID 70 -isForBrowser -prefsHandle 9148 -prefMapHandle 8080 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {134f0d33-98b6-4f22-9a25-0f231a85d1a4} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11208 -childID 71 -isForBrowser -prefsHandle 9876 -prefMapHandle 9720 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6604e31d-400b-47de-b66e-58a6665e9015} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10252 -childID 72 -isForBrowser -prefsHandle 9648 -prefMapHandle 9588 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c135a1f3-dca2-4c5d-bcf6-c5bdd26d3e69} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10316 -childID 73 -isForBrowser -prefsHandle 13164 -prefMapHandle 10384 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8503bdad-1ffe-40c5-8c8f-b5bce703df48} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10620 -childID 74 -isForBrowser -prefsHandle 8172 -prefMapHandle 10404 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb0e1d40-ebd0-4fa5-86d2-0b5bd322dbb7} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=13124 -childID 75 -isForBrowser -prefsHandle 12804 -prefMapHandle 10972 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {95da22c7-d56b-47ba-9c46-5816eb1735db} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=12792 -childID 76 -isForBrowser -prefsHandle 12736 -prefMapHandle 7964 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {105593b1-e945-4b35-98c3-936871795dd1} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10388 -childID 77 -isForBrowser -prefsHandle 13108 -prefMapHandle 5264 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ae474c2-73dd-40ac-878c-730ace597002} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8976 -childID 78 -isForBrowser -prefsHandle 11716 -prefMapHandle 9260 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {37a90992-acdc-41cd-9e38-803eb1f90027} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10320 -childID 79 -isForBrowser -prefsHandle 13540 -prefMapHandle 13544 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0795e7b0-7e1c-4763-92ac-d5bbf8bdb411} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=13596 -childID 80 -isForBrowser -prefsHandle 13604 -prefMapHandle 13600 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b288f24-d780-426f-9173-5601f5f32a0f} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=13356 -childID 81 -isForBrowser -prefsHandle 9812 -prefMapHandle 12596 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {069029f2-8551-4e8c-b026-ab557f1a6ef7} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=12544 -childID 82 -isForBrowser -prefsHandle 12724 -prefMapHandle 9584 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {957b05ef-103d-442c-b220-e80140da84d7} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Users\Admin\Downloads\OperaSetup.exe

"C:\Users\Admin\Downloads\OperaSetup.exe"

C:\Users\Admin\AppData\Local\Temp\7zS48617CCD\setup.exe

C:\Users\Admin\AppData\Local\Temp\7zS48617CCD\setup.exe --server-tracking-blob=NzUxN2I5MzFkZDU2NDk5MTBkYTQxMjhhMmU5NmJkZTA3MWVkYjQ1MmU0MTlkNzE2MDRlYzc1NzljOWI3OWM4YTp7ImNvdW50cnkiOiJHQiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5maWxlaG9yc2UuY29tLyIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fc291cmNlPXNvZnRvbmljJnV0bV9tZWRpdW09YXBiJnV0bV9jYW1wYWlnbj1DUElfV0lOX0ZIUyIsInRpbWVzdGFtcCI6IjE3Mzg3NzIzNTMuMDU3NyIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQ7IHJ2OjEyNC4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzEyNC4wIiwidXRtIjp7ImNhbXBhaWduIjoiQ1BJX1dJTl9GSFMiLCJtZWRpdW0iOiJhcGIiLCJzb3VyY2UiOiJzb2Z0b25pYyJ9LCJ1dWlkIjoiOTZkOWMyNmItZjgyMC00NGYxLWFiNDYtMmFjZDJmMDlkNzkxIn0=

C:\Users\Admin\AppData\Local\Temp\7zS48617CCD\setup.exe

C:\Users\Admin\AppData\Local\Temp\7zS48617CCD\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=116.0.5366.71 --initial-client-data=0x338,0x33c,0x340,0x334,0x344,0x7103cf5c,0x7103cf68,0x7103cf74

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe" --version

C:\Users\Admin\AppData\Local\Temp\7zS48617CCD\setup.exe

"C:\Users\Admin\AppData\Local\Temp\7zS48617CCD\setup.exe" --backend --install --import-browser-data=0 --enable-crash-reporting=1 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --launchopera=1 --showunbox=0 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=6196 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20250205161925" --session-guid=e77f7e82-fe3b-483e-ae3f-2bdeeb682943 --server-tracking-blob="ZmVlODgzZTZiM2IyNjBjM2ZhZjQ5NWRhOWYxOGQ3YmFiZThlZTliMWI5MmVkNTY5MDVjNjJkNTRjYzBiZmNjMDp7ImNvdW50cnkiOiJHQiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5maWxlaG9yc2UuY29tLyIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fc291cmNlPXNvZnRvbmljJnV0bV9tZWRpdW09YXBiJnV0bV9jYW1wYWlnbj1DUElfV0lOX0ZIUyIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTczODc3MjM1My4wNTc3IiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTI0LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTI0LjAiLCJ1dG0iOnsiY2FtcGFpZ24iOiJDUElfV0lOX0ZIUyIsIm1lZGl1bSI6ImFwYiIsInNvdXJjZSI6InNvZnRvbmljIn0sInV1aWQiOiI5NmQ5YzI2Yi1mODIwLTQ0ZjEtYWI0Ni0yYWNkMmYwOWQ3OTEifQ== " --desktopshortcut=1 --wait-for-package --initial-proc-handle=3C09000000000000

C:\Users\Admin\AppData\Local\Temp\7zS48617CCD\setup.exe

C:\Users\Admin\AppData\Local\Temp\7zS48617CCD\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=116.0.5366.71 --initial-client-data=0x344,0x348,0x34c,0x2f8,0x350,0x6faccf5c,0x6faccf68,0x6faccf74

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=13116 -childID 83 -isForBrowser -prefsHandle 6228 -prefMapHandle 8220 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0716caf0-1f88-4bd9-816d-a6e19b2ff360} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9636 -childID 84 -isForBrowser -prefsHandle 12592 -prefMapHandle 11100 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {99fe047f-f6c6-40f1-9a87-b62f59c4cdaf} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe

"C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe"

C:\Users\Admin\Downloads\convertmasterapp.exe

"C:\Users\Admin\Downloads\convertmasterapp.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7452 -childID 85 -isForBrowser -prefsHandle 3084 -prefMapHandle 12292 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f4f9010-dad5-42fa-86a0-890c62bb3e56} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202502051619251\assistant\Assistant_116.0.5366.21_Setup.exe_sfx.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202502051619251\assistant\Assistant_116.0.5366.21_Setup.exe_sfx.exe"

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202502051619251\assistant\assistant_installer.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202502051619251\assistant\assistant_installer.exe" --version

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202502051619251\assistant\assistant_installer.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202502051619251\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=116.0.5366.21 --initial-client-data=0x260,0x264,0x268,0x23c,0x26c,0x1170ac4,0x1170ad0,0x1170adc

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=13340 -childID 86 -isForBrowser -prefsHandle 9012 -prefMapHandle 14244 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {356d6f75-4f15-4571-aeb4-70f0727a2264} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8704 -childID 87 -isForBrowser -prefsHandle 7404 -prefMapHandle 3084 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {71a4d2de-a3ed-4754-b624-62ce372a5060} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=12528 -childID 88 -isForBrowser -prefsHandle 10100 -prefMapHandle 14120 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4eb2efd1-6143-4664-918d-14b6b50419e3} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11100 -childID 89 -isForBrowser -prefsHandle 9016 -prefMapHandle 9276 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c7d9d0e3-4641-49d9-9be1-f294aff5f8f4} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=14176 -childID 90 -isForBrowser -prefsHandle 9012 -prefMapHandle 10312 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {da3e1f3a-dcb1-4780-8409-1daa7b58d998} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://convertmasterapp.com/thankyou/?tyid=6228bdeb-8e91-4fe9-a02d-eec2c339c1f9

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://convertmasterapp.com/thankyou/?tyid=6228bdeb-8e91-4fe9-a02d-eec2c339c1f9

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7452 -childID 91 -isForBrowser -prefsHandle 1104 -prefMapHandle 12040 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8503f89-0d83-425d-bd6e-98ef73aac369} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2584 -childID 92 -isForBrowser -prefsHandle 9880 -prefMapHandle 10960 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {18d20641-e565-4d1d-9feb-e318634a9218} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=14240 -childID 93 -isForBrowser -prefsHandle 13824 -prefMapHandle 9712 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {339a24c2-5503-4c2f-a23e-5f987c1703f1} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5992 -childID 94 -isForBrowser -prefsHandle 13824 -prefMapHandle 14240 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {76794b89-8a58-45de-930d-f90688444c0f} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Users\Admin\Downloads\advanced-systemcare-setup.exe

"C:\Users\Admin\Downloads\advanced-systemcare-setup.exe"

C:\Users\Admin\AppData\Local\Temp\is-2CLPA.tmp\advanced-systemcare-setup.tmp

"C:\Users\Admin\AppData\Local\Temp\is-2CLPA.tmp\advanced-systemcare-setup.tmp" /SL5="$40402,57539275,139264,C:\Users\Admin\Downloads\advanced-systemcare-setup.exe"

C:\Users\Admin\AppData\Local\Temp\is-KDBN7.tmp\Installer\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\is-KDBN7.tmp\Installer\Setup.exe" /InnoSetup "C:\Users\Admin\Downloads\advanced-systemcare-setup.exe"

C:\Windows\SysWOW64\Wbem\wmic.exe

wmic computersystem get model

C:\Users\Admin\Downloads\itop-easy-desktop-setup.exe

"C:\Users\Admin\Downloads\itop-easy-desktop-setup.exe"

C:\Users\Admin\AppData\Local\Temp\is-8RV1E.tmp\itop-easy-desktop-setup.tmp

"C:\Users\Admin\AppData\Local\Temp\is-8RV1E.tmp\itop-easy-desktop-setup.tmp" /SL5="$3042C,43220498,221696,C:\Users\Admin\Downloads\itop-easy-desktop-setup.exe"

C:\Users\Admin\AppData\Local\Temp\is-EG8P2.tmp\Installer\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\is-EG8P2.tmp\Installer\Setup.exe" /innoSetup "C:\Users\Admin\Downloads\itop-easy-desktop-setup.exe" "/Ver=2.8.1.18"

C:\Users\Admin\Downloads\itop-easy-desktop-setup.exe

"C:\Users\Admin\Downloads\itop-easy-desktop-setup.exe" /VerySilent /DIR /UNINSTALL /INSTALLER /NORESTART /do /TASKS="desktopicon" /CreateTaskbar "C:\Program Files\iTop Easy Desktop\"

C:\Users\Admin\AppData\Local\Temp\is-4BE42.tmp\itop-easy-desktop-setup.tmp

"C:\Users\Admin\AppData\Local\Temp\is-4BE42.tmp\itop-easy-desktop-setup.tmp" /SL5="$1047C,43220498,221696,C:\Users\Admin\Downloads\itop-easy-desktop-setup.exe" /VerySilent /DIR /UNINSTALL /INSTALLER /NORESTART /do /TASKS="desktopicon" /CreateTaskbar "C:\Program Files\iTop Easy Desktop\"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c sc stop iTopEasyDesktopService

C:\Windows\SysWOW64\sc.exe

sc stop iTopEasyDesktopService

C:\Users\Admin\AppData\Local\Temp\is-U5NAA.tmp\IEDInit.exe

"C:\Users\Admin\AppData\Local\Temp\is-U5NAA.tmp\IEDInit.exe" /DeleteAllFile /reinstall=1 /InstallDir="C:\Program Files\iTop Easy Desktop"

C:\Users\Admin\Downloads\advanced-systemcare-setup.exe

"C:\Users\Admin\Downloads\advanced-systemcare-setup.exe" /VerySilent /DIR="C:\Program Files (x86)\IObit\Advanced SystemCare\" /UNINSTALL /INSTALLER /NORESTART /TASKS="desktopicon" /CreateTaskbar

C:\Users\Admin\AppData\Local\Temp\is-F06HF.tmp\advanced-systemcare-setup.tmp

"C:\Users\Admin\AppData\Local\Temp\is-F06HF.tmp\advanced-systemcare-setup.tmp" /SL5="$204CE,57539275,139264,C:\Users\Admin\Downloads\advanced-systemcare-setup.exe" /VerySilent /DIR="C:\Program Files (x86)\IObit\Advanced SystemCare\" /UNINSTALL /INSTALLER /NORESTART /TASKS="desktopicon" /CreateTaskbar

C:\Program Files\iTop Easy Desktop\LocalLang.exe

"C:\Program Files\iTop Easy Desktop\LocalLang.exe"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files\iTop Easy Desktop\IEDMenu.dll"

C:\Program Files\iTop Easy Desktop\IedInit.exe

"C:\Program Files\iTop Easy Desktop\IedInit.exe" /SetupFile="C:\Users\Admin\Downloads\itop-easy-desktop-setup.exe" /reinstall=0 /insur= /OldVersion=

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files\iTop Easy Desktop\IEDMenu.dll"

C:\Program Files\iTop Easy Desktop\UninstallInfo.exe

"C:\Program Files\iTop Easy Desktop\UninstallInfo.exe" /install ied2

C:\Users\Admin\AppData\Local\Temp\is-O3L58.tmp\ASCUpgrade.exe

"C:\Users\Admin\AppData\Local\Temp\is-O3L58.tmp\ASCUpgrade.exe" /upgrade "c:\program files (x86)\iobit\advanced systemcare"

C:\Users\Admin\AppData\Local\Temp\is-O3L58.tmp\ASCUpgrade.exe

"C:\Users\Admin\AppData\Local\Temp\is-O3L58.tmp\ASCUpgrade.exe" /CleanDir "C:\Program Files (x86)\IObit\Advanced SystemCare\"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10608 -childID 95 -isForBrowser -prefsHandle 10284 -prefMapHandle 10452 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b20190ff-870e-4561-8d86-5b603dd69f78} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3100 -childID 96 -isForBrowser -prefsHandle 9012 -prefMapHandle 13156 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6faebe11-80f2-473c-8868-cd39820c22fd} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10372 -childID 97 -isForBrowser -prefsHandle 8832 -prefMapHandle 12680 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e3568a85-9470-46f7-98f0-808c1ae36840} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files (x86)\IObit\Advanced SystemCare\LocalLang.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\LocalLang.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c sc create iTopEasyDesktopService binPath= "\"C:\Program Files\iTop Easy Desktop\IEDService.exe\"" start= auto DisplayName= "iTop Easy Desktop Service"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c sc description iTopEasyDesktopService "iTop Easy Desktop Service"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9268 -childID 98 -isForBrowser -prefsHandle 12348 -prefMapHandle 9804 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2852bd9a-ff0c-4fe3-b25c-0c9cecc5d968} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Windows\SysWOW64\sc.exe

sc create iTopEasyDesktopService binPath= "\"C:\Program Files\iTop Easy Desktop\IEDService.exe\"" start= auto DisplayName= "iTop Easy Desktop Service"

C:\Windows\SysWOW64\sc.exe

sc description iTopEasyDesktopService "iTop Easy Desktop Service"

C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe" /install /CreateTaskBar /Installer=true /insur=

C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe"

C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTimebase.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTimebase.exe" /boottime

C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe" /mainData

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c SC description AdvancedSystemCareService18 "Advanced SystemCare Service"

C:\Windows\SysWOW64\sc.exe

SC description AdvancedSystemCareService18 "Advanced SystemCare Service"

C:\Program Files (x86)\IObit\Advanced SystemCare\UninstallInfo.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\UninstallInfo.exe" /install asc18

C:\Program Files (x86)\IObit\Advanced SystemCare\PinLink\ICONPIN64.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\PinLink\ICONPIN64.exe" Pin "C:\Users\Public\Desktop\Advanced SystemCare.lnk"

C:\Windows\System32\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll"

C:\Program Files (x86)\IObit\Advanced SystemCare\BrowserCleaner.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\BrowserCleaner.exe" /InitData

C:\Program Files (x86)\IObit\Advanced SystemCare\PrivacyShield.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\PrivacyShield.exe" /ShowStr=silentWriteCache

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c sc start iTopEasyDesktopService

C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe" /UpdateTaskschd

C:\Program Files\iTop Easy Desktop\AutoUpdate.exe

"C:\Program Files\iTop Easy Desktop\AutoUpdate.exe" /Auto

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=12792 -childID 99 -isForBrowser -prefsHandle 8040 -prefMapHandle 10524 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c502fc3c-1455-4aa9-9daf-762e4f5a5d24} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Windows\SysWOW64\sc.exe

sc start iTopEasyDesktopService

C:\Program Files\iTop Easy Desktop\IEDService.exe

"C:\Program Files\iTop Easy Desktop\IEDService.exe"

C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe" /install

C:\Program Files (x86)\IObit\Advanced SystemCare\DiskDefrag.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\DiskDefrag.exe" /install

C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe" /Run

C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe" /start

C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe" /RunCurUs

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7472 -childID 100 -isForBrowser -prefsHandle 12632 -prefMapHandle 14212 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {848a55fe-afd7-4be1-af2f-27f8bdfeb6b6} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.iobit.com/appgoto.php?name=asc&ver=18.1.0.201&lan=&st=asc_install&ref=asc18&aff=&idata=eyJhc2MiOjEsImRiIjoxMCwiaW1mIjoxMCwiaXUiOjEwLCJzZCI6MTAsImlzdSI6MTB9&usr=0&instd=1&litype=free&expd=0&insur=other

C:\Program Files (x86)\IObit\Advanced SystemCare\BrowserProtect.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\BrowserProtect.exe" /TurnOn

C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffc1bc646f8,0x7ffc1bc64708,0x7ffc1bc64718

C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe"

C:\Program Files (x86)\IObit\Advanced SystemCare\ActionCenterDownloader.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\ActionCenterDownloader.exe" /Product=ASC18 "/Config=https://update.iobit.com/infofiles/installer/Freeware-asc.upt" "iTop VPN Installer B" "iTop Screen Recorder Installer" "iTop Easy Desktop Installer"

C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe" /statcom /stflag 601 /appid "asc18" /pd "asc" /url "https://stats.iobit.com/usage_v2.php?action=insert" /user 0 /insur "other" /type 1 /pr "iobit" /ver "18.1.0.201"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,11277727634825211904,2444724508840690435,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,11277727634825211904,2444724508840690435,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3

C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe" /AddAutoRun /3 /43003A005C00570069006E0064006F00770073005C00730079007300740065006D00330032005C005400610073006B0073005C004100530043005F0050006500720066006F0072006D0061006E00630065004D006F006E00690074006F007200

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,11277727634825211904,2444724508840690435,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8

C:\Windows\SysWOW64\Wbem\wmic.exe

wmic computersystem get model

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11277727634825211904,2444724508840690435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11277727634825211904,2444724508840690435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\iTop Easy Desktop\iiopdcs.exe

"C:\Program Files\iTop Easy Desktop\iiopdcs.exe" /itp /rnd=3

C:\Program Files\iTop Easy Desktop\iEasyDesk.exe

"C:\Program Files\iTop Easy Desktop\iEasyDesk.exe" /SetupRun

C:\Program Files\iTop Easy Desktop\IEDSearch.exe

"C:\Program Files\iTop Easy Desktop\IEDSearch.exe" /Service

C:\Program Files (x86)\IObit\Advanced SystemCare\Display.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\Display.exe" /service

C:\Program Files (x86)\IObit\Advanced SystemCare\AutoSweep.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\AutoSweep.exe" /SvcAutoClean

C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe" /AddAutoRun /3 /43003A005C00570069006E0064006F00770073005C00730079007300740065006D00330032005C005400610073006B0073005C004D006900630072006F0073006F00660074005C00570069006E0064006F00770073005C00570069006E0064006F00770073005500700064006100740065005C005300630068006500640075006C0065006400200053007400610072007400

C:\ProgramData\IObit\ASCDownloader\ASC18\iTopSetup.exe

"C:\ProgramData\IObit\ASCDownloader\ASC18\iTopSetup.exe" /sp- /verysilent /suppressmsgboxes /NORESTART /insur=asc_inb

C:\Users\Admin\AppData\Local\Temp\is-BQBAS.tmp\iTopSetup.tmp

"C:\Users\Admin\AppData\Local\Temp\is-BQBAS.tmp\iTopSetup.tmp" /SL5="$70420,26483708,141312,C:\ProgramData\IObit\ASCDownloader\ASC18\iTopSetup.exe" /sp- /verysilent /suppressmsgboxes /NORESTART /insur=asc_inb

C:\Program Files (x86)\IObit\Advanced SystemCare\BrowserProtect.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\BrowserProtect.exe" /popup

C:\Users\Admin\AppData\Local\Temp\is-6LH2S.tmp\ugin.exe

"C:\Users\Admin\AppData\Local\Temp\is-6LH2S.tmp\ugin.exe" /kill

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "ugin.exe"

C:\Program Files (x86)\iTop VPN\ugin.exe

"C:\Program Files (x86)\iTop VPN\ugin.exe" /kill /updagrade

C:\Program Files (x86)\iTop VPN\ugin.exe

"C:\Program Files (x86)\iTop VPN\ugin.exe" /InitTop /ver 6.2.0.5957 /install

C:\Program Files (x86)\iTop VPN\ullc.exe

"C:\Program Files (x86)\iTop VPN\ullc.exe"

C:\Program Files (x86)\iTop VPN\iTopVPN.exe

"C:\Program Files (x86)\iTop VPN\iTopVPN.exe" /installinit

C:\Program Files (x86)\iTop VPN\ugin.exe

"C:\Program Files (x86)\iTop VPN\ugin.exe" /init /ver 6.2.0.5957 /force /f /inspkg "C:\ProgramData\IObit\ASCDownloader\ASC18\iTopSetup.exe" /insur "asc_inb" /PINTOTASKBAR

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c sc stop windivert

C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe" /statcom /stflag 346 /appid "asc18" /pd "asc" /url "https://stats.iobit.com/usage_v2.php?action=insert" /user 0 /insur "other" /type 1 /pr "iobit" /ver "18.1.0.201"

C:\Windows\SysWOW64\sc.exe

sc stop windivert

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c sc stop windivert

C:\Windows\SysWOW64\sc.exe

sc stop windivert

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11692 -childID 101 -isForBrowser -prefsHandle 12756 -prefMapHandle 7508 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e789139-ca8b-41b4-bc49-3e2f71cb81f8} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c sc delete windivert

C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe" /AddAutoRun /3 /43003A005C00570069006E0064006F00770073005C00730079007300740065006D00330032005C005400610073006B0073005C00690054006F007000560050004E005F0053006B00690070005500410043005F00410064006D0069006E00

C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe" /AddAutoRun /3 /43003A005C00570069006E0064006F00770073005C00730079007300740065006D00330032005C005400610073006B0073005C00690054006F007000560050004E005F005300630068006500640075006C00650072005F00410064006D0069006E00

C:\Windows\SysWOW64\sc.exe

sc delete windivert

C:\Program Files (x86)\iTop VPN\icop64.exe

"C:\Program Files (x86)\iTop VPN\icop64.exe" Pin "C:\Program Files (x86)\iTop VPN\iTopVPN.exe"

C:\ProgramData\IObit\ASCDownloader\ASC18\ISRSetup.exe

"C:\ProgramData\IObit\ASCDownloader\ASC18\ISRSetup.exe" /sp- /verysilent /suppressmsgboxes /insur=asc_in

C:\Program Files (x86)\iTop VPN\ugin.exe

"C:\Program Files (x86)\iTop VPN\ugin.exe" /checkwelcome

C:\Users\Admin\AppData\Local\Temp\is-EEGCU.tmp\ISRSetup.tmp

"C:\Users\Admin\AppData\Local\Temp\is-EEGCU.tmp\ISRSetup.tmp" /SL5="$B04D0,117316101,230912,C:\ProgramData\IObit\ASCDownloader\ASC18\ISRSetup.exe" /sp- /verysilent /suppressmsgboxes /insur=asc_in

C:\Program Files (x86)\IObit\Advanced SystemCare\AutoCare.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\AutoCare.exe" /autorun /AdvanceScan

C:\Program Files (x86)\iTop VPN\ugin.exe

"C:\Program Files (x86)\iTop VPN\ugin.exe" /setlan "English"

C:\Program Files (x86)\iTop VPN\unpr.exe

"C:\Program Files (x86)\iTop VPN\unpr.exe" /install itop6

C:\Program Files (x86)\iTop VPN\iTopVPN.exe

"C:\Program Files (x86)\iTop VPN\iTopVPN.exe" /install

C:\Program Files (x86)\iTop VPN\ugin.exe

"C:\Program Files (x86)\iTop VPN\ugin.exe" /combinslog "C:\Users\Admin\AppData\Local\Temp\Setup Log 2025-02-05 #003.txt"

C:\Program Files (x86)\iTop VPN\atud.exe

"C:\Program Files (x86)\iTop VPN\atud.exe" /auto

C:\Program Files (x86)\iTop VPN\aud.exe

"C:\Program Files (x86)\iTop VPN\aud.exe" /itop /dayactive

C:\Program Files (x86)\iTop VPN\aud.exe

"C:\Program Files (x86)\iTop VPN\aud.exe" /u https://stats.itopvpn.com/active_month.php /a itop6 /p itopf /v 6.2.0.5957 /t 10 /d 7 / /user

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c ipconfig /flushdns

C:\ProgramData\IObit\ASCDownloader\ASC18\IEDSetup.exe

"C:\ProgramData\IObit\ASCDownloader\ASC18\IEDSetup.exe" /sp- /verysilent /suppressmsgboxes /install_start /insur=asc_in

C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe" /AddAutoRun /3 /43003A005C00570069006E0064006F00770073005C00730079007300740065006D00330032005C005400610073006B0073005C00690054006F007000560050004E005F005500700064006100740065005F00410064006D0069006E00

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=12616 -childID 102 -isForBrowser -prefsHandle 6284 -prefMapHandle 3128 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91416390-d027-43fb-b67f-ce2dadc3b8cc} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c netsh interface ipv4 set interface "Ethernet" mtu=1500

C:\Windows\system32\dwm.exe

"dwm.exe"

C:\Program Files (x86)\iTop VPN\sbr.exe

"C:\Program Files (x86)\iTop VPN\sbr.exe" /AntRun /Addr "[email protected]" /Subject "Bugreport iTop VPN 6.2.0.5957 iTopVPN.exe" /Product "iTop VPN" /App "iTopVPN.exe" /files "C:\Users\Admin\AppData\Local\Temp\screenshots.png|C:\Program Files (x86)\iTop VPN\bugreport_new.txt"

C:\Program Files (x86)\IObit\Advanced SystemCare\IObitLiveUpdate.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\IObitLiveUpdate.exe" /srvupt

C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe" /postcache /days 7

C:\Users\Admin\AppData\Local\Temp\is-11VO7.tmp\iScrInit.exe

"C:\Users\Admin\AppData\Local\Temp\is-11VO7.tmp\iScrInit.exe" /CheckOldVer=1 /CopyOldConfig /installdir=""

C:\Users\Admin\AppData\Local\Temp\is-11VO7.tmp\iScrInit.exe

"C:\Users\Admin\AppData\Local\Temp\is-11VO7.tmp\iScrInit.exe" /CleanReg

C:\Users\Admin\AppData\Local\Temp\is-11VO7.tmp\iScrInit.exe

"C:\Users\Admin\AppData\Local\Temp\is-11VO7.tmp\iScrInit.exe" /KillProcess /installdir="C:\Program Files\iTop Screen Recorder"

C:\Users\Admin\AppData\Local\Temp\is-11VO7.tmp\iScrInit.exe

"C:\Users\Admin\AppData\Local\Temp\is-11VO7.tmp\iScrInit.exe" /DeleteAllFile /reinstall=1 /installdir="C:\Program Files\iTop Screen Recorder"

C:\Program Files (x86)\IObit\Advanced SystemCare\startupInfo.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\startupInfo.exe" /auto

