dd77515cfe3af20154c0b3f87abc3f7082d4c0875b646e018b87a8da8de83d80

Analysis

max time kernel
153s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
19/11/2023, 19:59 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

anygo.exe
Size

101.1MB
MD5

86c8c71925193104ab11fb90b62a2c26
SHA1

f8535c08a873045ee53f56735464f96de80bf18e
SHA256

dd77515cfe3af20154c0b3f87abc3f7082d4c0875b646e018b87a8da8de83d80
SHA512

d9800245bf12c5c3a0c6d1e4f315b5aa1bd90db0fb242fc01cbc58360973e678e162943b21c0abca11d3e798b0769b07b12ba5639ebf8c44124af5f931a72314
SSDEEP

3145728:N9t1MVL42RB8P/JZn7+uZDO1ncY6Qf8A1s7x3VenQ:N9t1Mq+inJZ7RhO1cJQ0Co/

Score

10^/10

discovery evasion persistence spyware stealer vmprotect

Malware Config

Signatures

Modifies firewall policy service 2 TTPs 1 IoCs

evasion

Modify Registry

T1112

Windows Service

T1543.003

description	ioc	Process
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules	mDNSResponder.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

VMProtect packed file 5 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral3/files/0x0006000000022e91-572.dat	vmprotect
behavioral3/files/0x0006000000022e91-571.dat	vmprotect
behavioral3/memory/2704-576-0x000000006CA40000-0x000000006D293000-memory.dmp	vmprotect
behavioral3/memory/2704-577-0x000000006CA40000-0x000000006D293000-memory.dmp	vmprotect
behavioral3/memory/2704-579-0x000000006CA40000-0x000000006D293000-memory.dmp	vmprotect

Blocklisted process makes network request 3 IoCs

flow	pid	Process
109	544	msiexec.exe
113	544	msiexec.exe
119	544	msiexec.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
60	ip-api.com

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation	anygo.tmp

Drops file in System32 directory 41 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\usbaapl64.inf_amd64_c0e4d8c2aef471b7\USBAAPL64.CAT	DrvInst.exe
File created	C:\Windows\SysWOW64\jdns_sd.dll	msiexec.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\usbaapl.inf_amd64_b11f4eb7484c8d3b\usbaapl.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{9e7f60b0-66f2-7244-bb12-2c0e6d7444a2}	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{a075bb7d-48f6-314d-94bf-d3c9fce68778}\SET6F3B.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{a075bb7d-48f6-314d-94bf-d3c9fce68778}\SET6F4B.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{9e7f60b0-66f2-7244-bb12-2c0e6d7444a2}\usbaapl.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{a075bb7d-48f6-314d-94bf-d3c9fce68778}\SET6F6D.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{a075bb7d-48f6-314d-94bf-d3c9fce68778}\usbaaplrc.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File created	C:\Windows\SysWOW64\dns-sd.exe	msiexec.exe
File created	C:\Windows\SysWOW64\dnssdX.dll	msiexec.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{a075bb7d-48f6-314d-94bf-d3c9fce68778}\usbaapl64.sys	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{a075bb7d-48f6-314d-94bf-d3c9fce68778}\SET6F6D.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{9e7f60b0-66f2-7244-bb12-2c0e6d7444a2}\SET6D56.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{9e7f60b0-66f2-7244-bb12-2c0e6d7444a2}\USBAAPL.CAT	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{a075bb7d-48f6-314d-94bf-d3c9fce68778}\usbaapl64.inf	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{a075bb7d-48f6-314d-94bf-d3c9fce68778}\SET6F4C.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{a075bb7d-48f6-314d-94bf-d3c9fce68778}	DrvInst.exe
File created	C:\Windows\system32\dnssd.dll	msiexec.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbaapl.inf_amd64_b11f4eb7484c8d3b\usbaapl.PNF	DPInst64.exe
File created	C:\Windows\System32\DriverStore\Temp\{a075bb7d-48f6-314d-94bf-d3c9fce68778}\SET6F3B.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{a075bb7d-48f6-314d-94bf-d3c9fce68778}\SET6F4B.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\usbaapl64.inf_amd64_c0e4d8c2aef471b7\usbaaplrc.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{a075bb7d-48f6-314d-94bf-d3c9fce68778}\SET6F4C.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\usbaapl64.inf_amd64_c0e4d8c2aef471b7\usbaapl64.inf	DrvInst.exe
File created	C:\Windows\system32\dns-sd.exe	msiexec.exe
File created	C:\Windows\System32\DriverStore\Temp\{9e7f60b0-66f2-7244-bb12-2c0e6d7444a2}\SET6D57.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbaapl64.inf_amd64_c0e4d8c2aef471b7\usbaapl64.PNF	DPInst64.exe
File created	C:\Windows\SysWOW64\dnssd.dll	msiexec.exe
File created	C:\Windows\system32\jdns_sd.dll	msiexec.exe
File created	C:\Windows\system32\dnssdX.dll	msiexec.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{9e7f60b0-66f2-7244-bb12-2c0e6d7444a2}\SET6D56.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{9e7f60b0-66f2-7244-bb12-2c0e6d7444a2}\SET6D57.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\usbaapl.inf_amd64_b11f4eb7484c8d3b\USBAAPL.CAT	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DPInst64.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{a075bb7d-48f6-314d-94bf-d3c9fce68778}\USBAAPL64.CAT	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\usbaapl64.inf_amd64_c0e4d8c2aef471b7\usbaapl64.sys	DrvInst.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\AnyGo\apple driver\is-SQ0FR.tmp	anygo.tmp
File created	C:\Program Files (x86)\AnyGo\idevice\is-8EPMC.tmp	anygo.tmp
File created	C:\Program Files (x86)\AnyGo\translations\qtwebengine_locales\is-043N1.tmp	anygo.tmp
File opened for modification	C:\Program Files (x86)\AnyGo\curl.exe	anygo.tmp
File created	C:\Program Files (x86)\AnyGo\is-75RET.tmp	anygo.tmp
File created	C:\Program Files (x86)\AnyGo\is-OMB0S.tmp	anygo.tmp
File opened for modification	C:\Program Files (x86)\AnyGo\imageformats\qsvg.dll	anygo.tmp
File opened for modification	C:\Program Files (x86)\AnyGo\icudt62.dll	anygo.tmp
File opened for modification	C:\Program Files (x86)\AnyGo\idevice\api-ms-win-crt-stdio-l1-1-0.dll	anygo.tmp
File created	C:\Program Files (x86)\AnyGo\is-44KJ7.tmp	anygo.tmp
File opened for modification	C:\Program Files (x86)\AnyGo\api-ms-win-core-console-l1-1-0.dll	anygo.tmp
File opened for modification	C:\Program Files (x86)\AnyGo\idevice\ideviceinstaller.exe	anygo.tmp
File opened for modification	C:\Program Files (x86)\AnyGo\apple driver\DPInst64.exe	anygo.tmp
File opened for modification	C:\Program Files\Java\jre-1.8\lib\ext\dns_sd.jar	msiexec.exe
File opened for modification	C:\Program Files (x86)\AnyGo\idevice\api-ms-win-crt-string-l1-1-0.dll	anygo.tmp
File created	C:\Program Files (x86)\AnyGo\is-IH91K.tmp	anygo.tmp
File created	C:\Program Files (x86)\AnyGo\is-V7IO1.tmp	anygo.tmp
File created	C:\Program Files (x86)\AnyGo\translations\qtwebengine_locales\is-JK7C3.tmp	anygo.tmp
File created	C:\Program Files (x86)\AnyGo\translations\qtwebengine_locales\is-IF0S4.tmp	anygo.tmp
File opened for modification	C:\Program Files (x86)\AnyGo\api-ms-win-core-processthreads-l1-1-0.dll	anygo.tmp
File created	C:\Program Files (x86)\AnyGo\is-IDN5L.tmp	anygo.tmp
File created	C:\Program Files (x86)\AnyGo\imageformats\is-I3I9C.tmp	anygo.tmp
File created	C:\Program Files (x86)\AnyGo\translations\is-AII9F.tmp	anygo.tmp
File opened for modification	C:\Program Files (x86)\AnyGo\BugSplat.dll	anygo.tmp
File opened for modification	C:\Program Files (x86)\AnyGo\idevice\ucrtbase.dll	anygo.tmp
File created	C:\Program Files (x86)\AnyGo\is-I3LRI.tmp	anygo.tmp
File created	C:\Program Files (x86)\AnyGo\idevice\is-J9F5F.tmp	anygo.tmp
File created	C:\Program Files (x86)\AnyGo\idevice\is-RHIF3.tmp	anygo.tmp
File created	C:\Program Files (x86)\AnyGo\is-75JUB.tmp	anygo.tmp
File opened for modification	C:\Program Files (x86)\AnyGo\bearer\qgenericbearer.dll	anygo.tmp
File opened for modification	C:\Program Files (x86)\AnyGo\printsupport\windowsprintersupport.dll	anygo.tmp
File opened for modification	C:\Program Files (x86)\AnyGo\BugSplatRc.dll	anygo.tmp
File opened for modification	C:\Program Files (x86)\AnyGo\apple driver\devcon_x64.exe	anygo.tmp
File opened for modification	C:\Program Files (x86)\AnyGo\imageformats\qjpeg.dll	anygo.tmp
File opened for modification	C:\Program Files (x86)\AnyGo\idevice\api-ms-win-crt-environment-l1-1-0.dll	anygo.tmp
File created	C:\Program Files (x86)\AnyGo\translations\qtwebengine_locales\is-TLGCN.tmp	anygo.tmp
File created	C:\Program Files (x86)\Bonjour\Bonjour.Resources\pt.lproj\About Bonjour.rtf	msiexec.exe
File opened for modification	C:\Program Files (x86)\AnyGo\AppleMobileDeviceProcess_main.dll	anygo.tmp
File opened for modification	C:\Program Files (x86)\AnyGo\api-ms-win-crt-runtime-l1-1-0.dll	anygo.tmp
File opened for modification	C:\Program Files (x86)\AnyGo\libxml2.dll	anygo.tmp
File created	C:\Program Files (x86)\AnyGo\is-FUAFC.tmp	anygo.tmp
File created	C:\Program Files (x86)\AnyGo\translations\is-G3GKL.tmp	anygo.tmp
File opened for modification	C:\Program Files (x86)\AnyGo\api-ms-win-crt-private-l1-1-0.dll	anygo.tmp
File created	C:\Program Files (x86)\AnyGo\is-H2HJV.tmp	anygo.tmp
File opened for modification	C:\Program Files (x86)\AnyGo\imageformats\qicns.dll	anygo.tmp
File created	C:\Program Files (x86)\AnyGo\is-A1C4K.tmp	anygo.tmp
File created	C:\Program Files (x86)\AnyGo\is-G39GG.tmp	anygo.tmp
File created	C:\Program Files (x86)\AnyGo\resources\is-F73V9.tmp	anygo.tmp
File opened for modification	C:\Program Files (x86)\AnyGo\libcrypto-3.dll	anygo.tmp
File opened for modification	C:\Program Files (x86)\AnyGo\libGLESV2.dll	anygo.tmp
File opened for modification	C:\Program Files (x86)\AnyGo\ucrtbase.dll	anygo.tmp
File created	C:\Program Files (x86)\AnyGo\idevice\is-CCGS0.tmp	anygo.tmp
File created	C:\Program Files (x86)\Bonjour\mdnsNSP.dll	msiexec.exe
File opened for modification	C:\Program Files (x86)\AnyGo\api-ms-win-core-debug-l1-1-0.dll	anygo.tmp
File created	C:\Program Files (x86)\AnyGo\is-UDES6.tmp	anygo.tmp
File created	C:\Program Files (x86)\AnyGo\is-O98JU.tmp	anygo.tmp
File opened for modification	C:\Program Files (x86)\AnyGo\api-ms-win-core-interlocked-l1-1-0.dll	anygo.tmp
File created	C:\Program Files (x86)\AnyGo\imageformats\is-DSG5M.tmp	anygo.tmp
File created	C:\Program Files (x86)\AnyGo\translations\qtwebengine_locales\is-HDD32.tmp	anygo.tmp
File opened for modification	C:\Program Files (x86)\AnyGo\api-ms-win-crt-utility-l1-1-0.dll	anygo.tmp
File created	C:\Program Files (x86)\AnyGo\idevice\is-NVF37.tmp	anygo.tmp
File created	C:\Program Files (x86)\AnyGo\translations\is-506G8.tmp	anygo.tmp
File opened for modification	C:\Program Files (x86)\AnyGo\YSCrashDump.dll	anygo.tmp
File created	C:\Program Files (x86)\AnyGo\is-98HLR.tmp	anygo.tmp

Drops file in Windows directory 27 IoCs

description	ioc	Process
File created	C:\Windows\Installer\SourceHash{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}	msiexec.exe
File created	C:\Windows\Installer\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}\RichText.ico	msiexec.exe
File opened for modification	C:\Windows\DPINST.LOG	DPInst64.exe
File created	C:\Windows\inf\oem4.inf	DrvInst.exe
File created	C:\Windows\Installer\e597a66.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI813D.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8548.tmp	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DPInst64.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	svchost.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\Installer\MSI843C.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI849B.tmp	msiexec.exe
File created	C:\Windows\Installer\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}\Bonjour.ico	msiexec.exe
File created	C:\Windows\inf\oem3.inf	DrvInst.exe
File opened for modification	C:\Windows\inf\oem4.inf	DrvInst.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}\RichText.ico	msiexec.exe
File opened for modification	C:\Windows\inf\oem3.inf	DrvInst.exe
File opened for modification	C:\Windows\Installer\MSI80AF.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8885.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}\Bonjour.ico	msiexec.exe
File opened for modification	C:\Windows\Installer\e597a66.msi	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI846C.tmp	msiexec.exe
File created	C:\Windows\Installer\e597a6b.msi	msiexec.exe

Executes dropped EXE 15 IoCs

pid	Process
4128	anygo.tmp
2704	AnyGoW.exe
3284	QtWebEngineProcess.exe
3008	DPInst64.exe
4460	AppleMobileDeviceProcess.exe
1832	adb.exe
1500	adb.exe
5632	adb.exe
5576	mDNSResponder.exe
2588	Process not Found
528	adb.exe
1344	adb.exe
5748	adb.exe
5796	adb.exe
5544	adb.exe

Loads dropped DLL 64 IoCs

pid	Process
2704	AnyGoW.exe
2704	AnyGoW.exe
2704	AnyGoW.exe
2704	AnyGoW.exe
2704	AnyGoW.exe
2704	AnyGoW.exe
2704	AnyGoW.exe
2704	AnyGoW.exe
2704	AnyGoW.exe
2704	AnyGoW.exe
2704	AnyGoW.exe
2704	AnyGoW.exe
2704	AnyGoW.exe
2704	AnyGoW.exe
2704	AnyGoW.exe
2704	AnyGoW.exe
2704	AnyGoW.exe
2704	AnyGoW.exe
2704	AnyGoW.exe
2704	AnyGoW.exe
2704	AnyGoW.exe
2704	AnyGoW.exe
2704	AnyGoW.exe
2704	AnyGoW.exe
2704	AnyGoW.exe
2704	AnyGoW.exe
2704	AnyGoW.exe
2704	AnyGoW.exe
2704	AnyGoW.exe
2704	AnyGoW.exe
2704	AnyGoW.exe
2704	AnyGoW.exe
2704	AnyGoW.exe
2704	AnyGoW.exe
2704	AnyGoW.exe
2704	AnyGoW.exe
2704	AnyGoW.exe
2704	AnyGoW.exe
2704	AnyGoW.exe
3284	QtWebEngineProcess.exe
3284	QtWebEngineProcess.exe
3284	QtWebEngineProcess.exe
3284	QtWebEngineProcess.exe
3284	QtWebEngineProcess.exe
3284	QtWebEngineProcess.exe
3284	QtWebEngineProcess.exe
3284	QtWebEngineProcess.exe
3284	QtWebEngineProcess.exe
3284	QtWebEngineProcess.exe
3284	QtWebEngineProcess.exe
2704	AnyGoW.exe
4460	AppleMobileDeviceProcess.exe
4460	AppleMobileDeviceProcess.exe
4460	AppleMobileDeviceProcess.exe
4460	AppleMobileDeviceProcess.exe
4460	AppleMobileDeviceProcess.exe
4460	AppleMobileDeviceProcess.exe
4460	AppleMobileDeviceProcess.exe
4460	AppleMobileDeviceProcess.exe
4460	AppleMobileDeviceProcess.exe
4460	AppleMobileDeviceProcess.exe
4460	AppleMobileDeviceProcess.exe
4460	AppleMobileDeviceProcess.exe
2704	AnyGoW.exe

Registers COM server for autorun 1 TTPs 16 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7FD72324-63E1-45AD-B337-4D525BD98DAD}\InprocServer32	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7FD72324-63E1-45AD-B337-4D525BD98DAD}\InprocServer32\ = "C:\\Windows\\system32\\dnssdX.dll"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{BEEB932A-8D4A-4619-AEFE-A836F988B221}\InprocServer32	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BEEB932A-8D4A-4619-AEFE-A836F988B221}\InprocServer32\ThreadingModel = "Apartment"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{24CD4DE9-FF84-4701-9DC1-9B69E0D1090A}\InprocServer32\ThreadingModel = "Apartment"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{5E93C5A9-7516-4259-A67B-41A656F6E01C}\InprocServer32	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5E93C5A9-7516-4259-A67B-41A656F6E01C}\InprocServer32\ = "C:\\Windows\\system32\\dnssdX.dll"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{24CD4DE9-FF84-4701-9DC1-9B69E0D1090A}\InprocServer32\ = "C:\\Windows\\system32\\dnssdX.dll"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5E93C5A9-7516-4259-A67B-41A656F6E01C}\InprocServer32\ThreadingModel = "Apartment"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{AFEE063C-05BA-4248-A26E-168477F49734}\InprocServer32	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AFEE063C-05BA-4248-A26E-168477F49734}\InprocServer32\ = "C:\\Windows\\system32\\dnssdX.dll"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AFEE063C-05BA-4248-A26E-168477F49734}\InprocServer32\ThreadingModel = "Apartment"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{7FD72324-63E1-45AD-B337-4D525BD98DAD}\InprocServer32	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7FD72324-63E1-45AD-B337-4D525BD98DAD}\InprocServer32\ThreadingModel = "Both"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{24CD4DE9-FF84-4701-9DC1-9B69E0D1090A}\InprocServer32	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BEEB932A-8D4A-4619-AEFE-A836F988B221}\InprocServer32\ = "C:\\Windows\\system32\\dnssdX.dll"	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 62 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DPInst64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	AnyGoW.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	AnyGoW.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DPInst64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	DPInst64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DPInst64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	DPInst64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	DPInst64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	AnyGoW.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	DPInst64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	AnyGoW.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	DPInst64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	DPInst64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DPInst64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DPInst64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	DPInst64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	DPInst64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	DPInst64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DPInst64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DPInst64.exe