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=13972 -childID 103 -isForBrowser -prefsHandle 8952 -prefMapHandle 9228 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b478e162-68dc-48ec-bdca-ca976cb86ba3} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10388 -childID 104 -isForBrowser -prefsHandle 2776 -prefMapHandle 8668 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2203b7c4-4e23-4552-a167-c1970eb28ea4} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=12280 -childID 105 -isForBrowser -prefsHandle 10832 -prefMapHandle 5372 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 964 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {657640c8-ec69-4158-9576-6e8b6b6ccbcf} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
N/A 127.0.0.1:59131 tcp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 xenoexecutor.com udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 firefox-api-proxy.cdn.mozilla.net udp
US 34.149.97.1:443 firefox-api-proxy.cdn.mozilla.net udp
US 161.35.143.48:443 xenoexecutor.com tcp
US 161.35.143.48:443 xenoexecutor.com tcp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 xenoexecutor.com udp
US 34.149.97.1:443 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 xenoexecutor.com udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 161.35.143.48:443 xenoexecutor.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 57.151.228.44.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 167.173.78.104.in-addr.arpa udp
N/A 127.0.0.1:59140 tcp
US 8.8.8.8:53 clonecroak.com udp
US 172.240.108.76:443 clonecroak.com tcp
US 8.8.8.8:53 clonecroak.com udp
US 172.240.108.76:443 clonecroak.com tcp
US 172.240.108.76:443 clonecroak.com tcp
US 172.240.108.76:443 clonecroak.com tcp
US 8.8.8.8:53 clonecroak.com udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 48.143.35.161.in-addr.arpa udp
US 8.8.8.8:53 195.185.250.142.in-addr.arpa udp
US 8.8.8.8:53 74.206.58.216.in-addr.arpa udp
US 8.8.8.8:53 76.108.240.172.in-addr.arpa udp
US 8.8.8.8:53 72.206.58.216.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
US 142.250.181.238:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 142.250.181.238:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 238.181.250.142.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
DE 142.250.184.194:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
DE 142.250.184.194:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
DE 142.250.185.228:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 172.240.108.76:443 clonecroak.com tcp
US 8.8.8.8:53 clonecroak.com udp
DE 172.217.16.193:443 yt3.ggpht.com tcp
US 8.8.8.8:53 photos-ugc.l.googleusercontent.com udp
DE 142.250.74.214:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 194.184.250.142.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 photos-ugc.l.googleusercontent.com udp
DE 142.250.185.228:443 www.google.com udp
DE 142.250.74.214:443 i.ytimg.com udp
DE 172.217.16.193:443 photos-ugc.l.googleusercontent.com udp
US 8.8.8.8:53 play.google.com udp
DE 142.250.185.142:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 172.240.108.76:443 clonecroak.com tcp
US 8.8.8.8:53 228.185.250.142.in-addr.arpa udp
US 8.8.8.8:53 193.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 214.74.250.142.in-addr.arpa udp
US 8.8.8.8:53 142.185.250.142.in-addr.arpa udp
US 142.250.181.238:443 youtube-ui.l.google.com tcp
DE 142.250.181.230:443 static.doubleclick.net tcp
DE 142.250.185.142:443 play.google.com udp
DE 142.250.181.230:443 static.doubleclick.net udp
US 8.8.8.8:53 s.w.org udp
US 192.0.77.48:443 s.w.org tcp
US 8.8.8.8:53 s.w.org udp
US 8.8.8.8:53 s.w.org udp
US 192.0.77.48:443 s.w.org udp
US 8.8.8.8:53 230.181.250.142.in-addr.arpa udp
US 8.8.8.8:53 48.77.0.192.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 172.240.108.76:443 clonecroak.com tcp
US 8.8.8.8:53 xenoexecutor.com udp
US 8.8.8.8:53 clonecroak.com udp
US 172.240.108.76:443 clonecroak.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 secure.gravatar.com udp
US 192.0.73.2:443 secure.gravatar.com tcp
US 8.8.8.8:53 secure.gravatar.com udp
US 8.8.8.8:53 secure.gravatar.com udp
US 192.0.73.2:443 secure.gravatar.com udp
US 8.8.8.8:53 2.73.0.192.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
DE 172.217.23.110:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 216.72.190.35.in-addr.arpa udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 209.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 110.23.217.172.in-addr.arpa udp
DE 172.217.23.110:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-aigzrnsz.gvt1.com udp
GB 74.125.175.169:443 r4---sn-aigzrnsz.gvt1.com tcp
US 8.8.8.8:53 r4.sn-aigzrnsz.gvt1.com udp
US 8.8.8.8:53 r4.sn-aigzrnsz.gvt1.com udp
GB 74.125.175.169:443 r4.sn-aigzrnsz.gvt1.com udp
US 8.8.8.8:53 169.175.125.74.in-addr.arpa udp
US 161.35.143.48:443 xenoexecutor.com tcp
US 161.35.143.48:443 xenoexecutor.com tcp
US 142.250.181.238:443 youtube-ui.l.google.com tcp
DE 142.250.181.230:443 static.doubleclick.net tcp
DE 142.250.181.230:443 static.doubleclick.net udp
US 161.35.143.48:443 xenoexecutor.com tcp
US 142.250.181.238:443 youtube-ui.l.google.com udp
US 161.35.143.48:443 xenoexecutor.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 185.199.109.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 checkappexec.microsoft.com udp
GB 51.11.108.188:443 checkappexec.microsoft.com tcp
US 8.8.8.8:53 188.108.11.51.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 133.130.81.91.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 ac.duckduckgo.com udp
IE 52.142.124.215:443 ac.duckduckgo.com tcp
US 8.8.8.8:53 duckduckgo.com udp
US 8.8.8.8:53 duckduckgo.com udp
US 8.8.8.8:53 215.124.142.52.in-addr.arpa udp
US 8.8.8.8:53 duckduckgo.com udp
IE 52.142.124.215:443 duckduckgo.com tcp
IE 52.142.124.215:443 duckduckgo.com tcp
IE 52.142.124.215:443 duckduckgo.com tcp
US 8.8.8.8:53 links.duckduckgo.com udp
IE 20.223.54.233:443 links.duckduckgo.com tcp
US 8.8.8.8:53 links.duckduckgo.com udp
IE 20.223.54.233:443 links.duckduckgo.com tcp
US 8.8.8.8:53 links.duckduckgo.com udp
US 8.8.8.8:53 233.54.223.20.in-addr.arpa udp
US 8.8.8.8:53 external-content.duckduckgo.com udp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
US 8.8.8.8:53 external-content.duckduckgo.com udp
US 8.8.8.8:53 external-content.duckduckgo.com udp
US 8.8.8.8:53 improving.duckduckgo.com udp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
US 8.8.8.8:53 222.125.142.52.in-addr.arpa udp
US 8.8.8.8:53 external-content.duckduckgo.com udp
US 8.8.8.8:53 duckduckgo.com udp
US 8.8.8.8:53 links.duckduckgo.com udp
US 8.8.8.8:53 external-content.duckduckgo.com udp
US 8.8.8.8:53 links.duckduckgo.com udp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
US 8.8.8.8:53 links.duckduckgo.com udp
US 8.8.8.8:53 links.duckduckgo.com udp
US 8.8.8.8:53 links.duckduckgo.com udp
US 8.8.8.8:53 filecr.com udp
US 104.21.84.94:443 filecr.com tcp
US 104.21.84.94:443 filecr.com tcp
US 8.8.8.8:53 filecr.com udp
US 8.8.8.8:53 filecr.com udp
US 104.21.84.94:443 filecr.com tcp
US 8.8.8.8:53 94.84.21.104.in-addr.arpa udp
US 172.67.190.231:443 filecr.com udp
US 8.8.8.8:53 231.190.67.172.in-addr.arpa udp
US 8.8.8.8:53 dash.zintrack.com udp
US 104.21.94.97:443 dash.zintrack.com tcp
US 8.8.8.8:53 dash.zintrack.com udp
US 8.8.8.8:53 dash.zintrack.com udp
US 104.21.94.97:443 dash.zintrack.com udp
US 8.8.8.8:53 zintrack.com udp
US 104.21.94.97:443 zintrack.com tcp
US 8.8.8.8:53 zintrack.com udp
US 8.8.8.8:53 zintrack.com udp
US 104.21.94.97:443 zintrack.com udp
US 8.8.8.8:53 97.94.21.104.in-addr.arpa udp
US 8.8.8.8:53 webcrx.io udp
US 172.67.148.101:443 webcrx.io tcp
US 8.8.8.8:53 webcrx.io udp
US 172.67.148.101:443 webcrx.io udp
US 8.8.8.8:53 static.filecr.com udp
US 104.21.84.94:443 static.filecr.com tcp
US 8.8.8.8:53 static.filecr.com udp
US 8.8.8.8:53 static.filecr.com udp
US 104.21.84.94:443 static.filecr.com udp
US 104.21.84.94:443 static.filecr.com tcp
US 8.8.8.8:53 101.148.67.172.in-addr.arpa udp
US 104.21.84.94:443 static.filecr.com udp
US 8.8.8.8:53 support.mozilla.org udp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 104.21.84.94:443 static.filecr.com tcp
US 104.21.84.94:443 static.filecr.com udp
US 8.8.8.8:53 s2-download.xyz udp
US 8.8.8.8:53 s2-download.xyz udp
DE 162.19.136.81:443 s2-download.xyz tcp
DE 162.19.136.81:443 s2-download.xyz tcp
US 8.8.8.8:53 s2-download.xyz udp
US 8.8.8.8:53 81.136.19.162.in-addr.arpa udp
DE 162.19.136.81:443 s2-download.xyz tcp
US 8.8.8.8:53 www.techspot.com udp
US 172.67.29.35:443 www.techspot.com tcp
US 8.8.8.8:53 www.techspot.com udp
US 172.67.29.35:443 www.techspot.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
US 8.8.8.8:53 www.techspot.com udp
US 8.8.8.8:53 35.29.67.172.in-addr.arpa udp
US 172.67.29.35:443 www.techspot.com udp
US 8.8.8.8:53 cmp.inmobi.com udp
US 8.8.8.8:53 6093eccf-6734-4877-ac8b-83d6d0e27b46.edge.permutive.app udp
US 8.8.8.8:53 freyr.futurecdn.net udp
US 8.8.8.8:53 bordeaux.futurecdn.net udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 unpkg.com udp
US 8.8.8.8:53 static.chartbeat.com udp
FI 52.85.49.95:443 cmp.inmobi.com tcp
US 8.8.8.8:53 d23sp3kzv1t6m5.cloudfront.net udp
US 8.8.8.8:53 6093eccf-6734-4877-ac8b-83d6d0e27b46.edge.permutive.app udp
FI 52.85.49.20:443 bordeaux.futurecdn.net tcp
US 8.8.8.8:53 d1fy50apkg1gx3.cloudfront.net udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
FI 18.165.140.34:443 freyr.futurecdn.net tcp
US 8.8.8.8:53 d87r0mmlmv594.cloudfront.net udp
US 104.17.245.203:443 unpkg.com tcp
US 8.8.8.8:53 unpkg.com udp
US 8.8.8.8:53 d23sp3kzv1t6m5.cloudfront.net udp
US 8.8.8.8:53 6093eccf-6734-4877-ac8b-83d6d0e27b46.edge.permutive.app udp
US 8.8.8.8:53 d3f7zc5bbfci5.cloudfront.net udp
US 8.8.8.8:53 d1fy50apkg1gx3.cloudfront.net udp
US 8.8.8.8:53 unpkg.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 d87r0mmlmv594.cloudfront.net udp
US 8.8.8.8:53 d3f7zc5bbfci5.cloudfront.net udp
US 8.8.8.8:53 eventsproxy.gargantuan.futureplc.com udp
IE 3.248.109.155:443 eventsproxy.gargantuan.futureplc.com tcp
IE 3.248.109.155:443 eventsproxy.gargantuan.futureplc.com tcp
US 8.8.8.8:53 eventsproxy.gargantuan.futureplc.com udp
US 8.8.8.8:53 eventsproxy.gargantuan.futureplc.com udp
US 8.8.8.8:53 www3.doubleclick.net udp
US 8.8.8.8:53 www3.doubleclick.net udp
US 8.8.8.8:53 www3.doubleclick.net udp
US 104.18.35.13:443 6093eccf-6734-4877-ac8b-83d6d0e27b46.edge.permutive.app tcp
FI 3.164.211.164:443 d3f7zc5bbfci5.cloudfront.net tcp
DE 142.250.186.110:443 www3.doubleclick.net tcp
US 8.8.8.8:53 95.49.85.52.in-addr.arpa udp
US 8.8.8.8:53 73.79.16.104.in-addr.arpa udp
US 8.8.8.8:53 20.49.85.52.in-addr.arpa udp
US 8.8.8.8:53 34.140.165.18.in-addr.arpa udp
US 8.8.8.8:53 203.245.17.104.in-addr.arpa udp
US 8.8.8.8:53 155.109.248.3.in-addr.arpa udp
DE 142.250.186.110:443 www3.doubleclick.net udp
US 8.8.8.8:53 marketingplatform.google.com udp
DE 142.250.185.142:443 marketingplatform.google.com tcp
US 8.8.8.8:53 marketingplatform.google.com udp
US 8.8.8.8:53 ping.chartbeat.net udp
US 52.87.78.162:443 ping.chartbeat.net tcp
US 8.8.8.8:53 ping.chartbeat.net udp
US 8.8.8.8:53 marketingplatform.google.com udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 ping.chartbeat.net udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
DE 142.250.185.142:443 marketingplatform.google.com udp
DE 172.217.18.99:443 www.google.co.uk tcp
US 8.8.8.8:53 www.google.co.uk udp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 216.239.32.36:443 region1.analytics.google.com udp
DE 172.217.18.99:443 www.google.co.uk udp
US 8.8.8.8:53 sommelier.futurehybrid.tech udp
US 8.8.8.8:53 13.35.18.104.in-addr.arpa udp
US 8.8.8.8:53 130.186.250.142.in-addr.arpa udp
US 8.8.8.8:53 110.186.250.142.in-addr.arpa udp
US 8.8.8.8:53 164.211.164.3.in-addr.arpa udp
US 8.8.8.8:53 162.78.87.52.in-addr.arpa udp
US 8.8.8.8:53 99.18.217.172.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 174.186.250.142.in-addr.arpa udp
IE 52.16.67.222:443 sommelier.futurehybrid.tech tcp
US 8.8.8.8:53 sommelier.futurehybrid.tech udp
US 8.8.8.8:53 api.permutive.com udp
US 8.8.8.8:53 sommelier.futurehybrid.tech udp
US 34.107.254.252:443 api.permutive.com tcp
US 8.8.8.8:53 api.permutive.com udp
BE 142.251.168.155:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 api.permutive.com udp
US 34.107.254.252:443 api.permutive.com udp
BE 142.251.168.155:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 api.cmp.inmobi.com udp
DE 18.198.174.215:443 api.cmp.inmobi.com tcp
DE 18.198.174.215:443 api.cmp.inmobi.com tcp
US 8.8.8.8:53 choice-apis-prod-2120274730.eu-central-1.elb.amazonaws.com udp
US 8.8.8.8:53 choice-apis-prod-2120274730.eu-central-1.elb.amazonaws.com udp
US 8.8.8.8:53 222.67.16.52.in-addr.arpa udp
US 8.8.8.8:53 155.168.251.142.in-addr.arpa udp
US 8.8.8.8:53 252.254.107.34.in-addr.arpa udp
US 8.8.8.8:53 215.174.198.18.in-addr.arpa udp
US 8.8.8.8:53 c.aps.amazon-adsystem.com udp
US 8.8.8.8:53 prod.euid.eu udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 cdn.adsafeprotected.com udp
US 8.8.8.8:53 ats-wrapper.privacymanager.io udp
US 8.8.8.8:53 cdn.pbxai.com udp
US 8.8.8.8:53 scripts.webcontentassessor.com udp
DE 142.250.184.194:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
GB 3.10.239.49:443 prod.euid.eu tcp
DE 142.250.184.194:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 prod.euid.eu udp
FI 3.164.206.34:443 c.aps.amazon-adsystem.com tcp
US 8.8.8.8:53 c.aps.amazon-adsystem.com udp
DE 142.250.184.194:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
US 8.8.8.8:53 ats-wrapper.privacymanager.io udp
US 8.8.8.8:53 d3tqyidpuy80xi.cloudfront.net udp
US 8.8.8.8:53 6093eccf-6734-4877-ac8b-83d6d0e27b46.prmutv.co udp
US 8.8.8.8:53 ib.adnxs.com udp
US 151.101.194.217:443 scripts.webcontentassessor.com tcp
GB 79.127.237.132:443 cdn.pbxai.com tcp
US 8.8.8.8:53 k3.shared.global.fastly.net udp
US 8.8.8.8:53 pubx.b-cdn.net udp
US 8.8.8.8:53 prod.euid.eu udp
US 8.8.8.8:53 ats-wrapper.privacymanager.io udp
US 8.8.8.8:53 c.aps.amazon-adsystem.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
DE 37.252.171.149:443 ib.adnxs.com tcp
US 8.8.8.8:53 ib.anycast.adnxs.com udp
US 34.107.254.252:443 api.permutive.com udp
US 35.241.9.51:443 6093eccf-6734-4877-ac8b-83d6d0e27b46.prmutv.co tcp
US 8.8.8.8:53 d3tqyidpuy80xi.cloudfront.net udp
US 8.8.8.8:53 k3.shared.global.fastly.net udp
DE 142.250.185.226:443 ep1.adtrafficquality.google tcp
US 8.8.8.8:53 6093eccf-6734-4877-ac8b-83d6d0e27b46.prmutv.co udp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
US 8.8.8.8:53 ib.anycast.adnxs.com udp
US 8.8.8.8:53 pubx.b-cdn.net udp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
US 8.8.8.8:53 6093eccf-6734-4877-ac8b-83d6d0e27b46.prmutv.co udp
DE 142.250.184.194:443 googleads.g.doubleclick.net udp
FI 3.164.206.34:443 c.aps.amazon-adsystem.com udp
US 35.241.9.51:443 6093eccf-6734-4877-ac8b-83d6d0e27b46.prmutv.co udp
DE 142.250.185.226:443 ep1.adtrafficquality.google udp
US 8.8.8.8:53 cdn.permutive.com udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 104.17.109.19:443 cdn.permutive.com tcp
US 8.8.8.8:53 cdn.permutive.com udp
DE 142.250.184.225:443 ep2.adtrafficquality.google tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 cdn.permutive.com udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 floor.pbxai.com udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 api.rlcdn.com udp
US 8.8.8.8:53 match.adsrvr.org udp
FI 52.85.49.20:443 d1fy50apkg1gx3.cloudfront.net tcp
US 8.8.8.8:53 cmp.inmobi.com udp
US 52.87.78.162:443 ping.chartbeat.net tcp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 floor.pbxai.com udp
US 8.8.8.8:53 api.rlcdn.com udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 d1ykf07e75w7ss.cloudfront.net udp
US 8.8.8.8:53 49.239.10.3.in-addr.arpa udp
US 8.8.8.8:53 217.194.101.151.in-addr.arpa udp
US 8.8.8.8:53 132.237.127.79.in-addr.arpa udp
US 8.8.8.8:53 34.206.164.3.in-addr.arpa udp
US 8.8.8.8:53 149.171.252.37.in-addr.arpa udp
US 8.8.8.8:53 51.9.241.35.in-addr.arpa udp
US 8.8.8.8:53 226.185.250.142.in-addr.arpa udp
US 8.8.8.8:53 19.109.17.104.in-addr.arpa udp
US 8.8.8.8:53 225.184.250.142.in-addr.arpa udp
US 8.8.8.8:53 image6.pubmatic.com udp
US 8.8.8.8:53 us-u.openx.net udp
US 8.8.8.8:53 purch-sync.go.sonobi.com udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 eb2.3lift.com udp
US 8.8.8.8:53 ssc-cms.33across.com udp
US 8.8.8.8:53 sync.go.sonobi.com udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 api.rlcdn.com udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 ads.pubmatic.com udp
FI 52.85.49.95:443 cmp.inmobi.com tcp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
US 8.8.8.8:53 pixel.advertising.com udp
US 8.8.8.8:53 d1ykf07e75w7ss.cloudfront.net udp
US 8.8.8.8:53 floor.pbxai.com udp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 match.sharethrough.com udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 8.8.8.8:53 eu-eb2.3lift.com udp
US 8.8.8.8:53 pixel.33across.com udp
US 104.18.27.193:443 ssum-sec.casalemedia.com tcp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
US 8.8.8.8:53 iad-2-sync.go.sonobi.com udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 us-u.openx.net udp
US 8.8.8.8:53 pugm-amsfpairbc.pubmnet.com udp
US 8.8.8.8:53 e8960.e2.akamaiedge.net udp
GB 23.194.15.107:443 e8960.e2.akamaiedge.net tcp
N/A 192.168.18.7:443 pixel.advertising.com tcp
GB 87.248.114.11:443 ups.analytics.yahoo.com tcp
FR 34.1.1.166:443 visitor.omnitagjs.com tcp
US 8.8.8.8:53 pixel.advertising.com udp
US 8.8.8.8:53 eu-eb2.3lift.com udp
US 8.8.8.8:53 dcs-ups.g03.yahoodns.net udp
DE 3.72.38.170:443 match.sharethrough.com tcp
US 8.8.8.8:53 visitor.europe-west9.gcp.omnitagjs.com udp
GB 2.23.161.41:443 ads.pubmatic.com tcp
US 8.8.8.8:53 pugm-amsfpairbc.pubmnet.com udp
US 8.8.8.8:53 match-eu-central-1-ecs.sharethrough.com udp
US 8.8.8.8:53 e6603.g.akamaiedge.net udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 iad-2-sync.go.sonobi.com udp
US 34.196.125.135:443 cs-server-s2s.yellowblue.io tcp
US 8.8.8.8:53 us-u.openx.net udp
US 8.8.8.8:53 pixel.33across.com udp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
US 8.8.8.8:53 blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 pixel.advertising.com udp
US 8.8.8.8:53 dcs-ups.g03.yahoodns.net udp
US 8.8.8.8:53 visitor.europe-west9.gcp.omnitagjs.com udp
NL 35.214.136.108:443 x.bidswitch.net tcp
US 8.8.8.8:53 user-data-eu.bidswitch.net udp
US 8.8.8.8:53 match-eu-central-1-ecs.sharethrough.com udp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
US 8.8.8.8:53 e8960.e2.akamaiedge.net udp
US 8.8.8.8:53 e6603.g.akamaiedge.net udp
NL 198.47.127.19:443 pugm-amsfpairbc.pubmnet.com tcp
US 34.98.64.218:443 us-u.openx.net tcp
US 69.166.1.35:443 iad-2-sync.go.sonobi.com tcp
IE 34.248.30.203:443 ap.lijit.com tcp
US 76.223.111.18:443 eu-eb2.3lift.com tcp
US 67.202.105.24:443 ssc-cms.33across.com tcp
US 8.8.8.8:53 user-data-eu.bidswitch.net udp
US 69.166.1.35:443 iad-2-sync.go.sonobi.com tcp
US 104.18.27.193:443 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 eus.rubiconproject.com udp
N/A 192.168.18.7:443 pixel.advertising.com tcp
US 8.8.8.8:53 pixel.servebom.com udp
GB 2.18.109.146:443 eus.rubiconproject.com tcp
NL 35.214.136.108:443 user-data-eu.bidswitch.net udp
US 8.8.8.8:53 e8960.b.akamaiedge.net udp
US 34.98.64.218:443 us-u.openx.net udp
FI 3.164.68.116:443 pixel.servebom.com tcp
US 8.8.8.8:53 dakgga5fc76b3.cloudfront.net udp
FI 3.164.68.116:443 dakgga5fc76b3.cloudfront.net tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 dakgga5fc76b3.cloudfront.net udp
US 8.8.8.8:53 e8960.b.akamaiedge.net udp
US 8.8.8.8:53 secure.adnxs.com udp
US 8.8.8.8:53 sync.richaudience.com udp
US 8.8.8.8:53 api-2-0.spot.im udp
US 8.8.8.8:53 creativecdn.com udp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 csync.loopme.me udp
US 8.8.8.8:53 image8.pubmatic.com udp
US 8.8.8.8:53 b1sync.zemanta.com udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 8.8.8.8:53 sync-service.net udp
US 8.8.8.8:53 sync.contextualadv.com udp
US 8.8.8.8:53 jadserve.postrelease.com udp
FR 163.70.128.35:443 www.facebook.com tcp
US 8.8.8.8:53 rtb.bid.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 csync.copper6.com udp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 bttrack.com udp
US 8.8.8.8:53 id.rlcdn.com udp
US 8.8.8.8:53 eu-west-1-cs-rtb.openwebmp.com udp
US 8.8.8.8:53 gum.aidemsrv.com udp
US 8.8.8.8:53 onetag-sys.com udp
US 54.160.241.84:443 api-2-0.spot.im tcp
NL 35.214.138.30:443 csync.loopme.me tcp
US 8.8.8.8:53 k8s-kongow-generalp-f2df4874ae-1485011658.us-east-1.elb.amazonaws.com udp
US 8.8.8.8:53 envoy-hl.envoy-csync.core-002-ew4.ov1o.com udp
US 104.18.7.198:443 gum.aidemsrv.com tcp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
US 8.8.8.8:53 player.aniview.com udp
US 204.62.13.147:443 sync.contextualadv.com tcp
US 204.62.12.209:443 sync-service.net tcp
FI 3.164.206.98:443 eu-west-1-cs-rtb.openwebmp.com tcp
DE 51.75.86.98:443 onetag-sys.com tcp
US 80.77.84.96:443 csync.copper6.com tcp
US 8.8.8.8:53 gum.aidemsrv.com udp
GB 2.18.190.173:443 player.aniview.com tcp
FR 178.32.197.53:443 ssbsync.smartadserver.com tcp
US 8.8.8.8:53 creativecdn.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 jadserve.postrelease.com.akadns.net udp
US 8.8.8.8:53 envoy-hl.envoy-csync.core-002-ew4.ov1o.com udp
US 8.8.8.8:53 k8s-kongow-generalp-f2df4874ae-1485011658.us-east-1.elb.amazonaws.com udp
US 8.8.8.8:53 nydc1.outbrain.org udp
US 8.8.8.8:53 gum.aidemsrv.com udp
US 8.8.8.8:53 sync-service.net udp
US 8.8.8.8:53 imagsync-lhrpairbc.pubmatic.com udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 8.8.8.8:53 dckrl2e5yf7xg.cloudfront.net udp
US 8.8.8.8:53 id.rlcdn.com udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 nld-prebid.a-mx.net udp
US 8.8.8.8:53 bttrack.com udp
US 8.8.8.8:53 csync.copper6.com udp
US 8.8.8.8:53 sync.richaudience.com udp
US 8.8.8.8:53 a1970.dscd.akamai.net udp
US 8.8.8.8:53 ssbsync-euw2.smartadserver.com udp
US 8.8.8.8:53 193.27.18.104.in-addr.arpa udp
US 8.8.8.8:53 107.15.194.23.in-addr.arpa udp
US 8.8.8.8:53 11.114.248.87.in-addr.arpa udp
US 8.8.8.8:53 166.1.1.34.in-addr.arpa udp
US 8.8.8.8:53 41.161.23.2.in-addr.arpa udp
US 8.8.8.8:53 170.38.72.3.in-addr.arpa udp
US 8.8.8.8:53 135.125.196.34.in-addr.arpa udp
US 8.8.8.8:53 218.64.98.34.in-addr.arpa udp
US 8.8.8.8:53 18.111.223.76.in-addr.arpa udp
US 8.8.8.8:53 19.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 203.30.248.34.in-addr.arpa udp
US 8.8.8.8:53 35.1.166.69.in-addr.arpa udp
US 8.8.8.8:53 24.105.202.67.in-addr.arpa udp
US 8.8.8.8:53 146.109.18.2.in-addr.arpa udp
US 8.8.8.8:53 116.68.164.3.in-addr.arpa udp
US 8.8.8.8:53 creativecdn.com udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 8.8.8.8:53 sync.contextualadv.com udp
US 8.8.8.8:53 sync-service.net udp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 bttrack.com udp
US 8.8.8.8:53 csync.copper6.com udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 sync.richaudience.com udp
US 8.8.8.8:53 nydc1.outbrain.org udp
US 8.8.8.8:53 imagsync-lhrpairbc.pubmatic.com udp
US 104.18.7.198:443 gum.aidemsrv.com udp
US 8.8.8.8:53 nld-prebid.a-mx.net udp
US 8.8.8.8:53 id.rlcdn.com udp
US 8.8.8.8:53 dckrl2e5yf7xg.cloudfront.net udp
US 8.8.8.8:53 a1970.dscd.akamai.net udp
DE 51.75.86.98:443 onetag-sys.com udp
FR 163.70.128.35:443 star-mini.c10r.facebook.com udp
GB 2.18.190.173:443 a1970.dscd.akamai.net udp
DE 142.250.186.110:443 www3.doubleclick.net udp
DE 142.250.185.142:443 marketingplatform.google.com udp
US 8.8.8.8:53 api.permutive.com udp
US 8.8.8.8:53 30.138.214.35.in-addr.arpa udp
US 8.8.8.8:53 198.7.18.104.in-addr.arpa udp
US 8.8.8.8:53 84.241.160.54.in-addr.arpa udp
US 8.8.8.8:53 98.86.75.51.in-addr.arpa udp
US 8.8.8.8:53 98.206.164.3.in-addr.arpa udp
US 8.8.8.8:53 173.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 147.13.62.204.in-addr.arpa udp
US 8.8.8.8:53 53.197.32.178.in-addr.arpa udp
US 8.8.8.8:53 209.12.62.204.in-addr.arpa udp
US 8.8.8.8:53 96.84.77.80.in-addr.arpa udp
US 8.8.8.8:53 sommelier.futurehybrid.tech udp
US 8.8.8.8:53 prod.euid.eu udp
US 8.8.8.8:53 k3.shared.global.fastly.net udp
US 8.8.8.8:53 prod.euid.eu udp
FI 108.156.17.132:443 d1ykf07e75w7ss.cloudfront.net tcp
FI 108.156.17.132:443 d1ykf07e75w7ss.cloudfront.net tcp
GB 52.56.192.163:443 floor.pbxai.com tcp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
FI 18.165.140.26:443 ats-wrapper.privacymanager.io tcp
FI 108.156.22.112:443 d3tqyidpuy80xi.cloudfront.net tcp
FI 108.156.22.129:443 config.aps.amazon-adsystem.com tcp
US 52.223.40.198:443 match.adsrvr.org tcp
FI 3.164.206.24:443 tags.crwdcntrl.net tcp
US 104.22.52.86:443 cdn.id5-sync.com tcp
US 8.8.8.8:53 tags.crwdcntrl.net udp
FR 163.70.128.23:443 scontent.xx.fbcdn.net tcp
FR 163.70.128.23:443 scontent.xx.fbcdn.net tcp
FR 163.70.128.23:443 scontent.xx.fbcdn.net tcp
FR 163.70.128.23:443 scontent.xx.fbcdn.net tcp
FR 163.70.128.23:443 scontent.xx.fbcdn.net tcp
FR 163.70.128.23:443 scontent.xx.fbcdn.net tcp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
FR 163.70.128.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
IE 63.34.234.255:443 bcp.crwdcntrl.net tcp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 8.8.8.8:53 132.17.156.108.in-addr.arpa udp
US 8.8.8.8:53 163.192.56.52.in-addr.arpa udp
US 8.8.8.8:53 198.40.223.52.in-addr.arpa udp
US 8.8.8.8:53 86.52.22.104.in-addr.arpa udp
US 8.8.8.8:53 34.186.250.142.in-addr.arpa udp
US 8.8.8.8:53 24.206.164.3.in-addr.arpa udp
US 8.8.8.8:53 26.140.165.18.in-addr.arpa udp
US 8.8.8.8:53 23.128.70.163.in-addr.arpa udp
US 8.8.8.8:53 112.22.156.108.in-addr.arpa udp
US 8.8.8.8:53 129.22.156.108.in-addr.arpa udp
US 8.8.8.8:53 geo.privacymanager.io udp
FR 163.70.128.23:443 scontent.xx.fbcdn.net tcp
FR 163.70.128.23:443 scontent.xx.fbcdn.net tcp
FI 18.165.140.55:443 geo.privacymanager.io tcp
US 8.8.8.8:53 geo.privacymanager.io udp
FI 18.165.140.55:443 geo.privacymanager.io tcp
FR 163.70.128.23:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 geo.privacymanager.io udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 pixel.adsafeprotected.com udp
US 8.8.8.8:53 ads.servebom.com udp
FI 18.165.123.131:443 aax.amazon-adsystem.com tcp
US 8.8.8.8:53 d1jvc9b8z3vcjs.cloudfront.net udp
US 8.8.8.8:53 firewall-external-2134955858.eu-west-1.elb.amazonaws.com udp
IE 63.33.109.180:443 pixel.adsafeprotected.com tcp
US 8.8.8.8:53 d2e3wg39989un6.cloudfront.net udp
US 8.8.8.8:53 firewall-external-2134955858.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 d1jvc9b8z3vcjs.cloudfront.net udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 d2e3wg39989un6.cloudfront.net udp
DE 142.250.185.161:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
DE 142.250.185.161:443 tpc.googlesyndication.com udp
FI 3.164.206.78:443 d2e3wg39989un6.cloudfront.net tcp
US 8.8.8.8:53 255.234.34.63.in-addr.arpa udp
US 8.8.8.8:53 55.140.165.18.in-addr.arpa udp
US 8.8.8.8:53 180.109.33.63.in-addr.arpa udp
US 8.8.8.8:53 131.123.165.18.in-addr.arpa udp
US 8.8.8.8:53 227.185.250.142.in-addr.arpa udp
US 8.8.8.8:53 161.185.250.142.in-addr.arpa udp
US 8.8.8.8:53 78.206.164.3.in-addr.arpa udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
DE 142.250.185.228:443 www.google.com tcp
IE 67.220.226.233:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
DE 142.250.185.228:443 www.google.com udp
US 8.8.8.8:53 233.226.220.67.in-addr.arpa udp
US 8.8.8.8:53 f2546fb2c63e06605fb3f7dfd0abb80b.safeframe.googlesyndication.com udp
DE 142.250.185.161:443 f2546fb2c63e06605fb3f7dfd0abb80b.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 f2546fb2c63e06605fb3f7dfd0abb80b.safeframe.googlesyndication.com udp
US 8.8.8.8:53 f2546fb2c63e06605fb3f7dfd0abb80b.safeframe.googlesyndication.com udp
DE 142.250.185.161:443 f2546fb2c63e06605fb3f7dfd0abb80b.safeframe.googlesyndication.com udp
US 8.8.8.8:53 grid-bidder.criteo.com udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 fastlane.rubiconproject.com udp
US 8.8.8.8:53 direct.adsrvr.org udp
US 8.8.8.8:53 ads.yieldmo.com udp
NL 163.5.194.37:443 nld-prebid.a-mx.net tcp
US 8.8.8.8:53 nld-prebid.a-mx.net udp
NL 178.250.1.38:443 grid-bidder.criteo.com tcp
US 104.18.26.193:443 htlb.casalemedia.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
US 8.8.8.8:53 in-ftd-170.nl3.vip.prod.criteo.com udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 hbopenbid-lhrc.pubmnet.com udp
DE 3.78.168.176:443 tlx.3lift.com tcp
US 8.8.8.8:53 eu-tlx.3lift.com udp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
US 8.8.8.8:53 tagged-by.rubiconproject.net.akadns.net udp
US 35.71.170.66:443 direct.adsrvr.org tcp
US 8.8.8.8:53 euwdirect.adsrvr.org udp
US 8.8.8.8:53 nld-prebid.a-mx.net udp
IE 52.30.88.167:443 ads.yieldmo.com tcp
US 8.8.8.8:53 rw-yieldmo-com-tf-362867385.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 37.194.5.163.in-addr.arpa udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 hbopenbid-lhrc.pubmnet.com udp
US 8.8.8.8:53 eu-tlx.3lift.com udp
US 8.8.8.8:53 tagged-by.rubiconproject.net.akadns.net udp
US 8.8.8.8:53 euwdirect.adsrvr.org udp
US 8.8.8.8:53 rw-yieldmo-com-tf-362867385.eu-west-1.elb.amazonaws.com udp
US 104.18.26.193:443 htlb.casalemedia.com udp
US 8.8.8.8:53 cdn.ampproject.org udp
DE 142.250.186.129:443 cdn.ampproject.org tcp
DE 142.250.186.129:443 cdn.ampproject.org tcp
DE 142.250.186.129:443 cdn.ampproject.org tcp
DE 142.250.186.129:443 cdn.ampproject.org tcp
US 8.8.8.8:53 cdn-content.ampproject.org udp
DE 142.250.186.129:443 cdn-content.ampproject.org tcp
US 8.8.8.8:53 cdn-content.ampproject.org udp
DE 142.250.186.129:443 cdn-content.ampproject.org udp
US 8.8.8.8:53 193.26.18.104.in-addr.arpa udp
US 8.8.8.8:53 38.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 139.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 176.168.78.3.in-addr.arpa udp
US 8.8.8.8:53 66.170.71.35.in-addr.arpa udp
US 8.8.8.8:53 167.88.30.52.in-addr.arpa udp
US 8.8.8.8:53 129.186.250.142.in-addr.arpa udp
US 8.8.8.8:53 sync.a-mo.net udp
US 8.8.8.8:53 acdn.adnxs.com udp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 js-sec.indexww.com udp
NL 163.5.194.36:443 sync.a-mo.net tcp
US 151.101.129.108:443 acdn.adnxs.com tcp
US 8.8.8.8:53 prod.appnexus.map.fastly.net udp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 gum.nl3.vip.prod.criteo.com udp
US 104.18.24.18:443 js-sec.indexww.com tcp
US 8.8.8.8:53 js-sec.indexww.com udp
US 8.8.8.8:53 dpm.demdex.net udp
US 8.8.8.8:53 prod.appnexus.map.fastly.net udp
US 8.8.8.8:53 sync.a-mo.net udp
US 8.8.8.8:53 gum.nl3.vip.prod.criteo.com udp
US 8.8.8.8:53 js-sec.indexww.com udp
US 8.8.8.8:53 dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com udp
IE 52.208.253.120:443 dpm.demdex.net tcp
NL 163.5.194.30:443 sync.a-mo.net tcp
US 8.8.8.8:53 dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 adclick.g.doubleclick.net udp
US 8.8.8.8:53 convertmasterapp.com udp
US 104.18.27.91:443 convertmasterapp.com tcp
US 8.8.8.8:53 convertmasterapp.com udp
US 104.18.27.91:443 convertmasterapp.com tcp
US 8.8.8.8:53 adclick.g.doubleclick.net udp
US 8.8.8.8:53 convertmasterapp.com udp
US 8.8.8.8:53 adclick.g.doubleclick.net udp
US 8.8.8.8:53 108.129.101.151.in-addr.arpa udp
US 8.8.8.8:53 36.194.5.163.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 18.24.18.104.in-addr.arpa udp
US 8.8.8.8:53 120.253.208.52.in-addr.arpa udp
US 8.8.8.8:53 api.permutive.com udp
DE 142.250.186.98:443 adclick.g.doubleclick.net tcp
US 8.8.8.8:53 check.analytics.rlcdn.com udp
FI 52.85.49.33:443 check.analytics.rlcdn.com tcp
US 8.8.8.8:53 check.analytics.rlcdn.com udp
US 8.8.8.8:53 check.analytics.rlcdn.com udp
DE 142.250.186.98:443 adclick.g.doubleclick.net udp
US 8.8.8.8:53 api.pbxai.com udp
BE 207.211.214.145:443 api.pbxai.com tcp
BE 207.211.214.145:443 api.pbxai.com tcp
US 8.8.8.8:53 pubx-analyticsadapter.b-cdn.net udp
US 8.8.8.8:53 98.186.250.142.in-addr.arpa udp
US 8.8.8.8:53 33.49.85.52.in-addr.arpa udp
US 8.8.8.8:53 pubx-analyticsadapter.b-cdn.net udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 bh.contextweb.com udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 am1-direct-bgp.contextweb.com udp
DE 142.250.185.98:443 cm.g.doubleclick.net tcp
GB 185.64.191.214:443 imagsync-lhrpairbc.pubmatic.com tcp
NL 208.93.169.131:443 am1-direct-bgp.contextweb.com tcp
US 8.8.8.8:53 token.rubiconproject.com udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 am1-direct-bgp.contextweb.com udp
NL 69.173.156.148:443 token.rubiconproject.com tcp
DE 142.250.185.98:443 cm.g.doubleclick.net udp
US 8.8.8.8:53 pixel.rubiconproject.net.akadns.net udp
US 8.8.8.8:53 145.214.211.207.in-addr.arpa udp
US 8.8.8.8:53 214.191.64.185.in-addr.arpa udp
US 8.8.8.8:53 131.169.93.208.in-addr.arpa udp
US 8.8.8.8:53 98.185.250.142.in-addr.arpa udp
US 8.8.8.8:53 pixel.rubiconproject.net.akadns.net udp
US 8.8.8.8:53 assets.a-mo.net udp
US 104.19.158.19:443 assets.a-mo.net tcp
US 8.8.8.8:53 assets.a-mo.net.cdn.cloudflare.net udp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 ag.gbc.criteo.com udp
US 8.8.8.8:53 gem.gbc.criteo.com udp
US 8.8.8.8:53 assets.a-mo.net.cdn.cloudflare.net udp
US 8.8.8.8:53 gbc0.nl3.eu.criteo.com udp
NL 178.250.1.11:443 dnacdn.net tcp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 gbc3.fr3.eu.criteo.com udp
FR 185.235.86.105:443 gbc3.fr3.eu.criteo.com tcp
NL 185.235.87.15:443 gbc0.nl3.eu.criteo.com tcp
US 8.8.8.8:53 gbc0.nl3.eu.criteo.com udp
US 8.8.8.8:53 gbc3.fr3.eu.criteo.com udp
US 8.8.8.8:53 dnacdn.net udp
DE 142.250.185.226:443 ep1.adtrafficquality.google udp
US 8.8.8.8:53 148.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 19.158.19.104.in-addr.arpa udp
US 8.8.8.8:53 15.87.235.185.in-addr.arpa udp
US 8.8.8.8:53 105.86.235.185.in-addr.arpa udp
DE 142.250.184.225:443 ep2.adtrafficquality.google udp
US 8.8.8.8:53 dev.visualwebsiteoptimizer.com udp
US 34.107.218.251:443 dev.visualwebsiteoptimizer.com tcp
US 8.8.8.8:53 dev.visualwebsiteoptimizer.com udp
US 104.17.245.203:443 unpkg.com tcp
US 8.8.8.8:53 dev.visualwebsiteoptimizer.com udp
US 34.107.218.251:443 dev.visualwebsiteoptimizer.com udp
US 8.8.8.8:53 251.218.107.34.in-addr.arpa udp
DE 142.250.185.228:443 www.google.com tcp
DE 142.250.185.228:443 www.google.com udp
US 216.239.32.36:443 region1.analytics.google.com tcp
DE 172.217.18.99:443 www.google.co.uk tcp
US 8.8.8.8:53 rep.convertmasterapp.com udp
US 104.18.26.91:443 rep.convertmasterapp.com tcp
US 8.8.8.8:53 rep.convertmasterapp.com udp
US 8.8.8.8:53 rep.convertmasterapp.com udp
US 216.239.32.36:443 region1.analytics.google.com udp
DE 172.217.18.99:443 www.google.co.uk udp
DE 142.250.184.194:443 googleads.g.doubleclick.net tcp
DE 142.250.184.194:443 googleads.g.doubleclick.net tcp
DE 142.250.184.194:443 googleads.g.doubleclick.net tcp
BE 142.251.168.155:443 stats.g.doubleclick.net tcp
US 45.63.64.210:443 dldthis.com tcp
US 8.8.8.8:53 dldthis.com udp
BE 142.251.168.155:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 91.26.18.104.in-addr.arpa udp
US 8.8.8.8:53 210.64.63.45.in-addr.arpa udp
US 8.8.8.8:53 cdn.indexww.com udp
US 104.18.25.18:443 cdn.indexww.com tcp
US 8.8.8.8:53 cdn.indexww.com udp
US 8.8.8.8:53 cdn.indexww.com udp
US 8.8.8.8:53 18.25.18.104.in-addr.arpa udp
US 8.8.8.8:53 btb.conclie.com udp
US 104.18.29.130:443 btb.conclie.com tcp
US 8.8.8.8:53 130.29.18.104.in-addr.arpa udp
DE 142.250.185.228:443 www.google.com tcp
DE 142.250.185.228:443 www.google.com udp
US 8.8.8.8:53 ping.chartbeat.net udp
US 8.8.8.8:53 ping.chartbeat.net udp
US 8.8.8.8:53 ping.chartbeat.net udp
US 8.8.8.8:53 goci.iminogco.com udp
US 104.18.1.149:443 goci.iminogco.com tcp
US 104.18.1.149:443 goci.iminogco.com tcp
US 8.8.8.8:53 goci.iminogco.com udp
US 8.8.8.8:53 goci.iminogco.com udp
US 8.8.8.8:53 149.1.18.104.in-addr.arpa udp
US 8.8.8.8:53 ajax.googleapis.com udp
DE 142.250.181.234:443 ajax.googleapis.com tcp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
DE 142.250.181.234:443 ajax.googleapis.com udp
US 8.8.8.8:53 234.181.250.142.in-addr.arpa udp
US 8.8.8.8:53 wiki.mozilla.org udp
US 8.8.8.8:53 www.mozilla.org udp
US 8.8.8.8:53 www-mozilla.fastly-edge.com udp
US 8.8.8.8:53 prod.wikimo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 www-mozilla.fastly-edge.com udp
US 8.8.8.8:53 prod.wikimo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 en.wikipedia.org udp
NL 185.15.59.224:443 en.wikipedia.org tcp
US 8.8.8.8:53 dyna.wikimedia.org udp
US 8.8.8.8:53 dyna.wikimedia.org udp
US 8.8.8.8:53 224.59.15.185.in-addr.arpa udp
US 8.8.8.8:53 login.wikimedia.org udp
NL 185.15.59.224:443 login.wikimedia.org tcp
US 8.8.8.8:53 intake-analytics.wikimedia.org udp
NL 185.15.59.224:443 intake-analytics.wikimedia.org tcp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 www.mozilla.org udp
US 8.8.8.8:53 prod.wikimo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 www-mozilla.fastly-edge.com udp
US 8.8.8.8:53 ping.chartbeat.net udp
US 8.8.8.8:53 ping.chartbeat.net udp
US 8.8.8.8:53 nkr.conclie.com udp
US 104.18.28.130:443 nkr.conclie.com tcp
US 8.8.8.8:53 130.28.18.104.in-addr.arpa udp
US 104.18.27.91:80 rep.convertmasterapp.com tcp
US 8.8.8.8:53 convertmasterapp.com udp
US 104.17.245.203:443 unpkg.com tcp
US 34.107.218.251:443 dev.visualwebsiteoptimizer.com tcp
DE 172.217.18.99:443 www.google.co.uk tcp
US 8.8.8.8:53 dev.visualwebsiteoptimizer.com udp
US 34.107.218.251:443 dev.visualwebsiteoptimizer.com udp
DE 142.250.185.228:443 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 216.239.32.36:443 region1.analytics.google.com udp
DE 142.250.184.194:443 googleads.g.doubleclick.net tcp
DE 142.250.184.194:443 googleads.g.doubleclick.net tcp
DE 172.217.18.99:443 www.google.co.uk udp
DE 142.250.184.194:443 googleads.g.doubleclick.net udp
US 104.18.1.149:443 goci.iminogco.com tcp
US 8.8.8.8:53 goci.iminogco.com udp
DE 142.250.184.194:443 googleads.g.doubleclick.net udp
US 172.67.29.35:443 www.techspot.com udp
US 8.8.8.8:53 application.convertmasterapp.com udp
US 104.18.26.91:443 application.convertmasterapp.com tcp
US 8.8.8.8:53 application.convertmasterapp.com udp
US 8.8.8.8:53 application.convertmasterapp.com udp
DE 142.250.181.234:443 ajax.googleapis.com tcp
US 104.21.72.124:443 fonts.cdnfonts.com tcp
US 8.8.8.8:53 fonts.cdnfonts.com udp
DE 142.250.181.234:443 ajax.googleapis.com udp
US 8.8.8.8:53 fonts.cdnfonts.com udp
US 104.21.72.124:443 fonts.cdnfonts.com udp
US 8.8.8.8:53 124.72.21.104.in-addr.arpa udp
US 8.8.8.8:53 ping.chartbeat.net udp
US 8.8.8.8:53 freyr.futurecdn.net udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 static.chartbeat.com udp
US 8.8.8.8:53 c.aps.amazon-adsystem.com udp
US 8.8.8.8:53 prod.euid.eu udp
US 8.8.8.8:53 cdn.adsafeprotected.com udp
US 8.8.8.8:53 ats-wrapper.privacymanager.io udp
US 8.8.8.8:53 cdn.pbxai.com udp
US 8.8.8.8:53 scripts.webcontentassessor.com udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
DE 142.250.186.129:443 cdn-content.ampproject.org tcp
DE 142.250.185.161:443 f2546fb2c63e06605fb3f7dfd0abb80b.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 ping.chartbeat.net udp
US 8.8.8.8:53 ats-wrapper.privacymanager.io udp
US 8.8.8.8:53 d3f7zc5bbfci5.cloudfront.net udp
US 8.8.8.8:53 prod.euid.eu udp
US 8.8.8.8:53 k3.shared.global.fastly.net udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 pubx.b-cdn.net udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 d3tqyidpuy80xi.cloudfront.net udp
US 8.8.8.8:53 d87r0mmlmv594.cloudfront.net udp
US 8.8.8.8:53 ping.chartbeat.net udp
US 8.8.8.8:53 c.aps.amazon-adsystem.com udp
US 8.8.8.8:53 prod.euid.eu udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 k3.shared.global.fastly.net udp
US 8.8.8.8:53 d3tqyidpuy80xi.cloudfront.net udp
US 8.8.8.8:53 pubx.b-cdn.net udp
US 8.8.8.8:53 d87r0mmlmv594.cloudfront.net udp
US 8.8.8.8:53 ats-wrapper.privacymanager.io udp
US 8.8.8.8:53 d3f7zc5bbfci5.cloudfront.net udp
US 8.8.8.8:53 c.aps.amazon-adsystem.com udp
US 8.8.8.8:53 files02.tchspt.com udp
US 104.26.15.232:443 files02.tchspt.com tcp
US 8.8.8.8:53 files02.tchspt.com udp
US 8.8.8.8:53 files02.tchspt.com udp
US 34.107.254.252:443 api.permutive.com udp
US 8.8.8.8:53 232.15.26.104.in-addr.arpa udp
US 104.26.15.232:443 files02.tchspt.com udp
US 8.8.8.8:53 na1e-acc.services.adobe.com udp
US 35.160.70.122:443 na1e-acc.services.adobe.com tcp
US 35.160.70.122:443 na1e-acc.services.adobe.com tcp
US 8.8.8.8:53 122.70.160.35.in-addr.arpa udp
US 35.160.70.122:443 na1e-acc.services.adobe.com tcp
US 8.8.8.8:53 bordeaux.futurecdn.net udp
US 8.8.8.8:53 cmp.inmobi.com udp
US 8.8.8.8:53 ping.chartbeat.net udp
DE 172.217.18.99:443 www.google.co.uk udp
US 8.8.8.8:53 d23sp3kzv1t6m5.cloudfront.net udp
US 8.8.8.8:53 ping.chartbeat.net udp
US 216.239.32.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 d23sp3kzv1t6m5.cloudfront.net udp
US 8.8.8.8:53 ping.chartbeat.net udp
US 8.8.8.8:53 d1fy50apkg1gx3.cloudfront.net udp
US 8.8.8.8:53 d1fy50apkg1gx3.cloudfront.net udp
US 8.8.8.8:53 eventsproxy.gargantuan.futureplc.com udp
IE 3.248.109.155:443 eventsproxy.gargantuan.futureplc.com tcp
US 8.8.8.8:53 eventsproxy.gargantuan.futureplc.com udp
DE 142.250.186.110:443 www3.doubleclick.net udp
DE 142.250.185.142:443 marketingplatform.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
DE 142.250.185.226:443 ep1.adtrafficquality.google udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 sommelier.futurehybrid.tech udp
US 8.8.8.8:53 sommelier.futurehybrid.tech udp
IE 34.252.94.94:443 sommelier.futurehybrid.tech tcp
DE 142.250.184.225:443 ep2.adtrafficquality.google udp
DE 142.250.185.228:443 www.google.com udp
US 8.8.8.8:53 www.google.com udp
FI 3.164.206.34:443 c.aps.amazon-adsystem.com udp
US 8.8.8.8:53 c.aps.amazon-adsystem.com udp
US 8.8.8.8:53 prod.euid.eu udp
US 8.8.8.8:53 ats-wrapper.privacymanager.io udp
US 8.8.8.8:53 k3.shared.global.fastly.net udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 api.permutive.com udp
US 8.8.8.8:53 d1ykf07e75w7ss.cloudfront.net udp
US 8.8.8.8:53 94.94.252.34.in-addr.arpa udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 d1ykf07e75w7ss.cloudfront.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 floor.pbxai.com udp
US 8.8.8.8:53 improving.duckduckgo.com udp
US 8.8.8.8:53 floor.pbxai.com udp
US 8.8.8.8:53 duckduckgo.com udp
IE 52.142.124.215:443 duckduckgo.com tcp
US 8.8.8.8:53 floor.pbxai.com udp
US 8.8.8.8:53 duckduckgo.com udp
US 8.8.8.8:53 csm.nl3.eu.criteo.net udp
US 8.8.8.8:53 csm.nl3.vip.prod.criteo.net udp
US 8.8.8.8:53 csm.nl3.vip.prod.criteo.net udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 pixel.adsafeprotected.com udp
US 8.8.8.8:53 ads.servebom.com udp
US 8.8.8.8:53 firewall-external-2134955858.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 d1jvc9b8z3vcjs.cloudfront.net udp
US 8.8.8.8:53 d2e3wg39989un6.cloudfront.net udp
US 8.8.8.8:53 firewall-external-2134955858.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 d1jvc9b8z3vcjs.cloudfront.net udp
US 8.8.8.8:53 d2e3wg39989un6.cloudfront.net udp
NL 178.250.1.25:443 csm.nl3.vip.prod.criteo.net tcp
US 8.8.8.8:53 25.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 links.duckduckgo.com udp
IE 20.223.54.233:443 links.duckduckgo.com tcp
US 8.8.8.8:53 links.duckduckgo.com udp
US 8.8.8.8:53 10.179.89.13.in-addr.arpa udp
US 8.8.8.8:53 external-content.duckduckgo.com udp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
US 8.8.8.8:53 external-content.duckduckgo.com udp
US 8.8.8.8:53 www.filehorse.com udp
US 8.8.8.8:53 www.filehorse.com udp
US 104.20.0.51:443 www.filehorse.com tcp
US 104.20.0.51:443 www.filehorse.com tcp
US 8.8.8.8:53 www.filehorse.com udp
US 104.20.0.51:443 www.filehorse.com udp
US 8.8.8.8:53 51.0.20.104.in-addr.arpa udp
US 8.8.8.8:53 static.filehorse.com udp
US 8.8.8.8:53 spn-v1.revampcdn.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 172.67.17.16:443 static.filehorse.com tcp
US 172.67.17.16:443 static.filehorse.com tcp
US 172.67.17.16:443 static.filehorse.com tcp
US 172.67.17.16:443 static.filehorse.com tcp
US 172.67.17.16:443 static.filehorse.com tcp
US 172.67.17.16:443 static.filehorse.com tcp
US 8.8.8.8:53 static.filehorse.com udp
US 151.101.65.91:443 spn-v1.revampcdn.com tcp
US 151.101.65.91:443 spn-v1.revampcdn.com tcp
US 8.8.8.8:53 swls.map.fastly.net udp
DE 142.250.186.42:443 ajax.googleapis.com tcp
US 8.8.8.8:53 static.filehorse.com udp
US 172.67.17.16:443 static.filehorse.com udp
US 8.8.8.8:53 swls.map.fastly.net udp
US 151.101.65.91:443 swls.map.fastly.net udp
DE 142.250.186.42:443 ajax.googleapis.com udp
US 151.101.65.91:443 swls.map.fastly.net udp
US 8.8.8.8:53 d1ykf07e75w7ss.cloudfront.net udp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 172.67.41.60:443 btloader.com tcp
FI 108.156.17.132:443 d1ykf07e75w7ss.cloudfront.net tcp
US 8.8.8.8:53 btloader.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 lexicon.33across.com udp
US 8.8.8.8:53 91.65.101.151.in-addr.arpa udp
US 8.8.8.8:53 16.17.67.172.in-addr.arpa udp
US 8.8.8.8:53 42.186.250.142.in-addr.arpa udp
US 8.8.8.8:53 id.crwdcntrl.net udp
US 8.8.8.8:53 60.41.67.172.in-addr.arpa udp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 ag.dns-finder.com udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 35.244.193.51:443 lexicon.33across.com tcp
DE 162.19.138.117:443 id5-sync.com tcp
US 8.8.8.8:53 lexicon.33across.com udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 id.crwdcntrl.net udp
IE 63.34.234.255:443 id.crwdcntrl.net tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 lexicon.33across.com udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 id.crwdcntrl.net udp
US 8.8.8.8:53 ad-delivery.net udp
FI 108.156.22.124:443 config.aps.amazon-adsystem.com tcp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 35.244.193.51:443 lexicon.33across.com udp
US 8.8.8.8:53 cdn.btmessage.com udp
US 8.8.8.8:53 api.btloader.com udp
US 130.211.23.194:443 api.btloader.com tcp
US 8.8.8.8:53 api.btloader.com udp
US 104.26.7.141:443 cdn.btmessage.com tcp
US 8.8.8.8:53 cdn.btmessage.com udp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 cdn.btmessage.com udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
DE 141.95.98.64:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 172.67.17.16:443 static.filehorse.com udp
DE 142.250.186.46:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 api.btmessage.com udp
US 8.8.8.8:53 www3.l.google.com udp
US 130.211.23.194:443 api.btloader.com udp
US 172.67.74.232:443 api.btmessage.com tcp
US 8.8.8.8:53 api.btmessage.com udp
US 8.8.8.8:53 api.btmessage.com udp
DE 142.250.186.46:443 www3.l.google.com udp
US 104.22.52.86:443 cdn.id5-sync.com tcp
US 130.211.23.194:443 api.btloader.com udp
DE 162.19.138.117:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 51.193.244.35.in-addr.arpa udp
US 8.8.8.8:53 230.185.250.142.in-addr.arpa udp
US 8.8.8.8:53 70.3.26.104.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 141.7.26.104.in-addr.arpa udp
US 8.8.8.8:53 124.22.156.108.in-addr.arpa udp
US 8.8.8.8:53 64.98.95.141.in-addr.arpa udp
US 8.8.8.8:53 46.186.250.142.in-addr.arpa udp
US 8.8.8.8:53 232.74.67.172.in-addr.arpa udp
US 8.8.8.8:53 117.138.19.162.in-addr.arpa udp
DE 142.250.186.46:443 www3.l.google.com udp
DE 142.250.186.46:443 www3.l.google.com tcp
FI 3.164.70.16:443 d1jvc9b8z3vcjs.cloudfront.net tcp
US 8.8.8.8:53 d1jvc9b8z3vcjs.cloudfront.net udp
DE 37.252.171.149:443 secure.adnxs.com tcp
US 8.8.8.8:53 ib.anycast.adnxs.com udp
US 8.8.8.8:53 shb.richaudience.com udp
GB 185.64.190.77:443 hbopenbid-lhrc.pubmnet.com tcp
US 8.8.8.8:53 hbopenbid-lhrc.pubmnet.com udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 8.8.8.8:53 ad.360yield.com udp
US 8.8.8.8:53 prg.smartadserver.com udp
FI 3.164.70.16:443 d1jvc9b8z3vcjs.cloudfront.net tcp
GB 185.64.190.77:443 hbopenbid-lhrc.pubmnet.com tcp
US 8.8.8.8:53 euw-ice.360yield.com udp
US 8.8.8.8:53 hb-api.europe-west9.gcp.omnitagjs.com udp
US 8.8.8.8:53 euw2.smartadserver.com udp
US 8.8.8.8:53 oa.openxcdn.net udp
US 8.8.8.8:53 cdn-ima.33across.com udp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
US 8.8.8.8:53 static.criteo.net udp
IE 52.48.165.13:443 euw-ice.360yield.com tcp
FR 34.1.1.166:443 hb-api.europe-west9.gcp.omnitagjs.com tcp
FR 34.1.1.166:443 hb-api.europe-west9.gcp.omnitagjs.com tcp
FR 5.135.209.96:443 euw2.smartadserver.com tcp
FR 5.135.209.96:443 euw2.smartadserver.com tcp
FR 5.135.209.96:443 euw2.smartadserver.com tcp
FR 5.135.209.96:443 euw2.smartadserver.com tcp
US 8.8.8.8:53 d2897a9004df3aa8038344ee3042f937.safeframe.googlesyndication.com udp
US 8.8.8.8:53 hb-api.europe-west9.gcp.omnitagjs.com udp
US 8.8.8.8:53 euw-ice.360yield.com udp
DE 148.251.88.117:443 shb.richaudience.com tcp
DE 148.251.88.117:443 shb.richaudience.com tcp
DE 148.251.88.117:443 shb.richaudience.com tcp
DE 148.251.88.117:443 shb.richaudience.com tcp
US 8.8.8.8:53 shb.richaudience.com udp
US 8.8.8.8:53 in-ftd-172.nl3.vip.prod.criteo.net udp
US 8.8.8.8:53 cdn-ima.33across.com.cdn.cloudflare.net udp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
US 8.8.8.8:53 ib.anycast.adnxs.com udp
US 8.8.8.8:53 oa.openxcdn.net udp
US 8.8.8.8:53 16.70.164.3.in-addr.arpa udp
US 8.8.8.8:53 96.209.135.5.in-addr.arpa udp
US 8.8.8.8:53 13.165.48.52.in-addr.arpa udp
DE 142.250.186.97:443 d2897a9004df3aa8038344ee3042f937.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 d2897a9004df3aa8038344ee3042f937.safeframe.googlesyndication.com udp
US 8.8.8.8:53 cdn-ima.33across.com.cdn.cloudflare.net udp
US 8.8.8.8:53 in-ftd-172.nl3.vip.prod.criteo.net udp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
US 8.8.8.8:53 shb.richaudience.com udp
US 8.8.8.8:53 d2897a9004df3aa8038344ee3042f937.safeframe.googlesyndication.com udp
GB 185.64.190.77:443 hbopenbid-lhrc.pubmnet.com tcp
GB 185.64.190.77:443 hbopenbid-lhrc.pubmnet.com tcp
DE 142.250.186.97:443 d2897a9004df3aa8038344ee3042f937.safeframe.googlesyndication.com udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
IE 67.220.224.144:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 104.26.3.70:443 ad-delivery.net tcp
US 151.101.65.91:443 swls.map.fastly.net tcp
DE 142.250.186.46:443 www3.l.google.com tcp
US 172.67.17.16:443 static.filehorse.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 117.88.251.148.in-addr.arpa udp
US 8.8.8.8:53 97.186.250.142.in-addr.arpa udp
US 8.8.8.8:53 144.224.220.67.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
DE 142.250.185.150:443 i.ytimg.com tcp
US 8.8.8.8:53 euw2.smartadserver.com udp
US 8.8.8.8:53 i.ytimg.com udp
DE 142.250.185.150:443 i.ytimg.com udp
DE 142.250.185.226:443 ep1.adtrafficquality.google tcp
US 8.8.8.8:53 c79bfe0a3273ec4c76855975f4f5d9fe.safeframe.googlesyndication.com udp
DE 142.250.185.129:443 c79bfe0a3273ec4c76855975f4f5d9fe.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 c79bfe0a3273ec4c76855975f4f5d9fe.safeframe.googlesyndication.com udp
US 8.8.8.8:53 150.185.250.142.in-addr.arpa udp
US 8.8.8.8:53 c79bfe0a3273ec4c76855975f4f5d9fe.safeframe.googlesyndication.com udp
IE 67.220.224.144:443 aax-eu.amazon-adsystem.com tcp
DE 142.250.185.226:443 ep1.adtrafficquality.google udp
DE 142.250.184.225:443 ep2.adtrafficquality.google tcp
DE 142.250.185.129:443 c79bfe0a3273ec4c76855975f4f5d9fe.safeframe.googlesyndication.com udp