Enumerates processes with tasklist 1 TTPs 1 IoCs

Process Discovery

T1057

pid	Process
4900	tasklist.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
1236	taskkill.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1A\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{24CD4DE9-FF84-4701-9DC1-9B69E0D1090A}\InprocServer32\ThreadingModel = "Apartment"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AFEE063C-05BA-4248-A26E-168477F49734}\TypeLib\ = "{18FBED6D-F2B7-4EC8-A4A4-46282E635308}"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8FA0889C-5973-4FC9-970B-EC15C925D0CE}\TypeLib\Version = "1.0"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{8FA0889C-5973-4FC9-970B-EC15C925D0CE}\NumMethods	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\8BFDDD6597F70844985D521E5FA22BF8\JavaSupport = "Bonjour"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AFEE063C-05BA-4248-A26E-168477F49734}\VersionIndependentProgID	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Bonjour.DNSSDService\CLSID	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Bonjour.DNSSDEventManager\CurVer\ = "Bonjour.DNSSDEventManager.1"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{BEEB932A-8D4A-4619-AEFE-A836F988B221}\Programmable	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7FD72324-63E1-45AD-B337-4D525BD98DAD}\TypeLib\ = "{18FBED6D-F2B7-4EC8-A4A4-46282E635308}"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8FA0889C-5973-4FC9-970B-EC15C925D0CE}\ = "ITXTRecord"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{9CE603A0-3365-4DA0-86D1-3F780ECBA110}\ProxyStubClsid	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{24CD4DE9-FF84-4701-9DC1-9B69E0D1090A}\TypeLib\ = "{18FBED6D-F2B7-4EC8-A4A4-46282E635308}"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{24CD4DE9-FF84-4701-9DC1-9B69E0D1090A}\Programmable	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{24CD4DE9-FF84-4701-9DC1-9B69E0D1090A}\ProgID	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Bonjour.DNSSDRecord.1	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Bonjour.DNSSDRecord.1\CLSID	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BEEB932A-8D4A-4619-AEFE-A836F988B221}	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{21AE8D7F-D5FE-45CF-B632-CFA2C2C6B498}\ProxyStubClsid	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7FD72324-63E1-45AD-B337-4D525BD98DAD}\NumMethods\ = "7"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Bonjour.DNSSDService.1	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{5E93C5A9-7516-4259-A67B-41A656F6E01C}\InprocServer32	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{BEEB932A-8D4A-4619-AEFE-A836F988B221}\VersionIndependentProgID	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BEEB932A-8D4A-4619-AEFE-A836F988B221}\ = "DNSSDEventManager Class"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{29DE265F-8402-474F-833A-D4653B23458F}\NumMethods\ = "19"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{18FBED6D-F2B7-4EC8-A4A4-46282E635308}\1.0\0\win64\ = "C:\\Windows\\system32\\dnssdX.dll"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Bonjour.TXTRecord\CurVer	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BEEB932A-8D4A-4619-AEFE-A836F988B221}\ProgID\ = "Bonjour.DNSSDEventManager.1"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{8FA0889C-5973-4FC9-970B-EC15C925D0CE}\ProxyStubClsid32	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\8BFDDD6597F70844985D521E5FA22BF8\mDNSResponder = "Bonjour"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\1523EA646D34FC14C8FD9E203C58611D\8BFDDD6597F70844985D521E5FA22BF8	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{24CD4DE9-FF84-4701-9DC1-9B69E0D1090A}\ProgID\ = "Bonjour.DNSSDService.1"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Bonjour.DNSSDRecord\CLSID	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Bonjour.TXTRecord\ = "TXTRecord Class"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Bonjour.TXTRecord.1\CLSID\ = "{AFEE063C-05BA-4248-A26E-168477F49734}"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{7FD72324-63E1-45AD-B337-4D525BD98DAD}	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8FA0889C-5973-4FC9-970B-EC15C925D0CE}\NumMethods\ = "14"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8BFDDD6597F70844985D521E5FA22BF8\SourceList\Net\1 = "C:\\Program Files (x86)\\AnyGo\\Bonjour\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{7FD72324-63E1-45AD-B337-4D525BD98DAD}\ProxyStubClsid32	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{29DE265F-8402-474F-833A-D4653B23458F}\TypeLib	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{24CD4DE9-FF84-4701-9DC1-9B69E0D1090A}	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{24CD4DE9-FF84-4701-9DC1-9B69E0D1090A}\InprocServer32	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{BEEB932A-8D4A-4619-AEFE-A836F988B221}\Programmable	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{21AE8D7F-D5FE-45CF-B632-CFA2C2C6B498}\ProxyStubClsid\ = "{00020420-0000-0000-C000-000000000046}"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{29DE265F-8402-474F-833A-D4653B23458F}\ProxyStubClsid32\ = "{7FD72324-63E1-45AD-B337-4D525BD98DAD}"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Bonjour.DNSSDService.1\ = "DNSSDService Class"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5E93C5A9-7516-4259-A67B-41A656F6E01C}\InprocServer32\ = "C:\\Windows\\SysWOW64\\dnssdX.dll"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Bonjour.TXTRecord.1\CLSID	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{21AE8D7F-D5FE-45CF-B632-CFA2C2C6B498}\ProxyStubClsid32	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{29DE265F-8402-474F-833A-D4653B23458F}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{24CD4DE9-FF84-4701-9DC1-9B69E0D1090A}\InprocServer32\ = "C:\\Windows\\system32\\dnssdX.dll"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{7FD72324-63E1-45AD-B337-4D525BD98DAD}	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{AFEE063C-05BA-4248-A26E-168477F49734}\Programmable	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{29DE265F-8402-474F-833A-D4653B23458F}\ = "IDNSSDService"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5E93C5A9-7516-4259-A67B-41A656F6E01C}\InprocServer32\ThreadingModel = "Apartment"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Bonjour.DNSSDRecord\ = "DNSSDRecord Class"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Bonjour.DNSSDEventManager.1\CLSID	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{9CE603A0-3365-4DA0-86D1-3F780ECBA110}	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{18FBED6D-F2B7-4EC8-A4A4-46282E635308}\1.0\0	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7FD72324-63E1-45AD-B337-4D525BD98DAD}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8FA0889C-5973-4FC9-970B-EC15C925D0CE}\TypeLib\ = "{18FBED6D-F2B7-4EC8-A4A4-46282E635308}"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{18FBED6D-F2B7-4EC8-A4A4-46282E635308}	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8BFDDD6597F70844985D521E5FA22BF8\Version = "50397184"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{24CD4DE9-FF84-4701-9DC1-9B69E0D1090A}	msiexec.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	DPInst64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	DPInst64.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2704	AnyGoW.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4128	anygo.tmp
4128	anygo.tmp
2704	AnyGoW.exe
2704	AnyGoW.exe
3284	QtWebEngineProcess.exe
3284	QtWebEngineProcess.exe
4460	AppleMobileDeviceProcess.exe
4460	AppleMobileDeviceProcess.exe
2504	msedge.exe
2504	msedge.exe
1988	msedge.exe
1988	msedge.exe
4992	identity_helper.exe
4992	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1236	taskkill.exe
Token: SeDebugPrivilege	4900	tasklist.exe
Token: SeDebugPrivilege	2704	AnyGoW.exe
Token: SeAuditPrivilege	4444	svchost.exe
Token: SeSecurityPrivilege	4444	svchost.exe
Token: SeShutdownPrivilege	3040	msiexec.exe
Token: SeIncreaseQuotaPrivilege	3040	msiexec.exe
Token: SeSecurityPrivilege	544	msiexec.exe
Token: SeCreateTokenPrivilege	3040	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	3040	msiexec.exe
Token: SeLockMemoryPrivilege	3040	msiexec.exe
Token: SeIncreaseQuotaPrivilege	3040	msiexec.exe
Token: SeMachineAccountPrivilege	3040	msiexec.exe
Token: SeTcbPrivilege	3040	msiexec.exe
Token: SeSecurityPrivilege	3040	msiexec.exe
Token: SeTakeOwnershipPrivilege	3040	msiexec.exe
Token: SeLoadDriverPrivilege	3040	msiexec.exe
Token: SeSystemProfilePrivilege	3040	msiexec.exe
Token: SeSystemtimePrivilege	3040	msiexec.exe
Token: SeProfSingleProcessPrivilege	3040	msiexec.exe
Token: SeIncBasePriorityPrivilege	3040	msiexec.exe
Token: SeCreatePagefilePrivilege	3040	msiexec.exe
Token: SeCreatePermanentPrivilege	3040	msiexec.exe
Token: SeBackupPrivilege	3040	msiexec.exe
Token: SeRestorePrivilege	3040	msiexec.exe
Token: SeShutdownPrivilege	3040	msiexec.exe
Token: SeDebugPrivilege	3040	msiexec.exe
Token: SeAuditPrivilege	3040	msiexec.exe
Token: SeSystemEnvironmentPrivilege	3040	msiexec.exe
Token: SeChangeNotifyPrivilege	3040	msiexec.exe
Token: SeRemoteShutdownPrivilege	3040	msiexec.exe
Token: SeUndockPrivilege	3040	msiexec.exe
Token: SeSyncAgentPrivilege	3040	msiexec.exe
Token: SeEnableDelegationPrivilege	3040	msiexec.exe
Token: SeManageVolumePrivilege	3040	msiexec.exe
Token: SeImpersonatePrivilege	3040	msiexec.exe
Token: SeCreateGlobalPrivilege	3040	msiexec.exe
Token: SeRestorePrivilege	544	msiexec.exe
Token: SeTakeOwnershipPrivilege	544	msiexec.exe
Token: SeRestorePrivilege	544	msiexec.exe
Token: SeTakeOwnershipPrivilege	544	msiexec.exe
Token: SeRestorePrivilege	544	msiexec.exe
Token: SeTakeOwnershipPrivilege	544	msiexec.exe
Token: SeRestorePrivilege	544	msiexec.exe
Token: SeTakeOwnershipPrivilege	544	msiexec.exe
Token: SeRestorePrivilege	544	msiexec.exe
Token: SeTakeOwnershipPrivilege	544	msiexec.exe
Token: SeRestorePrivilege	544	msiexec.exe
Token: SeTakeOwnershipPrivilege	544	msiexec.exe
Token: SeRestorePrivilege	544	msiexec.exe
Token: SeTakeOwnershipPrivilege	544	msiexec.exe
Token: SeRestorePrivilege	544	msiexec.exe
Token: SeTakeOwnershipPrivilege	544	msiexec.exe
Token: SeRestorePrivilege	544	msiexec.exe
Token: SeTakeOwnershipPrivilege	544	msiexec.exe
Token: SeRestorePrivilege	544	msiexec.exe
Token: SeTakeOwnershipPrivilege	544	msiexec.exe
Token: SeRestorePrivilege	544	msiexec.exe
Token: SeTakeOwnershipPrivilege	544	msiexec.exe
Token: SeRestorePrivilege	544	msiexec.exe
Token: SeTakeOwnershipPrivilege	544	msiexec.exe
Token: SeRestorePrivilege	544	msiexec.exe
Token: SeTakeOwnershipPrivilege	544	msiexec.exe
Token: SeRestorePrivilege	544	msiexec.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4128	anygo.tmp
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe

Suspicious use of SetWindowsHookEx 16 IoCs

pid	Process
2704	AnyGoW.exe
2704	AnyGoW.exe
2704	AnyGoW.exe
2704	AnyGoW.exe
2704	AnyGoW.exe
2704	AnyGoW.exe
2704	AnyGoW.exe
2704	AnyGoW.exe
2704	AnyGoW.exe
2704	AnyGoW.exe
2704	AnyGoW.exe
2704	AnyGoW.exe
2704	AnyGoW.exe
2704	AnyGoW.exe
2704	AnyGoW.exe
2704	AnyGoW.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2440 wrote to memory of 4128	2440	anygo.exe	86
PID 2440 wrote to memory of 4128	2440	anygo.exe	86
PID 2440 wrote to memory of 4128	2440	anygo.exe	86
PID 4128 wrote to memory of 976	4128	anygo.tmp	91
PID 4128 wrote to memory of 976	4128	anygo.tmp	91
PID 4128 wrote to memory of 976	4128	anygo.tmp	91
PID 4128 wrote to memory of 2708	4128	anygo.tmp	93
PID 4128 wrote to memory of 2708	4128	anygo.tmp	93
PID 4128 wrote to memory of 2708	4128	anygo.tmp	93
PID 976 wrote to memory of 1236	976	cmd.exe	95
PID 976 wrote to memory of 1236	976	cmd.exe	95
PID 976 wrote to memory of 1236	976	cmd.exe	95
PID 2708 wrote to memory of 4900	2708	cmd.exe	96
PID 2708 wrote to memory of 4900	2708	cmd.exe	96
PID 2708 wrote to memory of 4900	2708	cmd.exe	96
PID 2708 wrote to memory of 4328	2708	cmd.exe	97
PID 2708 wrote to memory of 4328	2708	cmd.exe	97
PID 2708 wrote to memory of 4328	2708	cmd.exe	97
PID 4128 wrote to memory of 2704	4128	anygo.tmp	105
PID 4128 wrote to memory of 2704	4128	anygo.tmp	105
PID 4128 wrote to memory of 2704	4128	anygo.tmp	105
PID 2704 wrote to memory of 3284	2704	AnyGoW.exe	111
PID 2704 wrote to memory of 3284	2704	AnyGoW.exe	111
PID 2704 wrote to memory of 3284	2704	AnyGoW.exe	111
PID 2704 wrote to memory of 3008	2704	AnyGoW.exe	112
PID 2704 wrote to memory of 3008	2704	AnyGoW.exe	112
PID 2704 wrote to memory of 4460	2704	AnyGoW.exe	113
PID 2704 wrote to memory of 4460	2704	AnyGoW.exe	113
PID 2704 wrote to memory of 4460	2704	AnyGoW.exe	113
PID 2704 wrote to memory of 1832	2704	AnyGoW.exe	114
PID 2704 wrote to memory of 1832	2704	AnyGoW.exe	114
PID 2704 wrote to memory of 1832	2704	AnyGoW.exe	114
PID 4444 wrote to memory of 1948	4444	svchost.exe	117
PID 4444 wrote to memory of 1948	4444	svchost.exe	117
PID 4444 wrote to memory of 1168	4444	svchost.exe	118
PID 4444 wrote to memory of 1168	4444	svchost.exe	118
PID 2704 wrote to memory of 2504	2704	AnyGoW.exe	119
PID 2704 wrote to memory of 2504	2704	AnyGoW.exe	119
PID 2504 wrote to memory of 3324	2504	msedge.exe	120
PID 2504 wrote to memory of 3324	2504	msedge.exe	120
PID 2504 wrote to memory of 1812	2504	msedge.exe	123
PID 2504 wrote to memory of 1812	2504	msedge.exe	123
PID 2504 wrote to memory of 1812	2504	msedge.exe	123
PID 2504 wrote to memory of 1812	2504	msedge.exe	123
PID 2504 wrote to memory of 1812	2504	msedge.exe	123
PID 2504 wrote to memory of 1812	2504	msedge.exe	123
PID 2504 wrote to memory of 1812	2504	msedge.exe	123
PID 2504 wrote to memory of 1812	2504	msedge.exe	123
PID 2504 wrote to memory of 1812	2504	msedge.exe	123
PID 2504 wrote to memory of 1812	2504	msedge.exe	123
PID 2504 wrote to memory of 1812	2504	msedge.exe	123
PID 2504 wrote to memory of 1812	2504	msedge.exe	123
PID 2504 wrote to memory of 1812	2504	msedge.exe	123
PID 2504 wrote to memory of 1812	2504	msedge.exe	123
PID 2504 wrote to memory of 1812	2504	msedge.exe	123
PID 2504 wrote to memory of 1812	2504	msedge.exe	123
PID 2504 wrote to memory of 1812	2504	msedge.exe	123
PID 2504 wrote to memory of 1812	2504	msedge.exe	123
PID 2504 wrote to memory of 1812	2504	msedge.exe	123
PID 2504 wrote to memory of 1812	2504	msedge.exe	123
PID 2504 wrote to memory of 1812	2504	msedge.exe	123
PID 2504 wrote to memory of 1812	2504	msedge.exe	123
PID 2504 wrote to memory of 1812	2504	msedge.exe	123
PID 2504 wrote to memory of 1812	2504	msedge.exe	123

C:\Users\Admin\AppData\Local\Temp\anygo.exe
"C:\Users\Admin\AppData\Local\Temp\anygo.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2440
- C:\Users\Admin\AppData\Local\Temp\is-MB9MK.tmp\anygo.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-MB9MK.tmp\anygo.tmp" /SL5="$B009C,105245418,784384,C:\Users\Admin\AppData\Local\Temp\anygo.exe"
  2⤵
  - Checks computer location settings
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:4128
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /c taskkill /f /t /im adb.exe
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:976
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /t /im adb.exe
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:1236
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /c tasklist | findstr "AnyGoW.exe" > "C:\Users\Admin\AppData\Local\Temp\findProcessRes.txt"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2708
  - - C:\Windows\SysWOW64\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      Suspicious use of AdjustPrivilegeToken
      PID:4900
  - - C:\Windows\SysWOW64\findstr.exe
      findstr "AnyGoW.exe"
      4⤵
      PID:4328
- - C:\Program Files (x86)\AnyGo\AnyGoW.exe
    "C:\Program Files (x86)\AnyGo\AnyGoW.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks SCSI registry key(s)
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2704
  - - C:\Program Files (x86)\AnyGo\QtWebEngineProcess.exe
      "C:\Program Files (x86)\AnyGo\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-gpu-memory-buffer-video-frames --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations --disable-features=MojoVideoCapture,SurfaceSynchronization,UseModernMediaControls,UseVideoCaptureApiForDevToolsSnapshots --disable-gpu-compositing --service-pipe-token=1764338366567472874 --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=1764338366567472874 --renderer-client-id=2 --mojo-platform-channel-handle=2644 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      PID:3284
  - - C:\Program Files (x86)\AnyGo\apple driver\DPInst64.exe
      "C:\Program Files (x86)\AnyGo\apple driver\DPInst64.exe" /S /LM
      4⤵
      Drops file in System32 directory
      Drops file in Windows directory
      Executes dropped EXE
      Checks SCSI registry key(s)
      Modifies system certificate store
      PID:3008
  - - C:\Program Files (x86)\AnyGo\AppleMobileDeviceProcess.exe
      "C:\Program Files (x86)\AnyGo\AppleMobileDeviceProcess.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      PID:4460
  - - C:\Program Files (x86)\AnyGo\Helper\adb.exe
      "C:\Program Files (x86)\AnyGo\Helper\adb.exe" devices
      4⤵
      Executes dropped EXE
      PID:1832
    - - C:\Program Files (x86)\AnyGo\Helper\adb.exe
        
        adb -L tcp:5037 fork-server server --reply-fd 588
        5⤵
        Executes dropped EXE
        
        PID:1500
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://itoolab.com/thankyou/install-anygo-for-windows/
      4⤵
      Enumerates system info in registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:2504
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffcca646f8,0x7fffcca64708,0x7fffcca64718
        5⤵
        
        PID:3324
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,13104334704280436255,14363649887924489178,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1988
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,13104334704280436255,14363649887924489178,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2364 /prefetch:2
        5⤵
        
        PID:1812
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,13104334704280436255,14363649887924489178,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
        5⤵
        
        PID:2840
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13104334704280436255,14363649887924489178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
        5⤵
        
        PID:5116
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13104334704280436255,14363649887924489178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
        5⤵
        
        PID:4424
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13104334704280436255,14363649887924489178,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
        5⤵
        
        PID:5144
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13104334704280436255,14363649887924489178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
        5⤵
        
        PID:2232
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,13104334704280436255,14363649887924489178,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
        5⤵
        
        PID:5308
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,13104334704280436255,14363649887924489178,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4992
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13104334704280436255,14363649887924489178,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
        5⤵
        
        PID:496
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13104334704280436255,14363649887924489178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
        5⤵
        
        PID:5900
  - - C:\Windows\SysWOW64\msiexec.exe
      msiexec.exe /i "C:\Program Files (x86)\AnyGo\Bonjour\Bonjour64.msi" /qn
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:3040
  - - C:\Program Files (x86)\AnyGo\Helper\adb.exe
      "C:\Program Files (x86)\AnyGo\Helper\adb.exe" devices
      4⤵
      Executes dropped EXE
      PID:5632
  - - C:\Program Files (x86)\AnyGo\Helper\adb.exe
      "C:\Program Files (x86)\AnyGo\Helper\adb.exe" devices
      4⤵
      Executes dropped EXE
      PID:528
  - - C:\Program Files (x86)\AnyGo\Helper\adb.exe
      "C:\Program Files (x86)\AnyGo\Helper\adb.exe" devices
      4⤵
      Executes dropped EXE
      PID:1344
  - - C:\Program Files (x86)\AnyGo\Helper\adb.exe
      "C:\Program Files (x86)\AnyGo\Helper\adb.exe" devices
      4⤵
      Executes dropped EXE
      PID:5748
  - - C:\Program Files (x86)\AnyGo\Helper\adb.exe
      "C:\Program Files (x86)\AnyGo\Helper\adb.exe" devices
      4⤵
      Executes dropped EXE
      PID:5796
  - - C:\Program Files (x86)\AnyGo\Helper\adb.exe
      "C:\Program Files (x86)\AnyGo\Helper\adb.exe" devices
      4⤵
      Executes dropped EXE
      PID:5544

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4444
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "8" "C:\Users\Admin\AppData\Local\Temp\{9a23568b-a1a4-a841-b92a-348264e2a542}\usbaapl.inf" "9" "4edfb156f" "0000000000000138" "WinSta0\Default" "0000000000000158" "208" "c:\program files (x86)\anygo\apple driver"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:1948
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "8" "C:\Users\Admin\AppData\Local\Temp\{bb3a967d-ab07-6642-a4ac-152789180557}\usbaapl64.inf" "9" "47547eba3" "0000000000000158" "WinSta0\Default" "0000000000000168" "208" "c:\program files (x86)\anygo\apple driver"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:1168

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1444

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Registers COM server for autorun
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:544
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding F8E4156A9A6A848510DF43C92E15212C
  2⤵
  PID:5532
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 75DBC114D27BAD88934A226A02334F57
  2⤵
  PID:5668
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 0AC9900146B8A2690606E72C5FEEF1DC E Global\MSI0000
  2⤵
  PID:5936
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files\Bonjour\mdnsNSP.dll"
  2⤵
  PID:5436
- C:\Windows\syswow64\MsiExec.exe
  "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Bonjour\mdnsNSP.dll"
  2⤵
  PID:5520

C:\Program Files\Bonjour\mDNSResponder.exe
"C:\Program Files\Bonjour\mDNSResponder.exe"
1⤵
- Modifies firewall policy service
- Executes dropped EXE
PID:5576

Network

DNS

2.136.104.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.136.104.51.in-addr.arpa

IN PTR

Response
DNS

72.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

72.32.126.40.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

146.78.124.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

146.78.124.51.in-addr.arpa

IN PTR

Response
DNS

103.169.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

103.169.127.40.in-addr.arpa

IN PTR

Response
DNS

18.31.95.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.31.95.13.in-addr.arpa

IN PTR

Response
DNS

254.111.26.67.in-addr.arpa

Remote address:

8.8.8.8:53

Request

254.111.26.67.in-addr.arpa

IN PTR

Response
DNS

126.20.238.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

126.20.238.8.in-addr.arpa

IN PTR

Response
DNS

57.169.31.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

57.169.31.20.in-addr.arpa

IN PTR

Response
DNS

43.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.229.111.52.in-addr.arpa

IN PTR

Response
DNS

download.itoolab.com

AnyGoW.exe

Remote address:

8.8.8.8:53

Request

download.itoolab.com

IN A

Response

download.itoolab.com

IN A

188.114.97.0

download.itoolab.com

IN A

188.114.96.0
DNS

ip-api.com

AnyGoW.exe

Remote address:

8.8.8.8:53

Request

ip-api.com

IN A

Response

ip-api.com

IN A

208.95.112.1
GET

http://ip-api.com/json/

AnyGoW.exe

Remote address:

208.95.112.1:80

Request

GET /json/ HTTP/1.1
Host: ip-api.com
Connection: Keep-Alive
Accept-Encoding: gzip, deflate
Accept-Language: en-US,*
User-Agent: Mozilla/5.0

Response

HTTP/1.1 200 OK

Date: Sun, 19 Nov 2023 20:02:26 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 321
Access-Control-Allow-Origin: *
X-Ttl: 60
X-Rl: 44
DNS

download.onvideoeditor.com

AnyGoW.exe

Remote address:

8.8.8.8:53

Request

download.onvideoeditor.com

IN A

Response

download.onvideoeditor.com

IN A

104.21.20.125

download.onvideoeditor.com

IN A

172.67.192.227
DNS

anygo.itoolab.net

AnyGoW.exe

Remote address:

8.8.8.8:53

Request

anygo.itoolab.net

IN A

Response

anygo.itoolab.net

IN A

3.130.144.212
DNS

206.23.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.23.217.172.in-addr.arpa

IN PTR

Response

206.23.217.172.in-addr.arpa

IN PTR

prg03s05-in-f141e100net

206.23.217.172.in-addr.arpa

IN PTR

ams16s37-in-f14�I

206.23.217.172.in-addr.arpa

IN PTR

prg03s05-in-f206�I
DNS

0.97.114.188.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.97.114.188.in-addr.arpa

IN PTR

Response
DNS

1.112.95.208.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.112.95.208.in-addr.arpa

IN PTR

Response

1.112.95.208.in-addr.arpa

IN PTR

ip-apicom
DNS

125.20.21.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

125.20.21.104.in-addr.arpa

IN PTR

Response
DNS

212.144.130.3.in-addr.arpa

Remote address:

8.8.8.8:53

Request

212.144.130.3.in-addr.arpa

IN PTR

Response

212.144.130.3.in-addr.arpa

IN PTR

ec2-3-130-144-212 us-east-2compute amazonawscom
DNS

api.mapbox.com

AnyGoW.exe

Remote address:

8.8.8.8:53

Request

api.mapbox.com

IN A

Response

api.mapbox.com

IN A

13.227.219.21

api.mapbox.com

IN A

13.227.219.29

api.mapbox.com

IN A

13.227.219.119

api.mapbox.com

IN A

13.227.219.52
DNS

itoolab.com

msedge.exe

Remote address:

8.8.8.8:53

Request

itoolab.com

IN A

Response

itoolab.com

IN A

188.114.96.0

itoolab.com

IN A

188.114.97.0
GET

https://itoolab.com/thankyou/install-anygo-for-windows/

msedge.exe

Remote address:

188.114.96.0:443

Request

GET /thankyou/install-anygo-for-windows/ HTTP/2.0
host: itoolab.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 19 Nov 2023 20:02:30 GMT
content-type: text/html; charset=UTF-8
link: <https://itoolab.com/wp-json/>; rel="https://api.w.org/"
link: <https://itoolab.com/?p=2553>; rel=shortlink
content-security-policy: default-src 'self' https://*.itoolab.com https://*.clarity.ms wss://*.hotjar.com https://*.hotjar.com https://*.smartlook.cloud https://fonts.googleapis.com https://cj.luckydogsoft.workers.dev https://www.sjwoe.com https://www.mczbf.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://*.gstatic.com https://*.google.com https://q.quora.com https://www.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.googletagmanager.com https://cdn.paddle.com https://bat.bing.com https://www.linkconnector.com 'unsafe-inline'; script-src 'self' https://*.youtube.com https://web-sdk.smartlook.com https://static.hotjar.com https://www.clarity.ms https://platform.twitter.com https://cj.luckydogsoft.workers.dev https://www.mczbf.com https://order.luckydogsoft.com https://*.itoolab.com https://*.itubego.com https://js.stripe.com https://cdn.paddle.com https://www.googletagmanager.com https://www.googleoptimize.com https://www.googleadservices.com https://optimize.google.com https://googleads.g.doubleclick.net https://apis.google.com https://unpkg.com https://www.google-analytics.com https://bat.bing.com https://script.hotjar.com https://www.linkconnector.com https://cdn.bootcss.com https://www.google.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://*.itoolab.com https://www.youtube-nocookie.com https://vars.hotjar.com https://platform.twitter.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://js.stripe.com https://*.paddle.com https://create-checkout.paddle.com https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://www.youtube.com https://www.linkconnector.com https://*.cloudfront.net 'unsafe-inline'; font-src 'self' https://*.gstatic.com data:; img-src 'self' https://i.ytimg.com https://bat.bing.com https://www.google-analytics.com https://order.luckydogsoft.com https://*.gstatic.com https://*.google.com https://www.googletagmanager.com https://img1.doctorsim.com https://www.emjcd.com https://www.linkconnector.com data:;
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G6wtAer3c5EsKOeV6na4pPKuMXg67MOl6TuhfdXVhVJ5nkM%2B7aneSQBa%2BqUDkpxd8IDAQA7po28GE2tufDVysj%2BlLKvDw24LGIay06etaXpxHLupmh%2FLByoV4mpECg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 828b0d184b6065f1-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://itoolab.com/wp-content/themes/itoolab/assets/js/cookie-settings.js?v=1.0.3

msedge.exe

Remote address:

188.114.96.0:443

Request

GET /wp-content/themes/itoolab/assets/js/cookie-settings.js?v=1.0.3 HTTP/2.0
host: itoolab.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://itoolab.com/thankyou/install-anygo-for-windows/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 19 Nov 2023 20:02:30 GMT
content-type: text/css
last-modified: Tue, 07 Nov 2023 12:11:15 GMT
etag: W/"654a2963-154af"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-security-policy: default-src 'self' https://*.itoolab.com https://*.clarity.ms wss://*.hotjar.com https://*.hotjar.com https://*.smartlook.cloud https://fonts.googleapis.com https://cj.luckydogsoft.workers.dev https://www.sjwoe.com https://www.mczbf.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://*.gstatic.com https://*.google.com https://q.quora.com https://www.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.googletagmanager.com https://cdn.paddle.com https://bat.bing.com https://www.linkconnector.com 'unsafe-inline'; script-src 'self' https://*.youtube.com https://web-sdk.smartlook.com https://static.hotjar.com https://www.clarity.ms https://platform.twitter.com https://cj.luckydogsoft.workers.dev https://www.mczbf.com https://order.luckydogsoft.com https://*.itoolab.com https://*.itubego.com https://js.stripe.com https://cdn.paddle.com https://www.googletagmanager.com https://www.googleoptimize.com https://www.googleadservices.com https://optimize.google.com https://googleads.g.doubleclick.net https://apis.google.com https://unpkg.com https://www.google-analytics.com https://bat.bing.com https://script.hotjar.com https://www.linkconnector.com https://cdn.bootcss.com https://www.google.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://*.itoolab.com https://www.youtube-nocookie.com https://vars.hotjar.com https://platform.twitter.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://js.stripe.com https://*.paddle.com https://create-checkout.paddle.com https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://www.youtube.com https://www.linkconnector.com https://*.cloudfront.net 'unsafe-inline'; font-src 'self' https://*.gstatic.com data:; img-src 'self' https://i.ytimg.com https://bat.bing.com https://www.google-analytics.com https://order.luckydogsoft.com https://*.gstatic.com https://*.google.com https://www.googletagmanager.com https://img1.doctorsim.com https://www.emjcd.com https://www.linkconnector.com data:;
cf-cache-status: HIT
age: 667106
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m2LFjt1BUgP0mG5Dgc1wayQ3yMg2RtnQyTpE7XQ6YGDiSMm8g0hH3n%2Fv8SxkRK7SNiEowi7tTt2ja4ACOMuqUGwaSfSD%2BI4dTr2qrfgAISSGxsQOdcasL1pQC71KwQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 828b0d1cb96165f1-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://itoolab.com/wp-content/themes/itoolab/assets/css/tailwind.css?v=7.2.4

msedge.exe

Remote address:

188.114.96.0:443

Request

GET /wp-content/themes/itoolab/assets/css/tailwind.css?v=7.2.4 HTTP/2.0
host: itoolab.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://itoolab.com/thankyou/install-anygo-for-windows/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 19 Nov 2023 20:02:30 GMT
content-type: text/css
last-modified: Thu, 08 Jun 2023 04:03:01 GMT
etag: W/"648152f5-e120"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-security-policy: default-src 'self' https://*.itoolab.com https://*.clarity.ms wss://*.hotjar.com https://*.hotjar.com https://*.smartlook.cloud https://fonts.googleapis.com https://cj.luckydogsoft.workers.dev https://www.sjwoe.com https://www.mczbf.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://*.gstatic.com https://*.google.com https://q.quora.com https://www.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.googletagmanager.com https://cdn.paddle.com https://bat.bing.com https://www.linkconnector.com 'unsafe-inline'; script-src 'self' https://*.youtube.com https://web-sdk.smartlook.com https://static.hotjar.com https://www.clarity.ms https://platform.twitter.com https://cj.luckydogsoft.workers.dev https://www.mczbf.com https://order.luckydogsoft.com https://*.itoolab.com https://*.itubego.com https://js.stripe.com https://cdn.paddle.com https://www.googletagmanager.com https://www.googleoptimize.com https://www.googleadservices.com https://optimize.google.com https://googleads.g.doubleclick.net https://apis.google.com https://unpkg.com https://www.google-analytics.com https://bat.bing.com https://script.hotjar.com https://www.linkconnector.com https://cdn.bootcss.com https://www.google.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://*.itoolab.com https://www.youtube-nocookie.com https://vars.hotjar.com https://platform.twitter.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://js.stripe.com https://*.paddle.com https://create-checkout.paddle.com https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://www.youtube.com https://www.linkconnector.com https://*.cloudfront.net 'unsafe-inline'; font-src 'self' https://*.gstatic.com data:; img-src 'self' https://i.ytimg.com https://bat.bing.com https://www.google-analytics.com https://order.luckydogsoft.com https://*.gstatic.com https://*.google.com https://www.googletagmanager.com https://img1.doctorsim.com https://www.emjcd.com https://www.linkconnector.com data:;
cf-cache-status: HIT
age: 1694988
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aafzaIOuCJGUTog54Z%2FN0ZM6Humj4GPJbYdpp6CJkqGAK9WXymxNwTuGBi9ePttZ7wlm5111wAbQ4oJgIN1M%2BYldtIVTzEB2emoSj8AET2BSa2Pcc%2FOQgJXsiijs3Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 828b0d1cb96265f1-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://itoolab.com/wp-content/themes/itoolab/assets/css/googlefont.css?v=1.0.0

msedge.exe

Remote address:

188.114.96.0:443

Request

GET /wp-content/themes/itoolab/assets/css/googlefont.css?v=1.0.0 HTTP/2.0
host: itoolab.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://itoolab.com/thankyou/install-anygo-for-windows/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 19 Nov 2023 20:02:30 GMT
content-type: application/javascript
last-modified: Fri, 07 Jul 2023 09:05:29 GMT
etag: W/"64a7d559-a3c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-security-policy: default-src 'self' https://*.itoolab.com https://*.clarity.ms wss://*.hotjar.com https://*.hotjar.com https://*.smartlook.cloud https://fonts.googleapis.com https://cj.luckydogsoft.workers.dev https://www.sjwoe.com https://www.mczbf.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://*.gstatic.com https://*.google.com https://q.quora.com https://www.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.googletagmanager.com https://cdn.paddle.com https://bat.bing.com https://www.linkconnector.com 'unsafe-inline'; script-src 'self' https://*.youtube.com https://web-sdk.smartlook.com https://static.hotjar.com https://www.clarity.ms https://platform.twitter.com https://cj.luckydogsoft.workers.dev https://www.mczbf.com https://order.luckydogsoft.com https://*.itoolab.com https://*.itubego.com https://js.stripe.com https://cdn.paddle.com https://www.googletagmanager.com https://www.googleoptimize.com https://www.googleadservices.com https://optimize.google.com https://googleads.g.doubleclick.net https://apis.google.com https://unpkg.com https://www.google-analytics.com https://bat.bing.com https://script.hotjar.com https://www.linkconnector.com https://cdn.bootcss.com https://www.google.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://*.itoolab.com https://www.youtube-nocookie.com https://vars.hotjar.com https://platform.twitter.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://js.stripe.com https://*.paddle.com https://create-checkout.paddle.com https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://www.youtube.com https://www.linkconnector.com https://*.cloudfront.net 'unsafe-inline'; font-src 'self' https://*.gstatic.com data:; img-src 'self' https://i.ytimg.com https://bat.bing.com https://www.google-analytics.com https://order.luckydogsoft.com https://*.gstatic.com https://*.google.com https://www.googletagmanager.com https://img1.doctorsim.com https://www.emjcd.com https://www.linkconnector.com data:;
cf-cache-status: HIT
age: 923896
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gJ0i5tuLYrHI9n4jRU1nVCE3Hi%2BRwD1WYoa0z4qxmkGx1oJwu9dU0FaKuk2Xj54uc7G0K%2FEBFPOdOpgyatBYUsy07pudANEOFM6M6MXCtX%2FWGXyPTSRanPMgDyHv1A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 828b0d1cb96065f1-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://itoolab.com/wp-content/themes/itoolab/assets/img/itoolab-logo.svg

msedge.exe

Remote address:

188.114.96.0:443

Request

GET /wp-content/themes/itoolab/assets/img/itoolab-logo.svg HTTP/2.0
host: itoolab.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://itoolab.com/thankyou/install-anygo-for-windows/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 19 Nov 2023 20:02:30 GMT
content-type: image/svg+xml
last-modified: Mon, 20 Jun 2022 12:01:55 GMT
etag: W/"62b061b3-1ee7"
content-security-policy: default-src 'self' https://*.itoolab.com https://*.clarity.ms wss://*.hotjar.com https://*.hotjar.com https://*.smartlook.cloud https://fonts.googleapis.com https://cj.luckydogsoft.workers.dev https://www.sjwoe.com https://www.mczbf.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://*.gstatic.com https://*.google.com https://q.quora.com https://www.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.googletagmanager.com https://cdn.paddle.com https://bat.bing.com https://www.linkconnector.com 'unsafe-inline'; script-src 'self' https://*.youtube.com https://web-sdk.smartlook.com https://static.hotjar.com https://www.clarity.ms https://platform.twitter.com https://cj.luckydogsoft.workers.dev https://www.mczbf.com https://order.luckydogsoft.com https://*.itoolab.com https://*.itubego.com https://js.stripe.com https://cdn.paddle.com https://www.googletagmanager.com https://www.googleoptimize.com https://www.googleadservices.com https://optimize.google.com https://googleads.g.doubleclick.net https://apis.google.com https://unpkg.com https://www.google-analytics.com https://bat.bing.com https://script.hotjar.com https://www.linkconnector.com https://cdn.bootcss.com https://www.google.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://*.itoolab.com https://www.youtube-nocookie.com https://vars.hotjar.com https://platform.twitter.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://js.stripe.com https://*.paddle.com https://create-checkout.paddle.com https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://www.youtube.com https://www.linkconnector.com https://*.cloudfront.net 'unsafe-inline'; font-src 'self' https://*.gstatic.com data:; img-src 'self' https://i.ytimg.com https://bat.bing.com https://www.google-analytics.com https://order.luckydogsoft.com https://*.gstatic.com https://*.google.com https://www.googletagmanager.com https://img1.doctorsim.com https://www.emjcd.com https://www.linkconnector.com data:;
cache-control: max-age=14400
cf-cache-status: HIT
age: 4069
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZFHKSzQY71Byvt23Ke31JWW%2Fcsyq0HJ1O0HzGMHY2NonL2d6SqG6m6TqSdlYeG0S%2FfFBwZXN78fHpMfOtHJj3Wz7aCHMIAchnFu%2BlliTC1GQ3uXx9Vvgiwj9oWRMPA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 828b0d1d5a3a65f1-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://itoolab.com/wp-content/themes/itoolab/assets/img/iphone-data-recovery/recovergo-ios.svg

msedge.exe

Remote address:

188.114.96.0:443

Request

GET /wp-content/themes/itoolab/assets/img/iphone-data-recovery/recovergo-ios.svg HTTP/2.0
host: itoolab.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://itoolab.com/thankyou/install-anygo-for-windows/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 19 Nov 2023 20:02:30 GMT
content-type: image/svg+xml
last-modified: Mon, 01 Aug 2022 12:24:45 GMT
etag: W/"62e7c60d-3ab"
content-security-policy: default-src 'self' https://*.itoolab.com https://*.clarity.ms wss://*.hotjar.com https://*.hotjar.com https://*.smartlook.cloud https://fonts.googleapis.com https://cj.luckydogsoft.workers.dev https://www.sjwoe.com https://www.mczbf.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://*.gstatic.com https://*.google.com https://q.quora.com https://www.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.googletagmanager.com https://cdn.paddle.com https://bat.bing.com https://www.linkconnector.com 'unsafe-inline'; script-src 'self' https://*.youtube.com https://web-sdk.smartlook.com https://static.hotjar.com https://www.clarity.ms https://platform.twitter.com https://cj.luckydogsoft.workers.dev https://www.mczbf.com https://order.luckydogsoft.com https://*.itoolab.com https://*.itubego.com https://js.stripe.com https://cdn.paddle.com https://www.googletagmanager.com https://www.googleoptimize.com https://www.googleadservices.com https://optimize.google.com https://googleads.g.doubleclick.net https://apis.google.com https://unpkg.com https://www.google-analytics.com https://bat.bing.com https://script.hotjar.com https://www.linkconnector.com https://cdn.bootcss.com https://www.google.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://*.itoolab.com https://www.youtube-nocookie.com https://vars.hotjar.com https://platform.twitter.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://js.stripe.com https://*.paddle.com https://create-checkout.paddle.com https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://www.youtube.com https://www.linkconnector.com https://*.cloudfront.net 'unsafe-inline'; font-src 'self' https://*.gstatic.com data:; img-src 'self' https://i.ytimg.com https://bat.bing.com https://www.google-analytics.com https://order.luckydogsoft.com https://*.gstatic.com https://*.google.com https://www.googletagmanager.com https://img1.doctorsim.com https://www.emjcd.com https://www.linkconnector.com data:;
cache-control: max-age=14400
cf-cache-status: HIT
age: 506
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wCIpAKp4%2B5AkK%2B8SUV9Tsan20GHg0Pmvq%2F0Kcb9iihWS7VXZ1KrpOLhlBoH0ixEwbr8aAufoH7R2uF2FGIuS79dtPP9Ei3AB4GK9osmDw2Mw%2FnCMAq9nxALwadxxkQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 828b0d1d6a4f65f1-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://itoolab.com/wp-content/themes/itoolab/assets/img/v3/new.svg

msedge.exe

Remote address:

188.114.96.0:443

Request

GET /wp-content/themes/itoolab/assets/img/v3/new.svg HTTP/2.0
host: itoolab.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://itoolab.com/thankyou/install-anygo-for-windows/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 19 Nov 2023 20:02:30 GMT
content-type: image/svg+xml
last-modified: Mon, 20 Jun 2022 12:01:55 GMT
etag: W/"62b061b3-2ee"
content-security-policy: default-src 'self' https://*.itoolab.com https://*.clarity.ms wss://*.hotjar.com https://*.hotjar.com https://*.smartlook.cloud https://fonts.googleapis.com https://cj.luckydogsoft.workers.dev https://www.sjwoe.com https://www.mczbf.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://*.gstatic.com https://*.google.com https://q.quora.com https://www.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.googletagmanager.com https://cdn.paddle.com https://bat.bing.com https://www.linkconnector.com 'unsafe-inline'; script-src 'self' https://*.youtube.com https://web-sdk.smartlook.com https://static.hotjar.com https://www.clarity.ms https://platform.twitter.com https://cj.luckydogsoft.workers.dev https://www.mczbf.com https://order.luckydogsoft.com https://*.itoolab.com https://*.itubego.com https://js.stripe.com https://cdn.paddle.com https://www.googletagmanager.com https://www.googleoptimize.com https://www.googleadservices.com https://optimize.google.com https://googleads.g.doubleclick.net https://apis.google.com https://unpkg.com https://www.google-analytics.com https://bat.bing.com https://script.hotjar.com https://www.linkconnector.com https://cdn.bootcss.com https://www.google.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://*.itoolab.com https://www.youtube-nocookie.com https://vars.hotjar.com https://platform.twitter.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://js.stripe.com https://*.paddle.com https://create-checkout.paddle.com https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://www.youtube.com https://www.linkconnector.com https://*.cloudfront.net 'unsafe-inline'; font-src 'self' https://*.gstatic.com data:; img-src 'self' https://i.ytimg.com https://bat.bing.com https://www.google-analytics.com https://order.luckydogsoft.com https://*.gstatic.com https://*.google.com https://www.googletagmanager.com https://img1.doctorsim.com https://www.emjcd.com https://www.linkconnector.com data:;
cache-control: max-age=14400
cf-cache-status: HIT
age: 506
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eMzaPH4j%2BYonf6BiZovC4dW8Fk2gV93zWVK5egC7D4asMDVDU8a5%2FSh2hGqFj3dMHvRtFNcxsJlNe%2BBzhg%2FY%2FXw6hiZu0vjuYJ6TMz3YH8vrlymmAHFVobXwd1xXgw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 828b0d1d6a5265f1-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://itoolab.com/wp-content/themes/itoolab/assets/img/recovergo-for-whatsapp-logo.svg

msedge.exe

Remote address:

188.114.96.0:443

Request

GET /wp-content/themes/itoolab/assets/img/recovergo-for-whatsapp-logo.svg HTTP/2.0
host: itoolab.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://itoolab.com/thankyou/install-anygo-for-windows/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 19 Nov 2023 20:02:30 GMT
content-type: image/svg+xml
last-modified: Thu, 04 Aug 2022 09:22:18 GMT
etag: W/"62eb8fca-8ca"
content-security-policy: default-src 'self' https://*.itoolab.com https://*.clarity.ms wss://*.hotjar.com https://*.hotjar.com https://*.smartlook.cloud https://fonts.googleapis.com https://cj.luckydogsoft.workers.dev https://www.sjwoe.com https://www.mczbf.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://*.gstatic.com https://*.google.com https://q.quora.com https://www.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.googletagmanager.com https://cdn.paddle.com https://bat.bing.com https://www.linkconnector.com 'unsafe-inline'; script-src 'self' https://*.youtube.com https://web-sdk.smartlook.com https://static.hotjar.com https://www.clarity.ms https://platform.twitter.com https://cj.luckydogsoft.workers.dev https://www.mczbf.com https://order.luckydogsoft.com https://*.itoolab.com https://*.itubego.com https://js.stripe.com https://cdn.paddle.com https://www.googletagmanager.com https://www.googleoptimize.com https://www.googleadservices.com https://optimize.google.com https://googleads.g.doubleclick.net https://apis.google.com https://unpkg.com https://www.google-analytics.com https://bat.bing.com https://script.hotjar.com https://www.linkconnector.com https://cdn.bootcss.com https://www.google.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://*.itoolab.com https://www.youtube-nocookie.com https://vars.hotjar.com https://platform.twitter.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://js.stripe.com https://*.paddle.com https://create-checkout.paddle.com https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://www.youtube.com https://www.linkconnector.com https://*.cloudfront.net 'unsafe-inline'; font-src 'self' https://*.gstatic.com data:; img-src 'self' https://i.ytimg.com https://bat.bing.com https://www.google-analytics.com https://order.luckydogsoft.com https://*.gstatic.com https://*.google.com https://www.googletagmanager.com https://img1.doctorsim.com https://www.emjcd.com https://www.linkconnector.com data:;
cache-control: max-age=14400
cf-cache-status: HIT
age: 506
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1KsesIy3mYqEVaOluQOBuBnRM%2FQvSvmbSoytiEZ6ln59Xi06yEM1PMU6yN0%2BLO7in6bBEMbHHCTQLBA9nPqxxGXM3CBW%2F3jZdVLoAq3jU9wPut7LS%2FxoVpIeVJovDQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 828b0d1d6a6265f1-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://itoolab.com/wp-content/themes/itoolab/assets/img/recovergo-for-android-logo.svg

msedge.exe

Remote address:

188.114.96.0:443

Request

GET /wp-content/themes/itoolab/assets/img/recovergo-for-android-logo.svg HTTP/2.0
host: itoolab.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://itoolab.com/thankyou/install-anygo-for-windows/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 19 Nov 2023 20:02:30 GMT
content-type: image/svg+xml
last-modified: Mon, 20 Jun 2022 12:01:55 GMT
etag: W/"62b061b3-df6"
content-security-policy: default-src 'self' https://*.itoolab.com https://*.clarity.ms wss://*.hotjar.com https://*.hotjar.com https://*.smartlook.cloud https://fonts.googleapis.com https://cj.luckydogsoft.workers.dev https://www.sjwoe.com https://www.mczbf.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://*.gstatic.com https://*.google.com https://q.quora.com https://www.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.googletagmanager.com https://cdn.paddle.com https://bat.bing.com https://www.linkconnector.com 'unsafe-inline'; script-src 'self' https://*.youtube.com https://web-sdk.smartlook.com https://static.hotjar.com https://www.clarity.ms https://platform.twitter.com https://cj.luckydogsoft.workers.dev https://www.mczbf.com https://order.luckydogsoft.com https://*.itoolab.com https://*.itubego.com https://js.stripe.com https://cdn.paddle.com https://www.googletagmanager.com https://www.googleoptimize.com https://www.googleadservices.com https://optimize.google.com https://googleads.g.doubleclick.net https://apis.google.com https://unpkg.com https://www.google-analytics.com https://bat.bing.com https://script.hotjar.com https://www.linkconnector.com https://cdn.bootcss.com https://www.google.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://*.itoolab.com https://www.youtube-nocookie.com https://vars.hotjar.com https://platform.twitter.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://js.stripe.com https://*.paddle.com https://create-checkout.paddle.com https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://www.youtube.com https://www.linkconnector.com https://*.cloudfront.net 'unsafe-inline'; font-src 'self' https://*.gstatic.com data:; img-src 'self' https://i.ytimg.com https://bat.bing.com https://www.google-analytics.com https://order.luckydogsoft.com https://*.gstatic.com https://*.google.com https://www.googletagmanager.com https://img1.doctorsim.com https://www.emjcd.com https://www.linkconnector.com data:;
cache-control: max-age=14400
cf-cache-status: HIT
age: 506
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8rWwEsBVLeznb6MdNcY76NCvV1DtA1WCqOV%2F%2FDHCZ6jGfI%2FN4D8FcyvjzsS0KVFH7FFkwwqFwD4HlWaGAs7EeRZBpGLhm%2FIenl%2BVAt%2BjCxsst5t7%2BDxsvi%2BLERHxJA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 828b0d1d6a6e65f1-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://itoolab.com/wp-content/themes/itoolab/assets/img/tunespal-icon.svg

msedge.exe

Remote address:

188.114.96.0:443

Request

GET /wp-content/themes/itoolab/assets/img/tunespal-icon.svg HTTP/2.0
host: itoolab.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://itoolab.com/thankyou/install-anygo-for-windows/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 19 Nov 2023 20:02:30 GMT
content-type: image/svg+xml
last-modified: Wed, 26 Apr 2023 02:56:55 GMT
etag: W/"644892f7-18edf"
content-security-policy: default-src 'self' https://*.itoolab.com https://*.clarity.ms wss://*.hotjar.com https://*.hotjar.com https://*.smartlook.cloud https://fonts.googleapis.com https://cj.luckydogsoft.workers.dev https://www.sjwoe.com https://www.mczbf.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://*.gstatic.com https://*.google.com https://q.quora.com https://www.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.googletagmanager.com https://cdn.paddle.com https://bat.bing.com https://www.linkconnector.com 'unsafe-inline'; script-src 'self' https://*.youtube.com https://web-sdk.smartlook.com https://static.hotjar.com https://www.clarity.ms https://platform.twitter.com https://cj.luckydogsoft.workers.dev https://www.mczbf.com https://order.luckydogsoft.com https://*.itoolab.com https://*.itubego.com https://js.stripe.com https://cdn.paddle.com https://www.googletagmanager.com https://www.googleoptimize.com https://www.googleadservices.com https://optimize.google.com https://googleads.g.doubleclick.net https://apis.google.com https://unpkg.com https://www.google-analytics.com https://bat.bing.com https://script.hotjar.com https://www.linkconnector.com https://cdn.bootcss.com https://www.google.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://*.itoolab.com https://www.youtube-nocookie.com https://vars.hotjar.com https://platform.twitter.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://js.stripe.com https://*.paddle.com https://create-checkout.paddle.com https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://www.youtube.com https://www.linkconnector.com https://*.cloudfront.net 'unsafe-inline'; font-src 'self' https://*.gstatic.com data:; img-src 'self' https://i.ytimg.com https://bat.bing.com https://www.google-analytics.com https://order.luckydogsoft.com https://*.gstatic.com https://*.google.com https://www.googletagmanager.com https://img1.doctorsim.com https://www.emjcd.com https://www.linkconnector.com data:;
cache-control: max-age=14400
cf-cache-status: HIT
age: 6740
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S7QkwnmLQyBp0WiDpgoQYuJ7tploFXzua%2BZFA%2BBCzBNJXUyyeqA8PK0G3r%2Bg3ZQXspsT5zRDvY6ZdxjrdTuwlalk54UZxW%2FqmRSIPXmLQCqmd58KTUFJ4BreISroiw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 828b0d1d5a4d65f1-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://itoolab.com/wp-content/themes/itoolab/assets/img/v3/free.svg

msedge.exe

Remote address:

188.114.96.0:443

Request

GET /wp-content/themes/itoolab/assets/img/v3/free.svg HTTP/2.0
host: itoolab.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://itoolab.com/thankyou/install-anygo-for-windows/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 19 Nov 2023 20:02:30 GMT
content-type: image/svg+xml
last-modified: Mon, 01 Aug 2022 12:24:45 GMT
etag: W/"62e7c60d-3ad"
content-security-policy: default-src 'self' https://*.itoolab.com https://*.clarity.ms wss://*.hotjar.com https://*.hotjar.com https://*.smartlook.cloud https://fonts.googleapis.com https://cj.luckydogsoft.workers.dev https://www.sjwoe.com https://www.mczbf.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://*.gstatic.com https://*.google.com https://q.quora.com https://www.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.googletagmanager.com https://cdn.paddle.com https://bat.bing.com https://www.linkconnector.com 'unsafe-inline'; script-src 'self' https://*.youtube.com https://web-sdk.smartlook.com https://static.hotjar.com https://www.clarity.ms https://platform.twitter.com https://cj.luckydogsoft.workers.dev https://www.mczbf.com https://order.luckydogsoft.com https://*.itoolab.com https://*.itubego.com https://js.stripe.com https://cdn.paddle.com https://www.googletagmanager.com https://www.googleoptimize.com https://www.googleadservices.com https://optimize.google.com https://googleads.g.doubleclick.net https://apis.google.com https://unpkg.com https://www.google-analytics.com https://bat.bing.com https://script.hotjar.com https://www.linkconnector.com https://cdn.bootcss.com https://www.google.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://*.itoolab.com https://www.youtube-nocookie.com https://vars.hotjar.com https://platform.twitter.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://js.stripe.com https://*.paddle.com https://create-checkout.paddle.com https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://www.youtube.com https://www.linkconnector.com https://*.cloudfront.net 'unsafe-inline'; font-src 'self' https://*.gstatic.com data:; img-src 'self' https://i.ytimg.com https://bat.bing.com https://www.google-analytics.com https://order.luckydogsoft.com https://*.gstatic.com https://*.google.com https://www.googletagmanager.com https://img1.doctorsim.com https://www.emjcd.com https://www.linkconnector.com data:;
cache-control: max-age=14400
cf-cache-status: HIT
age: 506
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ix%2FQTdlN1bDoIqRhku0O5AU3jNmBl86OZWu9rsaSk8MIQEQIaK7tUlbRIzKZLH%2FNbMr7do91MukCO5alA9GbAetdq461Upz52Ji%2B5frrpCzBsesWqKTjo4LydmjGvQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 828b0d1d6a5865f1-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://itoolab.com/wp-content/themes/itoolab/assets/img/unlockgo-android.svg

msedge.exe

Remote address:

188.114.96.0:443

Request

GET /wp-content/themes/itoolab/assets/img/unlockgo-android.svg HTTP/2.0
host: itoolab.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://itoolab.com/thankyou/install-anygo-for-windows/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 19 Nov 2023 20:02:30 GMT
content-type: image/svg+xml
last-modified: Mon, 20 Jun 2022 12:01:55 GMT
etag: W/"62b061b3-d84"
content-security-policy: default-src 'self' https://*.itoolab.com https://*.clarity.ms wss://*.hotjar.com https://*.hotjar.com https://*.smartlook.cloud https://fonts.googleapis.com https://cj.luckydogsoft.workers.dev https://www.sjwoe.com https://www.mczbf.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://*.gstatic.com https://*.google.com https://q.quora.com https://www.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.googletagmanager.com https://cdn.paddle.com https://bat.bing.com https://www.linkconnector.com 'unsafe-inline'; script-src 'self' https://*.youtube.com https://web-sdk.smartlook.com https://static.hotjar.com https://www.clarity.ms https://platform.twitter.com https://cj.luckydogsoft.workers.dev https://www.mczbf.com https://order.luckydogsoft.com https://*.itoolab.com https://*.itubego.com https://js.stripe.com https://cdn.paddle.com https://www.googletagmanager.com https://www.googleoptimize.com https://www.googleadservices.com https://optimize.google.com https://googleads.g.doubleclick.net https://apis.google.com https://unpkg.com https://www.google-analytics.com https://bat.bing.com https://script.hotjar.com https://www.linkconnector.com https://cdn.bootcss.com https://www.google.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://*.itoolab.com https://www.youtube-nocookie.com https://vars.hotjar.com https://platform.twitter.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://js.stripe.com https://*.paddle.com https://create-checkout.paddle.com https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://www.youtube.com https://www.linkconnector.com https://*.cloudfront.net 'unsafe-inline'; font-src 'self' https://*.gstatic.com data:; img-src 'self' https://i.ytimg.com https://bat.bing.com https://www.google-analytics.com https://order.luckydogsoft.com https://*.gstatic.com https://*.google.com https://www.googletagmanager.com https://img1.doctorsim.com https://www.emjcd.com https://www.linkconnector.com data:;
cache-control: max-age=14400
cf-cache-status: HIT
age: 506
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1lbszMJxntE8jCxbf4jwdPAtzu31SPlcdfKKl8bR%2B7EkH0ODOkGWoqQ5uOCp4l4Hf%2Bdfg7gNFDga6oPQB2oIxvyrKl4I5AHi5xB%2Fu0CWiPtgS2FT36HUrJxL1GXvJg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 828b0d1d6a6b65f1-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://itoolab.com/wp-content/themes/itoolab/assets/img/watsgo/watsgo-logo.svg

msedge.exe

Remote address:

188.114.96.0:443

Request

GET /wp-content/themes/itoolab/assets/img/watsgo/watsgo-logo.svg HTTP/2.0
host: itoolab.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://itoolab.com/thankyou/install-anygo-for-windows/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 19 Nov 2023 20:02:30 GMT
content-type: image/svg+xml
last-modified: Mon, 01 Aug 2022 12:24:45 GMT
etag: W/"62e7c60d-10be"
content-security-policy: default-src 'self' https://*.itoolab.com https://*.clarity.ms wss://*.hotjar.com https://*.hotjar.com https://*.smartlook.cloud https://fonts.googleapis.com https://cj.luckydogsoft.workers.dev https://www.sjwoe.com https://www.mczbf.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://*.gstatic.com https://*.google.com https://q.quora.com https://www.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.googletagmanager.com https://cdn.paddle.com https://bat.bing.com https://www.linkconnector.com 'unsafe-inline'; script-src 'self' https://*.youtube.com https://web-sdk.smartlook.com https://static.hotjar.com https://www.clarity.ms https://platform.twitter.com https://cj.luckydogsoft.workers.dev https://www.mczbf.com https://order.luckydogsoft.com https://*.itoolab.com https://*.itubego.com https://js.stripe.com https://cdn.paddle.com https://www.googletagmanager.com https://www.googleoptimize.com https://www.googleadservices.com https://optimize.google.com https://googleads.g.doubleclick.net https://apis.google.com https://unpkg.com https://www.google-analytics.com https://bat.bing.com https://script.hotjar.com https://www.linkconnector.com https://cdn.bootcss.com https://www.google.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://*.itoolab.com https://www.youtube-nocookie.com https://vars.hotjar.com https://platform.twitter.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://js.stripe.com https://*.paddle.com https://create-checkout.paddle.com https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://www.youtube.com https://www.linkconnector.com https://*.cloudfront.net 'unsafe-inline'; font-src 'self' https://*.gstatic.com data:; img-src 'self' https://i.ytimg.com https://bat.bing.com https://www.google-analytics.com https://order.luckydogsoft.com https://*.gstatic.com https://*.google.com https://www.googletagmanager.com https://img1.doctorsim.com https://www.emjcd.com https://www.linkconnector.com data:;
cache-control: max-age=14400
cf-cache-status: HIT
age: 506
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CieEjEyI%2FWzl1LsrVQAo6E78jbQK%2FF2SH47rG5fvm6yMeV67XHcHou%2Bd4cTG%2FP4dTWX87D0CI%2BhPqX2OPZI8AHvb2EYkcVkXRtwK8eRfQ2%2FTXQMob37yzjlBwH1LBg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 828b0d1d6a7865f1-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://itoolab.com/wp-content/themes/itoolab/assets/img/anygo.svg

msedge.exe

Remote address:

188.114.96.0:443

Request

GET /wp-content/themes/itoolab/assets/img/anygo.svg HTTP/2.0
host: itoolab.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://itoolab.com/thankyou/install-anygo-for-windows/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 19 Nov 2023 20:02:30 GMT
content-type: image/svg+xml
last-modified: Mon, 20 Jun 2022 12:01:55 GMT
etag: W/"62b061b3-9a7"
content-security-policy: default-src 'self' https://*.itoolab.com https://*.clarity.ms wss://*.hotjar.com https://*.hotjar.com https://*.smartlook.cloud https://fonts.googleapis.com https://cj.luckydogsoft.workers.dev https://www.sjwoe.com https://www.mczbf.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://*.gstatic.com https://*.google.com https://q.quora.com https://www.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.googletagmanager.com https://cdn.paddle.com https://bat.bing.com https://www.linkconnector.com 'unsafe-inline'; script-src 'self' https://*.youtube.com https://web-sdk.smartlook.com https://static.hotjar.com https://www.clarity.ms https://platform.twitter.com https://cj.luckydogsoft.workers.dev https://www.mczbf.com https://order.luckydogsoft.com https://*.itoolab.com https://*.itubego.com https://js.stripe.com https://cdn.paddle.com https://www.googletagmanager.com https://www.googleoptimize.com https://www.googleadservices.com https://optimize.google.com https://googleads.g.doubleclick.net https://apis.google.com https://unpkg.com https://www.google-analytics.com https://bat.bing.com https://script.hotjar.com https://www.linkconnector.com https://cdn.bootcss.com https://www.google.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://*.itoolab.com https://www.youtube-nocookie.com https://vars.hotjar.com https://platform.twitter.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://js.stripe.com https://*.paddle.com https://create-checkout.paddle.com https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://www.youtube.com https://www.linkconnector.com https://*.cloudfront.net 'unsafe-inline'; font-src 'self' https://*.gstatic.com data:; img-src 'self' https://i.ytimg.com https://bat.bing.com https://www.google-analytics.com https://order.luckydogsoft.com https://*.gstatic.com https://*.google.com https://www.googletagmanager.com https://img1.doctorsim.com https://www.emjcd.com https://www.linkconnector.com data:;
cache-control: max-age=14400
cf-cache-status: HIT
age: 506
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6R8O8dM2WZnVrHzMKZ7HtIrhrJbJGRJLsyNI2lppwt7rck33qWbshE%2BVkqseQbArVFPyuwMS0fespJZs0xDYK0p1He%2Bi70vAEJgHolj8gnpwVAD21weNlUtcS%2FuZJA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 828b0d1d6a6065f1-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://itoolab.com/wp-content/themes/itoolab/assets/img/v3/hot.svg

msedge.exe

Remote address:

188.114.96.0:443

Request

GET /wp-content/themes/itoolab/assets/img/v3/hot.svg HTTP/2.0
host: itoolab.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://itoolab.com/thankyou/install-anygo-for-windows/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 19 Nov 2023 20:02:30 GMT
content-type: image/svg+xml
last-modified: Mon, 01 Aug 2022 12:24:45 GMT
etag: W/"62e7c60d-3ab"
content-security-policy: default-src 'self' https://*.itoolab.com https://*.clarity.ms wss://*.hotjar.com https://*.hotjar.com https://*.smartlook.cloud https://fonts.googleapis.com https://cj.luckydogsoft.workers.dev https://www.sjwoe.com https://www.mczbf.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://*.gstatic.com https://*.google.com https://q.quora.com https://www.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.googletagmanager.com https://cdn.paddle.com https://bat.bing.com https://www.linkconnector.com 'unsafe-inline'; script-src 'self' https://*.youtube.com https://web-sdk.smartlook.com https://static.hotjar.com https://www.clarity.ms https://platform.twitter.com https://cj.luckydogsoft.workers.dev https://www.mczbf.com https://order.luckydogsoft.com https://*.itoolab.com https://*.itubego.com https://js.stripe.com https://cdn.paddle.com https://www.googletagmanager.com https://www.googleoptimize.com https://www.googleadservices.com https://optimize.google.com https://googleads.g.doubleclick.net https://apis.google.com https://unpkg.com https://www.google-analytics.com https://bat.bing.com https://script.hotjar.com https://www.linkconnector.com https://cdn.bootcss.com https://www.google.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://*.itoolab.com https://www.youtube-nocookie.com https://vars.hotjar.com https://platform.twitter.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://js.stripe.com https://*.paddle.com https://create-checkout.paddle.com https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://www.youtube.com https://www.linkconnector.com https://*.cloudfront.net 'unsafe-inline'; font-src 'self' https://*.gstatic.com data:; img-src 'self' https://i.ytimg.com https://bat.bing.com https://www.google-analytics.com https://order.luckydogsoft.com https://*.gstatic.com https://*.google.com https://www.googletagmanager.com https://img1.doctorsim.com https://www.emjcd.com https://www.linkconnector.com data:;
cache-control: max-age=14400
cf-cache-status: HIT
age: 506
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ea0c2iC2DLIyrX5LCv%2FJ%2FB8RYRyRIt81zcBOeFY6p9jM%2FH1ny0xT4tXho9Ddi1mbhN761CRdcYqO6jBYjB0bXxC0hDoCaQ1g54CO17cJoRl5L0Tw0gOBXobu2Yv22A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 828b0d1d6a6965f1-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://itoolab.com/wp-content/themes/itoolab/assets/img/unlockgo-win-logo.svg

msedge.exe

Remote address:

188.114.96.0:443

Request

GET /wp-content/themes/itoolab/assets/img/unlockgo-win-logo.svg HTTP/2.0
host: itoolab.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://itoolab.com/thankyou/install-anygo-for-windows/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 19 Nov 2023 20:02:30 GMT
content-type: image/svg+xml
last-modified: Mon, 20 Jun 2022 12:01:55 GMT
etag: W/"62b061b3-aa2"
content-security-policy: default-src 'self' https://*.itoolab.com https://*.clarity.ms wss://*.hotjar.com https://*.hotjar.com https://*.smartlook.cloud https://fonts.googleapis.com https://cj.luckydogsoft.workers.dev https://www.sjwoe.com https://www.mczbf.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://*.gstatic.com https://*.google.com https://q.quora.com https://www.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.googletagmanager.com https://cdn.paddle.com https://bat.bing.com https://www.linkconnector.com 'unsafe-inline'; script-src 'self' https://*.youtube.com https://web-sdk.smartlook.com https://static.hotjar.com https://www.clarity.ms https://platform.twitter.com https://cj.luckydogsoft.workers.dev https://www.mczbf.com https://order.luckydogsoft.com https://*.itoolab.com https://*.itubego.com https://js.stripe.com https://cdn.paddle.com https://www.googletagmanager.com https://www.googleoptimize.com https://www.googleadservices.com https://optimize.google.com https://googleads.g.doubleclick.net https://apis.google.com https://unpkg.com https://www.google-analytics.com https://bat.bing.com https://script.hotjar.com https://www.linkconnector.com https://cdn.bootcss.com https://www.google.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://*.itoolab.com https://www.youtube-nocookie.com https://vars.hotjar.com https://platform.twitter.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://js.stripe.com https://*.paddle.com https://create-checkout.paddle.com https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://www.youtube.com https://www.linkconnector.com https://*.cloudfront.net 'unsafe-inline'; font-src 'self' https://*.gstatic.com data:; img-src 'self' https://i.ytimg.com https://bat.bing.com https://www.google-analytics.com https://order.luckydogsoft.com https://*.gstatic.com https://*.google.com https://www.googletagmanager.com https://img1.doctorsim.com https://www.emjcd.com https://www.linkconnector.com data:;
cache-control: max-age=14400
cf-cache-status: HIT
age: 506
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wn44ks3D23ngOeD54yWN48dlagwOTgS4W80m%2Bo52XTuNV82OQ%2FQyO4eUkhqj34AOr8By%2FFpF8uTKoEEKtoGsMQvuD4HIEkPp%2F6zOWwEkHTsq0sIDne6ugyQQfikHSA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 828b0d1d6a7065f1-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://itoolab.com/wp-content/themes/itoolab/assets/img/passwiper-logo.svg

msedge.exe

Remote address:

188.114.96.0:443

Request

GET /wp-content/themes/itoolab/assets/img/passwiper-logo.svg HTTP/2.0
host: itoolab.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://itoolab.com/thankyou/install-anygo-for-windows/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 19 Nov 2023 20:02:30 GMT
content-type: image/svg+xml
last-modified: Wed, 27 Sep 2023 03:18:32 GMT
etag: W/"65139f08-1368"
content-security-policy: default-src 'self' https://*.itoolab.com https://*.clarity.ms wss://*.hotjar.com https://*.hotjar.com https://*.smartlook.cloud https://fonts.googleapis.com https://cj.luckydogsoft.workers.dev https://www.sjwoe.com https://www.mczbf.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://*.gstatic.com https://*.google.com https://q.quora.com https://www.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.googletagmanager.com https://cdn.paddle.com https://bat.bing.com https://www.linkconnector.com 'unsafe-inline'; script-src 'self' https://*.youtube.com https://web-sdk.smartlook.com https://static.hotjar.com https://www.clarity.ms https://platform.twitter.com https://cj.luckydogsoft.workers.dev https://www.mczbf.com https://order.luckydogsoft.com https://*.itoolab.com https://*.itubego.com https://js.stripe.com https://cdn.paddle.com https://www.googletagmanager.com https://www.googleoptimize.com https://www.googleadservices.com https://optimize.google.com https://googleads.g.doubleclick.net https://apis.google.com https://unpkg.com https://www.google-analytics.com https://bat.bing.com https://script.hotjar.com https://www.linkconnector.com https://cdn.bootcss.com https://www.google.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://*.itoolab.com https://www.youtube-nocookie.com https://vars.hotjar.com https://platform.twitter.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://js.stripe.com https://*.paddle.com https://create-checkout.paddle.com https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://www.youtube.com https://www.linkconnector.com https://*.cloudfront.net 'unsafe-inline'; font-src 'self' https://*.gstatic.com data:; img-src 'self' https://i.ytimg.com https://bat.bing.com https://www.google-analytics.com https://order.luckydogsoft.com https://*.gstatic.com https://*.google.com https://www.googletagmanager.com https://img1.doctorsim.com https://www.emjcd.com https://www.linkconnector.com data:;
cache-control: max-age=14400
cf-cache-status: HIT
age: 506
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ya64AWLENcWUdqX7Gq5TtpjydTQ4yRQ9Q2iKKb7ScSCdEA%2F6VcAK4oTWstapL2Mz5QRfD1mifke%2FRL5wzQKJZPKO3xeUEcjwdeQvVxZjol7Zvz6YBgDqwfLwtX5IfQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 828b0d1d6a7765f1-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://itoolab.com/wp-content/themes/itoolab/assets/img/imute-icon-w.svg

msedge.exe

Remote address:

188.114.96.0:443

Request

GET /wp-content/themes/itoolab/assets/img/imute-icon-w.svg HTTP/2.0
host: itoolab.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://itoolab.com/thankyou/install-anygo-for-windows/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 19 Nov 2023 20:02:30 GMT
content-type: image/svg+xml
last-modified: Mon, 01 Aug 2022 12:24:45 GMT
etag: W/"62e7c60d-c09"
content-security-policy: default-src 'self' https://*.itoolab.com https://*.clarity.ms wss://*.hotjar.com https://*.hotjar.com https://*.smartlook.cloud https://fonts.googleapis.com https://cj.luckydogsoft.workers.dev https://www.sjwoe.com https://www.mczbf.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://*.gstatic.com https://*.google.com https://q.quora.com https://www.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.googletagmanager.com https://cdn.paddle.com https://bat.bing.com https://www.linkconnector.com 'unsafe-inline'; script-src 'self' https://*.youtube.com https://web-sdk.smartlook.com https://static.hotjar.com https://www.clarity.ms https://platform.twitter.com https://cj.luckydogsoft.workers.dev https://www.mczbf.com https://order.luckydogsoft.com https://*.itoolab.com https://*.itubego.com https://js.stripe.com https://cdn.paddle.com https://www.googletagmanager.com https://www.googleoptimize.com https://www.googleadservices.com https://optimize.google.com https://googleads.g.doubleclick.net https://apis.google.com https://unpkg.com https://www.google-analytics.com https://bat.bing.com https://script.hotjar.com https://www.linkconnector.com https://cdn.bootcss.com https://www.google.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://*.itoolab.com https://www.youtube-nocookie.com https://vars.hotjar.com https://platform.twitter.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://js.stripe.com https://*.paddle.com https://create-checkout.paddle.com https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://www.youtube.com https://www.linkconnector.com https://*.cloudfront.net 'unsafe-inline'; font-src 'self' https://*.gstatic.com data:; img-src 'self' https://i.ytimg.com https://bat.bing.com https://www.google-analytics.com https://order.luckydogsoft.com https://*.gstatic.com https://*.google.com https://www.googletagmanager.com https://img1.doctorsim.com https://www.emjcd.com https://www.linkconnector.com data:;
cache-control: max-age=14400
cf-cache-status: HIT
age: 506
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RaZQs15wfGvff6KT0wFH6oelYpOC%2B5%2B5vKh1Y63j8sYXUabc28zUxiPBW8VcoPxUHWow1W2XHmrclevR4p%2FzUlj7h%2FozQpAnwSHdoHIz8H44dZrQcFPL%2Ba0f2xIkXg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 828b0d1d6a7b65f1-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://itoolab.com/wp-content/themes/itoolab/assets/img/logo/anygo_ios.svg

msedge.exe

Remote address:

188.114.96.0:443

Request

GET /wp-content/themes/itoolab/assets/img/logo/anygo_ios.svg HTTP/2.0
host: itoolab.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://itoolab.com/thankyou/install-anygo-for-windows/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 19 Nov 2023 20:02:30 GMT
content-type: image/svg+xml
last-modified: Fri, 28 Jul 2023 11:02:20 GMT
etag: W/"64c3a03c-2a23"
content-security-policy: default-src 'self' https://*.itoolab.com https://*.clarity.ms wss://*.hotjar.com https://*.hotjar.com https://*.smartlook.cloud https://fonts.googleapis.com https://cj.luckydogsoft.workers.dev https://www.sjwoe.com https://www.mczbf.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://*.gstatic.com https://*.google.com https://q.quora.com https://www.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.googletagmanager.com https://cdn.paddle.com https://bat.bing.com https://www.linkconnector.com 'unsafe-inline'; script-src 'self' https://*.youtube.com https://web-sdk.smartlook.com https://static.hotjar.com https://www.clarity.ms https://platform.twitter.com https://cj.luckydogsoft.workers.dev https://www.mczbf.com https://order.luckydogsoft.com https://*.itoolab.com https://*.itubego.com https://js.stripe.com https://cdn.paddle.com https://www.googletagmanager.com https://www.googleoptimize.com https://www.googleadservices.com https://optimize.google.com https://googleads.g.doubleclick.net https://apis.google.com https://unpkg.com https://www.google-analytics.com https://bat.bing.com https://script.hotjar.com https://www.linkconnector.com https://cdn.bootcss.com https://www.google.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://*.itoolab.com https://www.youtube-nocookie.com https://vars.hotjar.com https://platform.twitter.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://js.stripe.com https://*.paddle.com https://create-checkout.paddle.com https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://www.youtube.com https://www.linkconnector.com https://*.cloudfront.net 'unsafe-inline'; font-src 'self' https://*.gstatic.com data:; img-src 'self' https://i.ytimg.com https://bat.bing.com https://www.google-analytics.com https://order.luckydogsoft.com https://*.gstatic.com https://*.google.com https://www.googletagmanager.com https://img1.doctorsim.com https://www.emjcd.com https://www.linkconnector.com data:;
cache-control: max-age=14400
cf-cache-status: HIT
age: 506
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kyfocUUqmWWe8Mhr5MYKscHMphOaMgIroZ8Wm9XarLziHhXCPpeOnpEoJ7tSDroisWvbyTkhClFwrwgRMw9ma67oknKtz8iJ8SqkgglIXL6HZXdWDXN%2FN8x1K%2BtCKw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 828b0d1d6a7365f1-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://itoolab.com/wp-content/themes/itoolab/assets/img/logo/anygo_android.svg

msedge.exe

Remote address:

188.114.96.0:443

Request

GET /wp-content/themes/itoolab/assets/img/logo/anygo_android.svg HTTP/2.0
host: itoolab.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://itoolab.com/thankyou/install-anygo-for-windows/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 19 Nov 2023 20:02:30 GMT
content-type: image/svg+xml
last-modified: Mon, 20 Jun 2022 12:01:55 GMT
etag: W/"62b061b3-8ef7"
content-security-policy: default-src 'self' https://*.itoolab.com https://*.clarity.ms wss://*.hotjar.com https://*.hotjar.com https://*.smartlook.cloud https://fonts.googleapis.com https://cj.luckydogsoft.workers.dev https://www.sjwoe.com https://www.mczbf.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://*.gstatic.com https://*.google.com https://q.quora.com https://www.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.googletagmanager.com https://cdn.paddle.com https://bat.bing.com https://www.linkconnector.com 'unsafe-inline'; script-src 'self' https://*.youtube.com https://web-sdk.smartlook.com https://static.hotjar.com https://www.clarity.ms https://platform.twitter.com https://cj.luckydogsoft.workers.dev https://www.mczbf.com https://order.luckydogsoft.com https://*.itoolab.com https://*.itubego.com https://js.stripe.com https://cdn.paddle.com https://www.googletagmanager.com https://www.googleoptimize.com https://www.googleadservices.com https://optimize.google.com https://googleads.g.doubleclick.net https://apis.google.com https://unpkg.com https://www.google-analytics.com https://bat.bing.com https://script.hotjar.com https://www.linkconnector.com https://cdn.bootcss.com https://www.google.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://*.itoolab.com https://www.youtube-nocookie.com https://vars.hotjar.com https://platform.twitter.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://js.stripe.com https://*.paddle.com https://create-checkout.paddle.com https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://www.youtube.com https://www.linkconnector.com https://*.cloudfront.net 'unsafe-inline'; font-src 'self' https://*.gstatic.com data:; img-src 'self' https://i.ytimg.com https://bat.bing.com https://www.google-analytics.com https://order.luckydogsoft.com https://*.gstatic.com https://*.google.com https://www.googletagmanager.com https://img1.doctorsim.com https://www.emjcd.com https://www.linkconnector.com data:;
cache-control: max-age=14400
cf-cache-status: HIT
age: 27
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ebAh3Jqyd5z5rmpqSiTtSEHC7DvsRUdpRztqsPV%2B7fhk3GpqPAyXfb7YVCgx2y8QhaU9UEdg0hFkUoZKSTPNRRpR3onfMXVOyZhaGTl1JUd68KbKRzC%2FGkk3VMHWSg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 828b0d1d6a7f65f1-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://itoolab.com/wp-content/themes/itoolab/assets/img/logo/recovergo-android.svg

msedge.exe

Remote address:

188.114.96.0:443

Request

GET /wp-content/themes/itoolab/assets/img/logo/recovergo-android.svg HTTP/2.0
host: itoolab.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://itoolab.com/thankyou/install-anygo-for-windows/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 19 Nov 2023 20:02:30 GMT
content-type: image/svg+xml
last-modified: Wed, 01 Mar 2023 06:31:42 GMT
etag: W/"63fef14e-8c4"
content-security-policy: default-src 'self' https://*.itoolab.com https://*.clarity.ms wss://*.hotjar.com https://*.hotjar.com https://*.smartlook.cloud https://fonts.googleapis.com https://cj.luckydogsoft.workers.dev https://www.sjwoe.com https://www.mczbf.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://*.gstatic.com https://*.google.com https://q.quora.com https://www.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.googletagmanager.com https://cdn.paddle.com https://bat.bing.com https://www.linkconnector.com 'unsafe-inline'; script-src 'self' https://*.youtube.com https://web-sdk.smartlook.com https://static.hotjar.com https://www.clarity.ms https://platform.twitter.com https://cj.luckydogsoft.workers.dev https://www.mczbf.com https://order.luckydogsoft.com https://*.itoolab.com https://*.itubego.com https://js.stripe.com https://cdn.paddle.com https://www.googletagmanager.com https://www.googleoptimize.com https://www.googleadservices.com https://optimize.google.com https://googleads.g.doubleclick.net https://apis.google.com https://unpkg.com https://www.google-analytics.com https://bat.bing.com https://script.hotjar.com https://www.linkconnector.com https://cdn.bootcss.com https://www.google.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://*.itoolab.com https://www.youtube-nocookie.com https://vars.hotjar.com https://platform.twitter.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://js.stripe.com https://*.paddle.com https://create-checkout.paddle.com https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://www.youtube.com https://www.linkconnector.com https://*.cloudfront.net 'unsafe-inline'; font-src 'self' https://*.gstatic.com data:; img-src 'self' https://i.ytimg.com https://bat.bing.com https://www.google-analytics.com https://order.luckydogsoft.com https://*.gstatic.com https://*.google.com https://www.googletagmanager.com https://img1.doctorsim.com https://www.emjcd.com https://www.linkconnector.com data:;
cache-control: max-age=14400
cf-cache-status: HIT
age: 506
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B8e9XF7Qujo2QDPleZ4iSSdMcRm3I%2F1z3FlS38gJQzkwifcMVM3SMgtrSOa2EKHXNsOrMjnygsWs68JQ1H8EVYvJA2Yra%2B3U1yBZr29ing6tbScXm%2BrOpH7QR4Mq8Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 828b0d1d6a7965f1-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://itoolab.com/wp-content/themes/itoolab/assets/img/support.svg

msedge.exe

Remote address:

188.114.96.0:443

Request

GET /wp-content/themes/itoolab/assets/img/support.svg HTTP/2.0
host: itoolab.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://itoolab.com/thankyou/install-anygo-for-windows/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 19 Nov 2023 20:02:30 GMT
content-type: image/svg+xml
last-modified: Mon, 01 Aug 2022 12:24:45 GMT
etag: W/"62e7c60d-43a8"
content-security-policy: default-src 'self' https://*.itoolab.com https://*.clarity.ms wss://*.hotjar.com https://*.hotjar.com https://*.smartlook.cloud https://fonts.googleapis.com https://cj.luckydogsoft.workers.dev https://www.sjwoe.com https://www.mczbf.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://*.gstatic.com https://*.google.com https://q.quora.com https://www.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.googletagmanager.com https://cdn.paddle.com https://bat.bing.com https://www.linkconnector.com 'unsafe-inline'; script-src 'self' https://*.youtube.com https://web-sdk.smartlook.com https://static.hotjar.com https://www.clarity.ms https://platform.twitter.com https://cj.luckydogsoft.workers.dev https://www.mczbf.com https://order.luckydogsoft.com https://*.itoolab.com https://*.itubego.com https://js.stripe.com https://cdn.paddle.com https://www.googletagmanager.com https://www.googleoptimize.com https://www.googleadservices.com https://optimize.google.com https://googleads.g.doubleclick.net https://apis.google.com https://unpkg.com https://www.google-analytics.com https://bat.bing.com https://script.hotjar.com https://www.linkconnector.com https://cdn.bootcss.com https://www.google.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://*.itoolab.com https://www.youtube-nocookie.com https://vars.hotjar.com https://platform.twitter.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://js.stripe.com https://*.paddle.com https://create-checkout.paddle.com https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://www.youtube.com https://www.linkconnector.com https://*.cloudfront.net 'unsafe-inline'; font-src 'self' https://*.gstatic.com data:; img-src 'self' https://i.ytimg.com https://bat.bing.com https://www.google-analytics.com https://order.luckydogsoft.com https://*.gstatic.com https://*.google.com https://www.googletagmanager.com https://img1.doctorsim.com https://www.emjcd.com https://www.linkconnector.com data:;
cache-control: max-age=14400
cf-cache-status: HIT
age: 506
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YZ5HNP22X7FEc2epANmk8E%2FayaoYHuHDgeoeDNFc396OWhZDBpw0UxKxZ16s%2FJ4acgpE3g9dO%2FdACI0X%2BOsHZh%2BUE2F1ulr6JeyvxgnZZBOIxoewDmE35BCujhsxew%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 828b0d1d6a7c65f1-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://itoolab.com/wp-content/themes/itoolab/assets/img/download-center-icon.svg

msedge.exe

Remote address:

188.114.96.0:443

Request

GET /wp-content/themes/itoolab/assets/img/download-center-icon.svg HTTP/2.0
host: itoolab.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://itoolab.com/thankyou/install-anygo-for-windows/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 19 Nov 2023 20:02:30 GMT
content-type: image/svg+xml
last-modified: Mon, 20 Jun 2022 12:01:55 GMT
etag: W/"62b061b3-3ff"
content-security-policy: default-src 'self' https://*.itoolab.com https://*.clarity.ms wss://*.hotjar.com https://*.hotjar.com https://*.smartlook.cloud https://fonts.googleapis.com https://cj.luckydogsoft.workers.dev https://www.sjwoe.com https://www.mczbf.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://*.gstatic.com https://*.google.com https://q.quora.com https://www.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.googletagmanager.com https://cdn.paddle.com https://bat.bing.com https://www.linkconnector.com 'unsafe-inline'; script-src 'self' https://*.youtube.com https://web-sdk.smartlook.com https://static.hotjar.com https://www.clarity.ms https://platform.twitter.com https://cj.luckydogsoft.workers.dev https://www.mczbf.com https://order.luckydogsoft.com https://*.itoolab.com https://*.itubego.com https://js.stripe.com https://cdn.paddle.com https://www.googletagmanager.com https://www.googleoptimize.com https://www.googleadservices.com https://optimize.google.com https://googleads.g.doubleclick.net https://apis.google.com https://unpkg.com https://www.google-analytics.com https://bat.bing.com https://script.hotjar.com https://www.linkconnector.com https://cdn.bootcss.com https://www.google.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://*.itoolab.com https://www.youtube-nocookie.com https://vars.hotjar.com https://platform.twitter.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://js.stripe.com https://*.paddle.com https://create-checkout.paddle.com https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://www.youtube.com https://www.linkconnector.com https://*.cloudfront.net 'unsafe-inline'; font-src 'self' https://*.gstatic.com data:; img-src 'self' https://i.ytimg.com https://bat.bing.com https://www.google-analytics.com https://order.luckydogsoft.com https://*.gstatic.com https://*.google.com https://www.googletagmanager.com https://img1.doctorsim.com https://www.emjcd.com https://www.linkconnector.com data:;
cache-control: max-age=14400
cf-cache-status: HIT
age: 7194
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UY9%2B8Bh3tFLlj6gogetR10XC6I2FXRiTc1n66iPdZhbgRx4%2FZBdMo1HsLIAEDRhVsNV%2BZ0BPqB5vwNTFf%2FmPUx05XvtJOjHsKoQ86PG87FQuUGLeqyIbsBhjgegXOA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 828b0d1d6a8165f1-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://itoolab.com/wp-content/themes/itoolab/assets/img/how-to.svg

msedge.exe

Remote address:

188.114.96.0:443

Request

GET /wp-content/themes/itoolab/assets/img/how-to.svg HTTP/2.0
host: itoolab.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://itoolab.com/thankyou/install-anygo-for-windows/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 19 Nov 2023 20:02:30 GMT
content-type: image/svg+xml
last-modified: Mon, 20 Jun 2022 12:01:55 GMT
etag: W/"62b061b3-58a"
content-security-policy: default-src 'self' https://*.itoolab.com https://*.clarity.ms wss://*.hotjar.com https://*.hotjar.com https://*.smartlook.cloud https://fonts.googleapis.com https://cj.luckydogsoft.workers.dev https://www.sjwoe.com https://www.mczbf.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://*.gstatic.com https://*.google.com https://q.quora.com https://www.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.googletagmanager.com https://cdn.paddle.com https://bat.bing.com https://www.linkconnector.com 'unsafe-inline'; script-src 'self' https://*.youtube.com https://web-sdk.smartlook.com https://static.hotjar.com https://www.clarity.ms https://platform.twitter.com https://cj.luckydogsoft.workers.dev https://www.mczbf.com https://order.luckydogsoft.com https://*.itoolab.com https://*.itubego.com https://js.stripe.com https://cdn.paddle.com https://www.googletagmanager.com https://www.googleoptimize.com https://www.googleadservices.com https://optimize.google.com https://googleads.g.doubleclick.net https://apis.google.com https://unpkg.com https://www.google-analytics.com https://bat.bing.com https://script.hotjar.com https://www.linkconnector.com https://cdn.bootcss.com https://www.google.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://*.itoolab.com https://www.youtube-nocookie.com https://vars.hotjar.com https://platform.twitter.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://js.stripe.com https://*.paddle.com https://create-checkout.paddle.com https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://www.youtube.com https://www.linkconnector.com https://*.cloudfront.net 'unsafe-inline'; font-src 'self' https://*.gstatic.com data:; img-src 'self' https://i.ytimg.com https://bat.bing.com https://www.google-analytics.com https://order.luckydogsoft.com https://*.gstatic.com https://*.google.com https://www.googletagmanager.com https://img1.doctorsim.com https://www.emjcd.com https://www.linkconnector.com data:;
cache-control: max-age=14400
cf-cache-status: HIT
age: 3640
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kZIEs8x8bnbILYQyoT6yAZAsbIOt2idOt5KGTlC939bhEOzMtT0DBLhgt9%2BYgiil9p1dusRoHsNQdqIi75z2xhkf1DPLjODWngV8JiwR5TtMI5H6obGzhIoK9I8tSw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 828b0d1d6a8265f1-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://itoolab.com/wp-content/themes/itoolab/assets/img/contact-us.svg

msedge.exe

Remote address:

188.114.96.0:443

Request

GET /wp-content/themes/itoolab/assets/img/contact-us.svg HTTP/2.0
host: itoolab.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://itoolab.com/thankyou/install-anygo-for-windows/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 19 Nov 2023 20:02:30 GMT
content-type: image/png
content-length: 12474
last-modified: Tue, 12 Sep 2023 11:46:18 GMT
etag: "65004f8a-30ba"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-security-policy: default-src 'self' https://*.itoolab.com https://*.clarity.ms wss://*.hotjar.com https://*.hotjar.com https://*.smartlook.cloud https://fonts.googleapis.com https://cj.luckydogsoft.workers.dev https://www.sjwoe.com https://www.mczbf.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://*.gstatic.com https://*.google.com https://q.quora.com https://www.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.googletagmanager.com https://cdn.paddle.com https://bat.bing.com https://www.linkconnector.com 'unsafe-inline'; script-src 'self' https://*.youtube.com https://web-sdk.smartlook.com https://static.hotjar.com https://www.clarity.ms https://platform.twitter.com https://cj.luckydogsoft.workers.dev https://www.mczbf.com https://order.luckydogsoft.com https://*.itoolab.com https://*.itubego.com https://js.stripe.com https://cdn.paddle.com https://www.googletagmanager.com https://www.googleoptimize.com https://www.googleadservices.com https://optimize.google.com https://googleads.g.doubleclick.net https://apis.google.com https://unpkg.com https://www.google-analytics.com https://bat.bing.com https://script.hotjar.com https://www.linkconnector.com https://cdn.bootcss.com https://www.google.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://*.itoolab.com https://www.youtube-nocookie.com https://vars.hotjar.com https://platform.twitter.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://js.stripe.com https://*.paddle.com https://create-checkout.paddle.com https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://www.youtube.com https://www.linkconnector.com https://*.cloudfront.net 'unsafe-inline'; font-src 'self' https://*.gstatic.com data:; img-src 'self' https://i.ytimg.com https://bat.bing.com https://www.google-analytics.com https://order.luckydogsoft.com https://*.gstatic.com https://*.google.com https://www.googletagmanager.com https://img1.doctorsim.com https://www.emjcd.com https://www.linkconnector.com data:;
cf-cache-status: HIT
age: 1528353
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vwKzgN%2BNW9Dfid12NeQx7ucz%2BQsP3pIMZOAZ9%2BBkhlUsXOHcz%2FKD0mhF2oQoxFNneo5haSnINT8lc1wriepTllDQGbeuGSbRumFnpO5Ej3XCWa7gbXgw5WEVEBtw6g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 828b0d1d6a7e65f1-AMS
alt-svc: h3=":443"; ma=86400
GET

https://itoolab.com/wp-content/themes/itoolab/assets/img/move-whatsapp-to-new-phone/40off.png

msedge.exe

Remote address:

188.114.96.0:443

Request

GET /wp-content/themes/itoolab/assets/img/move-whatsapp-to-new-phone/40off.png HTTP/2.0
host: itoolab.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://itoolab.com/thankyou/install-anygo-for-windows/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 19 Nov 2023 20:02:30 GMT
content-type: image/svg+xml
last-modified: Mon, 20 Jun 2022 12:01:55 GMT
etag: W/"62b061b3-d9f"
content-security-policy: default-src 'self' https://*.itoolab.com https://*.clarity.ms wss://*.hotjar.com https://*.hotjar.com https://*.smartlook.cloud https://fonts.googleapis.com https://cj.luckydogsoft.workers.dev https://www.sjwoe.com https://www.mczbf.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://*.gstatic.com https://*.google.com https://q.quora.com https://www.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.googletagmanager.com https://cdn.paddle.com https://bat.bing.com https://www.linkconnector.com 'unsafe-inline'; script-src 'self' https://*.youtube.com https://web-sdk.smartlook.com https://static.hotjar.com https://www.clarity.ms https://platform.twitter.com https://cj.luckydogsoft.workers.dev https://www.mczbf.com https://order.luckydogsoft.com https://*.itoolab.com https://*.itubego.com https://js.stripe.com https://cdn.paddle.com https://www.googletagmanager.com https://www.googleoptimize.com https://www.googleadservices.com https://optimize.google.com https://googleads.g.doubleclick.net https://apis.google.com https://unpkg.com https://www.google-analytics.com https://bat.bing.com https://script.hotjar.com https://www.linkconnector.com https://cdn.bootcss.com https://www.google.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://*.itoolab.com https://www.youtube-nocookie.com https://vars.hotjar.com https://platform.twitter.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://js.stripe.com https://*.paddle.com https://create-checkout.paddle.com https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://www.youtube.com https://www.linkconnector.com https://*.cloudfront.net 'unsafe-inline'; font-src 'self' https://*.gstatic.com data:; img-src 'self' https://i.ytimg.com https://bat.bing.com https://www.google-analytics.com https://order.luckydogsoft.com https://*.gstatic.com https://*.google.com https://www.googletagmanager.com https://img1.doctorsim.com https://www.emjcd.com https://www.linkconnector.com data:;
cache-control: max-age=14400
cf-cache-status: HIT
age: 506
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HIEIl98aqEq5s9P07h5xsT8shlv4fP6U%2BNBDhGaVUFpD7QaSa%2B%2BsgaxXQBS5qIYRBW%2FpxUGzyNENdubfJe9XcFrI3D60hy1cxAqtqCv8zlUnoHH4RfLjRHcwToFQUg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 828b0d1d6a5665f1-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://itoolab.com/wp-content/themes/itoolab/assets/img/move-whatsapp-to-new-phone/navigation-entry.png

msedge.exe

Remote address:

188.114.96.0:443

Request

GET /wp-content/themes/itoolab/assets/img/move-whatsapp-to-new-phone/navigation-entry.png HTTP/2.0
host: itoolab.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://itoolab.com/thankyou/install-anygo-for-windows/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 19 Nov 2023 20:02:30 GMT
content-type: image/svg+xml
last-modified: Sat, 03 Dec 2022 03:16:46 GMT
etag: W/"638abf9e-473"
content-security-policy: default-src 'self' https://*.itoolab.com https://*.clarity.ms wss://*.hotjar.com https://*.hotjar.com https://*.smartlook.cloud https://fonts.googleapis.com https://cj.luckydogsoft.workers.dev https://www.sjwoe.com https://www.mczbf.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://*.gstatic.com https://*.google.com https://q.quora.com https://www.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.googletagmanager.com https://cdn.paddle.com https://bat.bing.com https://www.linkconnector.com 'unsafe-inline'; script-src 'self' https://*.youtube.com https://web-sdk.smartlook.com https://static.hotjar.com https://www.clarity.ms https://platform.twitter.com https://cj.luckydogsoft.workers.dev https://www.mczbf.com https://order.luckydogsoft.com https://*.itoolab.com https://*.itubego.com https://js.stripe.com https://cdn.paddle.com https://www.googletagmanager.com https://www.googleoptimize.com https://www.googleadservices.com https://optimize.google.com https://googleads.g.doubleclick.net https://apis.google.com https://unpkg.com https://www.google-analytics.com https://bat.bing.com https://script.hotjar.com https://www.linkconnector.com https://cdn.bootcss.com https://www.google.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://*.itoolab.com https://www.youtube-nocookie.com https://vars.hotjar.com https://platform.twitter.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://js.stripe.com https://*.paddle.com https://create-checkout.paddle.com https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://www.youtube.com https://www.linkconnector.com https://*.cloudfront.net 'unsafe-inline'; font-src 'self' https://*.gstatic.com data:; img-src 'self' https://i.ytimg.com https://bat.bing.com https://www.google-analytics.com https://order.luckydogsoft.com https://*.gstatic.com https://*.google.com https://www.googletagmanager.com https://img1.doctorsim.com https://www.emjcd.com https://www.linkconnector.com data:;
cache-control: max-age=14400
cf-cache-status: HIT
age: 7194
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GyZ0pa6DMTDhg2Vzsc1So0swr0gqv0QwqetCbZ8cuaT8V1h1zZpZ8%2B50rkpW1THO20kBhkl1s2heK2iKI4rflS7uTk982EdgxfYc8A1ZaIH%2FTKuJIueMYhVjx%2B31Ow%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 828b0d1d6a8365f1-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://itoolab.com/wp-content/themes/itoolab/assets/img/itoolab-slogan.svg

msedge.exe

Remote address:

188.114.96.0:443

Request

GET /wp-content/themes/itoolab/assets/img/itoolab-slogan.svg HTTP/2.0
host: itoolab.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://itoolab.com/thankyou/install-anygo-for-windows/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 19 Nov 2023 20:02:30 GMT
content-type: image/svg+xml
last-modified: Mon, 20 Jun 2022 12:01:55 GMT
etag: W/"62b061b3-27c"
content-security-policy: default-src 'self' https://*.itoolab.com https://*.clarity.ms wss://*.hotjar.com https://*.hotjar.com https://*.smartlook.cloud https://fonts.googleapis.com https://cj.luckydogsoft.workers.dev https://www.sjwoe.com https://www.mczbf.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://*.gstatic.com https://*.google.com https://q.quora.com https://www.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.googletagmanager.com https://cdn.paddle.com https://bat.bing.com https://www.linkconnector.com 'unsafe-inline'; script-src 'self' https://*.youtube.com https://web-sdk.smartlook.com https://static.hotjar.com https://www.clarity.ms https://platform.twitter.com https://cj.luckydogsoft.workers.dev https://www.mczbf.com https://order.luckydogsoft.com https://*.itoolab.com https://*.itubego.com https://js.stripe.com https://cdn.paddle.com https://www.googletagmanager.com https://www.googleoptimize.com https://www.googleadservices.com https://optimize.google.com https://googleads.g.doubleclick.net https://apis.google.com https://unpkg.com https://www.google-analytics.com https://bat.bing.com https://script.hotjar.com https://www.linkconnector.com https://cdn.bootcss.com https://www.google.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://*.itoolab.com https://www.youtube-nocookie.com https://vars.hotjar.com https://platform.twitter.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://js.stripe.com https://*.paddle.com https://create-checkout.paddle.com https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://www.youtube.com https://www.linkconnector.com https://*.cloudfront.net 'unsafe-inline'; font-src 'self' https://*.gstatic.com data:; img-src 'self' https://i.ytimg.com https://bat.bing.com https://www.google-analytics.com https://order.luckydogsoft.com https://*.gstatic.com https://*.google.com https://www.googletagmanager.com https://img1.doctorsim.com https://www.emjcd.com https://www.linkconnector.com data:;
cache-control: max-age=14400
cf-cache-status: HIT
age: 7194
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XF5OmT7cf87pqnyAA%2BwT8Ok0aoc8UUpP15%2FQdoB5oCNwCpRSR4dPM8AkfUpbUq50KPKyXaI5i2HEGa7YLJhbexJjjnpJzN7BS%2FC%2BFj35WfzzRerPCiYGBVcQIo1mew%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 828b0d1d6a8065f1-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://itoolab.com/wp-content/themes/itoolab/assets/img/facebook_icon.svg

msedge.exe

Remote address:

188.114.96.0:443

Request

GET /wp-content/themes/itoolab/assets/img/facebook_icon.svg HTTP/2.0
host: itoolab.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://itoolab.com/thankyou/install-anygo-for-windows/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 19 Nov 2023 20:02:30 GMT
content-type: image/svg+xml
last-modified: Thu, 04 Aug 2022 09:22:18 GMT
etag: W/"62eb8fca-94a"
content-security-policy: default-src 'self' https://*.itoolab.com https://*.clarity.ms wss://*.hotjar.com https://*.hotjar.com https://*.smartlook.cloud https://fonts.googleapis.com https://cj.luckydogsoft.workers.dev https://www.sjwoe.com https://www.mczbf.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://*.gstatic.com https://*.google.com https://q.quora.com https://www.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.googletagmanager.com https://cdn.paddle.com https://bat.bing.com https://www.linkconnector.com 'unsafe-inline'; script-src 'self' https://*.youtube.com https://web-sdk.smartlook.com https://static.hotjar.com https://www.clarity.ms https://platform.twitter.com https://cj.luckydogsoft.workers.dev https://www.mczbf.com https://order.luckydogsoft.com https://*.itoolab.com https://*.itubego.com https://js.stripe.com https://cdn.paddle.com https://www.googletagmanager.com https://www.googleoptimize.com https://www.googleadservices.com https://optimize.google.com https://googleads.g.doubleclick.net https://apis.google.com https://unpkg.com https://www.google-analytics.com https://bat.bing.com https://script.hotjar.com https://www.linkconnector.com https://cdn.bootcss.com https://www.google.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://*.itoolab.com https://www.youtube-nocookie.com https://vars.hotjar.com https://platform.twitter.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://js.stripe.com https://*.paddle.com https://create-checkout.paddle.com https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://www.youtube.com https://www.linkconnector.com https://*.cloudfront.net 'unsafe-inline'; font-src 'self' https://*.gstatic.com data:; img-src 'self' https://i.ytimg.com https://bat.bing.com https://www.google-analytics.com https://order.luckydogsoft.com https://*.gstatic.com https://*.google.com https://www.googletagmanager.com https://img1.doctorsim.com https://www.emjcd.com https://www.linkconnector.com data:;
cache-control: max-age=14400
cf-cache-status: HIT
age: 29
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pHM1pBmbtzNXnfjnE6%2FAUIYYpY0fIslaoqQF3t2QcbtnziWTJOCQoO8YZOKGypxUGNyVSrHXuVDa9GSQOQMOMmAhFMchvtjRyYFWUb9P2IxFhi7px0VsRYxtNfhirA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 828b0d1d6a5165f1-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://itoolab.com/wp-content/themes/itoolab/assets/img/twitter_icon.svg

msedge.exe

Remote address:

188.114.96.0:443

Request

GET /wp-content/themes/itoolab/assets/img/twitter_icon.svg HTTP/2.0
host: itoolab.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://itoolab.com/thankyou/install-anygo-for-windows/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 19 Nov 2023 20:02:30 GMT
content-type: image/svg+xml
last-modified: Thu, 15 Jun 2023 11:29:03 GMT
etag: W/"648af5ff-2d6e"
content-security-policy: default-src 'self' https://*.itoolab.com https://*.clarity.ms wss://*.hotjar.com https://*.hotjar.com https://*.smartlook.cloud https://fonts.googleapis.com https://cj.luckydogsoft.workers.dev https://www.sjwoe.com https://www.mczbf.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://*.gstatic.com https://*.google.com https://q.quora.com https://www.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.googletagmanager.com https://cdn.paddle.com https://bat.bing.com https://www.linkconnector.com 'unsafe-inline'; script-src 'self' https://*.youtube.com https://web-sdk.smartlook.com https://static.hotjar.com https://www.clarity.ms https://platform.twitter.com https://cj.luckydogsoft.workers.dev https://www.mczbf.com https://order.luckydogsoft.com https://*.itoolab.com https://*.itubego.com https://js.stripe.com https://cdn.paddle.com https://www.googletagmanager.com https://www.googleoptimize.com https://www.googleadservices.com https://optimize.google.com https://googleads.g.doubleclick.net https://apis.google.com https://unpkg.com https://www.google-analytics.com https://bat.bing.com https://script.hotjar.com https://www.linkconnector.com https://cdn.bootcss.com https://www.google.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://*.itoolab.com https://www.youtube-nocookie.com https://vars.hotjar.com https://platform.twitter.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://js.stripe.com https://*.paddle.com https://create-checkout.paddle.com https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://www.youtube.com https://www.linkconnector.com https://*.cloudfront.net 'unsafe-inline'; font-src 'self' https://*.gstatic.com data:; img-src 'self' https://i.ytimg.com https://bat.bing.com https://www.google-analytics.com https://order.luckydogsoft.com https://*.gstatic.com https://*.google.com https://www.googletagmanager.com https://img1.doctorsim.com https://www.emjcd.com https://www.linkconnector.com data:;
cache-control: max-age=14400
cf-cache-status: HIT
age: 506
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x1G0IK7jAt3%2BkT1AlzwIA20gKGkRIU0gZdj1KUp7lIsf26EBdEavSVHCWvbiz4J0XD3hvJXQpoYlB3IkgzJvMD%2Fxaun7hS46h7yDoYM91G17LbPLaT9EUh%2F7w92LCQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 828b0d1d6a7565f1-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://itoolab.com/wp-content/themes/itoolab/assets/img/linkedin_icon.svg

msedge.exe

Remote address:

188.114.96.0:443

Request

GET /wp-content/themes/itoolab/assets/img/linkedin_icon.svg HTTP/2.0
host: itoolab.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://itoolab.com/thankyou/install-anygo-for-windows/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 19 Nov 2023 20:02:30 GMT
content-type: image/svg+xml
last-modified: Mon, 20 Jun 2022 12:01:55 GMT
etag: W/"62b061b3-13f4"
content-security-policy: default-src 'self' https://*.itoolab.com https://*.clarity.ms wss://*.hotjar.com https://*.hotjar.com https://*.smartlook.cloud https://fonts.googleapis.com https://cj.luckydogsoft.workers.dev https://www.sjwoe.com https://www.mczbf.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://*.gstatic.com https://*.google.com https://q.quora.com https://www.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.googletagmanager.com https://cdn.paddle.com https://bat.bing.com https://www.linkconnector.com 'unsafe-inline'; script-src 'self' https://*.youtube.com https://web-sdk.smartlook.com https://static.hotjar.com https://www.clarity.ms https://platform.twitter.com https://cj.luckydogsoft.workers.dev https://www.mczbf.com https://order.luckydogsoft.com https://*.itoolab.com https://*.itubego.com https://js.stripe.com https://cdn.paddle.com https://www.googletagmanager.com https://www.googleoptimize.com https://www.googleadservices.com https://optimize.google.com https://googleads.g.doubleclick.net https://apis.google.com https://unpkg.com https://www.google-analytics.com https://bat.bing.com https://script.hotjar.com https://www.linkconnector.com https://cdn.bootcss.com https://www.google.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://*.itoolab.com https://www.youtube-nocookie.com https://vars.hotjar.com https://platform.twitter.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://js.stripe.com https://*.paddle.com https://create-checkout.paddle.com https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://www.youtube.com https://www.linkconnector.com https://*.cloudfront.net 'unsafe-inline'; font-src 'self' https://*.gstatic.com data:; img-src 'self' https://i.ytimg.com https://bat.bing.com https://www.google-analytics.com https://order.luckydogsoft.com https://*.gstatic.com https://*.google.com https://www.googletagmanager.com https://img1.doctorsim.com https://www.emjcd.com https://www.linkconnector.com data:;
cache-control: max-age=14400
cf-cache-status: HIT
age: 506
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0L5mt8Gy6uuAAr6XEuE5Nteo3aGbZYbA3IEc%2FAxZVtNnjEN1k%2BleoyXLJqK0eK5MMq9dpj3%2FE72L4Lc8zgujMRQkP%2FiHxn8MNp%2FyhJfx4ISmUl7GweIFu0EdfA3YJw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 828b0d1d6a6565f1-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://itoolab.com/wp-content/themes/itoolab/assets/img/whatsapp.svg

msedge.exe

Remote address:

188.114.96.0:443

Request

GET /wp-content/themes/itoolab/assets/img/whatsapp.svg HTTP/2.0
host: itoolab.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://itoolab.com/thankyou/install-anygo-for-windows/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 19 Nov 2023 20:02:30 GMT
content-type: image/png
content-length: 4249
last-modified: Tue, 12 Sep 2023 11:46:18 GMT
etag: "65004f8a-1099"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-security-policy: default-src 'self' https://*.itoolab.com https://*.clarity.ms wss://*.hotjar.com https://*.hotjar.com https://*.smartlook.cloud https://fonts.googleapis.com https://cj.luckydogsoft.workers.dev https://www.sjwoe.com https://www.mczbf.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://*.gstatic.com https://*.google.com https://q.quora.com https://www.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.googletagmanager.com https://cdn.paddle.com https://bat.bing.com https://www.linkconnector.com 'unsafe-inline'; script-src 'self' https://*.youtube.com https://web-sdk.smartlook.com https://static.hotjar.com https://www.clarity.ms https://platform.twitter.com https://cj.luckydogsoft.workers.dev https://www.mczbf.com https://order.luckydogsoft.com https://*.itoolab.com https://*.itubego.com https://js.stripe.com https://cdn.paddle.com https://www.googletagmanager.com https://www.googleoptimize.com https://www.googleadservices.com https://optimize.google.com https://googleads.g.doubleclick.net https://apis.google.com https://unpkg.com https://www.google-analytics.com https://bat.bing.com https://script.hotjar.com https://www.linkconnector.com https://cdn.bootcss.com https://www.google.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://*.itoolab.com https://www.youtube-nocookie.com https://vars.hotjar.com https://platform.twitter.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://js.stripe.com https://*.paddle.com https://create-checkout.paddle.com https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://www.youtube.com https://www.linkconnector.com https://*.cloudfront.net 'unsafe-inline'; font-src 'self' https://*.gstatic.com data:; img-src 'self' https://i.ytimg.com https://bat.bing.com https://www.google-analytics.com https://order.luckydogsoft.com https://*.gstatic.com https://*.google.com https://www.googletagmanager.com https://img1.doctorsim.com https://www.emjcd.com https://www.linkconnector.com data:;
cf-cache-status: HIT
age: 832679
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VZIW9QDfVWscrjuUDJTeZwZ4Vb1E5Vr0d00sYBQLJq1KCYDdXjbh8AJwxf1bPUNItivoU8%2FJ8JcZK3ifciqKP%2BOJRBIFSjpNfK6OEl9TBOT24xu70FXxO5OO3x40Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 828b0d1d6a7d65f1-AMS
alt-svc: h3=":443"; ma=86400
GET

https://itoolab.com/wp-content/themes/itoolab/assets/js/lazysizes.min.js

msedge.exe

Remote address:

188.114.96.0:443

Request

GET /wp-content/themes/itoolab/assets/js/lazysizes.min.js HTTP/2.0
host: itoolab.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://itoolab.com/thankyou/install-anygo-for-windows/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 19 Nov 2023 20:02:30 GMT
content-type: application/javascript
last-modified: Mon, 20 Jun 2022 12:01:55 GMT
etag: W/"62b061b3-1e5b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-security-policy: default-src 'self' https://*.itoolab.com https://*.clarity.ms wss://*.hotjar.com https://*.hotjar.com https://*.smartlook.cloud https://fonts.googleapis.com https://cj.luckydogsoft.workers.dev https://www.sjwoe.com https://www.mczbf.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://*.gstatic.com https://*.google.com https://q.quora.com https://www.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.googletagmanager.com https://cdn.paddle.com https://bat.bing.com https://www.linkconnector.com 'unsafe-inline'; script-src 'self' https://*.youtube.com https://web-sdk.smartlook.com https://static.hotjar.com https://www.clarity.ms https://platform.twitter.com https://cj.luckydogsoft.workers.dev https://www.mczbf.com https://order.luckydogsoft.com https://*.itoolab.com https://*.itubego.com https://js.stripe.com https://cdn.paddle.com https://www.googletagmanager.com https://www.googleoptimize.com https://www.googleadservices.com https://optimize.google.com https://googleads.g.doubleclick.net https://apis.google.com https://unpkg.com https://www.google-analytics.com https://bat.bing.com https://script.hotjar.com https://www.linkconnector.com https://cdn.bootcss.com https://www.google.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://*.itoolab.com https://www.youtube-nocookie.com https://vars.hotjar.com https://platform.twitter.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://js.stripe.com https://*.paddle.com https://create-checkout.paddle.com https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://www.youtube.com https://www.linkconnector.com https://*.cloudfront.net 'unsafe-inline'; font-src 'self' https://*.gstatic.com data:; img-src 'self' https://i.ytimg.com https://bat.bing.com https://www.google-analytics.com https://order.luckydogsoft.com https://*.gstatic.com https://*.google.com https://www.googletagmanager.com https://img1.doctorsim.com https://www.emjcd.com https://www.linkconnector.com data:;
cf-cache-status: HIT
age: 583031
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=52xedK8phofQH4knwbZuuJUvCvq9FxLhj95NU7x7xmJ7Mq74DO98rc3zkRyvGTxqpBlipr2Vl56YCR4k0VIVVGK5SXDKG1cnTBYqCwPMGYeNYpLUN02N9yT2s7wQ5g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 828b0d1d6a8565f1-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
DNS

21.219.227.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

21.219.227.13.in-addr.arpa

IN PTR

Response

21.219.227.13.in-addr.arpa

IN PTR

server-13-227-219-21ams54r cloudfrontnet
DNS

0.96.114.188.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.96.114.188.in-addr.arpa

IN PTR

Response
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301720_1RTL8BA2J0Q8NK3V3&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301720_1RTL8BA2J0Q8NK3V3&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 1242948
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 1C2D5A46E4474C269DFC80DC00761FE6 Ref B: BRU30EDGE0618 Ref C: 2023-11-19T20:02:32Z
date: Sun, 19 Nov 2023 20:02:32 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317300912_14SMI9ALS9V9H7HIK&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317300912_14SMI9ALS9V9H7HIK&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 1027655
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 1200A12647C14F6EB6E1DE0C6886A9C6 Ref B: BRU30EDGE0618 Ref C: 2023-11-19T20:02:32Z
date: Sun, 19 Nov 2023 20:02:32 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317300902_14F528RDK55L6SFIC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317300902_14F528RDK55L6SFIC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 549669
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 04B7073532874602BEC5D3C40F8C4575 Ref B: BRU30EDGE0618 Ref C: 2023-11-19T20:02:32Z
date: Sun, 19 Nov 2023 20:02:32 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301335_1DRNDT8YL4OP0BA9X&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301335_1DRNDT8YL4OP0BA9X&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 461380
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 96421934D6014A53B5A022DC948DABB7 Ref B: BRU30EDGE0618 Ref C: 2023-11-19T20:02:32Z
date: Sun, 19 Nov 2023 20:02:32 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301311_18QMRZHF9BCDK2OBJ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301311_18QMRZHF9BCDK2OBJ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 1127964
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: AC075D362A77476D9323A35A1C55C8AA Ref B: BRU30EDGE0618 Ref C: 2023-11-19T20:02:32Z
date: Sun, 19 Nov 2023 20:02:32 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301345_1WOXH94FFUEO6EHH0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301345_1WOXH94FFUEO6EHH0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 874104
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 6882797F919645EABFDFFE66AFD05F03 Ref B: BRU30EDGE0618 Ref C: 2023-11-19T20:02:33Z
date: Sun, 19 Nov 2023 20:02:33 GMT
DNS

www.linkconnector.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.linkconnector.com