DE 142.250.184.225:443 ep2.adtrafficquality.google udp
DE 142.250.185.228:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
DE 142.250.185.228:443 www.google.com udp
US 8.8.8.8:53 129.185.250.142.in-addr.arpa udp
DE 142.250.186.129:443 cdn-content.ampproject.org tcp
DE 142.250.186.129:443 cdn-content.ampproject.org tcp
DE 142.250.186.129:443 cdn-content.ampproject.org tcp
DE 142.250.186.129:443 cdn-content.ampproject.org tcp
DE 142.250.186.129:443 cdn-content.ampproject.org tcp
DE 142.250.186.129:443 cdn-content.ampproject.org tcp
DE 142.250.186.129:443 cdn-content.ampproject.org udp
DE 142.250.185.161:443 f2546fb2c63e06605fb3f7dfd0abb80b.safeframe.googlesyndication.com tcp
DE 142.250.185.161:443 f2546fb2c63e06605fb3f7dfd0abb80b.safeframe.googlesyndication.com tcp
DE 142.250.185.161:443 f2546fb2c63e06605fb3f7dfd0abb80b.safeframe.googlesyndication.com tcp
DE 142.250.185.161:443 f2546fb2c63e06605fb3f7dfd0abb80b.safeframe.googlesyndication.com tcp
DE 142.250.185.161:443 f2546fb2c63e06605fb3f7dfd0abb80b.safeframe.googlesyndication.com tcp
DE 142.250.185.161:443 f2546fb2c63e06605fb3f7dfd0abb80b.safeframe.googlesyndication.com tcp
DE 142.250.185.161:443 f2546fb2c63e06605fb3f7dfd0abb80b.safeframe.googlesyndication.com udp
DE 142.250.185.66:443 googleads.g.doubleclick.net tcp
DE 142.250.185.66:443 googleads.g.doubleclick.net udp
DE 37.252.171.149:443 secure.adnxs.com tcp
US 8.8.8.8:53 ib.anycast.adnxs.com udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 acdn.adnxs.com udp
DE 148.251.40.117:443 sync.richaudience.com tcp
US 8.8.8.8:53 sync.richaudience.com udp
IE 34.248.30.203:443 ap.lijit.com tcp
US 151.101.65.108:443 acdn.adnxs.com tcp
GB 2.23.161.41:443 ads.pubmatic.com tcp
US 8.8.8.8:53 blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 prod.appnexus.map.fastly.net udp
US 8.8.8.8:53 e6603.g.akamaiedge.net udp
FR 34.1.1.166:443 visitor.omnitagjs.com tcp
US 8.8.8.8:53 visitor.europe-west9.gcp.omnitagjs.com udp
US 8.8.8.8:53 blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 prod.appnexus.map.fastly.net udp
US 8.8.8.8:53 e6603.g.akamaiedge.net udp
DE 148.251.40.117:443 sync.richaudience.com tcp
US 8.8.8.8:53 66.185.250.142.in-addr.arpa udp
US 8.8.8.8:53 108.65.101.151.in-addr.arpa udp
US 8.8.8.8:53 d1ykf07e75w7ss.cloudfront.net udp
US 172.67.17.16:443 static.filehorse.com udp
US 8.8.8.8:53 push-sdk.com udp
US 8.8.8.8:53 push-sdk.com udp
DE 157.90.33.121:443 push-sdk.com tcp
US 8.8.8.8:53 push-sdk.com udp
US 8.8.8.8:53 uidsync.net udp
DE 178.63.248.56:443 uidsync.net tcp
DE 178.63.248.56:443 uidsync.net tcp
US 8.8.8.8:53 uidsync.net udp
US 8.8.8.8:53 uidsync.net udp
US 8.8.8.8:53 121.33.90.157.in-addr.arpa udp
US 8.8.8.8:53 69ec474646c85e6839bbfa3cef7cfce4.safeframe.googlesyndication.com udp
US 8.8.8.8:53 69ec474646c85e6839bbfa3cef7cfce4.safeframe.googlesyndication.com udp
DE 142.250.186.97:443 69ec474646c85e6839bbfa3cef7cfce4.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 69ec474646c85e6839bbfa3cef7cfce4.safeframe.googlesyndication.com udp
DE 142.250.186.97:443 69ec474646c85e6839bbfa3cef7cfce4.safeframe.googlesyndication.com udp
US 8.8.8.8:53 prod.us-east-1.cxm-bcn.publisher-services.amazon.dev udp
DE 141.95.98.64:443 lb.eu-1-id5-sync.com tcp
US 18.233.216.70:443 prod.us-east-1.cxm-bcn.publisher-services.amazon.dev tcp
US 18.233.216.70:443 prod.us-east-1.cxm-bcn.publisher-services.amazon.dev tcp
US 8.8.8.8:53 prod.us-east-1.cxm-bcn.publisher-services.amazon.dev udp
US 8.8.8.8:53 prod.us-east-1.cxm-bcn.publisher-services.amazon.dev udp
US 8.8.8.8:53 56.248.63.178.in-addr.arpa udp
US 8.8.8.8:53 70.216.233.18.in-addr.arpa udp
US 172.67.17.16:443 static.filehorse.com udp
US 8.8.8.8:53 s.richaudience.com udp
DE 178.63.241.79:443 s.richaudience.com tcp
US 8.8.8.8:53 s.richaudience.com udp
US 8.8.8.8:53 s.richaudience.com udp
DE 23.88.8.125:443 uidsync.net tcp
DE 142.250.185.66:443 googleads.g.doubleclick.net tcp
DE 142.250.185.66:443 googleads.g.doubleclick.net tcp
DE 142.250.185.66:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 79.241.63.178.in-addr.arpa udp
US 8.8.8.8:53 125.8.88.23.in-addr.arpa udp
DE 148.251.40.117:443 sync.richaudience.com tcp
US 8.8.8.8:53 push-sdk.com udp
DE 157.90.33.121:443 uidsync.net tcp
DE 148.251.40.117:443 sync.richaudience.com tcp
US 8.8.8.8:53 go.filehorse.com udp
US 104.20.0.51:443 go.filehorse.com tcp
US 8.8.8.8:53 go.filehorse.com udp
US 8.8.8.8:53 go.filehorse.com udp
US 104.20.0.51:443 go.filehorse.com udp
US 8.8.8.8:53 adobe.prf.hn udp
US 8.8.8.8:53 tracking.prf.hn udp
GB 5.150.170.6:443 tracking.prf.hn tcp
US 8.8.8.8:53 tracking.prf.hn udp
US 8.8.8.8:53 www.adobe.com udp
GB 88.221.135.113:443 www.adobe.com tcp
US 8.8.8.8:53 a1815.dscr.akamai.net udp
US 8.8.8.8:53 a1815.dscr.akamai.net udp
US 8.8.8.8:53 6.170.150.5.in-addr.arpa udp
US 8.8.8.8:53 113.135.221.88.in-addr.arpa udp
US 104.18.27.91:80 application.convertmasterapp.com tcp
DE 142.250.185.228:443 www.google.com tcp
US 34.107.218.251:443 dev.visualwebsiteoptimizer.com tcp
US 34.107.218.251:443 dev.visualwebsiteoptimizer.com udp
US 8.8.8.8:53 creativecdn.com udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 api-2-0.spot.im udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 nydc1.outbrain.org udp
NL 35.214.138.30:443 envoy-hl.envoy-csync.core-002-ew4.ov1o.com tcp
US 107.22.114.33:443 api-2-0.spot.im tcp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 204.62.13.147:443 sync.contextualadv.com tcp
US 8.8.8.8:53 rtb.bid.com udp
US 204.62.12.209:443 sync-service.net tcp
US 8.8.8.8:53 prebid.a-mo.net udp
US 80.77.84.96:443 csync.copper6.com tcp
US 8.8.8.8:53 id.rlcdn.com udp
US 8.8.8.8:53 envoy-hl.envoy-csync.core-002-ew4.ov1o.com udp
US 8.8.8.8:53 k8s-kongow-generalp-f832200e79-1219784492.us-east-1.elb.amazonaws.com udp
US 8.8.8.8:53 eus.rubiconproject.com udp
US 8.8.8.8:53 ssc-cms.33across.com udp
US 8.8.8.8:53 player.aniview.com udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
US 8.8.8.8:53 user-data-eu.bidswitch.net udp
US 8.8.8.8:53 imagsync-lhrpairbc.pubmatic.com udp
US 8.8.8.8:53 sync.contextualadv.com udp
US 8.8.8.8:53 blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 sync-service.net udp
US 8.8.8.8:53 bttrack.com udp
US 8.8.8.8:53 id.rlcdn.com udp
US 8.8.8.8:53 nld-prebid.a-mx.net udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 8.8.8.8:53 csync.copper6.com udp
US 8.8.8.8:53 k8s-kongow-generalp-f832200e79-1219784492.us-east-1.elb.amazonaws.com udp
US 23.21.89.70:443 cs-server-s2s.yellowblue.io tcp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
US 8.8.8.8:53 pixel.33across.com udp
US 67.202.105.24:443 ssc-cms.33across.com tcp
DE 51.38.120.206:443 onetag-sys.com tcp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 nld-prebid.a-mx.net udp
US 8.8.8.8:53 id.rlcdn.com udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 8.8.8.8:53 user-data-eu.bidswitch.net udp
NL 89.149.193.100:443 ssbsync.smartadserver.com tcp
US 8.8.8.8:53 ssbsync-euw1.smartadserver.com udp
GB 2.18.190.165:443 player.aniview.com tcp
US 8.8.8.8:53 a1970.dscd.akamai.net udp
GB 23.194.15.107:443 e8960.e2.akamaiedge.net tcp
US 8.8.8.8:53 e8960.e2.akamaiedge.net udp
GB 2.18.109.146:443 eus.rubiconproject.com tcp
US 8.8.8.8:53 e8960.b.akamaiedge.net udp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
US 8.8.8.8:53 pixel.33across.com udp
US 8.8.8.8:53 ssbsync-euw1.smartadserver.com udp
US 8.8.8.8:53 a1970.dscd.akamai.net udp
US 8.8.8.8:53 117.40.251.148.in-addr.arpa udp
US 8.8.8.8:53 165.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 33.114.22.107.in-addr.arpa udp
US 8.8.8.8:53 100.193.149.89.in-addr.arpa udp
US 8.8.8.8:53 206.120.38.51.in-addr.arpa udp
US 8.8.8.8:53 e8960.b.akamaiedge.net udp
US 8.8.8.8:53 e8960.e2.akamaiedge.net udp
US 80.77.84.96:443 csync.copper6.com tcp
GB 2.18.190.165:443 a1970.dscd.akamai.net udp
DE 37.252.171.149:443 secure.adnxs.com tcp
DE 37.252.171.149:443 secure.adnxs.com tcp
DE 37.252.171.149:443 secure.adnxs.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
NL 35.214.136.108:443 user-data-eu.bidswitch.net tcp
US 52.223.40.198:443 match.adsrvr.org tcp
US 70.42.32.255:443 b1sync.zemanta.com tcp
GB 185.64.191.214:443 imagsync-lhrpairbc.pubmatic.com tcp
US 3.219.172.219:443 sync.srv.stackadapt.com tcp
IE 54.76.68.46:443 jadserve.postrelease.com tcp
IE 34.248.30.203:443 ap.lijit.com tcp
IE 34.248.30.203:443 ap.lijit.com tcp
NL 163.5.194.35:443 nld-prebid.a-mx.net tcp
US 192.132.33.67:443 bttrack.com tcp
US 35.244.174.68:443 id.rlcdn.com tcp
US 8.8.8.8:53 visitor.europe-west9.gcp.omnitagjs.com udp
US 8.8.8.8:53 visitor.europe-west9.gcp.omnitagjs.com udp
FR 34.1.1.166:443 visitor.europe-west9.gcp.omnitagjs.com tcp
FR 34.1.1.166:443 visitor.europe-west9.gcp.omnitagjs.com tcp
FR 34.1.1.166:443 visitor.europe-west9.gcp.omnitagjs.com tcp
US 35.244.174.68:443 id.rlcdn.com udp
US 8.8.8.8:53 b1sync.outbrain.com udp
US 64.74.236.95:443 b1sync.outbrain.com tcp
US 8.8.8.8:53 chidc2.outbrain.org udp
US 8.8.8.8:53 chidc2.outbrain.org udp
US 8.8.8.8:53 qvdt3feo.com udp
US 8.8.8.8:53 70.89.21.23.in-addr.arpa udp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
US 8.8.8.8:53 46.68.76.54.in-addr.arpa udp
US 8.8.8.8:53 35.194.5.163.in-addr.arpa udp
US 8.8.8.8:53 255.32.42.70.in-addr.arpa udp
US 8.8.8.8:53 68.174.244.35.in-addr.arpa udp
US 8.8.8.8:53 219.172.219.3.in-addr.arpa udp
US 8.8.8.8:53 67.33.132.192.in-addr.arpa udp
US 8.8.8.8:53 qvdt3feo.com udp
US 184.73.228.109:443 qvdt3feo.com tcp
US 8.8.8.8:53 qvdt3feo.com udp
US 8.8.8.8:53 adobeid-na1.services.adobe.com udp
US 8.8.8.8:53 95.236.74.64.in-addr.arpa udp
US 8.8.8.8:53 109.228.73.184.in-addr.arpa udp
US 172.64.155.61:443 adobeid-na1.services.adobe.com tcp
US 172.64.155.61:443 adobeid-na1.services.adobe.com tcp
US 8.8.8.8:53 adobeid-na1.services.adobe.com.cdn.cloudflare.net udp
US 8.8.8.8:53 adobeid-na1.services.adobe.com.cdn.cloudflare.net udp
US 8.8.8.8:53 s.ad.smaato.net udp
US 8.8.8.8:53 t.adx.opera.com udp
US 8.8.8.8:53 outspot2-ams.adx.opera.com udp
US 8.8.8.8:53 outspot2-ams.adx.opera.com udp
US 8.8.8.8:53 s.ad.smaato.net udp
FI 52.85.49.96:443 s.ad.smaato.net tcp
NL 82.145.213.8:443 outspot2-ams.adx.opera.com tcp
NL 69.173.156.148:443 pixel.rubiconproject.net.akadns.net tcp
US 8.8.8.8:53 pixel.rubiconproject.net.akadns.net udp
NL 69.173.156.148:443 pixel.rubiconproject.net.akadns.net tcp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
NL 89.149.193.89:443 rtb-csync.smartadserver.com tcp
NL 89.149.193.89:443 rtb-csync.smartadserver.com tcp
US 8.8.8.8:53 match.sharethrough.com udp
US 8.8.8.8:53 rtb-csync-euw1.smartadserver.com udp
NL 35.214.138.30:443 envoy-hl.envoy-csync.core-002-ew4.ov1o.com tcp
US 8.8.8.8:53 61.155.64.172.in-addr.arpa udp
US 8.8.8.8:53 8.213.145.82.in-addr.arpa udp
US 8.8.8.8:53 96.49.85.52.in-addr.arpa udp
US 8.8.8.8:53 89.193.149.89.in-addr.arpa udp
US 8.8.8.8:53 match-eu-central-1-ecs.sharethrough.com udp
US 8.8.8.8:53 match-eu-central-1-ecs.sharethrough.com udp
DE 18.195.234.25:443 match.sharethrough.com tcp
NL 208.93.169.131:443 am1-direct-bgp.contextweb.com tcp
US 8.8.8.8:53 geo2.adobe.com udp
US 8.8.8.8:53 cs.yellowblue.io udp
GB 2.23.160.203:443 geo2.adobe.com tcp
US 8.8.8.8:53 e4578.dscg.akamaiedge.net udp
IE 34.255.154.200:443 cs.yellowblue.io tcp
US 8.8.8.8:53 cs.yellowblue.io udp
US 8.8.8.8:53 e4578.dscg.akamaiedge.net udp
US 8.8.8.8:53 cs.yellowblue.io udp
IE 34.255.154.200:443 cs.yellowblue.io tcp
US 8.8.8.8:53 25.234.195.18.in-addr.arpa udp
US 8.8.8.8:53 203.160.23.2.in-addr.arpa udp
US 8.8.8.8:53 200.154.255.34.in-addr.arpa udp
DE 157.90.33.121:443 uidsync.net tcp
US 8.8.8.8:53 push-sdk.com udp
US 172.67.17.16:443 go.filehorse.com udp
US 8.8.8.8:53 swls.map.fastly.net udp
US 8.8.8.8:53 swls.map.fastly.net udp
DE 157.90.33.121:443 uidsync.net tcp
US 8.8.8.8:53 apps.cpi.arturito.cloud udp
US 34.120.186.113:443 apps.cpi.arturito.cloud tcp
US 8.8.8.8:53 apps.cpi.arturito.cloud udp
DE 162.19.138.117:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 apps.cpi.arturito.cloud udp
US 34.120.186.113:443 apps.cpi.arturito.cloud udp
US 8.8.8.8:53 di-images.sftcdn.net udp
DE 141.95.98.64:443 lb.eu-1-id5-sync.com tcp
US 151.101.65.91:443 di-images.sftcdn.net tcp
US 151.101.65.91:443 di-images.sftcdn.net tcp
US 151.101.65.91:443 di-images.sftcdn.net tcp
US 151.101.65.91:443 di-images.sftcdn.net tcp
US 151.101.65.91:443 di-images.sftcdn.net udp
US 8.8.8.8:53 id5-sync.com udp
DE 162.19.138.117:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 euw-ice.360yield.com udp
US 8.8.8.8:53 113.186.120.34.in-addr.arpa udp
FR 5.135.209.96:443 euw2.smartadserver.com tcp
US 8.8.8.8:53 config.playwire.com udp
US 8.8.8.8:53 cdn.intergi.com udp
US 8.8.8.8:53 cdn.intergient.com udp
US 8.8.8.8:53 cdn.playwire.com udp
US 8.8.8.8:53 cdn.video.playwire.com udp
US 8.8.8.8:53 z.moatads.com udp
US 172.67.17.16:443 go.filehorse.com udp
US 104.18.21.56:443 cdn.intergient.com tcp
US 8.8.8.8:53 cdn.intergient.com.cdn.cloudflare.net udp
US 104.18.10.207:443 cdn.video.playwire.com tcp
US 8.8.8.8:53 config.playwire.com udp
US 104.18.25.242:443 cdn.intergi.com tcp
US 8.8.8.8:53 cdn.intergi.com udp
US 104.18.10.207:443 config.playwire.com tcp
US 8.8.8.8:53 cdn.playwire.com udp
US 104.18.10.207:443 cdn.playwire.com tcp
US 8.8.8.8:53 cdn.video.playwire.com udp
US 8.8.8.8:53 config.playwire.com udp
US 8.8.8.8:53 cdn.intergi.com udp
US 8.8.8.8:53 cdn.playwire.com udp
US 8.8.8.8:53 cdn.intergient.com.cdn.cloudflare.net udp
US 8.8.8.8:53 cdn.video.playwire.com udp
US 8.8.8.8:53 56.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 207.10.18.104.in-addr.arpa udp
US 8.8.8.8:53 242.25.18.104.in-addr.arpa udp
US 104.18.21.56:443 cdn.intergient.com.cdn.cloudflare.net tcp
US 104.18.21.56:443 cdn.intergient.com.cdn.cloudflare.net tcp
DE 157.90.33.121:443 uidsync.net tcp
US 104.18.21.56:443 cdn.intergient.com.cdn.cloudflare.net udp
US 8.8.8.8:53 scaredstomach.com udp
US 34.49.146.131:443 scaredstomach.com tcp
US 8.8.8.8:53 scaredstomach.com udp
US 8.8.8.8:53 scaredstomach.com udp
US 104.18.25.242:443 cdn.intergi.com tcp
US 34.49.146.131:443 scaredstomach.com udp
US 104.18.25.242:443 cdn.intergi.com udp
FI 3.164.68.34:443 static.adsafeprotected.com tcp
US 8.8.8.8:53 d162h6x3rxav67.cloudfront.net udp
FI 3.164.68.34:443 d162h6x3rxav67.cloudfront.net tcp
US 8.8.8.8:53 d162h6x3rxav67.cloudfront.net udp
US 8.8.8.8:53 131.146.49.34.in-addr.arpa udp
US 8.8.8.8:53 34.68.164.3.in-addr.arpa udp
US 172.67.17.16:443 go.filehorse.com udp
US 8.8.8.8:53 prod.adobeccstatic.com udp
FI 3.164.68.126:443 prod.adobeccstatic.com tcp
FI 3.164.68.126:443 prod.adobeccstatic.com tcp
US 8.8.8.8:53 prod.adobeccstatic.com udp
US 8.8.8.8:53 prod.adobeccstatic.com udp
US 8.8.8.8:53 px.moatads.com udp
US 8.8.8.8:53 126.68.164.3.in-addr.arpa udp
US 8.8.8.8:53 impression-inferences-edge-prod.playwire.com udp
US 8.8.8.8:53 d2t3ibh8eoje98.cloudfront.net udp
FI 18.165.140.77:443 d2t3ibh8eoje98.cloudfront.net tcp
DE 157.90.33.121:443 uidsync.net tcp
US 8.8.8.8:53 d2t3ibh8eoje98.cloudfront.net udp
US 8.8.8.8:53 use.typekit.net udp
US 8.8.8.8:53 cc-api-data.adobe.io udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
IE 52.48.126.58:443 cc-api-data.adobe.io tcp
IE 52.48.126.58:443 cc-api-data.adobe.io tcp
US 8.8.8.8:53 cc-api-data.adobe.io udp
GB 88.221.134.104:443 use.typekit.net tcp
US 8.8.8.8:53 a1988.dscg1.akamai.net udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 8.8.8.8:53 a1988.dscg1.akamai.net udp
US 8.8.8.8:53 cc-api-data.adobe.io udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 8.8.8.8:53 77.140.165.18.in-addr.arpa udp
US 8.8.8.8:53 104.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 58.126.48.52.in-addr.arpa udp
US 8.8.8.8:53 p.typekit.net udp
GB 88.221.134.129:443 p.typekit.net tcp
US 8.8.8.8:53 a1874.dscg1.akamai.net udp
US 8.8.8.8:53 a1874.dscg1.akamai.net udp
GB 88.221.134.104:443 use.typekit.net tcp
GB 88.221.134.104:443 use.typekit.net tcp
GB 88.221.134.104:443 use.typekit.net tcp
US 8.8.8.8:53 secure.cdn.fastclick.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
FI 3.164.206.24:443 tags.crwdcntrl.net tcp
GB 23.218.78.16:443 secure.cdn.fastclick.net tcp
GB 23.218.78.16:443 secure.cdn.fastclick.net tcp
US 8.8.8.8:53 e4536.g.akamaiedge.net udp
US 104.22.52.173:443 cdn.hadronid.net tcp
US 8.8.8.8:53 cdn.hadronid.net udp
US 8.8.8.8:53 ads.pubmatic.com udp
DE 148.251.40.117:443 sync.richaudience.com tcp
US 8.8.8.8:53 cdn.hadronid.net udp
US 8.8.8.8:53 e4536.g.akamaiedge.net udp
US 8.8.8.8:53 e6603.g.akamaiedge.net udp
US 8.8.8.8:53 129.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 173.52.22.104.in-addr.arpa udp
US 8.8.8.8:53 16.78.218.23.in-addr.arpa udp
US 8.8.8.8:53 e6603.g.akamaiedge.net udp
US 34.49.146.131:443 scaredstomach.com udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 a.ad.gt udp
US 8.8.8.8:53 id.hadron.ad.gt udp
US 204.62.13.147:443 sync.contextualadv.com tcp
US 8.8.8.8:53 rtb.bid.com udp
US 80.77.84.96:443 csync.copper6.com tcp
US 104.22.5.69:443 id.hadron.ad.gt tcp
US 8.8.8.8:53 a.ad.gt.cdn.cloudflare.net udp
US 104.22.5.69:443 a.ad.gt.cdn.cloudflare.net tcp
US 8.8.8.8:53 id.hadron.ad.gt.cdn.cloudflare.net udp
US 8.8.8.8:53 creativecdn.com udp
NL 35.214.138.30:443 envoy-hl.envoy-csync.core-002-ew4.ov1o.com tcp
US 8.8.8.8:53 a.ad.gt.cdn.cloudflare.net udp
US 8.8.8.8:53 id.hadron.ad.gt.cdn.cloudflare.net udp
US 67.202.105.24:443 ssc-cms.33across.com tcp
US 104.22.5.69:443 id.hadron.ad.gt.cdn.cloudflare.net tcp
US 8.8.8.8:53 creativecdn.com udp
US 8.8.8.8:53 proc.ad.cpe.dotomi.com udp
US 8.8.8.8:53 imasdk.googleapis.com udp
US 80.77.84.96:443 csync.copper6.com tcp
US 8.8.8.8:53 cd836371f1d.cdn.intergient.com udp
NL 64.158.223.146:443 proc.ad.cpe.dotomi.com tcp
US 8.8.8.8:53 convex-rr.global.dual.dotomi.weighted.com.akadns.net udp
DE 142.250.184.202:443 imasdk.googleapis.com tcp
US 8.8.8.8:53 imasdk.googleapis.com udp
DE 3.73.242.72:443 cd836371f1d.cdn.intergient.com tcp
US 8.8.8.8:53 cd836371f1d.cdn.intergient.com udp
US 8.8.8.8:53 convex-rr.global.dual.dotomi.weighted.com.akadns.net udp
US 8.8.8.8:53 imasdk.googleapis.com udp
US 8.8.8.8:53 cd836371f1d.cdn.intergient.com udp
NL 89.149.193.100:443 ssbsync-euw1.smartadserver.com tcp
US 204.62.12.209:443 sync-service.net tcp
US 8.8.8.8:53 ids.ad.gt udp
US 8.8.8.8:53 ids4.ad.gt udp
US 8.8.8.8:53 u.openx.net udp
US 8.8.8.8:53 image2.pubmatic.com udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 sync.smartadserver.com udp
US 8.8.8.8:53 p.ad.gt udp
DE 142.250.184.202:443 imasdk.googleapis.com udp
US 8.8.8.8:53 ids4.ad.gt udp
US 8.8.8.8:53 u.openx.net udp
US 8.8.8.8:53 pug-ams-bc.pubmnet.com udp
US 8.8.8.8:53 ids.ad.gt.cdn.cloudflare.net udp
US 8.8.8.8:53 rtb-csync-euw1.smartadserver.com udp
US 8.8.8.8:53 p.ad.gt.cdn.cloudflare.net udp
US 8.8.8.8:53 pug-ams-bc.pubmnet.com udp
US 8.8.8.8:53 u.openx.net udp
US 8.8.8.8:53 p.ad.gt.cdn.cloudflare.net udp
US 8.8.8.8:53 ids4.ad.gt udp
US 8.8.8.8:53 ids.ad.gt.cdn.cloudflare.net udp
US 8.8.8.8:53 69.5.22.104.in-addr.arpa udp
US 8.8.8.8:53 146.223.158.64.in-addr.arpa udp
US 8.8.8.8:53 202.184.250.142.in-addr.arpa udp
US 8.8.8.8:53 72.242.73.3.in-addr.arpa udp
US 104.22.5.69:443 p.ad.gt.cdn.cloudflare.net tcp
US 34.214.111.137:443 ids4.ad.gt tcp
DE 37.252.171.149:443 secure.adnxs.com tcp
US 35.244.159.8:443 u.openx.net tcp
NL 198.47.127.205:443 pug-ams-bc.pubmnet.com tcp
DE 142.250.185.98:443 cm.g.doubleclick.net tcp
US 69.166.1.35:443 iad-2-sync.go.sonobi.com tcp
US 104.22.5.69:443 p.ad.gt.cdn.cloudflare.net tcp
NL 89.149.192.73:443 sync.smartadserver.com tcp
US 104.22.5.69:443 p.ad.gt.cdn.cloudflare.net tcp
US 8.8.8.8:53 fid.agkn.com udp
US 8.8.8.8:53 prebid.intergient.com udp
US 8.8.8.8:53 exchange.cootlogix.com udp
NL 69.173.156.139:443 tagged-by.rubiconproject.net.akadns.net tcp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 hb.yellowblue.io udp
US 8.8.8.8:53 grid.bidswitch.net udp
US 8.8.8.8:53 g2.gumgum.com udp
NL 46.228.174.117:443 sync.1rx.io tcp
IE 63.33.116.44:443 g2.gumgum.com tcp
US 104.18.20.56:443 prebid.intergient.com tcp
US 104.18.20.56:443 prebid.intergient.com tcp
NL 69.173.156.139:443 tagged-by.rubiconproject.net.akadns.net tcp
US 146.190.198.186:443 exchange.cootlogix.com tcp
US 146.190.198.186:443 exchange.cootlogix.com tcp
US 146.190.198.186:443 exchange.cootlogix.com tcp
US 146.190.198.186:443 exchange.cootlogix.com tcp
US 146.190.198.186:443 exchange.cootlogix.com tcp
US 146.190.198.186:443 exchange.cootlogix.com tcp
US 8.8.8.8:53 rtb.openx.net udp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 8.8.8.8:53 tlx.3lift.com udp
US 34.160.46.1:443 fid.agkn.com tcp
US 35.244.159.8:443 u.openx.net udp
NL 69.173.156.139:443 tagged-by.rubiconproject.net.akadns.net tcp
US 104.18.26.193:443 htlb.casalemedia.com tcp
FI 108.156.22.3:443 hb.yellowblue.io tcp
US 8.8.8.8:53 in-ftd-65.nl3.vip.prod.criteo.com udp
US 8.8.8.8:53 g2.gumgum.com udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 hb.yellowblue.io udp
DE 142.250.185.98:443 cm.g.doubleclick.net udp
NL 178.250.1.56:443 in-ftd-65.nl3.vip.prod.criteo.com tcp
NL 178.250.1.38:443 in-ftd-170.nl3.vip.prod.criteo.com tcp
IE 63.33.116.44:443 g2.gumgum.com tcp
IE 63.33.116.44:443 g2.gumgum.com tcp
IE 63.33.116.44:443 g2.gumgum.com tcp
US 8.8.8.8:53 prebid.intergient.com.cdn.cloudflare.net udp
US 8.8.8.8:53 vidazoo-openrtb-prebid-saas-p-us-nyc1b-lb.vidazoo.services udp
IE 63.33.116.44:443 g2.gumgum.com tcp
US 8.8.8.8:53 fabrick.agkn.com udp
US 8.8.8.8:53 euwdirect.adsrvr.org udp
US 8.8.8.8:53 g2.gumgum.com udp
DE 3.72.78.234:443 btlr.sharethrough.com tcp
DE 3.72.78.234:443 btlr.sharethrough.com tcp
US 8.8.8.8:53 hb.yellowblue.io udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 in-ftd-65.nl3.vip.prod.criteo.com udp
US 8.8.8.8:53 eu-tlx.3lift.com udp
US 8.8.8.8:53 btlr-eu-central-1.sharethrough.com udp
US 8.8.8.8:53 rtb.openx.net udp
IE 63.33.116.44:443 g2.gumgum.com tcp
US 35.71.170.66:443 euwdirect.adsrvr.org tcp
US 35.227.252.103:443 rtb.openx.net tcp
DE 3.72.78.234:443 btlr.sharethrough.com tcp
DE 3.72.78.234:443 btlr.sharethrough.com tcp
US 8.8.8.8:53 btlr-eu-central-1.sharethrough.com udp
US 8.8.8.8:53 rtb.openx.net udp
DE 3.72.78.234:443 btlr.sharethrough.com tcp
DE 3.72.78.234:443 btlr.sharethrough.com tcp
US 8.8.8.8:53 eu-tlx.3lift.com udp
US 8.8.8.8:53 pixels.ad.gt.cdn.cloudflare.net udp
US 34.160.46.1:443 fabrick.agkn.com udp
US 8.8.8.8:53 vidazoo-openrtb-prebid-saas-p-us-nyc1b-lb.vidazoo.services udp
US 8.8.8.8:53 prebid.intergient.com.cdn.cloudflare.net udp
US 8.8.8.8:53 fabrick.agkn.com udp
US 8.8.8.8:53 8.159.244.35.in-addr.arpa udp
US 8.8.8.8:53 205.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 73.192.149.89.in-addr.arpa udp
US 8.8.8.8:53 137.111.214.34.in-addr.arpa udp
US 3.219.172.219:443 sync.srv.stackadapt.com tcp
US 104.18.20.56:443 prebid.intergient.com.cdn.cloudflare.net udp
US 104.22.5.69:443 pixels.ad.gt.cdn.cloudflare.net tcp
US 104.18.26.193:443 htlb.casalemedia.com udp
DE 3.78.168.176:443 eu-tlx.3lift.com tcp
NL 178.250.1.11:443 dnacdn.net tcp
US 35.227.252.103:443 rtb.openx.net udp
US 8.8.8.8:53 pixels.ad.gt.cdn.cloudflare.net udp
US 8.8.8.8:53 s.company-target.com udp
US 8.8.8.8:53 cs.admanmedia.com udp
US 8.8.8.8:53 56.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 44.116.33.63.in-addr.arpa udp
US 8.8.8.8:53 1.46.160.34.in-addr.arpa udp
US 8.8.8.8:53 3.22.156.108.in-addr.arpa udp
US 8.8.8.8:53 186.198.190.146.in-addr.arpa udp
US 8.8.8.8:53 56.1.250.178.in-addr.arpa udp
NL 178.250.1.11:443 dnacdn.net tcp
US 8.8.8.8:53 s.dsp-prod.demandbase.com udp
US 34.96.71.22:443 s.dsp-prod.demandbase.com tcp
NL 35.214.138.30:443 envoy-hl.envoy-csync.core-002-ew4.ov1o.com tcp
DE 37.252.171.149:443 secure.adnxs.com tcp
DE 18.195.234.25:443 match.sharethrough.com tcp
US 104.22.5.69:443 pixels.ad.gt.cdn.cloudflare.net tcp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
US 8.8.8.8:53 s.dsp-prod.demandbase.com udp
US 80.77.87.162:443 cs.admanmedia.com tcp
US 34.96.71.22:443 s.dsp-prod.demandbase.com udp
US 8.8.8.8:53 cs.admanmedia.com udp
US 98.82.154.76:443 s.amazon-adsystem.com tcp
US 8.8.8.8:53 234.78.72.3.in-addr.arpa udp
US 8.8.8.8:53 103.252.227.35.in-addr.arpa udp
US 8.8.8.8:53 22.71.96.34.in-addr.arpa udp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
US 8.8.8.8:53 s.amazon-adsystem.com udp
DE 18.195.234.25:443 match.sharethrough.com tcp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 8.8.8.8:53 cs.admanmedia.com udp
US 80.77.87.162:443 cs.admanmedia.com tcp
US 8.8.8.8:53 d1a65505112822bf9cfc1b0ed79f5bce.safeframe.googlesyndication.com udp
DE 142.250.185.193:443 d1a65505112822bf9cfc1b0ed79f5bce.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 d1a65505112822bf9cfc1b0ed79f5bce.safeframe.googlesyndication.com udp
NL 178.250.1.11:443 dnacdn.net tcp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 d1a65505112822bf9cfc1b0ed79f5bce.safeframe.googlesyndication.com udp
DE 142.250.185.193:443 d1a65505112822bf9cfc1b0ed79f5bce.safeframe.googlesyndication.com udp
US 8.8.8.8:53 193.185.250.142.in-addr.arpa udp
US 8.8.8.8:53 events.cpi.arturito.cloud udp
US 8.8.8.8:53 analytics.arturito.cloud udp
US 34.120.139.235:443 events.cpi.arturito.cloud tcp
US 34.120.139.235:443 events.cpi.arturito.cloud tcp
US 8.8.8.8:53 events.cpi.arturito.cloud udp
US 8.8.8.8:53 analytics.arturito.cloud udp
US 34.117.29.134:443 analytics.arturito.cloud tcp
US 8.8.8.8:53 analytics.arturito.cloud udp
US 8.8.8.8:53 events.cpi.arturito.cloud udp
US 34.120.139.235:443 events.cpi.arturito.cloud udp
US 34.117.29.134:443 analytics.arturito.cloud udp
US 8.8.8.8:53 235.139.120.34.in-addr.arpa udp
US 8.8.8.8:53 134.29.117.34.in-addr.arpa udp
US 8.8.8.8:53 prod.appnexus.map.fastly.net udp
US 8.8.8.8:53 e8960.b.akamaiedge.net udp
US 8.8.8.8:53 playwire-d.openx.net udp
US 8.8.8.8:53 prod.appnexus.map.fastly.net udp
US 8.8.8.8:53 js-sec.indexww.com udp
US 8.8.8.8:53 sync.cootlogix.com udp
US 76.223.111.18:443 eu-eb2.3lift.com tcp
US 8.8.8.8:53 eu-eb2.3lift.com udp
US 8.8.8.8:53 i.liadm.com udp
DE 37.252.171.149:443 secure.adnxs.com tcp
US 8.8.8.8:53 playwire-d.openx.net udp
US 80.77.87.162:443 cs.admanmedia.com tcp
US 34.98.64.218:443 playwire-d.openx.net tcp
US 104.18.25.18:443 js-sec.indexww.com tcp
US 8.8.8.8:53 js-sec.indexww.com udp
US 162.243.163.226:443 sync.cootlogix.com tcp
US 8.8.8.8:53 hj5ozcalb.puzztake.com udp
US 44.213.212.120:443 i.liadm.com tcp
US 8.8.8.8:53 idaas-ext.cph.liveintent.com udp
US 8.8.8.8:53 js-sec.indexww.com udp
US 34.98.64.218:443 playwire-d.openx.net udp
US 8.8.8.8:53 hj5ozcalb.puzztake.com udp
US 80.77.87.162:443 cs.admanmedia.com tcp
DE 157.90.33.121:443 uidsync.net tcp
US 8.8.8.8:53 226.163.243.162.in-addr.arpa udp
DE 37.252.171.149:443 secure.adnxs.com tcp
DE 141.95.98.64:443 lb.eu-1-id5-sync.com tcp
US 34.120.139.235:443 events.cpi.arturito.cloud udp
US 34.117.29.134:443 analytics.arturito.cloud udp
DE 37.252.171.149:443 secure.adnxs.com tcp
DE 18.195.234.25:443 match.sharethrough.com tcp
US 8.8.8.8:53 net.geo.opera.com udp
NL 185.26.182.112:443 net.geo.opera.com tcp
US 8.8.8.8:53 eu.net.opera.com udp
DE 18.195.234.25:443 match.sharethrough.com tcp
US 8.8.8.8:53 112.182.26.185.in-addr.arpa udp
US 8.8.8.8:53 gbc3.fr3.eu.criteo.com udp
FR 185.235.86.105:443 gbc3.fr3.eu.criteo.com tcp
NL 185.235.87.15:443 gbc0.nl3.eu.criteo.com tcp
US 172.67.17.16:443 go.filehorse.com udp
FR 5.135.209.96:443 euw2.smartadserver.com tcp
US 8.8.8.8:53 analytics.arturito.cloud udp
US 8.8.8.8:53 secure.cdn.fastclick.net udp
US 8.8.8.8:53 id5-sync.com udp
US 172.67.17.16:443 go.filehorse.com tcp
US 104.18.21.56:443 prebid.intergient.com.cdn.cloudflare.net tcp
US 8.8.8.8:53 162.87.77.80.in-addr.arpa udp
US 8.8.8.8:53 e4536.g.akamaiedge.net udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 151.101.65.91:443 di-images.sftcdn.net udp
US 151.101.65.91:443 di-images.sftcdn.net udp
US 172.67.17.16:443 go.filehorse.com udp
DE 142.250.186.42:443 ajax.googleapis.com udp
DE 23.88.8.125:443 uidsync.net tcp
US 35.244.193.51:443 lexicon.33across.com udp
US 8.8.8.8:53 uidsync.net udp
DE 178.63.248.56:443 uidsync.net tcp
DE 178.63.248.56:443 uidsync.net tcp
DE 157.90.33.121:443 uidsync.net tcp
US 8.8.8.8:53 cd836371f1d.cdn.intergient.com udp
DE 141.95.98.64:443 lb.eu-1-id5-sync.com tcp
DE 23.88.8.125:443 uidsync.net tcp
US 8.8.8.8:53 www.itopvpn.com udp
US 8.8.8.8:53 www.itopvpn.com udp
US 3.232.101.92:443 www.itopvpn.com tcp
US 3.232.101.92:443 www.itopvpn.com tcp
US 8.8.8.8:53 www.itopvpn.com udp
US 8.8.8.8:53 92.101.232.3.in-addr.arpa udp
US 204.62.13.147:443 sync.contextualadv.com tcp
US 80.77.84.96:443 csync.copper6.com tcp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
US 8.8.8.8:53 player.aniview.com udp
US 67.202.105.24:443 ssc-cms.33across.com tcp
US 8.8.8.8:53 eus.rubiconproject.com udp
NL 89.149.193.100:443 ssbsync-euw1.smartadserver.com tcp
US 8.8.8.8:53 e8960.b.akamaiedge.net udp
US 8.8.8.8:53 e8960.e2.akamaiedge.net udp
US 8.8.8.8:53 a1970.dscd.akamai.net udp
US 8.8.8.8:53 e8960.e2.akamaiedge.net udp
NL 35.214.138.30:443 envoy-hl.envoy-csync.core-002-ew4.ov1o.com tcp
US 80.77.84.96:443 csync.copper6.com tcp
US 204.62.12.209:443 sync-service.net tcp
US 8.8.8.8:53 bttrack.com udp
US 8.8.8.8:53 bttrack.com udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 8.8.8.8:53 a1970.dscd.akamai.net udp
US 8.8.8.8:53 e8960.b.akamaiedge.net udp
US 8.8.8.8:53 dsp.360yield.com udp
DE 18.195.234.25:443 match.sharethrough.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
DE 18.195.234.25:443 match.sharethrough.com tcp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
IE 52.210.58.185:443 dsp.360yield.com tcp
US 8.8.8.8:53 euw-ice.360yield.com udp
NL 46.228.174.117:443 sync.1rx.io tcp
US 3.219.172.219:443 sync.srv.stackadapt.com tcp
NL 89.149.193.89:443 sync.smartadserver.com tcp
NL 89.149.193.89:443 sync.smartadserver.com tcp
US 8.8.8.8:53 185.58.210.52.in-addr.arpa udp
US 8.8.8.8:53 cd836371f1d.cdn.intergient.com udp
US 8.8.8.8:53 desktop-netinstaller-sub.osp.opera.software udp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
US 8.8.8.8:53 121.217.145.82.in-addr.arpa udp
US 8.8.8.8:53 autoupdate.opera.com udp
NL 185.26.182.124:443 autoupdate.opera.com tcp
NL 185.26.182.124:443 autoupdate.opera.com tcp
US 8.8.8.8:53 features.opera-api2.com udp
US 8.8.8.8:53 download.opera.com udp
NL 185.26.182.93:443 features.opera-api2.com tcp
US 80.77.87.161:443 cs.admanmedia.com tcp
US 8.8.8.8:53 124.182.26.185.in-addr.arpa udp
US 8.8.8.8:53 93.182.26.185.in-addr.arpa udp
US 80.77.87.161:443 cs.admanmedia.com tcp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 d1jvc9b8z3vcjs.cloudfront.net udp
US 8.8.8.8:53 d1jvc9b8z3vcjs.cloudfront.net udp
US 8.8.8.8:53 upload.wikimedia.org udp
US 8.8.8.8:53 download.opera.com udp
NL 185.26.182.117:443 download.opera.com tcp
US 8.8.8.8:53 upload.wikimedia.org udp
US 8.8.8.8:53 upload.wikimedia.org udp
DE 37.252.171.149:443 secure.adnxs.com tcp
FR 5.135.209.96:443 euw2.smartadserver.com tcp
DE 37.252.171.149:443 secure.adnxs.com tcp
FR 5.135.209.96:443 euw2.smartadserver.com tcp
NL 185.15.59.240:443 upload.wikimedia.org tcp
NL 185.15.59.240:443 upload.wikimedia.org tcp
US 8.8.8.8:53 240.59.15.185.in-addr.arpa udp
US 8.8.8.8:53 download3.operacdn.com udp
US 80.77.87.163:443 cs.admanmedia.com tcp
GB 95.101.143.176:443 download3.operacdn.com tcp
US 8.8.8.8:53 176.143.101.95.in-addr.arpa udp
US 80.77.87.163:443 cs.admanmedia.com tcp
US 8.8.8.8:53 ac.duckduckgo.com udp
US 8.8.8.8:53 duckduckgo.com udp
IE 52.142.124.215:443 ac.duckduckgo.com tcp
IE 52.142.124.215:443 ac.duckduckgo.com tcp
IE 52.142.124.215:443 ac.duckduckgo.com tcp
US 8.8.8.8:53 links.duckduckgo.com udp
US 8.8.8.8:53 external-content.duckduckgo.com udp
IE 52.142.124.215:443 ac.duckduckgo.com tcp
US 8.8.8.8:53 links.duckduckgo.com udp
US 8.8.8.8:53 163.87.77.80.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
DE 142.250.186.129:443 cdn-content.ampproject.org udp
DE 142.250.185.161:443 f2546fb2c63e06605fb3f7dfd0abb80b.safeframe.googlesyndication.com udp
US 104.20.0.51:443 go.filehorse.com udp
DE 157.90.33.121:443 uidsync.net tcp
US 104.20.0.51:443 go.filehorse.com tcp
US 8.8.8.8:53 na1e-acc.services.adobe.com udp
US 104.18.29.130:443 nkr.conclie.com tcp
US 54.69.159.47:443 na1e-acc.services.adobe.com tcp
US 54.69.159.47:443 na1e-acc.services.adobe.com tcp
US 8.8.8.8:53 47.159.69.54.in-addr.arpa udp
IE 20.223.54.233:443 links.duckduckgo.com tcp
IE 20.223.54.233:443 links.duckduckgo.com tcp
IE 20.223.54.233:443 links.duckduckgo.com tcp
US 8.8.8.8:53 links.duckduckgo.com udp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
DE 157.90.33.121:443 uidsync.net tcp
IE 52.142.124.215:443 ac.duckduckgo.com tcp
IE 52.142.124.215:443 ac.duckduckgo.com tcp
IE 52.142.124.215:443 ac.duckduckgo.com tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
US 54.69.159.47:443 na1e-acc.services.adobe.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 104.18.20.56:443 prebid.intergient.com.cdn.cloudflare.net udp
NL 178.250.1.38:443 in-ftd-170.nl3.vip.prod.criteo.com tcp
US 35.227.252.103:443 rtb.openx.net udp
US 104.18.26.193:443 htlb.casalemedia.com udp
US 8.8.8.8:53 htlb.casalemedia.com udp
NL 69.173.156.139:443 tagged-by.rubiconproject.net.akadns.net tcp
US 146.190.198.186:443 vidazoo-openrtb-prebid-saas-p-us-nyc1b-lb.vidazoo.services tcp
NL 178.250.1.56:443 in-ftd-65.nl3.vip.prod.criteo.com tcp
US 8.8.8.8:53 hb.yellowblue.io udp
DE 37.252.171.149:443 secure.adnxs.com tcp
US 8.8.8.8:53 g2.gumgum.com udp
DE 3.72.78.234:443 btlr.sharethrough.com tcp
US 8.8.8.8:53 hb.yellowblue.io udp
US 104.18.20.56:443 prebid.intergient.com.cdn.cloudflare.net tcp
US 104.18.26.193:443 htlb.casalemedia.com tcp
US 8.8.8.8:53 hb.yellowblue.io udp
DE 3.78.168.176:443 eu-tlx.3lift.com tcp
US 8.8.8.8:53 eu-tlx.3lift.com udp
US 8.8.8.8:53 eu-tlx.3lift.com udp
NL 178.250.1.38:443 in-ftd-170.nl3.vip.prod.criteo.com tcp
NL 69.173.156.139:443 tagged-by.rubiconproject.net.akadns.net tcp
US 146.190.198.186:443 vidazoo-openrtb-prebid-saas-p-us-nyc1b-lb.vidazoo.services tcp
NL 178.250.1.56:443 in-ftd-65.nl3.vip.prod.criteo.com tcp
DE 37.252.171.149:443 secure.adnxs.com tcp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 g2.gumgum.com udp
US 8.8.8.8:53 g2.gumgum.com udp
US 104.18.1.149:443 goci.iminogco.com tcp
DE 142.250.181.234:443 ajax.googleapis.com udp
US 8.8.8.8:53 support.mozilla.org udp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 www.mozilla.org udp
US 8.8.8.8:53 wiki.mozilla.org udp
US 8.8.8.8:53 www-mozilla.fastly-edge.com udp
US 8.8.8.8:53 prod.wikimo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 www-mozilla.fastly-edge.com udp
NL 69.173.156.139:443 tagged-by.rubiconproject.net.akadns.net tcp
NL 178.250.1.38:443 in-ftd-170.nl3.vip.prod.criteo.com tcp
NL 178.250.1.56:443 in-ftd-65.nl3.vip.prod.criteo.com tcp
DE 3.72.78.234:443 btlr.sharethrough.com tcp
DE 37.252.171.149:443 secure.adnxs.com tcp
DE 3.72.78.234:443 btlr.sharethrough.com tcp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.wikimo.prod.webservices.mozgcp.net udp
US 104.18.28.130:443 nkr.conclie.com tcp
US 8.8.8.8:53 convertmasterapp.com udp
US 8.8.8.8:53 dev.visualwebsiteoptimizer.com udp
US 34.107.218.251:443 dev.visualwebsiteoptimizer.com tcp
US 8.8.8.8:53 dev.visualwebsiteoptimizer.com udp
US 8.8.8.8:53 dev.visualwebsiteoptimizer.com udp
US 34.107.218.251:443 dev.visualwebsiteoptimizer.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
DE 142.250.185.228:443 www.google.com udp
DE 142.250.185.228:443 www.google.com tcp
US 8.8.8.8:53 www.google.co.uk udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 www.google.com udp
DE 172.217.18.99:443 www.google.co.uk udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
DE 172.217.18.99:443 www.google.co.uk tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
DE 142.250.185.66:443 googleads.g.doubleclick.net udp
DE 142.250.185.161:443 f2546fb2c63e06605fb3f7dfd0abb80b.safeframe.googlesyndication.com tcp
DE 142.250.185.228:443 www.google.com udp
DE 142.250.185.66:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 ib.adnxs.com udp
NL 178.250.1.38:443 in-ftd-170.nl3.vip.prod.criteo.com tcp
NL 69.173.156.139:443 tagged-by.rubiconproject.net.akadns.net tcp
US 8.8.8.8:53 btlr.sharethrough.com udp
NL 178.250.1.56:443 in-ftd-65.nl3.vip.prod.criteo.com tcp
US 8.8.8.8:53 ib.anycast.adnxs.com udp
DE 37.252.171.149:443 ib.anycast.adnxs.com tcp
DE 35.159.236.149:443 btlr.sharethrough.com tcp
US 8.8.8.8:53 ib.anycast.adnxs.com udp
US 8.8.8.8:53 btlr-eu-central-1.sharethrough.com udp
DE 35.159.236.149:443 btlr.sharethrough.com tcp
US 8.8.8.8:53 149.236.159.35.in-addr.arpa udp
US 8.8.8.8:53 www.itopsoftware.com udp
RU 46.17.41.71:443 www.itopsoftware.com tcp
RU 46.17.41.71:443 www.itopsoftware.com tcp
US 8.8.8.8:53 www.itopsoftware.com udp
RU 46.17.41.71:443 www.itopsoftware.com tcp
DE 142.250.185.66:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 application.convertmasterapp.com udp
US 104.21.72.124:443 fonts.cdnfonts.com udp
RU 46.17.41.71:443 www.itopsoftware.com tcp
RU 46.17.41.71:443 www.itopsoftware.com tcp
US 54.172.43.91:443 www.iobit.com tcp
US 54.172.43.91:443 www.iobit.com tcp
US 8.8.8.8:53 www-iobit-com-new.us-east-1.elasticbeanstalk.com udp
US 8.8.8.8:53 www-iobit-com-new.us-east-1.elasticbeanstalk.com udp
US 8.8.8.8:53 91.43.172.54.in-addr.arpa udp
US 54.172.43.91:443 www-iobit-com-new.us-east-1.elasticbeanstalk.com tcp
US 54.172.43.91:443 www-iobit-com-new.us-east-1.elasticbeanstalk.com tcp
US 54.172.43.91:443 www-iobit-com-new.us-east-1.elasticbeanstalk.com tcp
US 54.172.43.91:443 www-iobit-com-new.us-east-1.elasticbeanstalk.com tcp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 ax-0001.ax-msedge.net udp
US 8.8.8.8:53 ax-0001.ax-msedge.net udp
US 54.172.43.91:443 www-iobit-com-new.us-east-1.elasticbeanstalk.com tcp
US 150.171.27.10:443 ax-0001.ax-msedge.net tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 www.itopvpn.com udp
US 8.8.8.8:53 www.itopvpn.com udp
US 8.8.8.8:53 www.itopvpn.com udp
US 8.8.8.8:53 tools.luckyorange.com udp
US 8.8.8.8:53 d20519brkbo4nz.cloudfront.net udp
US 8.8.8.8:53 d20519brkbo4nz.cloudfront.net udp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 ax-0001.ax-msedge.net udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
DE 172.217.18.99:443 www.google.co.uk tcp
US 8.8.8.8:53 www.google.co.uk udp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 216.239.32.36:443 region1.analytics.google.com udp
DE 172.217.18.99:443 www.google.co.uk udp
BE 142.251.168.157:443 stats.g.doubleclick.net tcp
BE 142.251.168.157:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 157.168.251.142.in-addr.arpa udp
US 150.171.27.10:443 ax-0001.ax-msedge.net tcp
US 8.8.8.8:53 cdn.iobit.com udp
GB 2.18.190.180:443 cdn.iobit.com tcp
US 8.8.8.8:53 a84.dscd.akamai.net udp
US 8.8.8.8:53 a84.dscd.akamai.net udp
US 8.8.8.8:53 180.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 goto.itopvpn.com udp
US 18.211.83.77:443 goto.itopvpn.com tcp
US 8.8.8.8:53 goto.itopvpn.com udp
US 8.8.8.8:53 goto.itopvpn.com udp
US 8.8.8.8:53 download.itopupdate.com udp
GB 2.18.190.183:443 download.itopupdate.com tcp
US 8.8.8.8:53 77.83.211.18.in-addr.arpa udp
US 8.8.8.8:53 a813.dscd.akamai.net udp
US 8.8.8.8:53 183.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 update.iobit.com udp
GB 2.18.190.180:443 update.iobit.com tcp
GB 2.18.190.180:443 update.iobit.com tcp
GB 2.18.190.180:443 update.iobit.com tcp
GB 2.18.190.180:443 update.iobit.com tcp
GB 2.18.190.180:443 update.iobit.com tcp
GB 2.18.190.180:443 update.iobit.com tcp
US 8.8.8.8:53 stats.iobit.com udp
US 44.210.192.38:443 stats.iobit.com tcp
GB 2.18.190.180:443 update.iobit.com tcp
US 44.210.192.38:443 stats.iobit.com tcp
US 8.8.8.8:53 38.192.210.44.in-addr.arpa udp
GB 2.18.190.180:443 update.iobit.com tcp
FI 3.164.68.27:443 d20519brkbo4nz.cloudfront.net tcp
US 150.171.27.10:443 ax-0001.ax-msedge.net tcp
US 8.8.8.8:53 27.68.164.3.in-addr.arpa udp
US 8.8.8.8:53 ax-0001.ax-msedge.net udp
US 8.8.8.8:53 settings.luckyorange.com udp
US 34.107.203.234:443 settings.luckyorange.com tcp
US 34.107.203.234:443 settings.luckyorange.com tcp
US 8.8.8.8:53 settings.luckyorange.com udp
US 8.8.8.8:53 settings.luckyorange.com udp
US 34.107.203.234:443 settings.luckyorange.com udp
US 8.8.8.8:53 234.203.107.34.in-addr.arpa udp
US 8.8.8.8:53 update.itopupdate.com udp
GB 2.18.190.167:443 update.itopupdate.com tcp
US 8.8.8.8:53 167.190.18.2.in-addr.arpa udp
GB 2.18.190.167:443 update.itopupdate.com tcp
GB 2.18.190.167:443 update.itopupdate.com tcp
GB 2.18.190.167:443 update.itopupdate.com tcp
US 8.8.8.8:53 duckduckgo.com udp
IE 52.142.124.215:443 duckduckgo.com tcp
US 8.8.8.8:53 duckduckgo.com udp
US 8.8.8.8:53 links.duckduckgo.com udp
US 8.8.8.8:53 duckduckgo.com udp
IE 20.223.54.233:443 links.duckduckgo.com tcp
US 8.8.8.8:53 links.duckduckgo.com udp
US 8.8.8.8:53 external-content.duckduckgo.com udp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
US 8.8.8.8:53 external-content.duckduckgo.com udp
US 8.8.8.8:53 external-content.duckduckgo.com udp
US 8.8.8.8:53 ua.itopvpn.com udp
US 34.203.53.63:443 ua.itopvpn.com tcp
US 8.8.8.8:53 ua.itopvpn.com udp
US 34.203.53.63:443 ua.itopvpn.com tcp
US 8.8.8.8:53 ua.itopvpn.com udp
US 34.203.53.63:443 ua.itopvpn.com tcp
US 34.203.53.63:443 ua.itopvpn.com tcp
US 34.203.53.63:443 ua.itopvpn.com tcp
US 34.203.53.63:443 ua.itopvpn.com tcp
US 44.210.192.38:443 stats.iobit.com tcp
US 44.210.192.38:443 stats.iobit.com tcp
US 44.210.192.38:443 stats.iobit.com tcp
US 44.210.192.38:443 stats.iobit.com tcp
US 44.210.192.38:443 stats.iobit.com tcp
US 44.210.192.38:443 stats.iobit.com tcp
US 8.8.8.8:53 stats.reportcpanel.com udp
US 3.225.236.16:80 stats.reportcpanel.com tcp
US 34.203.53.63:443 ua.itopvpn.com tcp
US 34.203.53.63:443 ua.itopvpn.com tcp
US 8.8.8.8:53 16.236.225.3.in-addr.arpa udp
US 34.203.53.63:443 ua.itopvpn.com tcp
US 34.203.53.63:443 ua.itopvpn.com tcp
US 34.203.53.63:443 ua.itopvpn.com tcp
US 34.203.53.63:443 ua.itopvpn.com tcp
US 34.203.53.63:443 ua.itopvpn.com tcp
US 8.8.8.8:53 www.itoprussia.com udp
RU 213.183.48.64:443 www.itoprussia.com tcp
US 8.8.8.8:53 www.itoprussia.com udp
US 8.8.8.8:53 www.itoprussia.com udp
RU 213.183.48.64:443 www.itoprussia.com tcp
US 8.8.8.8:53 stats.iobit.com udp
US 44.210.192.38:443 stats.iobit.com tcp
US 8.8.8.8:53 goci.iminogco.com udp
US 8.8.8.8:53 goci.iminogco.com udp
US 104.18.0.149:443 goci.iminogco.com tcp
US 8.8.8.8:53 149.0.18.104.in-addr.arpa udp
US 8.8.8.8:53 update.itopupdate.com udp
GB 2.18.190.167:80 update.itopupdate.com tcp
GB 2.18.190.167:80 update.itopupdate.com tcp
GB 2.18.190.167:443 update.itopupdate.com tcp
GB 2.18.190.167:443 update.itopupdate.com tcp
US 8.8.8.8:53 ajax.googleapis.com udp
DE 142.250.186.42:443 ajax.googleapis.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
DE 142.250.186.42:443 ajax.googleapis.com tcp
US 8.8.8.8:53 update.iobit.com udp
GB 2.18.190.174:80 update.iobit.com tcp
GB 2.18.190.174:80 update.iobit.com tcp
US 8.8.8.8:53 174.190.18.2.in-addr.arpa udp
GB 2.18.190.167:443 update.itopupdate.com tcp
GB 2.18.190.167:443 update.itopupdate.com tcp
GB 2.18.190.167:443 update.itopupdate.com tcp
GB 2.18.190.167:443 update.itopupdate.com tcp
GB 2.18.190.167:443 update.itopupdate.com tcp
US 44.210.192.38:443 stats.iobit.com tcp
US 34.203.53.63:443 ua.itopvpn.com tcp
US 44.210.192.38:443 stats.iobit.com tcp
GB 2.18.190.174:443 update.iobit.com tcp
GB 2.18.190.174:443 update.iobit.com tcp
GB 2.18.190.174:443 update.iobit.com tcp
US 8.8.8.8:53 interface.iobit.com udp
US 52.202.246.227:443 interface.iobit.com tcp
US 44.210.192.38:443 stats.iobit.com tcp
US 8.8.8.8:53 227.246.202.52.in-addr.arpa udp
US 8.8.8.8:53 www.iobit.com udp
US 34.226.2.132:443 www.iobit.com tcp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
GB 51.140.244.186:443 nav.smartscreen.microsoft.com tcp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
US 8.8.8.8:53 update.downloaditop.com udp
US 8.8.8.8:53 www.itopvpn.com udp
FI 18.165.122.51:80 crt.rootg2.amazontrust.com tcp
US 44.210.192.38:443 stats.iobit.com tcp
GB 2.18.190.177:443 update.downloaditop.com tcp
US 54.205.163.129:443 www.itopvpn.com tcp
US 44.210.192.38:443 stats.iobit.com tcp
US 34.203.53.63:443 ua.itopvpn.com tcp
GB 2.18.190.177:443 update.downloaditop.com tcp
GB 2.18.190.177:443 update.downloaditop.com tcp
GB 2.18.190.177:443 update.downloaditop.com tcp
GB 2.18.190.177:443 update.downloaditop.com tcp
US 8.8.8.8:53 186.244.140.51.in-addr.arpa udp
US 8.8.8.8:53 132.2.226.34.in-addr.arpa udp
US 8.8.8.8:53 177.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 51.122.165.18.in-addr.arpa udp
US 8.8.8.8:53 129.163.205.54.in-addr.arpa udp
US 34.203.53.63:443 ua.itopvpn.com tcp
US 44.210.192.38:443 stats.iobit.com tcp
US 8.8.8.8:53 stats.itopvpn.com udp
US 54.237.41.21:80 stats.itopvpn.com tcp
US 8.8.8.8:53 62.22.156.108.in-addr.arpa udp
US 8.8.8.8:53 21.41.237.54.in-addr.arpa udp
RU 213.183.48.64:443 www.itoprussia.com tcp
RU 213.183.48.64:443 www.itoprussia.com tcp
US 34.226.2.132:443 www.iobit.com tcp
N/A 224.0.0.251:5353 udp
US 52.202.246.227:443 interface.iobit.com tcp
US 44.210.192.38:443 stats.iobit.com tcp
US 44.210.192.38:443 stats.iobit.com tcp
GB 2.18.190.177:443 update.downloaditop.com tcp
US 44.210.192.38:443 stats.iobit.com tcp
GB 2.18.190.177:443 update.downloaditop.com tcp
GB 2.18.190.177:443 update.downloaditop.com tcp
GB 2.18.190.177:443 update.downloaditop.com tcp
GB 2.18.190.177:443 update.downloaditop.com tcp
US 44.210.192.38:443 stats.iobit.com tcp
IE 52.142.124.215:443 duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
US 8.8.8.8:53 links.duckduckgo.com udp
US 8.8.8.8:53 links.duckduckgo.com udp
IE 20.223.54.233:443 links.duckduckgo.com tcp
IE 20.223.54.233:443 links.duckduckgo.com tcp
US 8.8.8.8:53 api.itopvpn.com udp
US 13.248.190.80:443 api.itopvpn.com tcp
US 8.8.8.8:53 80.190.248.13.in-addr.arpa udp
RU 213.183.48.64:443 www.itoprussia.com tcp
RU 213.183.48.64:443 www.itoprussia.com tcp
RU 213.183.48.64:443 www.itoprussia.com tcp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 ax-0001.ax-msedge.net udp
US 8.8.8.8:53 ax-0001.ax-msedge.net udp
US 8.8.8.8:53 update.itopvpn.com udp
GB 2.18.190.162:443 update.itopvpn.com tcp
US 44.210.192.38:443 stats.iobit.com tcp
US 52.202.246.227:443 interface.iobit.com tcp
US 8.8.8.8:53 162.190.18.2.in-addr.arpa udp
US 54.237.41.21:443 stats.itopvpn.com tcp
US 8.8.8.8:53 update.itopupdate.com udp
GB 2.18.190.180:443 update.itopupdate.com tcp
US 44.210.192.38:443 stats.iobit.com tcp
GB 2.18.190.180:443 update.itopupdate.com tcp
GB 2.18.190.180:443 update.itopupdate.com tcp
GB 2.18.190.180:443 update.itopupdate.com tcp
GB 2.18.190.180:443 update.itopupdate.com tcp
US 44.210.192.38:443 stats.iobit.com tcp
US 8.8.8.8:53 ip-api.com udp
US 44.210.192.38:443 stats.iobit.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 udp
US 44.210.192.38:443 stats.iobit.com tcp
US 54.237.41.21:443 stats.itopvpn.com tcp
GB 2.18.190.162:443 update.itopvpn.com tcp
GB 2.18.190.162:443 update.itopvpn.com tcp
GB 2.18.190.162:443 update.itopvpn.com tcp
GB 2.18.190.162:443 update.itopvpn.com tcp
GB 2.18.190.162:443 update.itopvpn.com tcp
US 54.237.41.21:443 stats.itopvpn.com tcp
US 44.210.192.38:443 stats.iobit.com tcp
GB 2.18.190.162:443 update.itopvpn.com tcp
US 8.8.8.8:53 www.itopvpn.com udp
US 8.8.8.8:53 www.itopvpn.com udp
US 44.210.192.38:443 stats.iobit.com tcp
GB 2.18.190.162:443 update.itopvpn.com tcp
US 44.210.192.38:443 stats.iobit.com tcp
GB 2.18.190.162:443 update.itopvpn.com tcp
US 13.248.190.80:443 api.itopvpn.com tcp
GB 2.18.190.162:443 update.itopvpn.com tcp
US 8.8.8.8:53 tools.luckyorange.com udp
US 8.8.8.8:53 d20519brkbo4nz.cloudfront.net udp
US 8.8.8.8:53 d20519brkbo4nz.cloudfront.net udp
US 216.239.32.36:443 region1.analytics.google.com udp
US 34.107.203.234:443 settings.luckyorange.com udp
GB 2.18.190.162:443 update.itopvpn.com tcp
GB 2.18.190.162:443 update.itopvpn.com tcp
GB 2.18.190.162:443 update.itopvpn.com tcp
GB 2.18.190.162:443 update.itopvpn.com tcp
US 8.8.8.8:53 142.186.250.142.in-addr.arpa udp
US 8.8.8.8:53 stats.itopvpn.com udp
US 54.84.129.115:443 stats.itopvpn.com tcp
US 54.84.129.115:443 stats.itopvpn.com tcp
US 8.8.8.8:53 115.129.84.54.in-addr.arpa udp
RU 213.183.48.64:443 www.itoprussia.com tcp
RU 213.183.48.64:443 www.itoprussia.com tcp
GB 2.18.190.162:443 update.itopvpn.com tcp
US 8.8.8.8:53 update.itopvpn.com udp
GB 2.18.190.162:443 update.itopvpn.com tcp
GB 2.18.190.162:443 update.itopvpn.com tcp
GB 2.18.190.162:443 update.itopvpn.com tcp
GB 2.18.190.162:443 update.itopvpn.com tcp
GB 2.18.190.162:443 update.itopvpn.com tcp
GB 2.18.190.162:443 update.itopvpn.com tcp
GB 2.18.190.162:443 update.itopvpn.com tcp
GB 2.18.190.162:443 update.itopvpn.com tcp
GB 2.18.190.162:443 update.itopvpn.com tcp
GB 2.18.190.162:443 update.itopvpn.com tcp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
FI 3.164.70.16:443 aax.amazon-adsystem.com tcp
US 8.8.8.8:53 d1jvc9b8z3vcjs.cloudfront.net udp
US 8.8.8.8:53 d1jvc9b8z3vcjs.cloudfront.net udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 8.8.8.8:53 prg.smartadserver.com udp
DE 37.252.171.149:443 ib.anycast.adnxs.com tcp
GB 185.64.190.77:443 hbopenbid-lhrc.pubmnet.com tcp
FR 5.135.209.96:443 prg.smartadserver.com tcp
US 8.8.8.8:53 hb-api.europe-west9.gcp.omnitagjs.com udp
FR 34.1.1.166:443 hb-api.europe-west9.gcp.omnitagjs.com tcp
US 8.8.8.8:53 euw2.smartadserver.com udp
US 8.8.8.8:53 euw2.smartadserver.com udp
US 8.8.8.8:53 update.iobit.com udp
GB 2.18.190.174:443 update.iobit.com tcp
GB 2.18.190.174:443 update.iobit.com tcp
GB 2.18.190.174:443 update.iobit.com tcp
GB 2.18.190.162:443 update.itopvpn.com tcp
GB 2.18.190.162:443 update.itopvpn.com tcp
GB 2.18.190.162:443 update.itopvpn.com tcp
GB 2.18.190.162:443 update.itopvpn.com tcp
GB 2.18.190.162:443 update.itopvpn.com tcp
GB 2.18.190.162:443 update.itopvpn.com tcp
GB 2.18.190.162:443 update.itopvpn.com tcp
GB 2.18.190.162:443 update.itopvpn.com tcp
GB 2.18.190.162:443 update.itopvpn.com tcp
GB 2.18.190.162:443 update.itopvpn.com tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
GB 2.18.190.162:443 update.itopvpn.com tcp
GB 2.18.190.162:443 update.itopvpn.com tcp
GB 2.18.190.162:443 update.itopvpn.com tcp
GB 2.18.190.162:443 update.itopvpn.com tcp
GB 2.18.190.162:443 update.itopvpn.com tcp
US 8.8.8.8:53 cdn.ampproject.org udp
DE 142.250.186.129:443 cdn.ampproject.org udp
US 8.8.8.8:53 cdn-content.ampproject.org udp
US 8.8.8.8:53 cdn-content.ampproject.org udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 2.18.190.162:443 update.itopvpn.com tcp
DE 142.250.185.161:443 tpc.googlesyndication.com udp
GB 2.18.190.162:443 update.itopvpn.com tcp
GB 2.18.190.162:443 update.itopvpn.com tcp
GB 2.18.190.162:443 update.itopvpn.com tcp
GB 2.18.190.162:443 update.itopvpn.com tcp
US 8.8.8.8:53 www.filehorse.com udp
US 8.8.8.8:53 push-sdk.com udp
US 104.20.0.51:443 www.filehorse.com udp
US 8.8.8.8:53 www.filehorse.com udp
DE 157.90.33.121:443 push-sdk.com tcp
US 8.8.8.8:53 push-sdk.com udp
US 8.8.8.8:53 www.filehorse.com udp
US 104.20.1.51:443 www.filehorse.com tcp
US 8.8.8.8:53 51.1.20.104.in-addr.arpa udp
GB 2.18.190.162:443 update.itopvpn.com tcp

Files

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\datareporting\glean\pending_pings\6c7e353c-2b54-45f5-af47-b21f7643096d

MD5 43b3c33f1c1980abbfffa1d539a8ce9b
SHA1 8a81afdd4929a6f7abb99535a896188d527f63ba
SHA256 099236e09ce77f9d2783275b1706b70efd101fc93dd986e7149398b8d1b22026
SHA512 33aadae5aa456640dd7fbefb403553207f486e4dd18faa162be5251c266d50ca4e2d67dfc7b7985f20ffaa1c732dc0f6bffcfc27763cfcfb2ac8a3b64d949e7f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\datareporting\glean\pending_pings\3c048dba-3dce-4374-b552-ca9b9fa5a028

MD5 428c01f83225c20c81d134fa9eb76f8c
SHA1 83ac6d2c6a85feb252b04fe8b7c0a7dd76400494
SHA256 9194de5cf0937fe5a46a347c799441caa7fbe5691582653e307cd763102fe63a
SHA512 9dd31e86dbd187de744209ce01bda10008b0064a339a8c97a827825fe17d301b09a9e0a8b8a9e3f2e1c8cc8304bb441e3164aba01ed8a882c6f9782aaf9b7e38

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\datareporting\glean\pending_pings\e30788ee-d306-49b2-a9f5-a3117067cfbf

MD5 d33526359ad481a4efce5a2b165a8d00
SHA1 c0328aaa60fb5ee7729d61e7adcf170d20ab9267
SHA256 fdd9cbe812a049e20d0865303bc78567d43fb667a1fb15c05f822e69b1b7d120
SHA512 64f8e94d3d80ec16371a33fc9b37eaaef01b4d8cb3cd78aaa7353062847d7ce020473e95ac3bacb47fd9434aa2c7ff2ac084761b37745080ba66b3707f5f20a1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\datareporting\glean\db\data.safe.tmp

MD5 222bda2a16e24844014e16492216cced
SHA1 0ee7ad1ba8b6a45887334d2020d8ffb89ef2a7e0
SHA256 c524794d276abcd07996bcab8cc38280c87abeda2a118143ae7be8c8f719c0d2
SHA512 d1a52e2c3e1c4d2319c847b003799fdf8a31f7b989ed5b081029adf4daf8f37a944c912d4014cda2931c31d1d7c8b12194b052d0fc1a2fde39bd0829155124b6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\datareporting\glean\db\data.safe.tmp

MD5 72f54aedad2a71a150f73dcac3a0fc03
SHA1 d45ce83d43a5a7a3a68c9841052538e752a1eaea
SHA256 c342d51d96e8c54b6485bb065a62429b0947ce74f18d90fe43f7ec5da1a8a527
SHA512 11d9e3518a11bc78cd7e5f3b390100069b65d4edc1213c8696a667ab549610aca1b13b5a37e7bd635a8759dca191d72bb65380cfb764aae36de0c7612fa54256

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\activity-stream.discovery_stream.json

MD5 11494dbb9515ed489e6de801ed334601
SHA1 ad56db5b67184ef1a0cd447454011a8399ab5472
SHA256 bae460459ebd513dfb2b0c2a68fb17f7b3daacd64121834b12251018f59e33cf
SHA512 a1c9edab8bdd7f3662d5ec0adda59c791a50a18c6cfd6bb5d2869fa26682e4560ad4f5c798e095bfadb7bde17c510bdae65aa227fac58664fea5ad276508daab

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\prefs.js

MD5 710353785e065c4ecad4b859fe3bb28e
SHA1 a0b9e861f8fa9d4d981627fa2ea1c72b1764ebdf
SHA256 16e48c7b5add3972a9a8131ddb42b1fc7167c8f8abfedbf5978c120cd167f83a
SHA512 9d3707de52f96ca002a6018b62b4035adf3c887cb8126b44692d4115286f80b0371c50b2d477a51231d31176fdb1932a51a03f52201af814f1f3d3b6d249cdfa

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\AlternateServices.bin

MD5 a9f38952fa23b967a4ad16511d6e8a6d
SHA1 dd4d74e57a1088afb55b80109cc329582e42da28
SHA256 d8405194e2a784a96c8d90aa45c5ad94eba7a02209237c6017def3aea613ea01
SHA512 a28afa26fbce8ef33b090136ac561d13d6723204d6a3e661ee3e11db1c5828a2d139f6219ff39c0bbb625736976db6be2f6b8ac2be9f028198d8cecb573737b1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

MD5 43026532ba68bf2660b9846fa33ed4af
SHA1 20db018965d4f91e70b0a6a19b69fca020a6d95b
SHA256 f4ed2524b2471e8cb0a82d0f2f17b8af99fe66cc19dafd53240851b543bf6a51
SHA512 f36bdd9d6bd772bef008c491dbfb70a99e41e5b42c7058ca355c82635741e7fe4d1531317c6b76618d7a64d0bbf1008921a76abe5459fb16feb2f5413811d76c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\424C4623CEC18FCA971BA30429347CD4BF770BFB

MD5 b952c216dd8a4c4ac6f766ac9859b4df
SHA1 61845da2826600352dd59a4ec730b90760990bf7
SHA256 c2e4408c5ce61823f4b95959bf77dde2b6a4dbbbc4d8fabec9706ad27ce27423
SHA512 dfb2a7aae3f3929feeb5d9e7395540896aaa6aaea9d4ef24934b6175b0f0c03d0383019a663496b5d5ebec0dd0b454bd77bd0d8c817f6b7f2eff2baea071c988

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\1BDAB1282517CAB9FF24C34BE6C3D8E68F91C6EC

MD5 483bfa74cb600bd47c35c1e315ce6a3f
SHA1 afb455d3d5a91efe84bb33c2056471731bdd1a65
SHA256 78044aba54c31da9013c5c45ef4958eb05a4be62569cfab96c0d65a13fa48f8c
SHA512 bf5836d94757f6ac404d9c696ae21c348ddd15e520bd26e06b0674a20060d6064b885e7118deeec2bb87a20b0df63dfaf26a662bd758102309bd5ddb7f5ddedd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\03D7738553BBD9A4C8949C6403266D6D41795AF1

MD5 64b11a6b7d0245e16d5c1783cb3b839a
SHA1 301dd999d71c82e5610271745752b422a2a7ff0a
SHA256 9d87043579e6ac5d0a5970e5157b1920ea68708bad5173d486662ee8e5a05c73
SHA512 f4af9921d45a5e274faaf22f6298ddd8fdc8fdb4ef540371f53b90a5c5354bded01ef990af5fa3352e3e91dec1e735bd7616f36e878f98957caad350e27e861b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\43534F1DE462540F20E0FAEDB9554B71D871B3C0

MD5 6799ed5bf354bb4055d6124a55d9bcd7
SHA1 808eb3e734ec8b32fab993959a5b15f80bf65e42
SHA256 7a7471d4ac25c949941dbbddcf5fc88b7422dab1d28a70eecd2bf9892940f4d7
SHA512 db1dd6637f7273fafebbf8f16a9e981c3b2fb1f4f79bda3f2674a0d211b820a2d4013b1cb92481cb4cbc5e52ad56befe211eca29ef4d84594f04e57e863b7fac

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\datareporting\glean\db\data.safe.tmp

MD5 36720af92883a354ca7fa6b6719c2fd2
SHA1 b203cf69e8c0e6577b7b12db1fd6e6e9342c5fc2
SHA256 0a121bf04def55a4f5d025a7f1c95a59cdc86b272da06464478e58ed51992e0b
SHA512 401e25218a1131299806d5b091711b48d17ee80602c0538d575949ec6a8746f2c7e041dd51af95affd05c25ea63ba2adda8fa63cfa18fa6ffa2aa7a895552dc6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\prefs-1.js

MD5 42f1581428fabdde4b19147d205e7913
SHA1 ad2e415c1bdae3bd282c2bb86913e159b62bf60d
SHA256 1aab711601fb1df24cb2905d76b42dc7f2c633db644e06b242302c3e9457183b
SHA512 7bbfa56e4eb020fc51007a9f0bc4328968e733ff8a8bc110f9b94f73e67572985f1293778045d8ee319ef6ea5006ff3f962e57e9482e583248b2e346a44298ee

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 09372174e83dbbf696ee732fd2e875bb
SHA1 ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256 c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512 b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

MD5 2a461e9eb87fd1955cea740a3444ee7a
SHA1 b10755914c713f5a4677494dbe8a686ed458c3c5
SHA256 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA512 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

MD5 842039753bf41fa5e11b3a1383061a87
SHA1 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256 d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512 d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\AlternateServices.bin

MD5 68c423d91761f31a66b3df4788ca6cc9
SHA1 bb6ba99849f957d7ff22263a866eb8e4132691be
SHA256 32a4d1b9b3a2c386aea97b50208d41c97949e83277b51b06c9999b3b1d029264
SHA512 9a0733ce4cb84bee2cd879cd3424e42477fe0e2ab4deb57ea193024be16336ddaf28cc7163d832ec57d44e47ecb5de8a9cb3a2b770eff805aa5dd9ed624b5eb0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\sessionstore-backups\recovery.baklz4

MD5 5268f163358f8aaaea28d966891b7658
SHA1 d711fe6cbc77ef25258e749d11e97cdd9c36bc52
SHA256 0c42c7148256c36792d0f8f537708f44d2371cb45ee79be39e3539a2623e5df5
SHA512 e77ceac87cd22e5f870b7141d67b852a24ac399793031960ac0b0a1c7fc1fd4ca1a0c7670b55b9ce798c9c0a61b4f8ae538672bc4b574eb600dce0ac516c5d59

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 0a8747a2ac9ac08ae9508f36c6d75692
SHA1 b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA256 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA512 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

MD5 bf957ad58b55f64219ab3f793e374316
SHA1 a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256 bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA512 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

MD5 daf7ef3acccab478aaa7d6dc1c60f865
SHA1 f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256 bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA512 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\3E32ECEDABFC388A1F268B5600995313902FA439

MD5 991626a4be0b08cde2c0c1e365ee9bf4
SHA1 bb8d0c815079c4c0c4b929b95ebdad258c96336c
SHA256 33925f67730753d2bb627e97b996e5b322313338acd524bb43a9b3145761d53d
SHA512 8640239131cd9b9d7234dae2d13b4fc4e39542445a5d659fd05c7047caa98851c0a20cd0f96cf06a405d16eb2d7ccd9479039040a9170cb8f7d33e99cd2cf96b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\A6859EE6FFE6499F3C96BEE0EF372A2AEE78EF7C

MD5 9e27c9b11a62aea7c429d57911fd00bb
SHA1 bc807455ce6f6fdbe0b3deabd4460484d95a2952
SHA256 d51ace3b39f234957b6abe249c604ec7e3e5d5b0e2db6f12d9283655d139e54c
SHA512 79cbe801b46288871641726bba4734a971480a92cca4e4bfd940a79614403b38d4b9761fe342486e2f764c459777aa055eab3997cb868adab8f16b4635c604c7

C:\Users\Admin\Downloads\Xeno-v1.bM8oWkir.1.4-x64.zip.part

MD5 b9cdb732b1e4ec5afebb7915616984df
SHA1 6de685f29e3c665aa863a40a85c2742f4c748b23
SHA256 bf58f9a6d18ab45df57f517cef3c338628122be7663252f37c72add00de0619f
SHA512 0cb9b5a4b570237c03cef81f3669344b13785ff973a234ab1d65c2f259cb650b03ddea1884d8679b72fbb79b916f6acf481eb059746c5cf1ae0341b3c4c82865

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\sessionstore-backups\recovery.baklz4

MD5 6215cbe5d7141cb972f78dda0d950772
SHA1 719c0e2be0fdb55c53612a17fc67a3393aa68639
SHA256 5c895a7a0f2852ef25b4ddb39c391213f36ebc3db1dc5a36a0f76337ad2bad8f
SHA512 674915beabe4f235344fe7aa897a82a9c308c5168befbe34273be3bc1d06a0186278e92424751f5223f4dc58d691595a0680d5d18978d857ced10e221ef24099

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\sessionstore-backups\recovery.baklz4

MD5 7614b2099a6283e6b64969e9e673a78c
SHA1 33c875b985af8df33396195b0bfff166949b4bf4
SHA256 814c08d9ee55a332d15f556267f1b39aa9c5a80d48b90d3a8392019393b78401
SHA512 3c389412997085ceecb4e9ccd4dc9b91c10e29e5c143a5b3f1fe8b9a42be71091163d96e83a7d84ce5a9e5bd0d8c63b63063bb74103a838fbbf089e4e3a58123

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\sessionstore-backups\recovery.baklz4

MD5 1bb703c385c757144457bf17332c782a
SHA1 a26e1279c316584657751cb54706c2a6aa9286af
SHA256 63e1941be59f742c8c1df7686f281ecedec4f825ae91851d3a8074cfbf6fd91b
SHA512 e62ce261862a9e34ab7279d5139985603ccf1ee24322716f4e9f892d5e7ac37821d1ca3ed17559c30ebc8e5f22e4b4735697b21b30ea80b744a340920b6b714f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\sessionstore-backups\recovery.baklz4

MD5 737d4edf676738d7d1194ee2d7191dd7
SHA1 22a83b591a24a26b9616463fd812118855dcbf33
SHA256 1089781eb10ed813b2798c1f208c0e402fd5f17b1fafceff40cc8b019a479ac7
SHA512 7e9be7b1899bbbc23ae42568835a86f913097e449fa95dbee940a5cdbfc4f499680e79f8501cc5901eb6e23147c2792f99104bd3e2e629d9733a8cd86db94887

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\sessionstore-backups\recovery.baklz4

MD5 bff5f1ed3dd1d1100f15ab22f909cc45
SHA1 5767caf54d2a8944247d0ac25310a33cab8cadcf
SHA256 8081a20593400e0396657cbcf176a04e8df6734ce7711b96679ba35095281dd9
SHA512 3b628bf9584437e853e28491820876c612d0780bfbd59cd3a33e4f7a6e93c5b14fc82d28fe52a6d0eaa274db3195208a0590069f19a8b6b759cef5721db34c63

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\73EAA0767ECF1BFF6C0396D2598362046273B2CE

MD5 6c5259d806945e56ec3855c865fc3239
SHA1 ae5c6e741555b19cda6d57b292e2cdc90abe3ca3
SHA256 8e83ceb60303c95d5680c2fb11a12d0e35c3f7f28beba74cc0820b1a41dca374
SHA512 0b76894fb0daa5ea03dd254e7458e694d1e5ad39231b0d179dc0dbfa70b75e8faa1b60b57772443e2efcefcb6a96e869fcef31c780b0576797512b3aa25c4539

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\sessionstore-backups\recovery.baklz4

MD5 04b4a4d78bd363c89d31a9096f4ed1f2
SHA1 179ea583f8d98a97f05564ae58b23cc5e8b213f4
SHA256 cfbb50ffaf2fbd822a1265e8f4b91e08026a21116bb5fb3d07df01791ecf4d87
SHA512 99853896676eabca91f052746887d13e8f0142050687911ee781c1589b5d713a8e69c2732dde8c23bfcb9823ccc711954e32f12d7b3870f2e1ab6d4388fc50da

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\storage\default\https+++filecr.com\cache\morgue\112\{82a6769d-7b87-4c2b-b497-7553748e2270}.final

MD5 cb3659118f8f56ef78d3a69bfc99daaf
SHA1 d2bf4ddb5afdd72dad33b7ac2313f3a84b9a3aa4
SHA256 cee6413accd237922d92ff3ff9edf49cd19bdc6ef0fdc78e692212b6bfe9ea59
SHA512 050a3e5b947af8b791cea2de724b162c3e964093b447a9f19eecdc384de1a577194a74e2d997f896998c174c1b27cc88bf50115ee336ea0e7230c592e3172316

C:\Users\Admin\AppData\Local\Temp\tmp-yq7.xpi

MD5 5187090b32436ba03b8a7dcd2f505e1a
SHA1 ca755c0408687bcd2543df3db49d23f13eaf153a
SHA256 b738377ef04e78f0ebc346283e0a11345078b2078b1ee066211ac38c7a3c5041
SHA512 480965c3dc8421d46d6e96ec5f8045a4881473c80b0b67b9f91cb6633cf1e811e85dd4fed48ed18658ede9c1c0314bb68327386d7a9498330d2aeb77a2773832

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\datareporting\glean\db\data.safe.tmp

MD5 0204d6171d61a0e4da3a22da22a72deb
SHA1 2f1bc9ed2296138e333158fbf035554929f71afc
SHA256 c526f0583ad8d1f8a3697f91f732384e4a7953d5753bbe4b4e6db8879bdb8b1e
SHA512 ec24b9257d05d8fca85c98649c3f78c5ff7ab12cc55ff3be5f743f96953b00c5d7ab5b45036b7c66f7d1a3bfaf89a240a234b444d5656dfcd49063df0e77b1cd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\prefs-1.js

MD5 4837e6fff368661e87b38d72f1a9610b
SHA1 36e7791ba9b6d289aa8e9582ca3ad0470c8a0025
SHA256 e06eb9ad3a76185885d93b6650c2a0d133fd57aed810dc22ee179891ed22e992
SHA512 4d5089a8cbae4cfa0e2a66d3444d45f74df90fa4e5c095456c1ff33a5a0f0fc50255f2bc30e0b2ac8e45510eb31191b6ae57897ed761b364ddd810722b29e824

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\extensions.json

MD5 4acdb914432f011f1f42cc53c7361379
SHA1 7334ce5f1b85c51388af1bb3bc5e060ab47a5cad
SHA256 92420ad612a1d0494490e94e20781f3a7146f78994c7ff012a1ca0e085e2c809
SHA512 344d41bb41519d333a97669325caa8188cde69307103fdfb355d764b1daebdf4dad129823de0ccbe46914769c1c9d1736ec6e80d8e1a5aab6c780ec5c7223d78

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\doomed\17309

MD5 1f98d60ca3060de16ac1e62917fca481
SHA1 65a6aceb926ba1a40fb92646cb65f7b1f43341c5
SHA256 48ab6ed79a4da9a306e06722524813d3c302730b5f93046879a0809832d58511
SHA512 4cc76393619b6cdb69b219509ee63d7d04e01c352dbdd00e990531943afa6fed9090a0cf35903a67fc3a70377e1be368523187d6dbbc90a23fbd1c8b1c55cf16

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\sessionstore-backups\recovery.baklz4

MD5 99e9f77a7b21c8aeaa3d5b17cbe7ec31
SHA1 10537b4da854cfc9564f62029471e99f2b5b2add
SHA256 db7f33e59dc730faee20aab829da35a546d9bc486f72f8fb73754d8a5035683f
SHA512 8dd213d2b8bb7a287e7722a82cd99b08c55e5d1bbbd08c56d1874ee3d99911435cfe3b73c6ec51cbbf6452861d249263d66381f69ba6c7e35a99b1fd9a2d3a00

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\datareporting\glean\events\events

MD5 ec53fe4125ad26fad07413a632d8ab15
SHA1 1139ebf338d50b8ea60de6618bd0c7d457cc3a28
SHA256 352c22eccb549d863e3c2706b4dcca4c96c7e00821a28e98e6a0ada2fbeb4316
SHA512 ea3dd9af90c1d38bccec6236eeb90735428df60bddf2d9fbb470d9bc502045e9c46c1a7484c71cc514179a0c048936bde89f12d1fffb94c77ed75de642605f2c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\datareporting\glean\db\data.safe.tmp

MD5 4d1dcb79d50a42796e76524de3ed04d3
SHA1 a19646649f3d82e757d65ff27c846c14e9532c40
SHA256 55266e24b9620d4b6fb005ac72b650a9bd14c83fa5f129d3c72e34fae386e4e6
SHA512 518f5f75e419a21cfd39c73db37331a6c4aa9df27bc90fdd52c7de290477e176b3a50351e215c0a12a7e98fffa7d7a2656d924e746a0156433bf3e0b25061d90

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\addonStartup.json.lz4

MD5 26b2e2562ace83a36e683f37d5c8de4f
SHA1 0c15157c93c0d9d3002a3bd3be3e5a17e9d0d668
SHA256 6023bf545bbdc4a8da12844d7ca59ee3580a89931fc1bc9ba893adb378945910
SHA512 31a709689f705336eff27016756d2508481eeb86f2cc66c302b0f8d236de9b518a8b43500776960c63039d4dccc45fc11d674658579c82cf8f5593a40cf10c70

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\datareporting\glean\db\data.safe.tmp

MD5 d5fa1a1b76b7e126f9f079aa24557852
SHA1 2619b3924e0a6bd0a6546bbe8b281362f744da4a
SHA256 eb707f37cafc8ea3fe7aa22d81e31e04877cc2243d564f83f9f534b81266b32b
SHA512 c8feb9d5586f2b6cbeec429b01f4ee69b35b1e9762eff2e3b46de8183e498372fac3f89d92de02d5225141bfd5f887fc3322dd44f2179b16db579c56952637cb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\sessionstore-backups\recovery.baklz4

MD5 4a523c8958209a33c7fc53d16bfdcdfc
SHA1 63d42112866ab5a1b871d9d0ffb4d2b65bc24e7e
SHA256 de84d47956b0336dbe4c35a4bcc3dae6ed3eb2863059669089bdfb836f676cae
SHA512 ca596773a322c10beca0c05d86a7ed62ab920fac564438e050e18aa2c26c24e1b384a982e5d94042211c6654f7f7a2e0d542dd25df31ddd91f35102103590e44

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\sessionstore-backups\recovery.baklz4

MD5 e1a11825c57e3fd20ae59c44d6cbf7ec
SHA1 0bdda7f0e5deb14ab08134aedf2f21f3a5ddbdaa
SHA256 27fd0f81210b644ea9fa876c2515e8ad55ac1113915a06bcb17c4c25bcb44a30
SHA512 8e3ad7c881146623e922045b3077615fc6500b5b4f3157a8d740bd39e12f8afe700cf7f1f6dc05a003d772e45bbb4b8a364b4e4d25acdd67e58d9eea7d5390b2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\doomed\14129

MD5 e8533d0046092523c39ae6a408bda4d2
SHA1 1f7ce1516d25485be84b7d39428630ffcd2cadf7
SHA256 3a5fa279b0feeef551b5405abecec5ef775793e5a2cce08b04feabb94e2875bf
SHA512 d18c017876089acbdca029e7e891ef0d111470140afce85346a5b270aba3e1c012de435850bdf70138db486ce963abd1ce245fb9cd51308bf41b56ca80324210

C:\Users\Admin\Downloads\convertmasterapp.jwMPgwFO.exe.part

MD5 ecb13418d209631639f3e4fb378e940e
SHA1 fcb44c7fe6ba186dff151b173628f33b1fa750d4
SHA256 46b81c77cf9101e6d41ee948c1b935664680180129265cb83d11190e94c627fb
SHA512 d64a396319cbfee6bef29b1604671d0d2baa6e3822b9caf327d248650ecbb74bdd7e353d8690b4543db88c62ec19fc32fd7c786881f10de5f54928766906a590

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 0df798a0cfe0d431abf5e2f51eaf7eb3
SHA1 71c04568a2b6bdedb7cd8070f73e0462ad568da7
SHA256 4e9e5b8075dd55931487d58b96b9bc5466b21e301777c0d8408eb0a033673fb4
SHA512 5211874d2761d22703403a6f6f8df3c301a8d86cf8c8e11818332169c83ca26d1b3368018b0af51bdac49b16cbd9785463ff34ba0bcff3c6eac5fd99185bd5b6

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 b760889075caf801a175793b06c11102
SHA1 28d23a2a537af657e75c70a745e63f28ebca5040
SHA256 4d4b988b5a361ce6847f94d90a4fc4bad9395755c8b05b8a39411260d1433861
SHA512 7f711716d8056c905628843d5098ecbc19142feeff6b820107754b7611bd830703b9113c6d63e0829a21d0d6129e4847b5e14c9f90a95d30abf61699ae59412f

memory/7044-2383-0x0000023FB2810000-0x0000023FB2844000-memory.dmp

memory/7044-2390-0x0000023FCDEC0000-0x0000023FCE3E8000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\storage\default\https+++www.googletagmanager.com^partitionKey=%28https%2Cconvertmasterapp.com%29\cache\morgue\10\{e4611d30-75e1-4628-9cc0-3bb0df89540a}.final

MD5 631fe342ea671e3a98c99521a411573f
SHA1 62ce9cc7c2cdade5ea5c167b41510ecc4adb234a
SHA256 3e26b067bfcbcd77e0b1089dfc9f891ee8f16c9e868e50f30da3ccaa9d4bd0c2
SHA512 795087b3bca98becfe410e346dd5288a38902bb79b996891554133b5c10583d03c0a3c26f96f89c9b3e6d8fe69dc67e86e9fd468f7476d1b47a88cf2d3db084e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\serviceworker.txt

MD5 bc6b9877a4f4ad6fbb2fbf2a7f853865
SHA1 57406884aa6d29d6154d74c526a6633ebd1009d9
SHA256 612282b1eee30df8e1d24d2197d985323368f73800f4fa60a5597217ae4a2b2d
SHA512 cfdb7e30f6bb08a70c1a52031670e3da5f195345d7e7caed524b78eb2f6b8639f783de4b02206ef73b097233150b2524080c9911ce1f21f57165324299de38a2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\serviceworker-1.txt

MD5 a5693d819f8ed26b256493d2a63257ae
SHA1 5e288fe3b0b3301224c7a69bf489f3138922a229
SHA256 0343987dac2df8796c3aabaa49ff07176b27d4acea7de837ed9c459ec622de88
SHA512 7e1f2cf0998ed395ed91603085ed63fd3f6377feb0cf55c80395f0bea8d8a67187c617ee4a8e9e5c1f9025468a8e20df987d5e5e8683b0233aedd7493a73540e

memory/7044-2431-0x0000023FCDD50000-0x0000023FCDDC6000-memory.dmp

memory/7044-2432-0x0000023FCE5C0000-0x0000023FCE782000-memory.dmp

memory/7044-2433-0x0000023FCDCF0000-0x0000023FCDD0E000-memory.dmp

memory/7044-2434-0x0000023FCDD20000-0x0000023FCDD28000-memory.dmp

memory/7044-2436-0x0000023FCDE80000-0x0000023FCDE8E000-memory.dmp

memory/7044-2435-0x0000023FCE4F0000-0x0000023FCE528000-memory.dmp

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\0E87725FBB019DDFFEA0D3DD84613A2246B985AF

MD5 0f33d3fa4660de44e381ce6f45fc7460
SHA1 e27f8022587c9f475b8d7c879059f13ecdb9317c
SHA256 e6d13e8601eba36e4511de62424c7e1b2706751f6e7a0d9b90c576281fcff3d6
SHA512 602fd7eec0ce303b7184e91d329631a9f4ff917a701fed3eedb1a448a6cca1f416d571eef7fa1165212bc34888f5e3660b4aa6cd198cde1a749fa19cedd2f2a0

C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

MD5 f1d936b6736526d30548f6c741893b2c
SHA1 319da381e7726157e7e1fcbdfbc755aacd388aae
SHA256 509971cc4f405654cc9d21d680482ca3e54d9eb3ada3e256cbe383aa7efaa77a
SHA512 c937b000113e062349996750931be0814c6d2026f3714d6f60dff8f2c844a829f57b87c4605cbfcc16ec562db01e8ba08f4723233d7a95bf52d357cd6a460594

C:\Users\Admin\AppData\Local\Temp\Master.Files.MasterAnimation.mp4

MD5 f43c286fa3355ff2c4efe1eeabd8ba65
SHA1 46e686bf8a8075e6001e67ead3ba9c62e027d7f2
SHA256 c8b315da6aad11b0a2c6f4ea9c42dd915a3cb3602a4a68bf4596e7ab81a217fb
SHA512 e5de823453392a8ed7d4fd0d87207f591e6bf2d8a2dab870aab7c124a4b64b612e20ce74fb3e6a3cf150d40cd6320744c261313ceebe9a314a89b873826026fd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\sessionstore-backups\recovery.baklz4

MD5 172689ba3131a162219209271bb84ca7
SHA1 cab62fe0e10f3e722dc3f83e91dda75fbf903b5a
SHA256 a1d7dd34dd95679f872c8d0f2103b772e8f1b0a2fbe48b1000c0b20e334388dc
SHA512 9cb8da5173d14a2e75cd4df1cfe5d781c63739a6d6a19716bfe868c0e7247840a96f1afbcdeed9ad60ff035caeef13c77786f5e07008c24a064395e93efd5da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\sessionstore-backups\recovery.baklz4

MD5 04091b94642286bf06c21d911cf7d120
SHA1 b1a04268982eee7b49a79722ffc8fd877751a324
SHA256 9f0da51749089dcd7db07cf3a9c6ca195f573c8fc1021748450b5026717e8e61
SHA512 058c3a643dabbfa2bbcebd6b757a7d3dd3dcc373fc2a0c27a8be35f11b8092e8e1347cf1c77ccdbdd3287c60bbce4d2478208035957784771a6a77985906e72b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\datareporting\glean\db\data.safe.tmp

MD5 a46fa864b125d0ef57fed68933c46c3b
SHA1 3374a2e338ddf883b97c8a319b8f040b1da91813
SHA256 2d2ce79cf25dcb0ba86c4f96c592a9712b260716891df7e4a15d58d064ffcabe
SHA512 b4b9c684f4c44c70653dfc6568d2bfa37116a7813bad1e952e6e47e71c7d58892d9df5a0ce9890206daa7bc7ec19011707426ed45ad19e4e36383fe836318cf4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\datareporting\glean\db\data.safe.tmp

MD5 e8f1f77bbfb31ae86405f4d1f8d06d4c
SHA1 252ace391241ab645d19154962510a733e65614e
SHA256 192e591650079283c9707f85cad8080c1899aae552a4abd6d378878c964542c5
SHA512 31e74ce743810178ba6259309e5d44f9d8063b1863076a4982abbdd790f1295081271aee85e634c2f4deb6ced0d27ff05ba659591b074bdd9305af9293620c7f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\datareporting\glean\db\data.safe.tmp

MD5 cbd67558370e103c4b4ad4964ae4eadc
SHA1 ec967f4670693387be7c56f4bbe5e68aba183d87
SHA256 e90256a2a86ae3128a235370798c95129f773a32c0f85a4292a97c9cee07d1a4
SHA512 1c36f68abe896e6cced34453adfbcacef17bd9003e1ca745358d5a82964d6fce00a46606c72466cee2e6136f7bedde21218f0d13a8f6ea72fe30389af4d93a8d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\sessionstore-backups\recovery.baklz4

MD5 2ad75ec9bf6c7fe8b811f2f8ce052282
SHA1 993ccd4dc50be8853279ab3ec2891f596a373c77
SHA256 415c6abcfa06ff5df72961fb89d7198b795efcd80bd55a6ca049e2f4d2126c84
SHA512 b540320f77050471e3d6abbeb7e8fadfae35ba76158d93a44ff2c682ff2e4f8ad57ef61cb6922708919bdb0949728ffca97684488b84ca9b2c6f9de916f4e1f6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\sessionstore-backups\recovery.baklz4

MD5 3d310ab0382b79b2783d22cdadd60c89
SHA1 18206d50c5c4bc49bcdfd6a424faaa7345e03d96
SHA256 d119547b226f00050c31b5f9be1553031e4fee50fde572c60016b5988178ac11
SHA512 98c6054077ba58a5a4979dbcde687e17b3876550901d6d97f61e8e6b04b35e5325a2dc671678d545b8000055a721b15b6bd94e4a788a158a25eb48ebc68a3300

C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak

MD5 7050d5ae8acfbe560fa11073fef8185d
SHA1 5bc38e77ff06785fe0aec5a345c4ccd15752560e
SHA256 cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b
SHA512 a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\datareporting\glean\db\data.safe.tmp

MD5 04e0a06ac547a0849467f4faa536001c
SHA1 a2795927f5c07c14449f6134a501e2e2630f1e20
SHA256 15a5f606305b62e2bc58840186c172a83455d0e81fcc8c18ba8797373871b82e
SHA512 09d489ad176148fd3d29a2c0a221e88234897eb9ecf19266ad12f5c7e5222f8befbefd51dd7b56f0c5f9838f334b29b0ae7810f21855595158cff3d65eb623fa

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

MD5 f3556be88199a391d69a9d4f2c498962
SHA1 7a16275e6ce5cacf3d6ceda7d08dcb48c14a28e1
SHA256 e05a4794aaa933839353195ca945ade780a90d0aa6c3d62c6f3ce5c6a7cc483c
SHA512 69c5ab60d2a6d3bbfafeb32614ba8e87e48d5dfcd427dc7b414076fd4393459ccf65f6a1b3c1c4b2a54452bfb3e376dc006bc4fc7809a8c525250f94a336d41c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\B0BAA4FEB6C5212D0AAD5DB46E86952C2890F22C

MD5 f7d2a63c93ca7699e9cbf8dc0d40feb9
SHA1 f79dd7d4566dd3cf8b9e5ba758ca1168761d705d
SHA256 fc5fda713f4dbe3044a8ebafe0cda1c1ab3b9d5f0b793610bd15e5456532b7bf
SHA512 fbc74007d07c9110dceea2801ac4e0e46ce3f5718cb2f34053c7467f3f61fdb1dfdc1f7e1e501d2a5c6f7f368dd1b33541e10841d18c00721bd7e09ca3605674

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\AlternateServices.bin

MD5 bdbb85808767529bbcaeaa1bbc1f20f4
SHA1 36374d20c88a21119aeaa4d3a288c5a19ab2b7be
SHA256 58851f58f8e0733304e4b3da88fcc9cd5f9b102b538d28fc9e4c5129980b737f
SHA512 8fd2438c64533f050111eec9cecafc6b9fe2157f32394c2939c7f708c51b8eb83f75e8ff6b1f9a5747c14d8c1cc7a79d80f820525d3d6f08055e8219dca94ec1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\sessionstore-backups\recovery.baklz4

MD5 6676bf8ec1b69e4080917770417ca1ca
SHA1 e23233106e1bd91136563fde5080cbe711147f2b
SHA256 cd08e94b2019a2c312db44801d6530beee2ac7fc32e6e067cbc58aaa8d65f3ca
SHA512 9a4a029e98b1f807fac2fef74a71cdc45b621ca7b623f15bc935bd35abd724d565f54b7e6335e5c400f33b5b9ffe7a4f58352b9e805850d3b1ab1b83013e5ae2

C:\Users\Admin\Downloads\Acrobat_Pro_DC_Set-Up.exe

MD5 98cb6133f50caf53eeae3c99b6047035
SHA1 d842ef26c022c209a55ed4978606792e0a094ee8
SHA256 294357c00297206ad1355328c9dd0aa19b81299c89fdf8607eff374318466775
SHA512 1756b5015b586ad1d72548d94a60006444cd569b4f1716268bf5f4a7c007fa230a272c07e1d90486a18571474eaaa6f77fe75b3a450a3328d1eff8abc7461797

memory/5924-3192-0x0000000000F50000-0x0000000001434000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\{6F2433B2-EC61-43DD-8EAA-D9089A0B0738}\main.html

MD5 f7fec4b634be87eb9169acf0f573ea61
SHA1 057fdebdef987aaaec6671afb03dfb80dfcf850b
SHA256 95a4d69a993255219eca6d8c9da2391d045365ee1d9a58b857df73fa0f3c9664
SHA512 d945b7756c186f2d6968e42342b5d41e9bd17f7003b898b424b4bf633c58cf8ceb464635e49a5884eefeb14de9f16defdf7f0097ed85ef5583fd97e2c0f4361a

C:\Users\Admin\AppData\Local\Temp\{6F2433B2-EC61-43DD-8EAA-D9089A0B0738}\clean.css

MD5 4f3364af3e396f92a8826532bfb1a7e5
SHA1 7f7b613435ece78a358f2066287c2f2c3c6aa168
SHA256 45b9b77499356527e9047256db96a542a720bf075d67e9f6ba55d51fd562339e
SHA512 c022a28656483106095967ec4d57eb743d04f029406c2c553c9d19c103520e274c0eea19f411bdb7ae16f388211c456a413df5a0a6097036deb0010573d49c72

C:\Users\Admin\AppData\Local\Temp\{6F2433B2-EC61-43DD-8EAA-D9089A0B0738}\lib\jquery.min.js

MD5 6407e5047d51c05aff0294dbfa08070f
SHA1 f4ca7e7c8c64486423ac74b7d8674c61892b8f48
SHA256 c607ffd463124f60d8569dc49738df743dc304fac7ffa19477b4794ce0fd5486
SHA512 b87541d35cfcba4d5831d5cb48f729a2d0b850617956970becd5027865f6ffb1e21315e27be28017d0c6e70a2d522acd90a6986bd13fb04ccba9937f016420e5

C:\Users\Admin\AppData\Local\Temp\{6F2433B2-EC61-43DD-8EAA-D9089A0B0738}\lib\jquery.placeholder.min.js

MD5 e13f16e89fff39422bbb2cb08a015d30
SHA1 e7cacaf84f53997dd096afd1c5f350fd3e7c6ce9
SHA256 24320add10244d1834052c7e75b853aa2d164601c9d09220a9f9ac1f0ae44afe
SHA512 aad811f03f59f799da4b8fc4f859b51c39f132b7ddbffadabe4ec2373bd340617d6fe98761d1fb86d77606791663b387d98a60fba9cee5d99c34f683bcb8d1f9

C:\Users\Admin\AppData\Local\Temp\{6F2433B2-EC61-43DD-8EAA-D9089A0B0738}\js\overlayController.js

MD5 7ce07eeff53cd6a6cb0131462181473a
SHA1 a8370776c2060d2fa3b429913ac7dc5cf2d099e1
SHA256 46a284ef98868f00ee3c49dcbb1582e83b3ffd88b6e4266d2e5032efef05b8f1
SHA512 386471a662e249b4fc559782d9c55f8a025f6c3eb6245c015f630875a0cb84ef193c37dc12335aee39160ce3911219069cdc3beab0e40019e07f1b0817be9aae

C:\Users\Admin\AppData\Local\Temp\{6F2433B2-EC61-43DD-8EAA-D9089A0B0738}\lib\jquery.custom-scrollbar.min.js

MD5 ab3adf4aff09a1c562a29db05795c8ab
SHA1 f6c3f470aea0678945cb889f518a0e9a5ce44342
SHA256 d05e193674c6fc31de0503cbc0b152600f22689ad7ad72adb35fcc7c25d4b01b
SHA512 44dfc748d0bd84f123f9d3f62d5ea137d9128d5bdbe45da9a8666d09039eb179acf0dbb3030e09896fd61e7aa5ae6dfaffe9258d80949a64d0a7e45037791fb4

C:\Users\Admin\AppData\Local\Temp\{6F2433B2-EC61-43DD-8EAA-D9089A0B0738}\js\mainController.js

MD5 5fe57e93d9746ed5c7ec1ae2f937f3c1
SHA1 2bf7c623f7ab35c34298b59df3b7ba2223fc93fd
SHA256 f1962f0f897831c7b62e7f7a36ff08efc47271941897a0137df05637c0585f31
SHA512 0bba7ee918f191f15ea10b6c35ad1c3899856515c62da5bdb970469b90218e6634a96b5a174a0017c19bb9dd835d6364de3f08130c2c417b2ded2dfe7207ab1a

C:\Users\Admin\AppData\Local\Temp\{6F2433B2-EC61-43DD-8EAA-D9089A0B0738}\js\utils.js

MD5 11671543588b007e7be2af6c784cb8ac
SHA1 84c86bb07a59ea951a510a7a7ac816b478598bd2
SHA256 bc354f2e25fe40ae21745c51b06d8f34643e238ee67fb94f5cd59c9b56ac17f5
SHA512 31af704991693747a74a32bdcfebabf31d98e2a47e69fe21a53c852b4c30de1c526ab602c530010e37751b59f6ff308c46443bb48fa30ed688c384fa0df35afd

C:\Users\Admin\AppData\Local\Temp\{6F2433B2-EC61-43DD-8EAA-D9089A0B0738}\js\main.js

MD5 2e5152ef501b03f8a64c2c1e8fa447cb
SHA1 be7ed7742bbd934d1846245e045baa75ec2a371f
SHA256 6e6d25b401d8969b85ea88dcc700cc8ea717dce63fc8a37ef1be7eac4b03805e
SHA512 1a4c889fe5b24bc3c4c122dcad2e5e284fb14d758556bc0194d1d51a6d443600a9c49ad3a4e5dd8dbbdffc7a4595f1da67ea85d89501b3724666f63f9a21764f

C:\Users\Admin\AppData\Local\Temp\{6F2433B2-EC61-43DD-8EAA-D9089A0B0738}\lib\angular.min.js

MD5 460bfef99b405c239b8899cb8564b82f
SHA1 47284797cd14f803aac4070e28fb77eb009ebfaa
SHA256 17f913d3f84223eee4267c50b3381d9ef266318ef1d4b5477d061fce71880083
SHA512 a6960249fad08d288f9b65a40c5c61b31c9408e8de6fed71c2eb35f63e568b2a1357a955f29fca312bd459faeaee422a70c317626e56884c3db57e0314ef3cdb

C:\Users\Admin\AppData\Local\Temp\{6F2433B2-EC61-43DD-8EAA-D9089A0B0738}\main.css

MD5 173f4564d44f1e248c25ac9ec65bba01
SHA1 00c83e8c540bd63738bb4288219dc9c42ff072b4
SHA256 50a5072c2e451b87a9160e33313fc62cc43ad60b6e6d771d4bf841355bf842cd
SHA512 60e79c815804d0fdc84a37168970cc5ad03c5286e69cd241df169fe6dbba76d26c1880ec9b53180edf9eadf960e831d0fd8038b005883e6855ed0719403dbac1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 df62fea853f2913b414abc95b280bb93
SHA1 37383976f7b9ede25c6224d99df0ceb680a39a07
SHA256 e4427dba92dca3bb1ac51f245d4a9cfe333773e36c4639c6c8913f82bb904e6f
SHA512 1d446a583ed2b35c89dbf8cfc633466621bdd2d0d3ba9684a65234ed52b82eade1b3fb637edcd4d5091f0ddbc91e094b93344e86c981cfb50456e51d9943cf5f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\098C23E862A58EA080491822948A1D0BE6A2CC19

MD5 6b9e505b2d4744fffc33e52883a0754a
SHA1 00450eea029d29adaead0a2630ab9e7caa9f000b
SHA256 f8797f08fab0123cdea61bb43b4c1b14c665bbbae4b17c9f189628694b8dbc27
SHA512 bd869a72066519be0de9ee927488d226fed87be8d4ba087c510ad103dc0e33cdeb520626fd49655672e4a53be1e2283944dbcee576fe499d6920ec3eb5c0d111

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\151EDC5AC13201CD705743AAA4E96533BF09ED85

MD5 8c1debb787a34005dc4748aa1786e55c
SHA1 1f8aca5b895576d9e51c62bb38dede29b47e80fb
SHA256 981de29b86542377e4f4c298f97010f714e5954d0d22af914172b5acdc295573
SHA512 bfb1913cfc1b2a407bce2b7b0f6974c0bff2a65b5c7a566176b727809d1983b91ca29d9c44ca2f8bdb43c872fcc38c2dfd6a80d4d4b9b53c2decbbab11b3dbe5

memory/5924-3486-0x0000000000F50000-0x0000000001434000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\sessionstore-backups\recovery.baklz4

MD5 b2b8fc9ddb044aec063f0fdd4c38cadd
SHA1 2bd08e3b6962c2d566456715d6dfa4378da18098
SHA256 61d1fc5e7de423289c893fbfe89b0f523a63a6b436bf856747b5728676c291be
SHA512 04f6278b21f3e37b5ccde9559e2fe6be413880c9c4b83a710d780f4c562354326d367e660433e92eaba3a8fcac69b51ca2822eab69b107f546689b631ef0b5fe

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\872EC49D3848487C409E5A4E3444B9292C85BEB4

MD5 6c3438a34ed211b8120cb64e472618c4
SHA1 9a6142cfc54a28f40f7d9d33ce839e44e6886f6a
SHA256 7b9479ca673c771e6da4173acf6cbb298c295e29cd41bc3c3e2293ce9de4b347
SHA512 fb30e84b52c5418fea74b83c9626604f381045eb03094e6d5e46f023be304d098b814bed0476fdd829f15b5a714319a2b97e93ff37d1af11ede535e23015d476

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\80AB737C8C241D1E62A79CFF3D915A82BD8B516B

MD5 47baac041c1c59fa455c05c50e3380e0
SHA1 1175bd5c38b17ca275ada1a687e869804bbba35e
SHA256 bc8c813a158937df01c151e02f0664cdef2d5b244414d8a06994086346e68b5f
SHA512 054623a0b8b5a1678fbef6ff9c3c0e8d7f310db67660906da4c8d29c91d08470c11c41bed331dbf039736d16181b518555fd73317702304e1c504f72e0c32dcb

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\doomed\12439

MD5 e59bc02265ba4d1e95adc198e9981500
SHA1 2cabf5ccd51655534a9368346efce895a0f07e3b
SHA256 ef4439eb6ac08ceaea85badd2a337122610f98772e355fb35f07d7cd8b6df42d
SHA512 43acd54a79e414585d08104b8419726c1cec98f80622d7913d3acfa729303efcd51ccf83f8d78b69ea69f9d3a1bf06d406d900a37a768cea4203820a21a369cc

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\doomed\21338

MD5 f69de2ebd5cd3ad55944243d6e8ca0d7
SHA1 5ac728e12f99397c29b31ee1bc2e593594b35310
SHA256 369dc7cc5e1129d6df80e790956151203986f5051f1ed952e0d1d011bd5aa2d3
SHA512 bc3899787b882746f0ad595bae10b83e2625b68d57ac85027d29dbce1dd5b464d6d74b1662c689a743fd2e7ed6bd2d8cc74cc680f3b77c93273b19b588b28ce0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\sessionstore-backups\recovery.baklz4

MD5 b35946eb6846d1e965d90aabde77dc21
SHA1 0d259d4ee8be1b5153f30368e007cf59ee16ab4c
SHA256 f5e72a03ca10017116fa2647ee7cd5630d1e944c1af6d5a5d322d40f26ca92fb
SHA512 f81dd7581cc7213aebb8b3155925336f335de92c50081a2cc5af21d39820eb2e83bd9786e9325e9aceb586b329b10df44d93f0281ab286399c77a7c8c28ac807

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\AE8E8AB0863315B74E0D9C056D4872B4AC52F032

MD5 b96db2610d7029290e70af88da84393e
SHA1 863d73589debdf035c87606c977528a84514bb42
SHA256 7c75b38607237686f70d6d7050add41432d63164c4b649a674cfcf70e890a787
SHA512 528be2798636e8dad6c5f09ad36a36a402d6e59811cf0911901ca80ffaafb043e86e83d8c86d5b483d065fd7c18e72936627f29c0566aa7275a458e9a81c10b0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\FFEC67B66A787CC9D89DAF51FFAF9109F2D75EB3

MD5 f01b9defcd7d5435d5322df9f2def5ad
SHA1 ddde780cb364927a93d5170cd400f5925f4c2832
SHA256 30b556f2bd788499dba2b280a45ed817f5f95257231fbc57f89430c43ee4c8ff
SHA512 f83a3fa05872dd37d48f81d82d6465f0e78e3ffbc1033ff5634b9c606abf7e95fdf2deae2e9136f1cd672857df0c92ff74134a657a27579e661aee66a71b7e8d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\storage\default\https+++www.filehorse.com\cache\morgue\233\{77ddf347-4999-44bd-a020-0ed8218fece9}.final

MD5 57a8c7dd0b82ad6990625e187f9c4aff
SHA1 a51e87aeba0dbca1fc232ee6b601e692c0fd86fc
SHA256 572d7ed8060b5b48790721c129b8dd0d66cc886893624aedac74243cf7a4c84b
SHA512 72dd007480c76a16f28ba8868004a48b673d2aba42f472525af7f7dfbf8ab36008fbc2ad523ff8e343ef9059203abc96ec2ed488fdc6f507884664e6ddf16bc5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\21A3449355548A7BC2A8B36A5B3F57B6F93C334A

MD5 42cec8d97de0ff98490dd147421baaaa
SHA1 03ec572e67fa9c9fc0dae6f9c2dcde4bbe98e4fb
SHA256 2e579a4477adab93f77b8cf04f67cf611e3e35ea017f3be05c4eb2588d7b39eb
SHA512 e28ef8f3a11e6cc9ca0efe0e3b4182556fb8b0aea98c38b2bc21daace2778e1cf873f8774f017b2e1331f92840220b4837a8131fb577e0c8711f25ebed404300

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\2F3C917358B453116B6FE9CC7320F3A1ECFD7611

MD5 84b221ec943d0b535bc17944e76eabfd
SHA1 2786e28a4e95d7fd9a960c1b1226ad62a1362ac8
SHA256 f436fd324937bca762fbae9270bd196a2d608f237dfeb502f4b98441d0ac255f
SHA512 4970247e57ff0ee7a4502716698f9d6039f2d56f0c8cb0acba40c206d933557754903a471bbe84f491001bf11ce2208575ccad8cc94b13e40a4d44ff43235064

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\20D9D25C30837958223696479A79D4FE11EA4EA9

MD5 e709c3ec23c4663c3a7f06a566454de7
SHA1 fb7a548af09101407357d2eab40dc37f2dfda63d
SHA256 35f009bbf2738b2fb39bed40da1d48fd7c225b5b36b4c1ec46ffd9a540c7f72e
SHA512 dbb5ac6da02c290d1af4b5b5caba1305be9071d8241340799b01d6f0844cd08616dd2576b849507c681940e49f83fd270b4ac3a6be14619c191bbc37f2fb331e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\DB5EF89A4FF0FFCEC74D80CFFA7145EBEF3E1E57

MD5 10508c932b438d616a6577c5b59c2f9e
SHA1 5ead9ca1ec44259ceca56375a2d93609f44b639f
SHA256 df25845f4648712c71b6d6176c4ee9bcd4b1b3220688feef8c5c297c6bb6bcba
SHA512 8e5c1b705862ec11542fdc9f9bd71404b180c5e71b0cd850bc67ea599b310bce7d82bdc3255ea0b316196ac0c822b55cbb39632d9b043d8940691d498a2611fe

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\23E547F5094EA9C42230BFC161653B6BCF88A8CB

MD5 bb8f32e636357db3681d924f4b05be8b
SHA1 d1246315722af2f271029e403e5e3ed0ab5988bf
SHA256 83f9349a3467df225d8016752dcf416c4a675d267e64cd71bacbbe35379818bc
SHA512 8876d3f2ef608378bac4c12c7e571c15fe2a4b6d7595e4ca6e67d91c474ce333a8632c1f46906be4dd2ed72d12ae3996651a77ded122eeaf7e9a05dc3ff97b06

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\A25E2D47A952DC30A9BDC8E4AB4EEECD3A710301

MD5 291c314fad2da0838f227a0fb41076ab
SHA1 b14fb3cf8377111a1100141dd9b8e569a70e0617
SHA256 44ffd6f6f61219851db05506c398847dcfb380bf3b4085ecaa91b2369c5a59c1
SHA512 8cca752d7c693035d7c06fa04c8238949907680af342b0098d229d5305f1e6791810b86acd9fe689ae9efce62246db283ae7e870b9cae5e6e5110e4d70e01f33

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\C74DD3952D7756859295DF1E5B61F5F9E8826BAD

MD5 a0b9c2d63f89effab3297a546e668824
SHA1 2bacaeb77aaa44558360b1ff43b4e5264aa056df
SHA256 445f23710f0f9ec35621e8954e6b1e375fcdc3ff79fb1ff491b66f356e2b8c28
SHA512 9af768956b53b8de14dce74c331fc03d6436052b1694ffc31b25174725aef2eee7b0aac52e3750f98fbea33f7dafd1d8046e07a425878272212cc69958f06848

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\54C0E4AFE301A649E239BB31E43AE0961935546F

MD5 bc29d0fba7c54ee5fc6cc28319c12a34
SHA1 cf6f874e8c9d4c191bb5fb8cd094248eff886a62
SHA256 ed6e614f91cf3dcd647b66cf70b43b26b60f3783ca4a33158620af7957557195
SHA512 90e545b4c6a68cfdd8c24e6d09147c79737dc0cabb66fd4fbef29d8486a5b7717152fca1e2a387d33056e7894d959df779d71ec0f64959364326c4f48964edbc

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\AE4DC0B71496A2F6698910BCEE7E9285649AF209

MD5 08f75e17ce805ab917f0e41574c5b946
SHA1 ae7e0b85abbbf6a0b9fc35a32063ce5e8cb3c3bc
SHA256 7a83413ae611baf65403c4ae4f22f29645d742b2825e5e5ce97ce2a0eb6f2d83
SHA512 2f27782665ee3f1e49696df7312bdaf4d204c1367ac6f9d28735d5a2306187855cb17f2f5d16e0fc1396827a7775c8db6919d349c8c7f8b95f427cf08c01e42f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\51567ADFA342BCC8584E0D12BACA938581211EC8

MD5 2e9c8679d08e9d80770efc99fd92445c
SHA1 c79a9a57cd7f844c91c0696ea1e895a48d2b4b57
SHA256 c72e837a1f944ac8d52b6baf6231c8c21fd9261dfb4457c4715e2ee8539a9f9e
SHA512 0d2c65c52b939e93b7ecc5a17421d6292c2868e94c7ab9afb8d497ffe4a0466d901df5436d0be9d4089f1924f014701acedce3ab0216fd4813af90ab2880800c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\sessionstore-backups\recovery.baklz4

MD5 04f8754de0fbdfe525830c14d9fdbea2
SHA1 c10e11dd61ccf2172b211232e1d84ac9809a08cf
SHA256 f0aaeb46053a5d715023507f082a7cd2c140b4a258b105a0423ccdad4205391d
SHA512 286cf1a125fb681fae78144b9c17ebfe3c9c1000e9b20d080c5262f02f408b70ba8c9f12a621b55a1d4828c633c6a690a0b1c19a7b1302a2e9daf8b983de5ce3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\storage\default\https+++www.filehorse.com\cache\morgue\239\{d3f9384e-f988-487c-8e69-b0865b17b8ef}.final

MD5 5ec45d8be4d7e6facd1054077ef2a8bf
SHA1 bfda52e6ac12a9d3228cf3ba369dc55911cc6741
SHA256 8ee3f3c3d48c01ba662b007838343d717cd386e81a23864b4b0c1fe1280ef074
SHA512 f6565fe377bad86c3bd31750ef454db288991599f856a0b3f297374c2b15935c97a08b15baf3d307f4a749693eec2dd8c3c68cf81e4861da5001f297aca69201

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\doomed\19609

MD5 6353c7349639bc3a3228f5c4f3c15580
SHA1 2f1b53de36796f9ddb5be34200c4d3b5663488d6
SHA256 e19f06733bf3f3a2d0b20f15db8f8e353de5060bb17c0943a22d8f516a45e917
SHA512 10140aa4e526de5f51bcc686b2ce33ddafa4fd26645ee82b30174292e303a4098a8de63897918e45bfa24fc87bb58a68b1459cd021ff384500dcfafc601ff59e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\D4787779B72A847448DFDF04B79285637512B34D

MD5 ff479b98dca5eb10ad4267db829fa45c
SHA1 09c1c03f0d9dfc857db8b09e7efadaa003a78aad
SHA256 581110f275a0fb06a0326b2d13467c49932602ed1115182e6c3dfa30da20154c
SHA512 e93fe3079e743abde1e00b0d06bfe03f357318dcb76b4e4ad5ceb9a36f4a12bbdc32138b4deeec5eff4f5c41eec55b548c2d71b3cff0719f4d5b29a31a78a054

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\0EC6A1F7F1C5C8EF5F9802B3ADC006A55BCE8A41

MD5 8e81f99d752b88ab14b9e5b5539429ac
SHA1 3303e6a04534f8da177516119d44dc4d7362bf05
SHA256 8c7559fc7b052553a556a2d8ecd211f10bc2887361c71c16fd212de85f870ba8
SHA512 e612c35bba3fe16318a656a575889abe560346172a65607dfafe1567866720b662dcf93fec515c07610f29591b0fe61aa43626007091778797aaf159cb70dee8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\F8579BBB21CFF672086058BE4DE14F6DF5A61BC1

MD5 6f7db17703b06b5d623cbcaf8dadb880
SHA1 5ac7da1a35ee1a635c493b70dbf3cee0fa3fdfc9
SHA256 e3fb336992d1e458c68f997f0ff726caf9ad49ae03e5065ec9a78ed80e0bccf5
SHA512 f7a610a9b682465002365074265696e61278ce42c0077072245d828ece1259dd49bb6708028f244ea0fd7dcbd0725bb9fdc144120262b2ba03756ae13f43b875

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\69DA92468F7FC1831ED459246B1BFD8155DDADC3

MD5 0bfd8d98773776af94d960c1372c4e4b
SHA1 61b0eb487a2b1539272c7e129a9233981dec7699
SHA256 3bfbe807622efa3fb3718d64a05b361173c0a9ad41dfc9eff17820e0b781710d
SHA512 fd12d5c4917063069ac0ebcbc400e969b29b86e68c582ded8b5c6c79be4811ca1908a8845f66a94bf69e5435e0d870924c9e2fc269e82bf6fea14f4ea32272d3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\90D96C8623C42C4CDEB4576BB8DD3FF6E9D6326C

MD5 7ae88a94c072a6153b4f6d780cf7dde5
SHA1 c42235ce20d807dc5fbd04664fdcd1e6103394bf
SHA256 a3012cde2b25ac25d2b99c8b5842de30fb7ad5d92e0ae8b88f0f2485e298c209
SHA512 33b69d94748e429e823194a9de07cd7b2e80068dfdcc1fcbb23e9d8538f56dc98dd34eeb22addd9a978bfd7ae899c0c6ab80e5ccc63b49fd24ff1281e88cbc66

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\ACD9239686E7B3D9FCBC86F8E1BF3F0D2B6F43A0

MD5 33f7925b4feae521d53b01c05c461c1b
SHA1 2c63442a3bc978348fc21582b4b6fdd0ae30071a
SHA256 82bd967358709a9dbbc4b2dc6127712e65bd8deae89568ed7f076f87dc633837
SHA512 2792ab99437421f9c4bb7d04d9794f05d828d936d36d1abcc7f2c7318ff3baf711ef89e279a1aa5394df2657d5796278d707e933194379df344faa772fe12d82

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\33437EE8435B757BE4C7EEB8BEC7481B1A9AF629

MD5 41ad6ae5252bfd3d3aa3781d6f90227e
SHA1 7f564219fcf19f9a7bdbac67fa8f748de151bc37
SHA256 6862dd176111aa409b2b27302af98e967646f80960281f4cbdfee1cbe958a95a
SHA512 cf9b5e5baee383657f970a2f57130637c12d58cc51a2413151aee21ab7f5801d9a9ab736fe0c0c27173684924161576bd0afe6dc5d86d502713e00d2adfdc53a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\7FFF3A5FB5370CBC04A9441302B984711D377965

MD5 f6f56bd92fa6927b1c1202bfdff8dd72
SHA1 ffc60030b8f05f0096505bedaa87a4c80d5ace02
SHA256 23a3dc33771afdf531a32e299a943fef784cd2bab01380fbab725ebb676c834d
SHA512 55c1b37fa353040420338b53d9d15fc7c4bbc526ec830c3d3fa7136fdf3c8edd9e24aa542acacdbcc9a2879701c22c73c32a50aa67a0786b634973b1588b9915

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\D3805C2B5C31B35AC0894748705477961C4CE9DA

MD5 8c098bedae29e504ffc16b7cc25be843
SHA1 f568fe29ac6d8efcae6d8a0f4332f1b83d7f8487
SHA256 d50dbdc981c030b3870a6ebc0073da78e09e4fb807c624cce68f29945c20e90e
SHA512 a28ed2ac419f00700d91cba787220281990d3297c9fdc565d26a22da5af748f57e9bd6705e794a60d3117279c7f60446b48873b8c42ebe6ed67c813163f444a0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\DB669F42D2CA97CF6D72E439EA198C1A1266F9C2

MD5 a989cebcb466a448b99cfbf43934e6e3
SHA1 5fe3659abfa310d9133ccc7eac8d3e60aea02c58
SHA256 e02d62252301c1ac8d30a49cfca41df87e3d7cb5bfa63c787ebb32a5cf0f8cbc
SHA512 8b86b65b769f354804aee0761b518bb4d55bf7797a149d501297b04290aebf9b2a603a7a689732c773b0a9d7a8b9e7247d31e41c0f8c2ebfae91f87ebbe8a7fc

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 76bf482f276e6150eaf2059de9e4cec5
SHA1 427f85105886054bcc0a0b1b4fc6544d7aa526b3
SHA256 b7d4afd374bf2eb37da3f72b5541c8480ac1d648299b0d9806a90f072fe06b85
SHA512 c46ec64eb1af7294fe4f1d1434b48fd61f28052224f0d87ee196796097a17588f76f463959023cabde15cc800d81ced8494d06844cec7c030ab7ac8c6004c3d0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\149017BCAE97FA0D9559698C351C417FDD2FE8D3

MD5 fc92d4d0bbdd45eeae7c760b7737c624
SHA1 bc2ee17fd1338546c5cc2ec01cdc1861c44cd124
SHA256 dc2f68c900034132359f7bf5979b262a6412a5e339c546dd763b3b356e570dcf
SHA512 e0015d03ad6f4bd6aeed2bc67c7765bc626427bb0bcf405d2b1052ba3371af86e4ee237c75e50e1f9311efce3801e5f2cbea73c68fd090fa456bd3672249c46e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\438F071600F10D0F0C2B542083FBDCF08C11EFA6

MD5 42ae2b50d42e2b3c3dc757a53aee459e
SHA1 5ec7e3fd13c02a01fae6e040221d525f29f5f083
SHA256 e4d4ba8038fe3912d6b1af2904b6874eab9181e959a65e8a097eb30cfa001833
SHA512 8043c3457d1d8f61619989b52453786b1d02362d28c4194c90565cc7fd16a94f793fddcaaf471dca9f12295f6c84b9b130efe048cd0e3f59c3555365d935ba94

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\3ED97DEA8D967C55A344037942A87794E8FC23F1

MD5 4496602becd650c005ad54723dd2772c
SHA1 44a7a3c6b7946dcdbae5a5bacd8ade5996329274
SHA256 5e1aec9a1c03e95e75a6bfd7695982cad7e57babbd4800afcde98a0dfadc3f4f
SHA512 2edb2f224bc4a4dd3548a3b0f20000f541af93958f4070daf4e8fc95c02cca33bbada739f40727e9e80f8b83f1251f719933c40f81911f83d3162f42b9fc3f5c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\9987F4F790781F25042170255D873714382F30CB

MD5 e3d82e340befdb009a9b0a3e58f7eb9e
SHA1 a838913c8cc54c378f68734ec709eb499139d8ac
SHA256 9f5f692e992f44704994bde7baaf75f9926489ce65e6eb0c80626e4f0b15e6f2
SHA512 bde4380fa18e52b391ce423f579bc001851e1e44ceb48a4a2c80b66f5f9f16f4980dfee7b27bac9c091f5d882c0e0dd6ca13ebfd2849748d4ca770047953a8f9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\176657BF770A278A98CE9BB989395007F3FB36C3

MD5 de62748b888c6e9c29199009d47632e4
SHA1 39a0067b66a096943cd260a770eac80cec16d874
SHA256 b5c2bbabd587a8d0dbbbbf56c1f7524ecc727932e014d21f175b41ffad5e242b
SHA512 b739bdd779a4bae02348962f29e2c21120f2a7ca0fe50c8e59ace13b29c5aa11300dd421e13401576e1bba55cb4dbbf96f059830cc949f80a58eaa462387c283

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\245D3EACAD973AD9F75DE9634C534675272CC050

MD5 490231e6a4301b20f135f893985e0f82
SHA1 b0f376407abcebf618f58d07b6a6e7032b5944c4
SHA256 5c275561a6c113b5065245f6c4d149f39eedf3edbe04d1b3d2ce0bbd2b001c3d
SHA512 97a3f65c46f59c051295a7b453264093c4ea1268f9ee54c74868fef640230804613f7981ef8d8ac29674d74e557c400dad817d74d3b68b42c690fd75ba62ffce

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\sessionstore-backups\recovery.baklz4

MD5 62c3c04ae185d9a02f2b3c76d23ae816
SHA1 b9f2c0254b7913b8c3bde3aa4e94dabfdbd1e796
SHA256 212ec704d76011cd04e6a2fdd906386eede6bcc2b7c19c454daabd1ef2ff4607
SHA512 e7ce029c6efacffeb7b7b9c469a21a14e9e9163dc722b0b0b4e56935e4b6e28549f3a96f27f5272117435d5ed670cf20eeb9a3e62911e6f7dc8e303773f5a5fd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\SiteSecurityServiceState.bin

MD5 14fb4aa82b8c05e4da0de2ba8e330634
SHA1 e4dcf958145d8fd855a6dd1c758c54a08ed61a44
SHA256 fc1507d6a12865701f201e642268bef0889bf29a30e2b2619910c714aaf6ab9b
SHA512 eb44f7c71d514e9b13001f82a7d5e4595f449cbbb1e66a10e3ab40e5a55bd640a7836b5ab60e678c6b821ab79e16cfde55beb43173d25673a1a3410dc0bfc009

C:\Users\Admin\Downloads\OperaSetup.6GQG4XjE.exe.part

MD5 7b7c3fab74c167b267d21485b673aa5b
SHA1 76e5c21bde00103a2840c9b82d2e74275954b0c5
SHA256 7aca855a0ba34b649ad36506299956c7a8f353f9031f0eb21363bbf0d85b9d54
SHA512 09a62465e2d284a5d9d8b284afa987ac0bc76ba8786c503e66c30c3bf458c13b30e77efaafb3adf4b51412888d53c432c59c40ba4ad54e9e1d3fc4a6e93902b2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\789FBEBA9AC4153E2628DD1C398724DE04D938BB

MD5 56dd0905b5d1b7e2ea3e6e1ca078a534
SHA1 bfff65977aac5ad96393c4eec7ebd56b0ebc3468
SHA256 6f4134e214671f7e3b3c2e6bd822aeb89b2de7dd0742c603c8fdb2d406787137
SHA512 7afb105991c2aeb180d2c01334eeaabed1a0f0757b0ea9acc3bb249a4f9b0231d1b72083a1fef4b8d803318b8abf772de52d7f831ff101aae2944bcb9940b68f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\73160EED3F90DB5593A5F3D4A7B3CD21ECC83633

MD5 d5fdde3d99914050c0fcf2738c0366b1
SHA1 07997de05d8585540e34471c143b9459a19a7bd1
SHA256 dfb2ee7104ec99c886349e98f367d01a68c2fb1a9ec616fceccb73f840b37d7b
SHA512 a5b2ef6590e2d7c842a6a04846f045d13a1bc9078e18575827988af6c442196e06bd1c907bdb368dfc63f9e3a5b1f03b6db4f8849fd797c1f79ef46770480721

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\6281BA5C0C6A6B5BE6E51E2DD08901570F27ED14

MD5 d93f78f8300c910007fb43c75b70a8d1
SHA1 c0505d93eb0bdd63332748ee5e59d4de94d35a3a
SHA256 e2572eb05e6c537fe8d6b6e8ae564212147396519ec12839278a88292c1e82a9
SHA512 b3e81070e07b44f4f3985eb747779be59676bb1346e88ab164de2fe3070d7d879495722c3f668bc8145fc2fa2f502257eec5e1788b15b3426c70fe6b3216f320

C:\Users\Admin\AppData\Local\Temp\7zS48617CCD\setup.exe

MD5 901e652c6fdffb7a6813def879db3fac
SHA1 9f01932b99a1b87d751eae9fcb761a3e831ee10a
SHA256 031cc73d23e1e31b04a4f44a5cf5b2b79b761c88ecd791d838b7430295caf8b2
SHA512 971a09b6b71913558b542f6b056db3f88cf5c29afe84bfd23581dbcad4af5e3b8484b8f0c07bf6d3b73a798bef94dad9ba1f1e79e641d7403ac5e876effad010

C:\Users\Admin\AppData\Local\Temp\Opera_installer_2502051619250516196.dll

MD5 758a51de349a436c58ed6edb73288d41
SHA1 224876913395253cde898db4ab4647acc7c64ad4
SHA256 484e1d8f8d9434540c18fbb698795a7c341c6f5aeba83d143803f0ec2b025838
SHA512 32c5a24af61644712d7a42056639198179281acccc5d6a06e836005523e052389a42a7f1441f288ae6446ab0d1f8c15e0637c54e6d7c83180c23ede2a15afe24

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\sessionstore-backups\recovery.baklz4

MD5 ceecae7fca11b0fa82dae734ecba010f
SHA1 002835194bdd45a9e240afe14dcbeb53533ece69
SHA256 673e1e0b233b30fc3d2e9a6dab5baf13e3123c1188be68bbdb3c29fd42f1e430
SHA512 1e4d701a28e31ed1bd1506b3dbd30cb1c9c00351ee94e1538d945f92f4de485ac012d14fb19cd01c6c1972d73bc7a8faae38e04c1b408cd6600ce6edabd55b94

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

MD5 a887013c927bd87c49b5d44ecce4a936
SHA1 ca24cbce63de89f325b26d0585be124d791d6cdd
SHA256 9d8423a28538ba1e96e91c8b01196acdcd20fad8494d90ff59a2dd9f26235b43
SHA512 d4fd8806339482c0b0c7cd8085f5b7e7777fe6f93d32e06e3080cc9fc3c35babf312a3afddf115c91f86e319c33eddfe345e301e076ca785fb2d3b0b76afa4d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\sessionstore-backups\recovery.baklz4

MD5 28d6cbf7d6847336afd803adfcf1731d
SHA1 f6416678ac994bb4e19e309e44038cc265438500
SHA256 62316aeb8f7726793bb28f11c857287dd92304716d0c0888e933fa5dee8a3d6b
SHA512 fd488565c0670a4d1e7047141f3051fceaaab0cf212eb5353520b69241db880c3b651dcf5f89001ccff64961ee5b96ef683c9f6107c50bac1f6247c46967b4af

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\6DA9AF8919D72F40F2FE355D45B352A0AD8CD5B5

MD5 09b58b9c6bf7c4a923c33add2d48b634
SHA1 610646b329521000aef8dd46b0d3fe9f343e26f7
SHA256 9ba82fd4ebd1753a8b58652742dbb0ea4886e37c9966834c0c571f7eecc30fb3
SHA512 86bbc890381db59978742d686f510bd973663699c851bb5b3c7942ea153a93d3257f9f372a714b04cb1cb99d3d8c168d23a28ce4c1631aa9af61fe4315a01a9c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\5CC750FB324ED42A6115DA7107267AE3CF1F828F

MD5 2db4de68464998d5c8205e348afdb21f
SHA1 beb4ceb9eb661f83e96db66ab7cbde46665f3242
SHA256 05436a6f4298be8335c2ffd2606580ad6aff6ba0952d470f74bf41fe1dd51eb3
SHA512 082dae53a35b6689de014e715ae7fa437abba928b103fcb5862df04ada8dd5c113b794475f3ba037a3336eb9882bf9276e30530b0f8b9c9ebd6a2026a9353432

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\8060D1B3FCDBFDC16582092D7C1A2516B67D851B

MD5 a5888fcc3f5d29f9e315c12c51fbee2a
SHA1 e38a415bf381b39ca58064f84b16d43276933328
SHA256 c591d880161343a7a25361f03a90a5d73e3b463ff21f0acf654d9db7b1970876
SHA512 02684ac9509b716ebf7952a9d5d26f8ef7d7751fedaf13acf6d095fc8c3393e63deed6d77ae3ac9334605136d727d2c26555baec3d6fc85bac31face926a9a14

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\sessionstore-backups\recovery.baklz4

MD5 487d302a4254d67b7647c1e8c700be16
SHA1 ef0eeb75312862b52b9cd0a8800682e849ed9d95
SHA256 a1614d0b3af9355fafe9eb5bda1e6e4e1f9d28ac1dc2942aad9e2794ef8b34ab
SHA512 546a96235ed2f641b6c441119a835447dbaaf69ef520c6577004da66b3f211d586f2d2ce51edc77bb0359c359e7d036c0ed1ab6bab54deb805b10059e2960c2f

C:\Users\Admin\AppData\Local\Temp\CreativeCloud\ACC\WAM.log

MD5 01e873f43af20ab35800e67609f57434
SHA1 28a344827ab626e83f9cbead3fbdca73a6f23d30
SHA256 ab9102ea290e39fde7d42fb9e1835f9b39aa32cb7d7c3c4e80841555a215b7ae
SHA512 18488f5be946ee0f76d439851e0675cddf58ba1f394315eff01dfccabb36b8efe91e3bc4f2542cf6efef9fbac6953901c205fe8b46fac08b5ed65b9549bbd46e

C:\Users\Admin\AppData\Local\Adobe\OOBE\temp_ins_lbs_wid

MD5 2db8976a5c34dbe405730f7a277320ad
SHA1 b6f4ef27d6d2ee3cfd6d42e160272470e2f1060b
SHA256 a31d8b522947be0ad4dae72705877fff56b2ad43ffcc54832451ba8f1c867c23
SHA512 9d2509d8bc26de0147e77f04c78a98c8677cd29db4a14f4311369eb75292a52e8ead978fec42245a8a2a0a639373ec12ff38ea524d3a5c1bf6cbf225d31b8612

C:\Users\Admin\AppData\Local\Adobe\OOBE\temp_lbs_wid

MD5 5f4304288510a4ff10a8e70549a81f53
SHA1 85fb068b031ee3ed54d9996be1c72b2af7428e21
SHA256 b91ef52fa8adfcb0c92efc9cb7abfd2f4858f697095336ca0cf7411ed01bbbfc
SHA512 7ed1bc6f136b81d3e469f14f2cb96a9fe4134cd5def0acdfd22c66d1e46130e983ca6aa4f4cdd9d4933ddb07503bd143195f637c19b4c7d4533e8e053292149c

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\convertmasterapp.exe.log

MD5 83dffd7419c6d5f931ff1d3464e778ad
SHA1 c08ecb66bfc6a5d2bb5778ba662e5f6d5d42d0f3
SHA256 e84c41f25f0ada2df9df5162f9fd521ec9c76a8c8529dba45afec8612a0c957d
SHA512 f5051c26ab5d8dc4f7eca5cdceb779adb9eb85f15653d45167cd5cfdbf62f15ccadc376c9b2703abab14d493569ba0aceea229d0bc65bcb387db2fe2ade8b884

C:\Users\Admin\AppData\Local\Temp\MasterID\MasterID.txt

MD5 14f34908e17412ea90125504f4b3d4f7
SHA1 a2e8964384899782e1cc6df7615b486bab76f25b
SHA256 32a9d3827020b2d9f037bca80265130a34bb0ae7fc3dba96cef957c4ac803d63
SHA512 94632e0ae85d0c5c86f98e9e285250a728614851547df8db356d8568781793097113a82a3f801879a558d6068f9fa9b94dab9dbad6c0c6eaaa2379b2975a34e1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\BA30A8866A8313A16394DA2599448520494928BB

MD5 9eaf6b9fdd34225530e0a00b5a82c8f1
SHA1 0244c3e2dd0b2b0f0660bc83910014cf21704c9e
SHA256 ed19d75c9168061c410a8049b1539d1d3f4358cccea7978fb255afd650c216e4
SHA512 0ed82e23bcbc1c8ec029501107d3766e93a805aadc860e6dc91253436c6eab3f5a11b0bb859cd5d425ed0c5a5bad9dd0ba69cd0772a6f63d997df674fc34396f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\8AE459A0C624B0A26C9FBDB594D4AC73C7EAF156

MD5 a5eb1c66bae5086afb86604a92bd4797
SHA1 7a4d9fa39640f5a6b8fc10752038a58921748031
SHA256 5469eef9d4f4d50d78429017869eb578e5db74d49efc8a1bbaf3a4b96009b4bb
SHA512 5ce303162f253b72015e905afcc8de708c87f562029f4043bedccee84f06dbb82b112e29066b9fe2bc341e81c67bfbd53239369e448d29b7e2568e12cc000b63

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\5FEC31B54D50AA81E863D2FE514B942EE293AA0E

MD5 fafd9328064f12437eebea952dfd08cb
SHA1 64a807a399216920bc7346f5e10f92ae6a4ca63b
SHA256 75e1918cb5fd9f6965a200948b5fbb3aa331ab499ce55118ec29707f35dab481
SHA512 2a796a8eae9486124a1f24f39e4cd65bf5bd14e74fcb2c729ce4d14470983bc49590ad1c954ddd86aa6c8adcc1ec2f2feb2719c62ac742911f7f6e5809bc2e78

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\A5B99B275F90FABE3C93EEBAC4EDED792A9D6854

MD5 a081537b6b0e555177c46262252076bf
SHA1 7ab263c600f3c85f373450892947ac7d4dc03344
SHA256 acb516e9560ece45871f865623c69f58a1d2e31c0dfe82d2cf5c2e06d582ad4c
SHA512 fb7a86be3e1336bb370ae7d18acfce36557f07840b053d52b2f72de3077d3269d7477f0c750d016b41aee02a02032f76e60034eddc663cb02fd84e52a595df31

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\sessionstore-backups\recovery.baklz4

MD5 293951e3f3e48b044cd332df9b1b3806
SHA1 8dd41587e1d9d81c5cd1b2a7911476ed18786864
SHA256 ad5f0a9f9abba40cda90cc37eae3fe5f3eba62142a80255c1171d4ba758cdd8d
SHA512 c8cc80cb13a248dc620c9592a3bcaaf51ebdaea7a8cc888e6d4d90e788dfeef30d648921a483413f1edc6bd58d138e5d6358fd875b3ec29c34861220a50d2ea9

memory/6420-6176-0x0000000000F50000-0x0000000001434000-memory.dmp

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\1CF967749DA8AE7ABE25FC8B3578E564AA41DB75

MD5 528f6e5363be891e0170bb58e2b6cc41
SHA1 2533c6aff77b62ca43395657e06e0c5b615f6070
SHA256 c137d69080f4c785920774361457ec304885201af8f64d0dd14fe87398522139
SHA512 396be1c58d6878428a335e8152ce7ed829cd5ed124721ec0c32df3d1f9fc6e4090e6912a73518104e11090efa30ed49c173c68f583157f8e530fa91f192765f8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\2C9F7C365345D332755452A43101FE4AECAD3032

MD5 a55255629c1aba6e7d8767975a77c8a9
SHA1 d5361681d733e57f0b37697d780305d6d84e5de7
SHA256 f5eb09b04cb6cd10144a9c7990a74a8c4c6b8ecbde31201efafe397e19e3430c
SHA512 e3b6f4383ce560302979d07fda58336875ef919e7b402dd44ea46b4211bd8068f1d9407600dc54dd71e79e875be0a5528445d0bb36121da95959e88d9fcf960f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\047DC33263ADB51399FFD73A80E487AE4A0EBC9A

MD5 40e40101c86bdc238b7246f1bb1c6a87
SHA1 2e246c66e25f433e1645a37f9f7eda5c45e810d3
SHA256 0ef19f797276ab3ad2e30b1d0309e68aaa34c76fffb947a03557378c818b978e
SHA512 adfeb434ab833498e05f224df9be47d6f121add17bf0d4c249d3ae3e18915d00d0de169a40c62895054e5c41bf52b09b0df7867528ae3d3fe3db88e99b779dbd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\1A4284090372CDD935419D03AF68C9CF3ABAE584

MD5 e34488d843a4bc12723c55c845201653
SHA1 e3f40e75b7537ed1d54331b2a39a460d4c586dff
SHA256 44b8be66c30ae6279a65e20f03582ecb63960accbf27e9b0ca35e5b824479d99
SHA512 b770ecbe17aeb54ebad8b8637ec6cfd94aa71fe6fbbdfce7864388eb550ce69236b25844535f147f32942311d80d3471abff1ad27106f2c8b55d6ceb33ce09c9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\C7F27F1B728D8DB7CFCCA0B5822E7997A8F337CE

MD5 d071b66e2de33d02ad01d96592ce6684
SHA1 0d3958c3368d76c0a0b243db822abd63afca2a5d
SHA256 9ce29dd4812069d7396fd83901d6824b9c4313ceef0ec453cd97125143115046
SHA512 20b5d7a9d7386973d594b128e0062518d2d5ad9e91346b088d20c6c8bee44279e1266b218c5498da5cd07d808e37e9dded9c236c203c3953ad06c1b4a22a52c2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\79147479DDE08DDF6C904A234618A0D013413437

MD5 1d633b90809618904f121ed92493ee2c
SHA1 0ae7c67f09568dbed91a6e86f79cb6f1640f45a9
SHA256 d6c4860c70ed31a7b97175abdcb9f70185c36519eb5c356b28483e41c692a799
SHA512 28f93b319951c1d5e50c23642ff358842d12202ce3f8c4d3c0f670d7caf64909f28609152b1e338416a9fbc9957bd3a417f1c925b1d8ce2a42a864e4fe79df1b

C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

MD5 2cd74f12aff96e796d4e192f6bdd4f2a
SHA1 30cfdf4eacb46784181debc508ab83bee97e4a3d
SHA256 bf158a739517ad72403a7e75df08ed9e1e840a3cf8fa56790e605fb34a1445b7
SHA512 e20b8f9f14959769d2a0a89b2a648bd6f5872514e65623e9e0469c3459e84b09fbc0eaffcf0e4ff03bd9ced046df194fcbdf3f2140971edfe8aa6606d9600483

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\datareporting\glean\db\data.safe.tmp

MD5 27710bfc75f41e371448301ba8b4ee31
SHA1 ea290d30ee99911ac3468ba7e72d923a19c92e74
SHA256 7314340428f7d85b14e478a3b918e197764e53b5eb2f82266fdf9a0c732bf67a
SHA512 d17ee2beb1d1da67068b4e3061d0468c82c706c5140577eb86623a0035a6b605349c37a9775ac4840a13464a907d201b5a75dcd10254575aa91657a167354e36

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202502051619251\additional_file0.tmp

MD5 f197f4d2d50205236436fbbcf02e79b7
SHA1 e83fad0c2b93d023c78aed539709bebbeaf1c2f0
SHA256 caa17367382012f5bd23d519323470abdca96fc6e9ef2a89608bb92dd1c314c5
SHA512 fe332b56a021d029e443ef84b804f808fb469377e07527d875ce6ea018ade84ffe7de128f43094fcd8c6abcacfbae9ab886d3813afbc18edc637aaba49068e7e

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202502051619251\assistant\assistant_installer.exe

MD5 bb1570332eb05a1dd5fca736cd95ee5f
SHA1 adbc05e40848c9e49533f2bd061eb36332a6488b
SHA256 5941e13e53a8517d7d491e141e4c8695f3b4c66190cbf8abf520c91b0926f683
SHA512 1365503181d6fa1685b0aa24bbe1b005d8086a66f6307f5c7ece56ee1a402851f1b72e69054cf4ba24b9b0f0e4f4f9322b03e23a370fdc4d3ab0006fef2abeb5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\8AFA24F67F4EEFD840E613F89551D78D557EB7A7

MD5 f84f247a8c33b1afdfbc00470dac93f6
SHA1 b1a5916797db1422614225101ef542c90c44be4a
SHA256 89588e0794ad1fb41f8ca824483fbfc095d537f13a1403d6c8e55f2d0898b937
SHA512 8289c63cd4899d95d4de9e10d940d4c112ddc7c00b9f69d10b14594cad41385f9678502e808f14892e97cc6f714020730d12033cea29d02f3d095256ea806da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\sessionstore-backups\recovery.baklz4

MD5 b8a82db0dae3924a920dc14349cc4588
SHA1 5f646c54dff81cf3202e6777e643995bc7583414
SHA256 3efc9aaba9008bad4a2ffebc5d2af3584419035c060b2bec547e310f158b6ec9
SHA512 79bc44a8fcb66e619808df7455bcfcffa28556493b535f0ace5cd552f049310edf9cd6988dfd8cee8eaf8a40153310be2006b513852fda5701986ddcb22d30f3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\1F26C071B20892573F3E1FF67AF9C142AE1FA12D

MD5 1bd9ac63901bac0fc085953db58b9ef6
SHA1 9841d6d05a6d4d6670b1e52d2f49e903eb05ee26
SHA256 29ae79606e92a68cbed3441f5ed8eb3ec5998fea7b58f25670ab5cb10af078b7
SHA512 bdd443cbb6fc88fe2b630df953339459cf8dcd4b7281fb1bb3d53674b1c8f71b4a4067f8c0e849c93e8a9d7ab472331f873c76b155adcea366d754405977a6e4

memory/5924-6382-0x0000000000F50000-0x0000000001434000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\storage\default\https+++www.googletagmanager.com^partitionKey=%28https%2Cconvertmasterapp.com%29\.metadata-v2

MD5 2064bdab667f97e18bb674d7404025d7
SHA1 489442c6856a68db5ee4ea015b6cd5d534bc9438
SHA256 96da7227491feb690919cfc7b50f26c49d6d5bab6ebb0d5bf402f706aa91562b
SHA512 a6987b3d63d2b9e83e011321c2c77b410f379f97b0f983dd758205fca5086823a2c27803ca262afeaa63b5b01dbdea3bb756579142a699ee9a8f92c8c78349be

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\storage\default\https+++filecr.com\.metadata-v2

MD5 bc7ee9422a4b0292eeaadf6ca87e67a0
SHA1 8f14ea30c36fb302569ea3c9c077a2d3aec8be85
SHA256 4b6165b170e058dad6a515b4d9b83f892e63846341a5c1090b05e14a52551f47
SHA512 0d36b0b9ebb56179397d9bcd719cf21af396de8b60ce88d05c14d228098e9138af038edcb06e5db95c8a47b24dc881fe8271d530d8b520b9f36e44e4f91fb67b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\storage\default\https+++convertmasterapp.com\.metadata-v2

MD5 b89aec948ad0f578f2cd895e43ee8a1e
SHA1 92ac95e05a2f9a591cb367a4b97d40f66ac87e8a
SHA256 edbe30f0921f7b427588dc74bea75fd6ad34154e21def2f6e800d7b950563732
SHA512 4026ac49785667239f9d8e39feceb06ab44a684a3479adb0088cf9c3ccc95c562971a7faf2f3eb697d3a0466fa1a678c83299b21b05999426be30c4d58472a74

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\storage\permanent\indexeddb+++fx-devtools\.metadata-v2

MD5 916055c371fd52a207f9546bc7c16a28
SHA1 5923d75a324e5bc24bd632bffd21a59a0c142abc
SHA256 27f8689966573fc1412f7630fbd08eb61b89c859ec944578428bbae730926d4c
SHA512 64505c684138fa572e15f9ff6593fe8844b4c33b32472dd229fdedca4daf1747a8c82459e3ed979abf61a0906269fc225b719804d3ab578e61d7e0a7d6203eac

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\sessionstore-backups\recovery.baklz4

MD5 4a060a54ce9b8019668182ee5fe3c7da
SHA1 a2714a557cb12101040a317faf8df5979269c0f5
SHA256 5255d68797967e3dfaec415beeedc46726a06f77e429d54badcc9dcc0df5aa0b
SHA512 545b6ee7856470e515d4add075f160b46523ad51b545a74b09920740583acb659aabd45fe9ac1013c2aa3e475060a7bcdd2faaf2f4bea902e5d0e8da2c2511d9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\9A53E3CFB98E7B050E3C9501B5084632CB002E96

MD5 d9bae2deb4bce5a928e73350ef9cac3e
SHA1 e9b04d8bb1750decd46ec17991daa8c28cf8f685
SHA256 248cf5dd7f08a938898d79fc84334f30e35c7a94cce9839c76f3a54ec3f583f4
SHA512 6a996ca778ba84a17e486b99c5da65ac85d9bbbbfa294efba5583a9cf3ff1d8f16f076e029c5af8d31b5db8a9e41f81a09a86559f9567d49b90e3a1cf7641215

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\storage\default\moz-extension+++8cd641f7-c779-4501-b681-c7f42bbe94c0\.metadata-v2

MD5 4dcb379a24f822b309c6e97690a1b7d6
SHA1 a3a9987d3653e9affb6690deef64f2112da73c6c
SHA256 399436355b405e483c56f4968b0b98933f042799c0dcfbdbfcd63d5affee58b0
SHA512 e981433d310af53d2ae6ca0c37bfb22a9a2b744aae1794d8bc332fdd5ec11f176ca0b78ee10c22edd31e3df87087c4acf4a62bfba814e5920393e0e647e60c68

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\storage\default\https+++www.youtube.com^partitionKey=%28https%2Cxenoexecutor.com%29\.metadata-v2

MD5 6a336db86fae0568d45d073018df7080
SHA1 21cb0f51962bc692484327b12d96f4fdf86cf890
SHA256 6280ba15831e66af3fa9177172702fa1bc99454cf83f723094ffceb1cb49c2f3
SHA512 8f08c3f09e2bded251d402276ba7b1213ed04b5054133f22967e0632f046d62cfeacfba7be33f9fc499cb0a7737320a706a4644d8e9d81fce91794b913f43477

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\sessionstore-backups\recovery.baklz4

MD5 79a243967d1194fcfe1644acc3d0f7b3
SHA1 fe8e6e38a9d5338f9c0255352583b6250e54d003
SHA256 996a8eccbef2d71235936ffdd2b6e52f424201b162d4500f5c9a0e80e477f31e
SHA512 8875d05f4cd1a50ead6b69d7f8f16ada1ab5cac00c27d3e0137df1757b84eeae7e764e336b4879d0ec1b27885f28d2ff02657a541a7898d20c1c6d54274d75fa

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\datareporting\glean\events\pageload

MD5 d94ccffe513468e1a0345198be562b4f
SHA1 b8f2761b4dcd8b3c2760838160456501eb69a16a
SHA256 412a8370359fd1cf65a70058269703ccd054b6c1aec5cd902f23135912cd3b24
SHA512 53ee22a96d01575674d71fb6670f0a496368d30cacaf56c082dbc58efd1856fb87c36bee557487d11117800e8cb7962c1471717881a975ef53158bbcfaec27c4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\BB07ACB3AD876113A4FD07ABD6E52CE0341255C9

MD5 59bbaef8d1bd9c2ff517a645b18f52fe
SHA1 29b520899d099dc81bd16237618671396d19564b
SHA256 6d6e6eceaf9670b6d5f4a4049b1af7a9819a2e2a0de9d13eaa7e103377343166
SHA512 68c28e5304b084e0b9885459bff9f97aa5a52b9cf9c9743904db5cce87227b9d96d569fbcdbc71a21cb99634338d989a6967fdd78daff0b9ed8fdb74c3908f25

C:\Users\Admin\AppData\Local\Temp\Master.Files.Pron.ico

MD5 562332060542e7c9c26da437d21540c0
SHA1 bb3915bd885eb10ed932e3484e24cae05f088e73
SHA256 44596242a804d63c7dc7fe2bd6153bb016399dd0d930766cca88d757825fa280
SHA512 8a8ab8ebaf0668a42dcdd6fc88c37af01607310f251e88a93e02cd47cda2637ff7cf681cf776230e5a00b7f307bba7d09016284401f65235a79efaaac9e1e654

C:\Users\Admin\Desktop\ConvertMaster.lnk

MD5 a6bdcfc82ccacdcdcfe2c72905189470
SHA1 f3012996c3500a7d1b5b443a622071930a1b8bfc
SHA256 9c9181ded860b89ccd09b45c643e17c6cd042c02ca6e4905aacc5ad25626ddc4
SHA512 33b87df337d4b55aca1fd557da05458ae0797593b488965783ae9470d2516d5d4b598afd2275a6819944e4ce2294307338933bed6e5787f52b9b4baeea615bbd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\doomed\24562

MD5 694f54c133f29bd35d9b32e963d211f4
SHA1 d57dbc7f63c969dbef05ac894569a034b17c6e25
SHA256 187b7a8671faca87b0f7d60ee93a13ff2595bbe67add82635a6f8453fdae8f2d
SHA512 0475423a9ef177626a2299f50f3780630c5ef36cb769161d2a2023d92812b98b12236f69b7d5ca9567652f8f2f3492fd7b5d69a0335657a5f79472b5194a1f12

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 0752eeb9af96d6cdc2349c520a6364a1
SHA1 1bd3b5861aa46cdebf2fa2cbfb52802e2863ee48
SHA256 c0f54dc46f7b79e4e08aa03b90391ab5b86695151be91ffb5de153062f277f76
SHA512 01698116ee53866aa4d7feeeb7aeaeb6fa2b38de480b1d67e3f0abadb96a85e3fbdcf39a5bdfd28bacc4b664099a77a42144aaaa362a19540c8266805225809a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\A75D2B43BD4E218B1CD056E8024BEFB4E4232C82

MD5 cab34aca178f4774f7597f4d2fe0be0c
SHA1 dfb7777bd0abb24d0aef9d35da64b14f2f3fed55
SHA256 1eecff14077f595273f19f24e192fb4bf9771bf37800aae3d7026f464932a904
SHA512 e0e4544889a74f5295f17a4402e424e1452f94da0fc7002c01ca9fce6a4c6ed1cd2e3cac816fb496f1ea60c946b34bc4cde6b949dc7359591717b72bf6ec039a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\0593D7049ADD9F7D45B27D57BBCB8E364057DF95

MD5 b0396fb0577de7973824d200a1958365
SHA1 af5010aa70a884cbe45c1f9f74b4dc7d3574b990
SHA256 6a87b36b2777978e5e98164b8e5ee135f8c43ec148ac8fae24e483b90f40f77a
SHA512 ff1feae7e80420d1b3aa95d8f01425a8b83e18e9d2f7277dba8dddffb07db4f6f0060d4bd7c8316f3611a46b7389406c9f9d957db7c2e5191c579b1fd82d0d2c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\94999384B7B5C76EC2CA551AA0A0AC99AD40B5F9

MD5 ae0e474d712539c7d97d39747a6398fc
SHA1 26e1686ef4ce26bdb8c28ad285675924a52b3614
SHA256 c81cfe2649401f4b29e3cf3e38760a16e31b4a2a3147793496651843068fd270
SHA512 47b8dc247050c63a16a210bcabe100d672a6a37ed04dd14ad01cfee5446666038cd02bfb6668dbe7322d0ad3b2081604aebc34e638804effc813a2dcbd88c20c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\7C6928A501E1D9A30B04DC2787A54999ECF63B40

MD5 cbc96fc0c76a175590b8887295bc91af
SHA1 2d26991b93ac7470097139738505aadb58f0552c
SHA256 606bbc3112765e666d3c857143eba20aa99170ae7cf6b2a8cba0731569ff687b
SHA512 ec9661a596a16a13a3238c9ab3c313c8eb20279051695bab79245d116e76f76dc0670c68095b0113ce9fb90ac27ad481775cdc351cd2c8cc0068bdaa104bba4e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\C8EE28A066AEA6428D90E25FD7DA70C90C415A4E

MD5 4a8de984b32e1cda2f9044c5644f4002
SHA1 c6e1de1841ed6cbef8092027e5d014987c6ad619
SHA256 806f0f21ab1db07580b0886c993eb443b0c406aaca20087899449d2ac1c5ea19
SHA512 45e98db0bcf9b9b0dbeb1fbff83ead4ae88cc63ad00168112c4a4159141555de040714f8378c61404d82ea13a81ff9ccdebc148df31c01fe5522f80edb3aa625

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\storage\default\https+++en.wikipedia.org\ls\usage

MD5 add0a5d159abeb8dab12dba9cb335ea2
SHA1 cd5832e496fcdeb5034a0684796c8f283ce2a793
SHA256 dc2dd248a0946a4a907ff5437ea6db6aa1a572421de1b38299e0f22342abdef9
SHA512 6573e09a6a5e991a1bfca916ce9863209f83dca95467b1ef2c459a5928aeb9de70d714daa34ccb4e4317b174d4c23c2238d2b78a511b31b4cbca940fe5f3dc7d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\F5966BB8DA22B8500A2C921C2132998BC7DD34E0

MD5 a70d3658ea30b8e08e6db2cc9591f7b3
SHA1 db5869432d9f50b88515628da172823ba9a75012
SHA256 5bd583379c6a06490c389e34faa6195a7f804f5ecec83c79dd67771c94571872
SHA512 32c6fe9e03b8535be3bbbada11d0be3c498fc09befdd0fe484f13dba4f876cbdea97d244a9f8f6b3127a6c3e9c5554bf28dd6f8b4fc9dae584e7d1b532456393

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\D4A2D93744D81AFEE0DDBA31F6DC22B83EFCE76B

MD5 e3c2a7c58ab17ab480174df66e6f248f
SHA1 a84a02ecaadda933564d0de5b8d9256fea289088
SHA256 1c3293164f15c5b17be7567aeb4e9dc468380a68b219ec56778b2a6ef7ba28af
SHA512 d93d2c33669f8721c1b3c087dfa7d1745eed52dc0c18322929bbf4ee7f4865d40b5322468a3495f58640402ad11183784f6567c7ac8a3a4d629850806701a24e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\serviceworker-1.txt

MD5 cc11eac8bd89aad7b7f29319a9adc9b5
SHA1 1ebe2dec98383755580bec6784ea231311332faa
SHA256 4df3898e7875bd7ce532baac103570ff6f8b6e551423eeca44a7eae9762c8607
SHA512 6fe07c846d7c975a5f8224350422e4bc49f19dbea77c4923cbe9f390084c95a55caff0817eb4934b3263f80af33d4a2610fc0da9c6cbdf6d2215f2693d4080bc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\serviceworker.txt

MD5 1129565748e7d47d8ff3b3007397a5f4
SHA1 5bcaf596c22bd7b5bbe8a22ea3c67c2742ab20d6
SHA256 750f2b00b100c7ed4dd84cfedeb33d1bdc3d66953f195c95bbd6fc48d91780ba
SHA512 67f70694d695989743f96893fee517cf7adb19317562008a1a52fae3763a900d3a5a2512f0db48bc0c88f5290b2a24db5e553e3a5beeb96d11103fda899591ac

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\0F6CC206BC5D0A96DA622CD971556A395BD4A8BE

MD5 5e23873aea9da373fe95ec985117f9e6
SHA1 3b26b89136c7554a74930e032749840b7d5f646f
SHA256 80b81a108ed0ffadcc912139119614df0db81f1acad6ecc0ad7b9467fcf36e56
SHA512 fdcd82953273a024346db78d081afc21564661f127d28c305e7c6556f1e6628ef3d61419ff41cab36a799b714bc1ecea60c4c0c702beb86f0cec871213136a7a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\4DDAB5C647315F6CF4B66F49096C8D99B0D1DF6C

MD5 9c1bc8baa085d27b98a5cbe81d6f0845
SHA1 ad602d25e9e21ecda1326caecdd628d2cd32a06a
SHA256 0c61072b8d38cd9b1686b20d33a41f01c1459bd4b936958dae5b1197710f73ce
SHA512 4fa1990b5a7be9bb7788fd1f81faa4b8cda44840519af1f8fe61fcc7a9d1d8356faa121c388315f35d7aee53c240780feceef305d70308fb4d00a926b1f8d01b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\0F62AADE39B94C388A8F609E6F138F5B4D18787F

MD5 b270f10371371191179c21a677278e37
SHA1 163f6a53fc4a7deaebc19fbb3337badf4c6518be
SHA256 3c9ffc5ca60a9a02125c2e0c77a419b093e9bec27e5fdcb62ffc4b95719368d7
SHA512 56ac5fd80a55d5632e22ebf9c7553cd932a5203ec20b094be6e39d154197ff54a6cae1691b79f53e178c035b8e89aa74493cce2d2bf4f4a87a4305496d285b9d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\E3C3F4CD157A9E2E9C217B13D7F158645EE201D8

MD5 78ec378db6b6551c5d50b874ee538164
SHA1 a8a6f17a05522f374716e9f90a31c1768a7b99bc
SHA256 657d4e432e05193e1454c784a748fe26cfd2676a1e06bd05ed385ba5428a090c
SHA512 1c71134f6ab51d2fb00e78c9222ae5398ee8e675ab0f710f32d5757625def051500d72e1e1a6818cd8a559ec894c8ae256d994eb02606bb9bf9fd811b201aa74

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\sessionstore-backups\recovery.baklz4

MD5 383974b58ba2af2c917888d6dba2f0e1
SHA1 387463d837f4d1122ac6e62dd9a54748ae9a566a
SHA256 20b7742a781fe53fd4fe3b685282de2fc966d60955de9d23e3c0eb3ff13ebb13
SHA512 a8e5341d333782764d7dc8126b8fd0c9acb248bf94a13840f92e519a92d8f0857313ddbf9795c07b5156aa70c885ba45b1c181486d47fb052f4b59d79b575b42

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\sessionstore-backups\recovery.baklz4

MD5 6dfa508ac2a1bcdbd8a320b2da8f0d72
SHA1 5a0f9eb66f1ee129b5deed1284dd4a24800b169b
SHA256 93e4116e6fe11988441340e4c90361261125e725537d52b16b463e20f44648c9
SHA512 18a8dcfa96dd80660e7db164fda92613684808becb4007bfe6dfbb130cff9cfa385c9242e074f74069194f77ca4b25a4003e72e964ae410754f25163e3569f92

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\datareporting\glean\db\data.safe.tmp

MD5 1930850960a8cdcbb09941cf89b67c4a
SHA1 099a9f1b4b6f2298a8a743252359ce2e58c613cc
SHA256 097024fb8a94cbb1f98ed949e09059e26c7bc765df11474bfe8689a1309da9c3
SHA512 5b916da5254869cb097cb778bcdc7b319bb2dd25adb5d7076d13ec152ad627aa4081031820d88dfd648a13bc8e4944de29e3514d35d9eb8496af2ac1acfbc008

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\datareporting\glean\pending_pings\8fbd74c8-82ab-43bc-bd3e-bff141c37724

MD5 7347f0f905f69ab48a60e98d02aca6e3
SHA1 ab389dbe2c0512f6f2df011eaa8f6fb20ca469c6
SHA256 0fd21e93f9125f4bd5fa5c633f5eece18182af65e8f2a9faa6395a3578639b9a
SHA512 6e08b688faeae6190f116baa2392db88d2d7703570fc2ee0cdfaf9cf757bee57fc2ee494977bb9abacfa30d051b6e482de7d8173b82c58be810e0e9239134da0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\datareporting\glean\pending_pings\c2e95815-45b2-42fb-b727-5e57af80b874

MD5 828c2a64225336983e0e1d50e189404e
SHA1 d88856caa812114882c20052535938d776bfb185
SHA256 1593e06550632f96ac80aded5bf723a82b70dda0420524c1d3683d4faf3e6432
SHA512 9fa2f3e026d38c616206099645f93e65efc79b0eb0f103b67b1bb32a76d4cf7e696bd10571ba99327b3e621ac9ba07ae3a42ed919694df8f89a99c1be8882d29

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\sessionstore-backups\recovery.baklz4

MD5 b14749b9235c7f34e8916a1580077241
SHA1 3223573961428cff2fb47ae56b5977e7068dff70
SHA256 f33f8a5bb27698917fb99d9484d157e68b6ae65068dbe03b8076d71d1e039a8f
SHA512 5a898afa2330818df781f5888299ee86ef2428528f55c915f1512cf41b60329e93ecf7bc0020d52013eb1b68a1704da84afa1d05c14f3a726e5a3f267753698b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\sessionstore-backups\recovery.baklz4

MD5 6f913ec0aae68b502aad52d14410443d
SHA1 025e51ece01a899b587dc90a85ff52544da6ee38
SHA256 41a7ea3121491ca2adbac59d70810c5f274a017837d7743e16ef387e851c5d1f
SHA512 562acd9ce7b70e07b895cfe5badeb7bdf6e61dd9501bb849a1cf12e153676f4da77e4f0f062517a190c7650cc48bef4f1583abdf8baf9dfe71df11a77c9b2a43

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\AA6C94AB7F5FF3C72C5DA0506A9F03D2F2984C3E

MD5 bf9c6470c017de43ba72fb1a9c06bc5c
SHA1 9019ea6029847c4b6dd3da9889573c64b0b16400
SHA256 2f988bfc87bd047396c67807292a12a0dcf70d809e4effe9b7c1965e2f6145f8
SHA512 6c496138d04ef03b685ae31efe09bb7673e57e344fc0ed9518d0e6bdd439bc30491eecf16de9eaa13ab604d37462b1a81460f7feca91788624568ff43b8fe658

memory/3680-7315-0x0000000000400000-0x000000000042C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-2CLPA.tmp\advanced-systemcare-setup.tmp

MD5 7f0e76562106e3fcefc098dd82378f22
SHA1 53d93bfb95863da6e15c72b16fe26f6f8aaee3da
SHA256 e826ac159d0026e1513c9dbf1f9bdac8534739cfde160955d74160d35081dab9
SHA512 f83c561b6eb7af77e6f9ed722b93a9d4625cb3274cff1706e0f9799f1cb73c6b0dcead9c5fec8565f994706af1b6518b8bcc77c9e3e5ee6463b0fd716f0fbb75

memory/3680-7341-0x0000000000400000-0x000000000042C000-memory.dmp

memory/8264-7340-0x0000000000400000-0x0000000000532000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-KDBN7.tmp\Installer\Setup.exe

MD5 75a1a873ec68f3a2a3086005ce4ecc44
SHA1 6fbf2fd8a6b5147ea302de9d155ae98473e0e185
SHA256 ff19d250b8703ed00b5a02a03658d3d3fb11215aee6913134fcb00ae32dd40e2
SHA512 d450f7764723e7f700b3577a2b113ccf7022b97110d2f2242a1522771af17e4cc6274f179bc9df70aaa93a9f1c96d7fb78f7046d48e981090e9079febf134edf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\sessionstore-backups\recovery.baklz4

MD5 46593daddff2b903831c5e3afb9e6df0
SHA1 f9b87598a4d50880ab3c565841a42780f62a62a0
SHA256 77250aa6e46dcee3b627469ac7ae3a809624b2a0d8ebd093d74e355842bcdee1
SHA512 45e078315d9ba6ad24840373db8202f6940d73dda437cdda477be8e2c3feacab95e1e4020258bff95ec98ef76dd3296ba16d50ea593e4a7f2dc88a7ef89458b1

C:\Users\Admin\AppData\Local\Temp\is-KDBN7.tmp\Installer\libssl-1_1.dll

MD5 9405ea98989968e07b5c9497ff54b560
SHA1 2c8142bb1b667af133e03a51cfd7427deac1b900
SHA256 5d74920adc711daff4d22c45ff29693265381d5359b6a42cfb51e674e3db7cba
SHA512 1c1eb10f144aaa1ae4fcc42b9dd970cfa3f3514948d0d1dcdaf9f7d8cfec1e752b1ce6d70460622b475bcac331fdb8eaa847725c9612593ce3550c4da7112f3e

C:\Users\Admin\AppData\Local\Temp\is-KDBN7.tmp\Installer\libcrypto-1_1.dll

MD5 b09a5c562bb1d521de69d37ce5286f3e
SHA1 5177d1c96fc389c6377d4256187f76579cdeb2ed
SHA256 c4e3f16290ce92d87c62da129249fae41bdb4f65b47d31d911ed722623fbb181
SHA512 5d2c0cd8d9625fb4424d01b1316064e8b4ec6106e76fb3f7972ad6f6d646464269a0351c228ee2e5cb247d3b8366a48d9791297e13244253a0e01c6793c148b8

C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Main.ini

MD5 3f84c6b85805b7baec84e1f534254bf2
SHA1 8abfeb85faf5f60ef338b77073e618afc0dc741d
SHA256 a8f3a9686d4615f3890ce24973f0585b10bf7163893c5e2c369138f52c052dfd
SHA512 f9c313f559df1367b2bcf824f4be0b16de7d1a5217db27ec4ec3fcebf544e0a11cf7243037ed85bcbe6cd3648657eaf6412aa71043d3eae535f97aea671f44bc

C:\Users\Admin\Downloads\itop-easy-desktop-setup.exe

MD5 b036a335285338dfe1b4bc092204b6fa
SHA1 6b6a4a47b0a0088aa92a9d906d3c6e15f3452c37
SHA256 f9ef2acdabf43be8e2e07b7b281c6bb690b280728bf9b0a3d1e8e11e0879d14b
SHA512 ddfd4b7c015a9d39654f4171937f7a3f533434da010de5a5bd7060f2a6c469d3bf806c794988cd0bd0af28fae60f87c3b74910a3dcb32d2a97e48c62fec0251c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

MD5 7ede1c2319349ee09eef9b918f848ee1
SHA1 907bc671d8865713c6c6758ab35d880bc195cd26
SHA256 0091300b2b650fad4fdf32c8681ca431aa280403bb7afec50e1e3b2232537c9e
SHA512 673710e89af144f22a6a69011341e48681cf2b46ec58fa7ceed13688f3dfa17e5c8ea9f8054cb99c054864ec980fa0acebdb480ce9abf4d1d7a8ec46dcfb5866

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

MD5 4b42187eb81b15f6191b43bfaa4ddd37
SHA1 29a09b69e3b40276faf3d4a7bb6f98345042cb93
SHA256 551483192b7fe42aee6f6f4c69339d849804884270aa0006699658b1342926e4
SHA512 3636722f617595eff77e1fc4b9742bff5a4be0efeb0fbcbdedf37cb08c1c0f4175f6f2ba09970a26eb895f8d428c870f10533d7521b795503d146002ad7e3868

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

MD5 42cff42b997443cb256b1289a350b1b6
SHA1 651afb301d9acc6d9c7306060597e6a5c30625fc
SHA256 5a0156e23df8fc05add3ecbdc44fb33b70d86fd08dcafad7fbb37b2107bb629a
SHA512 6e50f0b49cabdc45f4b1609a0d388d0c5c544bd3e957951f23637a3059da8500d7e1afe8e8b76d9bacdc2cbb6f7516d2bdbffc09a7e6fbe3a16c4d8100214cdd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

MD5 6892e6b19ce9234d87ee051092b04ec2
SHA1 d8d9517f991e999af4534b4250a288dbf1057fd1
SHA256 1c27d91c244a2afd84e80c35ed6c72e136fc507c49169749853c162790ce13f9
SHA512 97d67ca109c6910d7532446828c1574934356d88e03126a97f3ef5d50902ee8e9633500a31317c34727dc90d50c1221b7ba7fa8f1ddd412e392dce2f3ba65849

memory/4788-7392-0x0000000000400000-0x0000000000440000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-8RV1E.tmp\itop-easy-desktop-setup.tmp

MD5 f795239554533babbbd1dd7eb6ecfcae
SHA1 b48556cdfa133c82f43ce97cec7c689f68050ba6
SHA256 aa519d4e973f8f611c8424b1fbec4209629128b9d2e658d0b4346bfb48cd01d1
SHA512 54e6a57e9b954f4680b59c3e0b226097afc91a66802b21c56c3e70d30ace9c272d4360589e0701e338ede4353ac0cd656eaeba720d9e13c83ba7187c3d0d425f

C:\ProgramData\IObit\iobitpromotion.ini

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\21D74E66EFCC0751A6BDF4C5B6A8347AE0E6DC89

MD5 fa32f80ba1ce262d631e2f095893077b
SHA1 c2b0e9a7b22ebac87ba4b711c95f85d35940cad6
SHA256 e44b2fed74fc9930c11aa1959a514f7932058c3128ab13d0f270798e387e750d
SHA512 fc7a9a6cad7fbb1c8045ee3601affb26de2f571bf7704b861478da6ebe5c028dc9ad09e7f3bd7359b23c05fec9eea51b08928efce547ab892ef8bd6442a4e745

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\6125C46EEA30E46EE322C2E6B650D98635DE0C03

MD5 48af08cfbd435a3c7c016a8b239ff2ce
SHA1 ec031ca51b6ae9b5063154e6b3cdce30f9b380ac
SHA256 e70351193c3812adbe6b933e63c7cb730c3856f4b7fa2237497b7ae88bbd0d6c
SHA512 9a90e34a130d03ae968e14a32367ea4cc079263b6085b3eb9ab1410cecd27ec48dcfc0b6afd2922e0e7de7865c6e7225b5b6ba5ce171a2bf4a30abc917938561

memory/6816-7463-0x0000000000400000-0x0000000000546000-memory.dmp

memory/4788-7464-0x0000000000400000-0x0000000000440000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-EG8P2.tmp\Installer\Setup.exe

MD5 8e44faf9c5b78d55fdd9b1cf15a5549d
SHA1 400aba79843863bbacf9fe3685d00d02d28e2331
SHA256 44c157e0d58056cba1f76468501b1bef7228aaa306b508a6dc6877dc4a62a409
SHA512 349ceb8e63fb89aab85dd56a39efabd7e97007a2875531135e90840891508746b444e5a0ea5102e90847c8f8ede804024a7284919c220e7d72df6148f4123e4a

C:\Users\Admin\AppData\Local\Temp\libcrypto-1_1.dll

MD5 e9888362828d6b6f6e13e6cfa5a36419
SHA1 f097e4cc95f40012af1143ff345ba39180dfd32b
SHA256 37cc65da464443f780ba555ed3c86f5f1003ccbe790f85f3a612c62741c9fa92
SHA512 175487a2d5abd4c16054541e9954d909092107e254dc49d5a48fda1b7182d6cc6618d338855cd67432a85d57bf1224baeed3822a2f7b6442aca2a0ed9a124241

C:\Users\Admin\AppData\Local\Temp\libssl-1_1.dll

MD5 2e13693945236594078a2e7c4fd029be
SHA1 b06f79529790acefedc4019d905b2a31cdb5d3e9
SHA256 e9cedb410df5a475a08b2f17ec5ea5615d02ff4f1a1e045f53053a73da9a2474
SHA512 127f3d276b7a53d724db4f316454df5436e68631089eb2e0eec706d49bf373f76619de1f089f15ed0a89e78d9baa8364145afee4242e5804803d2bc8487ed4d8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\sessionstore-backups\recovery.baklz4

MD5 a21fb89da1fad7380ae4325534d081db
SHA1 7788c70d8cb741e75f42d343cef1797f85ef1e0b
SHA256 595e2e6aeadec631aaeaebf65b5a34861ecaaa244cac9caf6e25e0144243ae86
SHA512 a7fc17cd28e2f9991868bbc8cb063b07c1494373576f25b50c54b15f6d6e0d4b741a8bd9d7902c715ee7ffc90ef51f7a4ed88663bd701b527d2b4b96a885e29f

memory/4668-7559-0x0000000000400000-0x0000000000440000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-U5NAA.tmp\IEDInit.exe

MD5 52f6ba76c39a49477a06a5ad35992815
SHA1 22090208f019db3fd6a8e6153cc3b450abf9c088
SHA256 f6212299d24d012a8fad70a28fc42e4dc420a2a91e0a7a72f5e71f14c8da841c
SHA512 8a0d63ba5c88fb7cfe3dda0928b5c862ef44b9102a4ca5948ec438e5197efd669bd60bcd7420cadabdfa49f5f08097b1a5fd3c1b9821460bd00bbe00c8ed1aee

memory/9188-7587-0x0000000000400000-0x000000000060E000-memory.dmp

C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Main.ini

MD5 d1176decf66282bf7b993a222ee053f6
SHA1 a31b408288e60eadc16f59c32669a9a66596ea57
SHA256 997070088b380de83f703f74cd44fe87421c2b60750cc18850fb4a7e8fe68b1f
SHA512 e20232ed893c663603984a75067e8564fb92b6097320e14c4a960922a38a93e81dd225a9d0d3eb89d7a5c5a2d347610933ff35da5d8664405d2a19e0ea55f324

memory/8848-7616-0x0000000000400000-0x000000000042C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-O3L58.tmp\Rinside.dat

MD5 3115e02fd135942a8eb97ebffe751beb
SHA1 31764acb175a41b5342bb89e3a951e85084e5d57
SHA256 a9161ffe6690069e1267c6fdad055fc0112144273b66a8bdc59862941279b21b
SHA512 065dc4358ce8f88a044d1764503901cf4a1ba75cd45e3021c0f956955ebd0942718bc09dbed6214d70c1efbfc9fd3adf02abc10694677e5b8cc50b10e92582e9

C:\Program Files\iTop Easy Desktop\iEasyDesk.exe

MD5 30bf6f8c5de7b7295b42948705794247
SHA1 6ba3ed97acc4f7eb5e5ecf2a83677273931393a9
SHA256 5711b807f2c5611438cb07ffcbae4a2474bbf19d69ffb6f2841c1fa4f078df73
SHA512 29fc49a647d13306c444f0a140b803df5a7a16674e18f54a1ba8f73cf2e57729e20d11e5e5e8cebdb443f4b3311e21c7a261b08d90ea2ac84e10319f62c5583c

C:\Users\Admin\AppData\Local\iTop Easy Desktop\Config.ini

MD5 479a6b02febbf529d51ff31a81df4c5a
SHA1 54d40aad992f03c233629e0b101f24a73a4f1357
SHA256 001c0cc5ad9504decdb223abab30eee722416d45cfe505305e315984bcf57762
SHA512 1de548b850f347b56205af6d613b66a9c782173cc86caa0ffd55c28a46c0e440dc6a88e37db7a1cf28962fb50c434e122c824b2aba73aec0a8bb23f4ad781d2d

C:\Program Files\iTop Easy Desktop\LocalLang.exe

MD5 ea68f9de4621ca8ae016671d93e63a8f
SHA1 22d5d95215f6c549f88809e8225856601b43f7fb
SHA256 24d27708d7e369bfc5bef75847c672132c1e580196827a803a4c57992fff7d5f
SHA512 811050b40441da04bc016a01ae5a3b36a29d7e6856654249f7e9a74d7cbd1519d31a1920afc6a6f9512333f1359164ae033d69d20304f761832d42ef4f0cd3e9

memory/8932-7829-0x0000000000400000-0x000000000043F000-memory.dmp

memory/8640-7841-0x0000000002110000-0x00000000024AB000-memory.dmp

memory/5800-7843-0x0000000000400000-0x000000000060E000-memory.dmp

C:\Program Files\iTop Easy Desktop\UninstallInfo.exe

MD5 4b3337b217d787bd5f73345118a2c42d
SHA1 9041bc953bf72dd60fef2fc16796ea5634be1bc0
SHA256 50b889bdbe7e94d807ae38fde20a4dfdd937b1874d19c0eb6a8669e7c799ff58
SHA512 d7b2f5e7227558b2acf8478eb98a70849286a85386e928dc26b48f59d8b1f53f8bf03bb49b4a7630b2d65389ccd5ed0b87e678f8fcffab41ab0f2fb9abce38ad

memory/7768-7858-0x0000000000400000-0x0000000000546000-memory.dmp

memory/4668-7859-0x0000000000400000-0x0000000000440000-memory.dmp

C:\ProgramData\iTop\Install.ini

MD5 7d9c3041b80077c8461b78eea7d3c46e
SHA1 d79b78d565b005e5a16f9c0d014f810619f01067
SHA256 c2746f34582c19204ba0c6e3a7b0d4da88e08445b05c478380097d0bc6e22112
SHA512 993c2e517552ed01b0f1dce148b98fec4e894ed52a33cc380e67eff456fe27b81a6b894cc004c781736ff90084d2f227d4bac88bcd10ce8eee7aaf9939edbb26

memory/5412-7880-0x0000000000400000-0x00000000005F3000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\sessionstore-backups\recovery.baklz4

MD5 63b7cb534c4f8ef15600ecac10d265ed
SHA1 fc33c3fa2333b38f1cb656e50059943f6bf5554e
SHA256 f11a1524401b09e73c74138850230e8e609c6ab092bd0561fe4a194414ad5600
SHA512 2595d78ac9da1f38d544f61a13882d5c1be0f711012a925cb6e29d2d535568c0cea042a60880872709c05ac5ae7189a0c2765ae3fac6c4338719c4b5d8dadac3

C:\Users\Admin\AppData\Local\Temp\is-O3L58.tmp\ASCUpgrade.exe

MD5 95401a1c3bc4ad0fb90b005974a7f8dc
SHA1 c439b4ae05d66dd44741346b8300070257c2cf34
SHA256 375b3da256599fd0d68289db68660e9b7a7052956d8fb25c09f60e5382a1cbfc
SHA512 3212736abb98980360ebdb47692e5344492a8c69b27f88e80ee6a161db47b4b59c9270db275d02ca2d66448dff467ee51bce5d7c7ac95dce88e56d7039b93a7c

memory/5920-7899-0x0000000000400000-0x00000000005C3000-memory.dmp

memory/9188-7905-0x0000000000400000-0x00000000005C3000-memory.dmp

C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe

MD5 f3358b2cd8e5528fbc46e514c310232c
SHA1 4100e8e76eb05093faa187f92ae8b0e1a34759dc
SHA256 781a57f0bfb424a8c11f95fa62959b263716b0cfd1ccd4ea7ec1eeedd6c3d605
SHA512 01170050880acfa1aba85a5fc4522a782b11e3bd85a23f6254cca2dafddfaed7f24b84bdcc10cb6e5eea7a90bd0a2409fdadb6a1ba69976f6aabee14d7d0d722

C:\Program Files (x86)\IObit\Advanced SystemCare\LocalLang.exe

MD5 bcb3518e3c4f380e7b26ce231997b0a1
SHA1 566fbf7a9272172b01c82d67d5d2345c7bb82577
SHA256 66c52f12265cd51d05a94f506dfea049ffe29c7e3705c6f0a8808455a877b5f5
SHA512 bb99790cb1465848d0d7d7376519823058f642bd7b69ec6573379d219a9147fd2af662904d75bb51a13d8010cfd7d125ca4b1921a4acd03845a0597d477f12cc

memory/5840-8641-0x0000000000400000-0x000000000043F000-memory.dmp

C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe

MD5 effd22fb356bc2766c42063115b81ebc
SHA1 42c8a81daebc6a91e75fb73cada39642bce75823
SHA256 05972e182d003657936c344d5fa32f5665e7566fd8fa7342610c6513dea22e1f
SHA512 87ba52e489ec28da323f252348a381f61a4dba1434fab62ed7382b15229afef14ccf4afe35239eeb109b6ba88d66a6de8108cdf3912309b35914c45ba4feb837

C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\License.log

MD5 18f6e02114961b25acc2bcb5b0f22050
SHA1 74a1f0730e36aba3826d77680a9200592cecf238
SHA256 d09f31bfb6070ada36e99791305aa5c8055ce59adb8a0452e94d0897cbf94257
SHA512 a242cd670270c9c098409231bf4607e11833a8df16f4551cffc6b267c1e909284278ce077aacc936b85304beafa74312465fe0d425325a2a5948afb9069c377b

memory/8728-8658-0x00000000045B0000-0x0000000004692000-memory.dmp

C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Ignore.ini

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/12200-9579-0x0000000000AE0000-0x0000000000BEA000-memory.dmp

memory/12200-9580-0x0000000000BF0000-0x0000000000C7C000-memory.dmp

C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.log

MD5 dd60721f8be33c0471199dbaaa22078c
SHA1 cec0b7a078432f61333eb511f0ba18df78775e31
SHA256 ef7d02d87fecfe64422d1c83ed10a5a12ec8d012e7b4335b77ed1fe97ce58f0f
SHA512 bff1365b718c9936140f3672800ebb38715905f6756af4d679b5ee00f3f8ed58ab01a30c63d0eef3a963c6e86d806bf1dc6625a493632c70ab78513bb5584b16

memory/12200-9593-0x0000000004340000-0x0000000004458000-memory.dmp

memory/5680-9615-0x0000000000400000-0x00000000004A1000-memory.dmp

C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.log

MD5 245270adc345346b992232ae6cf12093
SHA1 4b7f90476c657d1eb321037711e8b6e6bcbf713b
SHA256 bce03c9fd2095b899607228c3459fdfb9bcbe68ea95be9451f67676eb40e6201
SHA512 ff6240bab3f64fb5d6ba1fccd78fb2aeaeb34076db7da27a0b448da7ae30b2d77fa0e215ebfcdeb75e18e91cebb4a1e37bf509adbb0499b68cb75229df091f41

C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Main.ini

MD5 209c10bbb75a55eae3cc3c74fdb593f5
SHA1 30fef824ec5c5b12c8e39395d70967d4385fa1e4
SHA256 d61a463cdcf1d2dd3cb99a4003093f1565b61582a6211a119a8cdf5bc3296e3b
SHA512 56d2875696841f6270102ec83e8f30e623542ba63fd5709fcb94b8abfd77ced3e4683fd1fbb893d7280b501912ede7223678a3ccccb394aadc049f98e0b677c0

C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\License.log

MD5 126e167584f80367cd110617c422f92b
SHA1 f3d28b32208e633d24144a72f4b3c240e869437a
SHA256 e4ec9550f866e836e9d1e2110a60b3d8ced1a4b8652aa4fd23dc4548f8a96d08
SHA512 429c1ce26412d3cd699b425a12fcedcb2fdd656200c4dcf8d61049ad02242444d46a9c6502494016038eb1013998949bb25f19856abef6704017a259931d43c6

memory/8728-9629-0x0000000004DF0000-0x0000000004ED2000-memory.dmp

C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\License.log

MD5 8a002ae52d793fd11af1537137f48166
SHA1 0be76e06e2ddea5bc7d9879bffb9130989ce91d4
SHA256 d2018bf2317290dc7965e63e92c7165e1bd8fd5a72f56368f3c36b920c0f4228
SHA512 bdcccaac7a21a3aa7b1277ee934f921ad1a0abe09469bf69d003177899d2e427f81d5054b2d20bef288627eb8b394d6273298c5d35607b667ad331bb0743bd08

C:\ProgramData\IObit\Install.ini

MD5 899605ea1c3df4553112993cf34c5b1c
SHA1 fc1a7fbe2c3e613c43f6e90e8b14bbf8111bc5a4
SHA256 e751db6ac58cffb60775c306526d0d65abbfcd8b880e89a43b2d0278041267cb
SHA512 b9ce30eaed84f8266ed507cf4a274d48e849c26c319a9fff1874f4e10faaa34315eef125c06ec91d12869c17f8433e27726c6e2cb489646a5433aa6e415a458b

C:\Program Files (x86)\IObit\Advanced SystemCare\PrivacyShield.log

MD5 d17501e247a635222dcf851fbeffeda7
SHA1 41c3bc22cca23e01ec4f1ca0ebd35719bde4140c
SHA256 aea4c6d6c08eb7d922f64e26f9901a5d3f8430ea7b43c532c05f8b645f6eac40
SHA512 7679cbcd7382295829b9f10fa4922f4c0a1c3d7b1aa5d737a1ce2bc8e7102508d71e0c1c59da72a7b5e9d770d44af3f0a06fdb13da039d4c1b530389760ae362

memory/9236-9666-0x0000000004600000-0x00000000046E2000-memory.dmp

memory/9752-9646-0x0000000003790000-0x0000000003872000-memory.dmp

C:\Users\Admin\AppData\LocalLow\IObit\Advanced SystemCare\ProtectRecords.ini

MD5 0e9856970f5cb2544dbf5ea83fe9391e
SHA1 1379805a305d9de0ba7eeb1f7cc46f40eb59a7f4
SHA256 dd5bf9c2f483789e8853dbc42429774e9c28d51a086a6c57ef78dd414e5a5422
SHA512 010591395be0eec618cc8e9625228ae7fd5e3c91162e24ee96bc2c818abff44b9ae9d0d1e0a6261cb40ccd2cebc1b7145bb1c3cd9abac25780ad41b4463f0c47

memory/9236-10840-0x0000000059800000-0x000000005986E000-memory.dmp

C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\HomepageAdvisor.ini

MD5 8650b1755b632485f2dd439f3a3c6126
SHA1 8c1ca0c0cbc869d75c7f174a77b282e457e9d78a
SHA256 931b07b89eac79e4011037fb46a1922c3837f25b900598d3ad0f386a030e88d6
SHA512 c0bd889d248e05ff2be70765f48c756ec313e481d7747c676d7365af3fe0e332cc76f08463e07f829d412ea9cf42b2aaeae6eca3d12438e7497bd77a428d1bf6

C:\Users\Admin\AppData\Local\iTop Easy Desktop\Config.ini

MD5 8218e5725d746212dd27bec0bc566ad0
SHA1 536546fb41446b74bba462212b971bcd053ef363
SHA256 dfb787175eb3289d47b3c9e4a06baf2ce1c335742ed32dbfbd53ada66a637b76
SHA512 08cfcbc79396f380d5cde0073bf326d3d5b708e65d89e4d4ff63810948ed4a2e22186f7ebb7b6b74da85ce77ce0c7bd6a0ea87411e5258473954f6a2666580aa

memory/9236-10839-0x0000000057000000-0x000000005703F000-memory.dmp

memory/9236-10838-0x0000000050000000-0x0000000050117000-memory.dmp

C:\Users\Admin\AppData\Local\iTop Easy Desktop\Logs\AutoUpdate.log

MD5 0047941622ae9a100c8816c23037ede8
SHA1 d8a4eee6cb000a35f633478cf192b80be60902e4
SHA256 e564daa3e958d2879996764f84d6591d47a487a1f4b21628818a7d4006fd7006
SHA512 eb79a7399b8f96ebc1f53a8b5183de3c5b3f51dada3bb62f37d10a57796d7a38ad30728d9de9969a0cc397dbb97b86f926de40610cfef50647ee7247fa80e0a0

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 7751b5f1b711be707e53e68404ad7d6c
SHA1 8c1901fb180dab4932d95ae0ccb07d446817b8f0
SHA256 eb605f8cb8be714cb20b559260c7c577b6c31ad888def2de29858ed28a803fec
SHA512 677f771fb17d46816abd95f53335eba50ea4c937fa98f80c786874ec76edc4ea017ad0ca450dfe680a9825570ef3bc71c50b36946a032a0626ee6b35a403714f

memory/9236-10837-0x0000000000400000-0x00000000005BC000-memory.dmp

C:\Users\Admin\AppData\Local\iTop Easy Desktop\Logs\AutoUpdate.log

MD5 01c5dc470093b3c74bc76e2bb3e70e74
SHA1 fe2198c83aada0ad09b8437bbbff97f57e1db847
SHA256 ebee7d0a21be1c6b99ec27e6678fc1cd090b7c6de42458f42ea507bf11368d22
SHA512 8de4fdac802298228cc3d7baa6afcfa5e3fe73afa7c2437fe0000fbcfe256f3442008f0b57a3a3006381fc158a58e1c2835dd3d9b1cf549282cb2e907c0be4c7

C:\ProgramData\IObit\IObitRtt\ASCRtt.ept

MD5 ce60a7970903f760c4d4275854f8d623
SHA1 d20c7cf5a2a4c6f228cb57a3e1ddb705fb15a7c8
SHA256 23dc6d0e0f34ea513d6f3a9a3d792b51ed66e983c7d4f045f57c6da81dd0352b
SHA512 ac109393e6e11c09ce7364d5eb4e29130b7eb401d3cd17685ba8593bbdd74cdd5699e1ef19131aa8f2838941d358c1115e5440232aefb414ff3da771352d3d11

C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe

MD5 0110b5295219bfd64f1e48e3abb7e600
SHA1 3427da850c4041d69a88b6a7db79c1d0919ff02d
SHA256 6a0a220b9a0685f957b5f1c744ec98455cb03ac507e6d2878724662be2c490d3
SHA512 f2059956f8a2d0b3fca720a1d06325c028ec495e5bcb059e2ffddf954db34f197f17dd1844834b577c2ae98561be3d277c7d2d691c228b1e9884dbc5593f198c

C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\SPNativeMessage.exe

MD5 b2216dfc7ea186869a39afaaaf2e31b6
SHA1 ed94812f2b8c72bdc3df4ddf3661512f6270e50c
SHA256 58ba513f3e00260a6b9f911df91993414522ddd98a98c3a07d029b4916f1fb31
SHA512 71511c9102b4bea8476b705abdba1335cd9b99468029a3b18808e378b3de7bd43bfdac5f7cec5cb9ab19c45dfbb51c97cc0e1647dc4393a58470f988c3927613

C:\Program Files (x86)\IObit\Advanced SystemCare\DiskDefrag.exe

MD5 f98a4521a2d99476b50fa4aeb71cd15d
SHA1 7a66ee7d7c88c5ff7f9d84277b97bfd66c4b20c6
SHA256 65d20649d14af3e6025765b5d0436c5396edd430bf155cbf8ad0b1483a7671f4
SHA512 b297763f3d9db97ca84c0509af0b6c289ee934327df280ddeae69573a934ad3fe7be7411e1f831a49080e9418b187864b205c31e8ebb1ce0e41d7cfc6efeabc9

C:\Program Files\iTop Easy Desktop\IEDService.log

MD5 f5cff3f0549a6d91222e9741d6df47fc
SHA1 1e3a0df11b95328fac4e6a4c5c2dea8837478ab7
SHA256 42df6e39411c4ae75e9ae8af15a81038abede6e706c590b5fbe8ade0364a520c
SHA512 778d66dc1df3b9c1d44a39af4c085797d7faab46c05473f8d61fc79f920f3ba68f20a1fda4adf0ab291465f820ebe7e4c812d5fbaf6676e86abeed8a37f4d0ca

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\sessionstore-backups\recovery.baklz4

MD5 f801b059283664776f5df736fb5fb691
SHA1 d70dbde6928cd9fa2327dad9091169c6dfa15911
SHA256 3816cbce630262663c207bd081f2b79e20e0ae67c88711e749005c004a2644bd
SHA512 9f048f2ec838c3399de7f88d0e0bdbcdfa2bec3c30d637611c5a52642c28e9bf545bb452bbe6f93fd0a90c35abfcf364e50c710c34953d26027bb171ddcb4ce2

C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.log

MD5 457ecc7ce3380eeb5a653618768db988
SHA1 6e721911bae5ec36573a8a85454d6000a6dff67c
SHA256 59da42600b768164c3245e20ed1401a07c5f00f589c3675237345f74f1280ee5
SHA512 af1c41a6cc472fee3b034bb6372134852ef6ff0157cf96db705e68d0719f3f84677c048af08ec2ca0a0430ac8392ea2884a91d0237fcdacef9ce898b748c6c2b

C:\Program Files\iTop Easy Desktop\Update\appver-ac.ini.tmp

MD5 dd70c480ecc85a3b3780793dbb0ef6f6
SHA1 b3997f94fc647aa79d7975ad842394bcf7cac0c3
SHA256 9cbd981250f0b596062b3f721cffa113f4dff4d7627ed9513074dc437adb4b46
SHA512 ec9776b4b03e800cfec06d771f0d99e935f42433620a6ad114787ed15393f487a698ff8760b50c4dec11b0229a279fd48b274e3a886a877c4cf79bc7bdb71649

C:\Users\Admin\AppData\Local\iTop Easy Desktop\Logs\AutoUpdate.log

MD5 cb1d07926b3a80c9f37f61e847c13ea5
SHA1 c0a446fbde5d7c9971c248e6931b992fa1c130c5
SHA256 3b482b487747b1ab6ef59a1d061217a33504097cd5b0475a9a462ba841341ffe
SHA512 4b3c2004aa79c501d3dfc5e49c470718a4a6bbd2143142b38488fbebab7cf40500d5db20187f0f80dc326612eab38e99ed2594cc4b8272f03218dd39f2d6c7f1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\thumbnails\b49a22afbeb523b3caed9ea46a3b9fe6.png

MD5 a4e3dec615867334fc01bb2b71796edb
SHA1 6ca3970f02d7ab704f5b82849c2f9163a9bdb9e1
SHA256 5fa0608bb3291da5006676cc5880c90c3d591c29e0f96ffad8a35cc961522560
SHA512 ff4192657fc611ae0938c3962a541eac877a66d372924a8df62aa8e99f6be4431c6b706df232aff96269746a448fa8a23e7d1c8a9d809d74782baa78a0af62e7

C:\ProgramData\IObit\ASCDownloader\ASCInstaller_Downloader.log

MD5 ef11b34e1c116a9a35975699e4f3dc9c
SHA1 98952ffd589748e780f8cf6aaeb44946dded081b
SHA256 1cac814f212c35539824915b6612b2c32eb543cd6761d72cdf13720c20a26638
SHA512 9efb4b36b59001e99c5a62cafc4fd8e8a7e9e2e67d8b583900595eda9f8c7f6f26accd623fc38c16771f2897f84e76e7b5576774791f404d18ef72b12be10caa

C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\HomepageAdvisor.ini

MD5 6ffcd6a4d983fb8a8558d52eb70f41c0
SHA1 35919a65364dcafc8ca6fe07e9121b433a685050
SHA256 76d0426b909c3090fa2d6792093f0d777e552d4011a89624e493ce324655f369
SHA512 75f5f0b920a4625b3ba374fca698042e33887cfbc3b45b8a3f875f3c2bf4336f1fdb2cf5ae218a0b22135ec662ba44ce4eac96a02a688d9894d0645e5c081402

C:\Program Files\iTop Easy Desktop\Update\Temp\iiopdcs.exe

MD5 ecc83bbc6a2c98465460797db6432c23
SHA1 7e48f684200eede7207386c6a9bcce3b65d136e4
SHA256 994297cf37557604d5df65addf59a54e9ecc60d2c603a918400e91d409ef7833
SHA512 a391147e572cfff8d9424301f90d3461b22363c198925329bd81e72d4714b370acfa628b55e5c834ac91c79af198f1c3f5d49222cb9483a26b91690a7ca72f1a

C:\ProgramData\IObit\ASCDownloader\ASC18DownloaderAC.log

MD5 4a38ce4ff5c25f00aa20dc64aca93b13
SHA1 2049cf3f85534e2b168f51cc321dd124c41bdb60
SHA256 9eb8d32b3d791219778980156be41c5ca0f6d46cce7d3c1c3d26aae5bea8ba77
SHA512 2ec15a35cfa15358cd8029f881f083802bbd43c91e58109d26153cbf94b039b17b6b03be338931d66bae97c38ca3f48271106f21d951969da8a84ac823e02f9a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b5b5e2938c3325c161401499ee96a0ba
SHA1 4621f00616454afa54547878b77908eac4612f23
SHA256 5a952ea083a3e7e7ef51e71fb771d3338756facf386a7c1f80737404b2a17e6f
SHA512 5250a4e074bafa437ae406ac91c7b9e448b1695430caa55676ef7562cd7ceb7af37144094caaf9155c5c0210b53badc5d0009017c12119ab41f40a66dd14005c

C:\ProgramData\IObit\ASCDownloader\ASC18DownloaderAC.log

MD5 5a05759b14a10d70961a4d4b70ad702b
SHA1 08b65846bfd871ddf23fe00282e52294ab7e0ecb
SHA256 c6e7d29b47d1404ed68a58a020b477831444922b7ade135b3c7d09ea8dc33de2
SHA512 37b93ff272758aba20d2b000f574b3b07acd4c4560093b2f282cc266056966008bb787e351890a9418772501b00f5216fcea0eb8748587f18411ecfe61141cf5

C:\ProgramData\ProductData3\StatCache3.db

MD5 b764562d74bf33388cd3bca79c401a2e
SHA1 0d149ed36533aaf50f23fedabcda0d81b15e5b80
SHA256 695df27f74d2734ccf56b0d2ab37b7bb117c6763bcee66048822711d1ef62a9d
SHA512 de89ebed9f8ed890ee1e5922d510fe40328cd451951504a87d8389dfea21015f04645e72e82e0ab3478901202af294b64c28c9afc08c714b25647f1d344610e6

C:\ProgramData\IObit\ASCDownloader\ASC18DownloaderAC.log

MD5 c94c9c4bc294f67facb96d2476b4c972
SHA1 54c0f9be26d311aa5cf5af5e8a139bc62e7db66b
SHA256 d9244dc627c0cdcd3c2996edf353af6aef9fb01e9c2ca1296adf01238a43c05f
SHA512 cfe2fd682057ca75b9bb1531a3a69d5e94aa2bce960cf17accb50d3e46f032d91d8d2c91dc82b78c09cf562b063a4098fb7c8f5e2aa5a9f43a4edfb1dbb9bdb6

C:\ProgramData\ProductData3\asc\asc18Stat3.ini

MD5 e126c3551ffd6be4dc5f66fb6e0fe1d3
SHA1 cb1762b969bcfcbe29f4bc1c7b29a04d7e1f6e68
SHA256 f842ba67ef5b58c785165434bd6d000ed78c2eee5101b13e3012ecc33de550ee
SHA512 5c1fdb3f931bf45f333cc4ad25c97c9373f63fc1d64107c8d2d189da53a1318c95696f5a914cd8ecc4854b2fb78d354935c4e550ca7b63757300fbf774866b06

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bb0b25fbd3bf2479693695ed21f1afd7
SHA1 eea675f84563d750580f745c912c3f7728d49519
SHA256 93358efd4853037527e33f37e9eb4820353db1332fc5786880a659c30125227f
SHA512 aad3975d41137bd72b3bb27606e9e0fc8cc32bff74401bcace21b01173235e48c9e886f804f27ce3f329d6755dbb5993dfbca28e31e103f67c01bdf155a0a921

C:\Program Files\iTop Easy Desktop\iEasyDesk.log

MD5 f3db0ac510ff5bd60c297d5e0bf55b16
SHA1 4ae287c3d30afe61182a715ff13f64ff2d6665d6
SHA256 970281086253cd1f4d03f5e861ded58993ff80916af420e25d7d8c2aafdc6df7
SHA512 c6e88b477e0fca9a5ca453d3f4cfd7ded8b2c8b994332cdd05eb2437733c953ea0d2ac8d6016bf512ef149fbc0cfc92c6147cd89901806e1c88c0e79aeabd56a

C:\Program Files\iTop Easy Desktop\IEDSearch.log

MD5 e586a1d940a8544458a767827a8c523e
SHA1 2a64c6f3c0f77c4682163cd1ff6478751ca29754
SHA256 e973b4a8c1bb5e5b440616169416fd6e561bb80c11e84d6cab02d862c12883f0
SHA512 55352374af270ac22490c24560de32e74dec385305011662d292e79de5b5b722055a123a2faef484d16e79a95d67638f78028cbe9e055d5296d88633f56987c1

C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.log

MD5 a54fca2c5aacca8c618c7e1ba6a9a270
SHA1 543f296a0fabbf0001a7aa5dd79a0913cdf79e00
SHA256 0d6957204d4af50547cb3f5a792b86febd064d481f8c518c87416a053233292c
SHA512 3f0f125e246013996bf010c3953594f50b9e8e10d49bea114b2c670b10a1341c079ce14799f14ee3a9e40b8a54f0eef929e0b5325d3ab83c86268b0652256bc9

C:\Users\Admin\AppData\Local\iTop Easy Desktop\Config.ini

MD5 544fe9b1db02fcf4417f5d8450c14427
SHA1 b0f02de7ac002f64ca90ec0ad237d7205edd9cf6
SHA256 1cc844a2b7da6609f594f2f1c0043a113e4f761a726b4ee452bd462919b457ec
SHA512 0c1cb7cb1cc55c8bd04d61edd68d156bcfa8357a8fd2cdc310e8658ef1ee9ac076b7a300bab687389bf50e673aadb9181d1c64126eba8a01f773c4204962de48

C:\Program Files (x86)\IObit\Advanced SystemCare\Display.log

MD5 8d19ae52142f3717df98cbb6d1c42d6d
SHA1 11e88abc029b077a60c57e73c9a9bebcd77f6a0d
SHA256 17857eec66846ec2a0aeac84bc8c874085519e80311decf11ff1f9adc33e0a3d
SHA512 9af51938a948e5d70fa97aa643005e19dbf365935ddc14e6dd54c4938e6413f7405c010face607054467c21e32ed9553178e292f8baf11d300dc099f7ad03e31

C:\Users\Admin\AppData\Local\iTop Easy Desktop\StatData\StatCache3.db

MD5 6b6f1769efda6fe44bf09fd71ada827c
SHA1 6aee02aed6300f15eab2a789d8e39d823f933e47
SHA256 1f8bdaedbc049d5478226b519e03ee9884d15bd0215c8332d38d3a5ffaec4580
SHA512 5d2aae4fccc91a1dc828c2425afcca27d1e1a61962683a7865d49a4419a7f0e060c1a2fecb261e7eed669d8c521425ad684f0b439faf108af0c24b5a273d91e2

C:\Users\Admin\AppData\Local\iTop Easy Desktop\StatData\ied2Stat3.ini

MD5 f886083264c4a29dc60179eb2b71c7bd
SHA1 7b74c5e9a42e986e2e817b03686e5478c736215d
SHA256 37dac73b7bfa65fc0b1038c2d4e145961ecbfb5570aeb04da58e86ba8c5a3213
SHA512 0e4cfb311b6ca759845bf3a83db36c98e36349e6537469db8fea86296d84a840f044ac481ce41335df946534ee19be3a4dc542a2695109eee3bcd728a2d709c7

C:\Users\Admin\AppData\Local\iTop Easy Desktop\StatData\StatCache3.db

MD5 98735c10375e42c676ca43126246163e
SHA1 1f457c7eacf802e1c57053997a7e967e3028ab0b
SHA256 9d541f4916294bc4ad9c22e810a4da6c975b342f31107e435ff5e8a779fa92ca
SHA512 a9fb57b50190523fee81b5f9df9d25a1b57fc153afbd04d24bbf1d970ff05b2f6acc96d84bfc029f98f827d7e24c95a686ac514853f254b23e4ad3a3ec7978ed

C:\Users\Admin\AppData\Local\iTop Easy Desktop\StatData\ied2Stat3.ini

MD5 9eb280e7f3a7d4ad0abacc10a48afa62
SHA1 f7e5769ff8ccf11d71cdbd812ad9782b6159e9a7
SHA256 f7de1b6a05016ceba71165314c33bd4884658d014dced3015769fde94a272ef2
SHA512 8e7b6bb7e0677a02a58225183894eead7d878185c63e862cf7f30ec19c4f971ec87660e8cd8c4003420fb1bf0b3df7db01bf9cc86decdb76e4ba41e2db978832

C:\Users\Admin\AppData\Local\iTop Easy Desktop\StatData\StatCache3.db

MD5 a260b160f6b57225d5e3282376d3f112
SHA1 9256554f4fc29300b66166c4ebdc3c3c6141d394
SHA256 6cd230102a3856690bedf48178936808dba8505a9e276295a9d157bcacd66b42
SHA512 f75e2e394ef33875a0a83ed4b23843b676a74f9b39ed4a66159c1210161744190713fe8f8dd145f7ab98539ca962fddf64e0b28f123701eb973d0f06853a3579

C:\Users\Admin\AppData\Local\iTop Easy Desktop\StatData\ied2Stat3.ini

MD5 5eb748e443da57fb2d0279e3992afc74
SHA1 cdfa840dc81388a92ea3a9ba6432464ba453c513
SHA256 43446af1ae610f3738bd82db904c4f32950da7098162afae6abcddd3451ba953
SHA512 2661f62f26bc28690b012b56fb414a992d40801b78c85ffeed135bd66fd7c664b604b57749c7614ed365b718e8620b397a082deb4681f07abc25f189784a5f7e

C:\ProgramData\IObit\ASCDownloader\ASC18\iTopSetup.exe

MD5 c18037daa9894d4344425a004d5621aa
SHA1 7d8bfbfb2de1119f610fdcb949082da2734c3bbe
SHA256 c17f3c887ebf01623da53de5fd33201f9ee3955712cf429639a7604f6d56e115
SHA512 8ca4a0ddcbb13dbd27c498f0894835206f9022ac49f4bd71998eac9bc5a3e0bec6c2208874ea42baf1c9c1e50cb214a5ca05aef75cfb88dfdd06a404b870b9e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8ed761072027184fcdbd0ab4cd589169
SHA1 396de78fc23a490f53e09b29662990f7cd9469c2
SHA256 29ac0acbc5e32bd0a3ecaad7e12837c0de98cfc7d4fa80051bc4e870046c791f
SHA512 5f006d8f58f73713bbdd9b6829d9277521133040ffeca1bbd9536fdcfa5f810c3f5b2b104d90cc7848fd28c87db5d735d0be55a8dba4c7b4f59d310113f4fac8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 558d1501dc00bc82e3c28382e4cf7016
SHA1 582f9817d48f8b6a490ded759368fba6a144e39a
SHA256 e1b4a6545ec4ae2a389311ef06f9d44b9b9d1496378f86eeea607cc9dea12f54
SHA512 7d508c697d121ffe1b534ef50a14502e2e161b9c0ee4a1a08793a2d503dbc572fed68244a192c2d406d854463ddd2113cf42214fd739a5f96bbdd337bfe56f6d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 b7eee22aa066466719f7c0eb4de65938
SHA1 f78f17e079d5ad17b7b56cadc258d45d5282bf7b
SHA256 17a045b84182ee1b769f2903790a40eda11e199581f890215bf495acadf6f855
SHA512 47948ad95afc6a32ffcf0b1e4d9602f3c45380eb117f95d099b5ab80bd5f2fbf652ed3df9637644ee04d458e5c15000f791117697ca48f7201639ff0e1349210

C:\ProgramData\IObit\ASCDownloader\ASC18\Freeware.dat

MD5 de2b8cfafe88bec5570e9d183c1e239f
SHA1 3ace29201dc6ead161a3cf30de3fbd50d584310c
SHA256 eb9bc586fd5706fbfb69c534c94491a6caba67aed979fefcce51f8d3bea47844
SHA512 37da87cc3ba7d80565cb825d43ae52e0272e81902aff71c2d2063095e27bc98b6af78f4eb256c3aa5fa1c2be483d12ac7d8af086400483a37075a3feab9bd130

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\sessionstore-backups\recovery.baklz4

MD5 9c786f82f9284c5eebf2eaebea11c213
SHA1 3d6ed2b24268aee74fdfa4e095f1899fcb0d07d9
SHA256 51fd9c11b89367752da69ee8081e4bc008b6e178b0422f7372b97c31cae0cec1
SHA512 1b24bdd169ba343d12a968a56e95d52c8debf3bc7aef51357b5afb6d2a6ff44d7eb6f8c6fc4a1d3503e62d24b3b3c1a2a5ea7cc73b869768a1189d6a2d41c590

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite

MD5 15806758204bce1a512fc1599b5076fd
SHA1 f085a919e04fb8dbd392788382a7c1d18b246543
SHA256 1e1f0ab690a072bc483334d31afd831269a4acf14e515c7a388366b85b507af6
SHA512 e1affdc52d9c3a2b73c09c1a416552f7d03683282540772c95b86505b2ed1f67bb9f1e88e013624b4098d769481afcc37abf4c5e3f5024adb1660b55a9221562

C:\Users\Admin\AppData\Local\Temp\is-6LH2S.tmp\_isetup\_setup64.tmp

MD5 e4211d6d009757c078a9fac7ff4f03d4
SHA1 019cd56ba687d39d12d4b13991c9a42ea6ba03da
SHA256 388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95
SHA512 17257f15d843e88bb78adcfb48184b8ce22109cc2c99e709432728a392afae7b808ed32289ba397207172de990a354f15c2459b6797317da8ea18b040c85787e

C:\ProgramData\IObit\ASCDownloader\ASC18\iTopSetup.exe.dat

MD5 e9812528489b27c0dc119e0bb897ab74
SHA1 51cc2dd747bfa73ce1b66ded4cb76b47f7fc3653
SHA256 b6f5c9992b9a73f52125d12bbc9554d7c4912c7f1b7495ca6d0127bb249f8daa
SHA512 e5eb34d598a106a9fcd8b396ed6fd11e428a1a6fe4754a087d39ad11ff119486f7c5bbcc6b7f46abced193263172b172994aa0160578853636dc933a93222bd8

C:\Users\Admin\AppData\Local\iTop Easy Desktop\Config.ini

MD5 e0fb42040cea3ed7ade8451b22dd8f2b
SHA1 d43be0387f29366645ac212d39e0f846e0ba69eb
SHA256 5fd030ce47d0c283baaa3d22557845c01eb728416f00cedd48d6aca1b846b5e1
SHA512 64fc444ca5ae9cf890d11e41f3812161b1baf095be0992ccf9b4050cb9d2ea7676f2e61b0e34db4ef49f8a51d8e368735abd4ceec8e545ad7d662638a4996e8d

C:\Users\Admin\AppData\Local\Temp\is-6LH2S.tmp\ugin.exe

MD5 bf614d937c121c1ae154e0f5bbf688d7
SHA1 c9011fe3236df8d4b5b1d6c416a54d4425e955bc
SHA256 62971e9ab743571c9896f42d517b00ed82b3d5079b79fdbd2f6d08afe3020365
SHA512 9cc0f4872df8abad52c4311d0ce4cf1e797e6795b092f451665f76483eb4cca54e39789740b62e135583bed6d57558603b5d2e393512fe4ea0c5c55c70d810ab

C:\Program Files (x86)\iTop VPN\iTopVPN.exe

MD5 41806661c750c92d728bbfc03b2f2d2e
SHA1 34cb3fa92f7ddf72c3253accded64b8601ea4920
SHA256 bc8cf880b69ebf42f2c679216bfff57ffd057a591cb6357c65a6b9af2f90f973
SHA512 d5974a3dbc0cd6ae45536edbbd6088ccf40ec06d6ed98d5ce112ff2dd4bd8fb039f9364f69e758d5b05ca2e71a4006f0a1c8f371175dad87aacb422a57bf891f

C:\Program Files (x86)\iTop VPN\unins000.exe

MD5 7f7631a8b8ea62beed1e127167cccb2e
SHA1 6e7bfe06ed5447fdad9ab3ccfe06ea4ba91b8788
SHA256 e6b2acd0738623318f2a5a0af0318b069623fc3455339643da45b67a148c7c96
SHA512 1de0c4ae72fe1017b3d62b5893bd96b63f3a0d1767bbdd130a4d7862cd2eb8bf1d7324e8ea0f10276b17ffe3e8726bfb549c7777998e1d514576642414a14bf6

C:\Program Files (x86)\iTop VPN\ullc.exe

MD5 dc7cb90b939eedd999cfa2e3a105af7a
SHA1 49eb352320ca2f0b0f909f16679ed8adb5e4d27d
SHA256 f31f026c0d4772ed2e0e66df82b586b37a7472d94cf7b591780310362956cbdc
SHA512 40a25f83db03dfacc70e3ddaaaaf9ded4bd939de9ad0c983ab67519a69b9a9013a6a129a461cf9699f76f3327ff94e7b238bef32d99b0ab7538ee84c925c342f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\sessionstore-backups\recovery.baklz4

MD5 1c2aa2738e4c5be0b1394983ecfb5fa2
SHA1 0c3c7ada2e844f4a23b33ade0a00d915836d9e12
SHA256 fc6113be201103fe3fdc11d9fe6a3cce4c52672fff8651335e30f8e377761797
SHA512 e1806a045e1f794cb9df5763aea6186e53dc0ac05aeb41e8545d0fbdc4a6d6f6973a7e6dd3531936706576a2790cbdfc96fe4605fdfbb62371c8e74158cc2883

C:\ProgramData\ProductData3\StatCache3.db

MD5 bc23a10e745fca21fe649d81c934e3fd
SHA1 795e9aba687b35ced9899f8064be6592f16e3fd8
SHA256 b22ba2c679c946c00f5aa5b5958bd5ba488b6d95f27cd55d661fa82ad3b36788
SHA512 30466b2fbc0c221654ef3059e0a892754caaebfe7c3e5505d7eef61ce169e2051c74bf6ca47e2a52f13c803be7acb69b8e8cb52ba0ac770c7a85d25dfab61962

C:\ProgramData\ProductData3\asc\asc18Stat3.ini

MD5 2b0bc733570887ff36300f4dd968f7e1
SHA1 9e925d47004ec0d668d44c3dbc581f1e0a82c504
SHA256 5cc1c88282ddb0fe69df2aea1bd7bd3f4431d8355168ecb9b6a65b73ddd117ec
SHA512 8a53d13b8ea507078ef77385df7804ec0ed2550c8720b81d49f99cd363813bbf6109b15ca5687e6b62dfd3d16ecc227e95c71c2d571a20f0732f0a13a3074af8

C:\ProgramData\iTop VPN\NpGic.itdt

MD5 bed1516374adf0d1b7f28f6f7083181e
SHA1 0e8364f6fcd22dd2cb2633d02ebc81bf6a716d9b
SHA256 d637bc51e9b346f764075393b355d05eddd55b5a68b436a050c97a70dc8fa5ca
SHA512 74f1fa9633a69c11ffbdb04e3f4fe3cf4b532b3d297ba6fddfb96dbeb1002db5f0f7e2297952668eeb5f3cfdc3883dc1cbb92538666238b1f30eb2100d0baddb

C:\ProgramData\iTop VPN\ProductData\itop6Stat3.ini

MD5 c397f005ecc2f1bae149c45b6e6fae35
SHA1 0402688e46bf907b3dbe49d6fb214e3d288a033f
SHA256 0fae38054f20ee853ef96545827f4046e9a75c6055ced94bc1ed784e2b958f3c
SHA512 8bc32836be830db4187c2d531ad275b7f51771ed541def495da186ff6a45a7fec06648c2a7246c8dbf0a2fb8f3767a65046439d1d690ffcf73355c78747bbad6

C:\ProgramData\IObit\ASCDownloader\ASC18\ISRSetup.exe.dat

MD5 f8fb2bf2689e38d3e117e4ebdcc73ed9
SHA1 366c1794fd05df4d4884d69cabca042848d5651b
SHA256 e04fa6d289c80e3c45e51fe4c0d0af40eacf3dc67d8a4d1d61808ff786b8e0d1
SHA512 a6ee9793dd1b9e28274d28f254de51cc6cafb3e9ac3d5d4889fc856313bfa5022500b9a7b6c83ed9963f4b1501f1f084eaca02ced907bf2dd871a8b7a5f56712

C:\Program Files (x86)\iTop VPN\unpr.exe

MD5 52726b257483c0387f5e9ee0aa9c3cf6
SHA1 004f2a1aab784d897274b62b55c19fdd47556f27
SHA256 2af9faa544d5fb6a46dedf18caf28ddf8434e2a59f0019cc56c28f070f8c3c61
SHA512 a0042fe7acdcd0afdaa7a021b50e732f1b9a6588c2284b79f68b6364744986c333848b86a93b9dfda8f534460c8f3bdeb287d74a49b2948cb7270f5ddcb88cb5

C:\ProgramData\iTop VPN\NpGic.itdt

MD5 acb48adedba70f5a492972b6e80ada2b
SHA1 46bf0c69c4fe461d86fc5169f78378072e0402f7
SHA256 60f7de7719adaaa27375a36b83ed0b267ae5c51314bdebd3e95c947b45005610
SHA512 4d1d3accc9c9ae30cddf2d83825c9064552c2c93db0d46c888dbcc79b06478443202b26adf53712f56e7ca4be7a40685b74b8252714b21f91836d2a35538a438

C:\ProgramData\iTop VPN\ProductData\StatCache3.db

MD5 c29dbdf91e66b04bd08c4e338b8e0988
SHA1 6679ad6c601f2d7e9e7b2afbb47f075b98fa94df
SHA256 9a3ab170a027d5c364fb87102e0f23ccc08fdc638209b41f1a7315686384abb5
SHA512 694fc0e53d228b025ed8083f9fb1e4bd9bf7cc724d70107c8f93eac701d3e6d0c4d986a01b25340219ed89721c6297cd897a09c57bebf6ce44a0def6c6b1926d

C:\ProgramData\{150F4013-6884-4350-8DDC-6BFCB4C5DC15}\Gwkrymvt.dat

MD5 66181f68c9dd9f1e41993e0ad9799fc7
SHA1 220a46b8c5bc19b45a45515d7885e43d518fedd8
SHA256 6ceeef213871ed15ad80870727926956edfe6e75586f09628bcbb489cd287839
SHA512 afa0d5a186c591092b9d5a1b50ee5ba814a34356f73906569807a9e3a7cb89b3dfe91ae36e8da16564f4947cf837be98ed937d12baff84332faade6279d02518

C:\Users\Admin\AppData\Roaming\iTop VPN\log\iTopNspu.dat

MD5 602e9af1a3fdf9183a64efdc80451290
SHA1 f63fae0e60b5ee771c27106564f64219b766c231
SHA256 532e22eaa45bafaa6c40293192658f613b0104c8056367f7b1e53a54162afeb6
SHA512 de083adfd67884468cf1f105cce7316557801fa94f8abd4be869336bf9a4c94dcd1c5eea38825c40cf6aae4f36a43867c5d005b71b85b7f7249cbb4cdb86fc99

C:\ProgramData\iTop VPN\ProductData\StatCache3.db

MD5 f01236be3be7a91d12927d732735119c
SHA1 9f266eda5d7ba2b79599dbaacdb66dddb9c26d66
SHA256 651afff768a8cb2592778f34e62cc5e2232b968bd60c52d10bcf916a23c27d5e
SHA512 941f91cad69f99306b244ab626fc148f062fbf58451682642c25fd9b08a3f8415a4a79d7c7ab8211c745513e812eff4cd2377e2fa90c4f2464e9f428e5698959

C:\ProgramData\iTop VPN\ProductData\itop6Stat3.ini

MD5 4c5d56e99817ab537e586c2b5957e258
SHA1 2f6e24ca1072ae3b2e5228254cb126eb31716e0c
SHA256 ff6fc0155dc63de2bb22b2d8257f0be91f4088c2147cb96ac4de1ba502cec4bf
SHA512 02e62252556b07bbad6b0c67dd8b83e21b062441b93392c896d37d5d50bd8d6e532e663d2e6eecd57f46cc8e6b24190d545131ce8d6b6545877daf764371f505

C:\ProgramData\iTop VPN\ProductData\itop6Stat3.ini

MD5 0b3cec731a6e40e7e7dbd2ca0561657c
SHA1 ca6f545734846d49416fdd5eca2f37dae05ac398
SHA256 958511f3d59f6741cbb214e533687ea2c95afaa0f4023c4285041c550a56fd2c
SHA512 dd1fcc175d6a8f1b4a6362d7774c92c6d925116a277a6bb0554539a7834b6089e142b1784ce5ed6afe807a997682e1a6503d7e7c2ff11a42017e53b8506bd7d9

C:\ProgramData\iTop VPN\iTopRtt.ept

MD5 8916b0c2cee7568b1a0d6f3240765bd2
SHA1 20fae8c60b8a18c79930355aafb0a0eee96fe669
SHA256 a1a444095fc4e082c1dd45cf878135c1cbf650f7c4e34b808e5cb01e3ce3c108
SHA512 4005a77bd047c0c30396a293b525fca4a4851fcdd5cb0af2adcc03a6b8a63036edadf198964715c65e6ae0d348e9b4390d9b398b0cce301392904915c2a526c0

C:\ProgramData\iTop VPN\AUpdate.itdt

MD5 6807230c7714deec95fb3df60dc327e0
SHA1 78b9dc8d155b3235927d3d59adfce86cffc9e9a0
SHA256 467e063c1cb12251efd274fa72d705326de3dbb67bb89b740afea4f571b65fba
SHA512 7689a3e868f0f66c6f4ee780aefafe1fd2dd93a48af1a68b8882251d2ac116190ef621cb0c74ef0637ae5edc7c0079e23b39fa37844bda88e1aedda8b2e91427

memory/11044-12621-0x000000006CD20000-0x000000006CD43000-memory.dmp

C:\ProgramData\iTop VPN\NpGic.itdt

MD5 58ba48d5ccb644652f73f6e191c43e20
SHA1 2ff691f860d09d52b4f1e187e1ede186b017decd
SHA256 b68f483d722be2ad04edb4abc021fdee0a1081207900e229d92074465c0bdde6
SHA512 6d29e59a54e83bdc629fa593bf1853fb66b90ca7c3329d9254f669cc868244623a5e534bffdbe3eae4b0ef71009216a55c315f53de0fe04370c1f75fbcc04b8c

C:\ProgramData\iTop VPN\AUpdate.itdt

MD5 1e39ed2551feb054b43d91a03ba9d1e9
SHA1 03b3a8e55e88a14f3432752ec1586e3367149057
SHA256 bd72a3927339ca73d538b1e31ac78dec1b1cf9efbda6bc77ab6624a6f8ac3295
SHA512 d9d55a144e7b966e0277017bcae6fa0c3d13bb6822036984464aa81541169c332fd02e9ddbbcbe7fa4976f4f256ad8be49d8e93065ae48e2d4bd86c0f27a0947

C:\ProgramData\iTop VPN\ProductData\itop6Stat3.ini

MD5 8ba7e1d8ba50b6b8313e4fc3e7b73791
SHA1 e76f5f03b090ad5d8e229ea298a553d060d26baf
SHA256 a1aba33f8e4ad02b4cab185de60760a491e1c6c541de8c61459df9637b76e1a2
SHA512 97d83d239680b545d7c0d3251288a9dc5076840fa1c13e4e99cab0a108b18e70cb1a0dc44a13e03a8bec6ef492d1531c9c179d2b67cf494f33b5205048cdd4ad

C:\ProgramData\iTop VPN\iTopRtt.ept

MD5 69133dd03ca16f6a2b0832a44c82424c
SHA1 383f01b48a322d23e317549539078127fcf2a62e
SHA256 e9329faeee64c73fb5f89aff5d6ab3b734fff6ba85a5313e69eca78a36d59f48
SHA512 ce0c1b8d7bbd9ccb465411ff4d161bd900223d41e9e9afc4a441ddd1d2ce8b5674bcddcc86990fd965781402a1d305f445fc17127ec6632468e64b43a12efb51

C:\Users\Admin\AppData\Roaming\iTop VPN\log\atud.dat

MD5 40724c57faa2a9e565226cc65fb893ef
SHA1 afdc3fd9e58655395cd8ad84032054a133306eff
SHA256 f8fe9a96d1c2737f4db70558391b76b0fe845f5807cea247a1c659db0ba8ea00
SHA512 31ff759cc8e2d5e483b09d01a87391046408addda6614c5e101cd06242c36adb0f8fa2c045e92e55c23049c24bd3a2b8f3893a8e5777654fae91e4df2366071d

C:\ProgramData\iTop VPN\ProductData\StatCache3.db

MD5 64f69f5afa5fffddf113a29863173cbb
SHA1 f5f24a5265a97b6f13142a25db4959c0c1426663
SHA256 bf6c5cd560e612f87ab423800e07dac02082db45d02c58334b4acbea447cf018
SHA512 d898bee7cb951f51673072f5c70001e4a32c76e0b927e37667c0c37134ab6e800ec8522e4ab1a6e748e9347c6cc73c6bcae6ed379790251c6c299b278048b736

C:\Users\Admin\AppData\Roaming\iTop VPN\log\atud.dat

MD5 9ea654a4a2e9f7da3f967ddd55db4e31
SHA1 46cfec5c0dd21a9f8e6acd5a37ea8058939208bd
SHA256 0e33708754d3ea53b09bbf82804025d19d02432ab3ff2b8dc8d202d3b970430d
SHA512 0c383c9c808a14979313216f735d878c798f19ea5f9ea4c14045bcad3aa436854d7cdcdb6845f9e29a36c0464563f82dee8c4cac95fb6196f6326e5b1714d868

C:\Users\Admin\AppData\Roaming\iTop VPN\log\atud.dat

MD5 0e0cde4522d943d1d15515ffb2a8bfe5
SHA1 6263b6742b8b43e230a68ddec629158a0e39cb58
SHA256 83f1f2c795e3cea93b18e416d810e269f192f19cfc34a5c41233395d7d9f7ccd
SHA512 af158a5e92ad30462301aa7185d6a93986ca070ce67d1200cbdc5c2f904f190364cafb3ce19c0a9653b0783074d1ae02fd7e6b164790a0940264a413595bfd54

C:\Program Files (x86)\iTop VPN\Update\update.itdt.tmp

MD5 4087a9da951c51b0ef62a1675b20009f
SHA1 75f8ff09849e747243510ff7c5f0e2097dc36571
SHA256 253558da0feac896d4089aa6b3bdb915a90e355b83f8d286066911a6ce893a3a
SHA512 207bc36b68ba87d444028d14bdaa8282e389cf4074e283251e993404e98dba275d8d87c5c5532fc0e2290d33ac9e8473662a0e0406368c346d2d82f86d024878

C:\Program Files (x86)\iTop VPN\Update\Update.itdt

MD5 384ca5c1c9fc1c4d5167d45af6abb5b0
SHA1 d581fb4ebee1d151a2e92bcec6f58a9b2995f790
SHA256 9ff89f547ed4d58f205838a73a5d6ceb6375ac8a1c50a4bb0ea0b2264bba543d
SHA512 99fe798fdd1a5e8ec44eeb00c0c91dbd7f7c5fc77f7269d061aa881ebe7728bdaaebc9c5408510bcbd6aab71070855cbdd1553da2a974c5a17741cee04f64e7a

C:\Users\Admin\AppData\Roaming\iTop VPN\log\atud.dat

MD5 1ba1a5591dbb4740a8dd044e176a6db2
SHA1 6314b6e502f14a628eac75196654bc5c937d9b33
SHA256 003560ffe578e2cd7a7c81bd309b493da510a5068246f7c3fbbd9f61ff203941
SHA512 d72994815ad6fd07b7f68dda55ebbcfe0cbb4a84e0dad11b1d8def7846ab95186f5f4da6484c6cff44434b4b860ff53d356715051b08a9a3fae5ab83595e50a4

C:\Users\Admin\AppData\Roaming\iTop VPN\log\atud.dat

MD5 32056d3745716dca41617bf9a7ac40af
SHA1 6b1c9f681ec47327fbc006f7035e8b5717d35211
SHA256 2c6bd55d753a7a5278d422de1f64fc349b51a2db5d417bc081c189166b8d8481
SHA512 b1a2215f592345cdad96305751fc258a9952dba6d1c31aacec271879e4297587a7cd51338b0f422295bf2cffc52a7b9839032408b098da98ae435c66752ed358

C:\ProgramData\iTop VPN\ProductData\StatCache3.db

MD5 cc4d5aefe09dc35a81935b4fb2f1c301
SHA1 b104524abf775e919982a7b4e76f814d83622397
SHA256 f73e3b735d7d2471b6daf80e67b5efcc75bc9e6ab6d2700ee8c75d7f87717b03
SHA512 7ac7d9821450726916b46634455a70bf52666ba4f22abbb2a2dcae8579c835a3dde2dce272929bcc8bf51078e99d2cc4d3a9dbe3682760645dfb97801793dbcd

C:\ProgramData\iTop VPN\ProductData\itop6Stat3.ini

MD5 32c1291bbc7f7ec9d73514898cda28bb
SHA1 770a723a6d7d5a5eb8fc13b8410db360ca2f7d65
SHA256 676fbf491d33b81904e70ca4514c0c0b09b1273d009afabae900779f5c1a3af8
SHA512 c18e114fdec6e4f348a994e5f05018286ae52a9f11cac93200c2c90c1a60ec9f3b80b6b6e77278df9d8f1f56bdfba0a71ca179d29acd8ff42817f8fc2e7d6e10

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\CED6812FC3977ABB831B1CA66834B6BB4CEFD879

MD5 4aea3336006cab918d5f66d0505d671e
SHA1 719a0f7ea71cd1462607df9a4ed013985e454549
SHA256 66b5bb37fac22c8a0d7b5dadc0a1c2721369eec68ed445043f46444d5d679cfe
SHA512 677ebfe391aff34a8262bf3aed3cfd4bb9273e71705be6c59da538db2fb787fecc2ad748aa520ee085ee6b223bf7367268984e130f044bfd8ffac90e7522c1c3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\44apwhl3.default-release\cache2\entries\EC44EB88F9FE04564075055948C793DC4B4BCDFF

MD5 e203be63281275aa0fce249fc63c066a
SHA1 a717573adbf241adbea2ece16d0f096ebbce7e5b
SHA256 48e94fc45d7336869eb15e0b99d4d9cd60cf427d7ff9c5c713d409a3c08e661c
SHA512 5536624adf6776da4ed7a0249f5a97f5f4e1068276448e96b56ae43d09a9ed15942987e6c81befed821422e84e50bb66bf52ad204340b965150abbfb502b26f8

C:\Program Files (x86)\iTop VPN\Update\Temp\Pub\ibfn204.exe

MD5 4416fa284d115b2b16c612c2f2f3a7eb
SHA1 0574f735010a6e06ca91e536aa22c811ece9b254
SHA256 7dc83e900af674649a68bdc419752887684d6205b017ead607533eb226954672
SHA512 cb346a1df5c3268565f9a0d39329a8a0eb24afb02eff1d927de1620290f688f60bb173839bb865b11f00fb02303664e7bc192d1ad383e2d6244220cdd388df81

C:\Users\Admin\AppData\Local\Temp\is-11VO7.tmp\Inno_English.lng

MD5 524b7877c76e16d30fd0fe02c2944a28
SHA1 9286211617cb6df68b18952aa0f153981c7cf40e
SHA256 5e11ae4dd2586e690e90b07f9a9fe40843837853de0a27500dcfdd27945cde53
SHA512 df63c0c30e1f173c888820a369b3957d6216978c7c0ec619cf42d7066cf926cad1ee5bc665e33316adf389cbd3acb0d40edd3af651f5163914ece2072d17280a

C:\Users\Admin\AppData\Local\Temp\is-11VO7.tmp\iScrInit.exe

MD5 4f960a23c42774ff8312fa8577935d1b
SHA1 1e69509ca245ef306d98713c7b1b1b23ee7f268b
SHA256 4b17b74f8d3bee6cb8fff0645d2bed766e1f3ec52f6020bb90f0d07e67437976
SHA512 561c9246f739f3b82f24153f30b38d7121ac75ab7b60f0724ebe4405d3c5a1bf23c3738154eef34b651df3d20f8c6bbbdc9890a1b264221b54515fc05fb49900

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\44apwhl3.default-release\sessionstore-backups\recovery.baklz4

MD5 72b49b72ae6aff1266ea017e8270a1cf
SHA1 815b975a713caeaedb574ad44d9706503a698a83
SHA256 cefeca348cda2ab5072624a82d1a37a5510fbda6462c02b07c51f2ec865512c5
SHA512 8fa72aec3613ad3b31729c0d2bb7714fa85721b3567256fa0d16d738dcee97a1d24a757b525fc87c865569b8df18040709aae77a92fb098d381daedb0f098ab3

C:\Program Files (x86)\iTop VPN\Update\Temp\Pub\pmb2.dll

MD5 7cf794a17ce723f2ef55a1ecfb04dbcd
SHA1 052fa7d84c7f4f661bc4726d089a1f447edc6c39
SHA256 88d96df4f780486cc9958762bdf170f4755498af60fc510adb3c2e7599da1df6
SHA512 2abe8c82d7aa79e59b17938e7a427dcc332afb5b0d97bb8db1c1fead2c6f596cf4a94c978d9d786044cd8a645ab4d99e75c49b32004b1ab6d16e56b5847b9a95

C:\Users\Admin\AppData\Local\Temp\I97cpY8udfZlO9(R.tmp.dat

MD5 2f3ce59ff38634bb2be610dbfba0c352
SHA1 ffbb570f2a6f01583df4d394e65fb215eb4c0389
SHA256 e30ead150b3b2f3d24b95fd7e8461dbaf43df70ebfbb2ee544a02a49043830d0
SHA512 79eaa7dfd5e6042ca1e1320bf40b93d4c8b6305c66fea0acc7f1ed6196b48fbd2a28a49c793f3f5fafb5a0562383b446b7cd17701a9deb8d49cf0761871ee96b

C:\ProgramData\IObit\IObitLiveUpdate\update.ept

MD5 93181218775555b1f698b0cd7c1cab57
SHA1 161f5b3faca4eec9536ec11336bc2fb5f5283961
SHA256 cbde30b34597fe8ed88dfb85e0af89d961df76a9536bd025c3f7a4600603bc2b
SHA512 3ee0725ce9876b6d16d26ea1f4f90f2561b25474bb07f275b3a86028fa80b39f98298d30183086937c8c374ade5c1494b915ae359119435e9e4e59e89ae49607

C:\Program Files (x86)\IObit\Advanced SystemCare\LiveUpdateSrvUpt.log

MD5 b31bc12d949450d811f5c77e58fb5101
SHA1 53cc1d12b8a124ef709b7b46a7fd086a60e5c0dd
SHA256 9b35ff8bc002c6393448d950f42b966cb9f79790e8f099e4c4e5a848041015de
SHA512 85fe73a9ad8b3a2b240c684c565f20c6a71565411e0399771e216171a05ae000a72cb2d6934ac2ff24bdce51d6a87b6a702e45e9c82e8e4590fc783693bf78a8

C:\Program Files (x86)\iTop VPN\Update\Temp\Pub\pmb2b.dll

MD5 f041bcf17494a7ed9f6b1194dcfc190a
SHA1 1e5ce14f03da0f5124d4efa049767102ea3ee17e
SHA256 2e5b63513249894528ae5791a8b32eb95456e26dde16ef6dab63408f6a87ac39
SHA512 d40da31f0acd602a44efa843450258355a3416061e73c7b53b5c7410601cb715f5f95bb94cbae97e87ed9aabd85bf4cc4d696f03c2285edb5f3f781463a824f0

C:\Program Files (x86)\iTop VPN\Update\Temp\Pub\pmb2pop.exe

MD5 2abf95710d21f61974d6d3aacd3da070
SHA1 5a9e5d59086fcd1edb34d59b7b707292e8271d24
SHA256 4894cc3d0d4d4fbf698e17572b2e83fc3c04fbbee130ecb5569082c765a9e108
SHA512 888666bd2954a8b9c841eef293e6653f2aacba182e504077ba9f06afd5ee3f7b39317151760e140d52ab22a8f8ed7b3b872b38fb6b489cf807c704a4d51191fc

C:\Users\Admin\AppData\Local\Temp\ZLB1C70.tmp

MD5 125325d097cf1f1c8b2ab5e1c3622f9c
SHA1 ee9b66a06e84b603aeb8c34aad143bbca2fc0753
SHA256 66ff18a55ae530bd24c774b78df4b8981621ce54e2d40c8e6ecf1c74ddc4db5f
SHA512 0baab8ca6317c732442e04bede01be33eaddf4400aea62a18a98eba97a55f203de3cee4a820228d6ccf922425a17451529161c4252785f4836ba1552766819ca

C:\Program Files (x86)\iTop VPN\Update\Temp\Pub\itopnewyp25.exe

MD5 6d2bdad175f6103178ec1b991d87132b
SHA1 6df9ffea9a323c70167458c189202a7acf1827e8
SHA256 ee18892c34684fc1610508ef1f5a2edac470bcce87ca7ad1eb43e55bc0167963
SHA512 4c4b1b3727eb1e7a71c6ad9ebf4e8f9434ab811625ebc9912325dbcbca2e2c8b9f0871f19c125a25ad0b8043245e0e29ff6b24c7b819948de3d62cbdbc0fb523