IN A

Response

www.linkconnector.com

IN A

172.67.22.39

www.linkconnector.com

IN A

104.22.49.169

www.linkconnector.com

IN A

104.22.48.169
GET

https://www.linkconnector.com/uts_lp.php?cgid=901731

msedge.exe

Remote address:

172.67.22.39:443

Request

GET /uts_lp.php?cgid=901731 HTTP/2.0
host: www.linkconnector.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://itoolab.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 19 Nov 2023 20:02:30 GMT
content-type: text/javascript; charset=UTF-8
content-length: 2811
x-content-type-options: nosniff
access-control-allow-origin: https://itoolab.com
timing-allow-origin: *
cache-control: no-cache, must-revalidate
set-cookie: uts_901731_lpcheck=1; expires=Sun, 19-Nov-2023 21:02:30 GMT; Max-Age=3600; path=/; samesite=none; domain=.linkconnector.com; secure
content-encoding: gzip
vary: Accept-Encoding
x-server: lcweb1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 828b0d1e1c63b90c-AMS
GET

https://www.linkconnector.com/uts_clickcounts.php?cgid=901731&mid=157821&MerchantURL=https%3A%2F%2Fitoolab.com%2F&cid=&Mode=js&AffiliateReferer=&uts_lcid_arr=[]&uts_mlcid=LC1700424145.932

msedge.exe

Remote address:

172.67.22.39:443

Request

GET /uts_clickcounts.php?cgid=901731&mid=157821&MerchantURL=https%3A%2F%2Fitoolab.com%2F&cid=&Mode=js&AffiliateReferer=&uts_lcid_arr=[]&uts_mlcid=LC1700424145.932 HTTP/2.0
host: www.linkconnector.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://itoolab.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 19 Nov 2023 20:02:31 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-server: lcweb1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 828b0d21f938b90c-AMS
content-encoding: gzip
DNS

113.39.65.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

113.39.65.18.in-addr.arpa

IN PTR

Response

113.39.65.18.in-addr.arpa

IN PTR

server-18-65-39-113ams1r cloudfrontnet
DNS

39.22.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

39.22.67.172.in-addr.arpa

IN PTR

Response
DNS

bat.bing.com

msedge.exe

Remote address:

8.8.8.8:53

Request

bat.bing.com

IN A

Response

bat.bing.com

IN CNAME

bat-bing-com.a-0001.a-msedge.net

bat-bing-com.a-0001.a-msedge.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://bat.bing.com/bat.js

msedge.exe

Remote address:

204.79.197.200:443

Request

GET /bat.js HTTP/2.0
host: bat.bing.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://itoolab.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: private,max-age=1800
content-length: 13175
content-type: application/javascript
content-encoding: gzip
last-modified: Fri, 10 Nov 2023 20:09:55 GMT
accept-ranges: bytes
etag: "80abcdf1114da1:0"
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A065936E63884B719A4F0EB8A0DF772D Ref B: DUS30EDGE0919 Ref C: 2023-11-19T20:02:31Z
date: Sun, 19 Nov 2023 20:02:30 GMT
GET

https://bat.bing.com/p/action/134001520.js

msedge.exe

Remote address:

204.79.197.200:443

Request

GET /p/action/134001520.js HTTP/2.0
host: bat.bing.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://itoolab.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=25243DDDE2D2618A06E62E13E37860FE; domain=.bing.com; expires=Fri, 13-Dec-2024 20:02:31 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: CE424630F8B2493BBFD49EEA9C48822E Ref B: DUS30EDGE0919 Ref C: 2023-11-19T20:02:31Z
date: Sun, 19 Nov 2023 20:02:31 GMT
GET

https://bat.bing.com/action/0?ti=134001520&Ver=2&mid=392e3bc4-3f9a-418d-b8eb-a90643a5fa31&sid=8f6a9d00871611ee9a3ba97daa576f28&vid=8f6ad670871611ee8d896bb99bd44731&vids=1&msclkid=N&pi=-1416307915&lg=en-US&sw=1280&sh=720&sc=24&tl=Thanks%20for%20Installing%20AnyGo%20for%20Windows&kw=Thanks%20for%20installing%20AnyGo%20for%20Windows&p=https%3A%2F%2Fitoolab.com%2Fthankyou%2Finstall-anygo-for-windows%2F&r=&lt=2212&evt=pageLoad&sv=1&rn=200749

msedge.exe

Remote address:

204.79.197.200:443

Request

GET /action/0?ti=134001520&Ver=2&mid=392e3bc4-3f9a-418d-b8eb-a90643a5fa31&sid=8f6a9d00871611ee9a3ba97daa576f28&vid=8f6ad670871611ee8d896bb99bd44731&vids=1&msclkid=N&pi=-1416307915&lg=en-US&sw=1280&sh=720&sc=24&tl=Thanks%20for%20Installing%20AnyGo%20for%20Windows&kw=Thanks%20for%20installing%20AnyGo%20for%20Windows&p=https%3A%2F%2Fitoolab.com%2Fthankyou%2Finstall-anygo-for-windows%2F&r=&lt=2212&evt=pageLoad&sv=1&rn=200749 HTTP/2.0
host: bat.bing.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://itoolab.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

cache-control: private,max-age=1800
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 42B4BD62BE5B42ADAEBE9222B86B07FB Ref B: DUS30EDGE0919 Ref C: 2023-11-19T20:02:31Z
date: Sun, 19 Nov 2023 20:02:31 GMT
DNS

googleads.g.doubleclick.net

msedge.exe

Remote address:

8.8.8.8:53

Request

googleads.g.doubleclick.net

IN A

Response

googleads.g.doubleclick.net

IN A

172.217.23.194
GET

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10876596137/?random=1700424145667&cv=11&fst=1700424145667&bg=ffffff&guid=ON&async=1&gtm=45He3b81v9132743511&gcd=11l1l1l1l1&dma=0&u_w=1280&u_h=720&url=https%3A%2F%2Fitoolab.com%2Fthankyou%2Finstall-anygo-for-windows%2F&hn=www.googleadservices.com&frm=0&tiba=Thanks%20for%20Installing%20AnyGo%20for%20Windows&auid=2048785268.1700424146&uaa=x86&uamb=0&uap=Windows&uapv=10.0&uaw=0&rfmt=3&fmt=4

msedge.exe

Remote address:

172.217.23.194:443

Request

GET /pagead/viewthroughconversion/10876596137/?random=1700424145667&cv=11&fst=1700424145667&bg=ffffff&guid=ON&async=1&gtm=45He3b81v9132743511&gcd=11l1l1l1l1&dma=0&u_w=1280&u_h=720&url=https%3A%2F%2Fitoolab.com%2Fthankyou%2Finstall-anygo-for-windows%2F&hn=www.googleadservices.com&frm=0&tiba=Thanks%20for%20Installing%20AnyGo%20for%20Windows&auid=2048785268.1700424146&uaa=x86&uamb=0&uap=Windows&uapv=10.0&uaw=0&rfmt=3&fmt=4 HTTP/2.0
host: googleads.g.doubleclick.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://itoolab.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

sf.symcd.com

msiexec.exe

Remote address:

8.8.8.8:53

Request

sf.symcd.com

IN A

Response

sf.symcd.com

IN CNAME

mpki-ocsp.digicert.com

mpki-ocsp.digicert.com

IN CNAME

fp3011.wpc.2be4.phicdn.net

fp3011.wpc.2be4.phicdn.net

IN CNAME

fp3011.wpc.phicdn.net

fp3011.wpc.phicdn.net

IN A

152.199.19.74
DNS

sf.symcd.com

msiexec.exe

Remote address:

8.8.8.8:53

Request

sf.symcd.com

IN A

Response

sf.symcd.com

IN CNAME

mpki-ocsp.digicert.com

mpki-ocsp.digicert.com

IN CNAME

fp3011.wpc.2be4.phicdn.net

fp3011.wpc.2be4.phicdn.net

IN CNAME

fp3011.wpc.phicdn.net

fp3011.wpc.phicdn.net

IN A

152.199.19.74
DNS

analytics.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

analytics.google.com

IN A

Response

analytics.google.com

IN A

216.58.214.14
DNS

stats.g.doubleclick.net

msedge.exe

Remote address:

8.8.8.8:53

Request

stats.g.doubleclick.net

IN A

Response

stats.g.doubleclick.net

IN A

142.250.102.157

stats.g.doubleclick.net

IN A

142.250.102.154

stats.g.doubleclick.net

IN A

142.250.102.155

stats.g.doubleclick.net

IN A

142.250.102.156
GET

http://sf.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo%2FX8AUm7%2BPSp50CECsg6zOAeSqwEfZiwGT9tHM%3D

msiexec.exe

Remote address:

152.199.19.74:80

Request

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo%2FX8AUm7%2BPSp50CECsg6zOAeSqwEfZiwGT9tHM%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: sf.symcd.com

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Age: 1167
Cache-Control: public, max-age=86400
Content-Type: application/ocsp-response
Date: Sun, 19 Nov 2023 20:02:31 GMT
Last-Modified: Sun, 19 Nov 2023 19:43:04 GMT
Server: ECAcc (ama/4897)
X-Cache: HIT
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Content-Length: 1575
POST

https://analytics.google.com/g/collect?v=2&tid=G-FZCRLPQMZW&gtm=45je3b81v887131871z8841305150&_p=1700424144745&_gaz=1&gcd=11l1l1l1l1&dma=0&cid=1559062670.1700424146&ul=en-us&sr=1280x720&ir=1&uaa=x86&uamb=0&uam=&uap=Windows&uapv=10.0&uaw=0&_eu=Eg&_s=1&sid=1700424145&sct=1&seg=0&dl=https%3A%2F%2Fitoolab.com%2Fthankyou%2Finstall-anygo-for-windows%2F&dt=Thanks%20for%20Installing%20AnyGo%20for%20Windows&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=2591

msedge.exe

Remote address:

216.58.214.14:443

Request

POST /g/collect?v=2&tid=G-FZCRLPQMZW&gtm=45je3b81v887131871z8841305150&_p=1700424144745&_gaz=1&gcd=11l1l1l1l1&dma=0&cid=1559062670.1700424146&ul=en-us&sr=1280x720&ir=1&uaa=x86&uamb=0&uam=&uap=Windows&uapv=10.0&uaw=0&_eu=Eg&_s=1&sid=1700424145&sct=1&seg=0&dl=https%3A%2F%2Fitoolab.com%2Fthankyou%2Finstall-anygo-for-windows%2F&dt=Thanks%20for%20Installing%20AnyGo%20for%20Windows&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=2591 HTTP/2.0
host: analytics.google.com
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://itoolab.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://itoolab.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
POST

https://analytics.google.com/g/collect?v=2&tid=G-FZCRLPQMZW&gtm=45je3b81v887131871z8841305150&_p=1700424144745&gcd=11l1l1l1l1&dma=0&cid=1559062670.1700424146&ul=en-us&sr=1280x720&ir=1&uaa=x86&uamb=0&uam=&uap=Windows&uapv=10.0&uaw=0&_eu=EA&_s=2&sid=1700424145&sct=1&seg=0&dl=https%3A%2F%2Fitoolab.com%2Fthankyou%2Finstall-anygo-for-windows%2F&dt=Thanks%20for%20Installing%20AnyGo%20for%20Windows&en=install&_c=1&ep.install_product_name=install-anygo-for-windows&_et=6&tfd=2616

msedge.exe

Remote address:

216.58.214.14:443

Request

POST /g/collect?v=2&tid=G-FZCRLPQMZW&gtm=45je3b81v887131871z8841305150&_p=1700424144745&gcd=11l1l1l1l1&dma=0&cid=1559062670.1700424146&ul=en-us&sr=1280x720&ir=1&uaa=x86&uamb=0&uam=&uap=Windows&uapv=10.0&uaw=0&_eu=EA&_s=2&sid=1700424145&sct=1&seg=0&dl=https%3A%2F%2Fitoolab.com%2Fthankyou%2Finstall-anygo-for-windows%2F&dt=Thanks%20for%20Installing%20AnyGo%20for%20Windows&en=install&_c=1&ep.install_product_name=install-anygo-for-windows&_et=6&tfd=2616 HTTP/2.0
host: analytics.google.com
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://itoolab.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://itoolab.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
POST

https://analytics.google.com/g/collect?v=2&tid=G-FZCRLPQMZW&gtm=45je3b81v887131871&_p=1700424144745&gcd=11l1l1l1l1&dma=0&cid=1559062670.1700424146&ul=en-us&sr=1280x720&ir=1&uaa=x86&uamb=0&uam=&uap=Windows&uapv=10.0&uaw=0&_eu=AAg&_s=3&sid=1700424145&sct=1&seg=0&dl=https%3A%2F%2Fitoolab.com%2Fthankyou%2Finstall-anygo-for-windows%2F&dt=Thanks%20for%20Installing%20AnyGo%20for%20Windows&cu=USD&en=install&_c=1&epn.value=0&_et=4&tfd=2628

msedge.exe

Remote address:

216.58.214.14:443

Request

POST /g/collect?v=2&tid=G-FZCRLPQMZW&gtm=45je3b81v887131871&_p=1700424144745&gcd=11l1l1l1l1&dma=0&cid=1559062670.1700424146&ul=en-us&sr=1280x720&ir=1&uaa=x86&uamb=0&uam=&uap=Windows&uapv=10.0&uaw=0&_eu=AAg&_s=3&sid=1700424145&sct=1&seg=0&dl=https%3A%2F%2Fitoolab.com%2Fthankyou%2Finstall-anygo-for-windows%2F&dt=Thanks%20for%20Installing%20AnyGo%20for%20Windows&cu=USD&en=install&_c=1&epn.value=0&_et=4&tfd=2628 HTTP/2.0
host: analytics.google.com
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://itoolab.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://itoolab.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
POST

https://analytics.google.com/g/collect?v=2&tid=G-FZCRLPQMZW&gtm=45je3b81v887131871&_p=1700424144745&gcd=11l1l1l1l1&dma=0&cid=1559062670.1700424146&ul=en-us&sr=1280x720&ir=1&uaa=x86&uamb=0&uam=&uap=Windows&uapv=10.0&uaw=0&_eu=EgAC&_s=4&sid=1700424145&sct=1&seg=1&dl=https%3A%2F%2Fitoolab.com%2Fthankyou%2Finstall-anygo-for-windows%2F&dt=Thanks%20for%20Installing%20AnyGo%20for%20Windows&en=page_view&_ee=1&_et=6&tfd=2698

msedge.exe

Remote address:

216.58.214.14:443

Request

POST /g/collect?v=2&tid=G-FZCRLPQMZW&gtm=45je3b81v887131871&_p=1700424144745&gcd=11l1l1l1l1&dma=0&cid=1559062670.1700424146&ul=en-us&sr=1280x720&ir=1&uaa=x86&uamb=0&uam=&uap=Windows&uapv=10.0&uaw=0&_eu=EgAC&_s=4&sid=1700424145&sct=1&seg=1&dl=https%3A%2F%2Fitoolab.com%2Fthankyou%2Finstall-anygo-for-windows%2F&dt=Thanks%20for%20Installing%20AnyGo%20for%20Windows&en=page_view&_ee=1&_et=6&tfd=2698 HTTP/2.0
host: analytics.google.com
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://itoolab.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://itoolab.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
POST

https://analytics.google.com/g/collect?v=2&tid=G-FZCRLPQMZW&gtm=45je3b81v887131871&_p=1700424144745&gcd=11l1l1l1l1&dma=0&cid=1559062670.1700424146&ul=en-us&sr=1280x720&ir=1&uaa=x86&uamb=0&uam=&uap=Windows&uapv=10.0&uaw=0&_eu=AAg&_s=5&sid=1700424145&sct=1&seg=1&dl=https%3A%2F%2Fitoolab.com%2Fthankyou%2Finstall-anygo-for-windows%2F&dt=Thanks%20for%20Installing%20AnyGo%20for%20Windows&cu=USD&en=install&_c=1&_et=1&epn.value=0&tfd=2698

msedge.exe

Remote address:

216.58.214.14:443

Request

POST /g/collect?v=2&tid=G-FZCRLPQMZW&gtm=45je3b81v887131871&_p=1700424144745&gcd=11l1l1l1l1&dma=0&cid=1559062670.1700424146&ul=en-us&sr=1280x720&ir=1&uaa=x86&uamb=0&uam=&uap=Windows&uapv=10.0&uaw=0&_eu=AAg&_s=5&sid=1700424145&sct=1&seg=1&dl=https%3A%2F%2Fitoolab.com%2Fthankyou%2Finstall-anygo-for-windows%2F&dt=Thanks%20for%20Installing%20AnyGo%20for%20Windows&cu=USD&en=install&_c=1&_et=1&epn.value=0&tfd=2698 HTTP/2.0
host: analytics.google.com
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://itoolab.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://itoolab.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
POST

https://analytics.google.com/g/collect?v=2&tid=G-HV4TZRZTZ6&gtm=45je3b81v9132832266z89132743511&_p=1700424144745&_gaz=1&gcd=11l1l1l1l1&dma=0&cid=1559062670.1700424146&ul=en-us&sr=1280x720&ir=1&uaa=x86&uamb=0&uam=&uap=Windows&uapv=10.0&uaw=0&_eu=EA&_s=1&sid=1700424146&sct=1&seg=0&dl=https%3A%2F%2Fitoolab.com%2Fthankyou%2Finstall-anygo-for-windows%2F&dt=Thanks%20for%20Installing%20AnyGo%20for%20Windows&en=page_view&_fv=1&_ss=1&tfd=2832

msedge.exe

Remote address:

216.58.214.14:443

Request

POST /g/collect?v=2&tid=G-HV4TZRZTZ6&gtm=45je3b81v9132832266z89132743511&_p=1700424144745&_gaz=1&gcd=11l1l1l1l1&dma=0&cid=1559062670.1700424146&ul=en-us&sr=1280x720&ir=1&uaa=x86&uamb=0&uam=&uap=Windows&uapv=10.0&uaw=0&_eu=EA&_s=1&sid=1700424146&sct=1&seg=0&dl=https%3A%2F%2Fitoolab.com%2Fthankyou%2Finstall-anygo-for-windows%2F&dt=Thanks%20for%20Installing%20AnyGo%20for%20Windows&en=page_view&_fv=1&_ss=1&tfd=2832 HTTP/2.0
host: analytics.google.com
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://itoolab.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://itoolab.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
POST

https://analytics.google.com/g/collect?v=2&tid=G-HV4TZRZTZ6&gtm=45je3b81v9132832266z89132743511&_p=1700424144745&gcd=11l1l1l1l1&dma=0&cid=1559062670.1700424146&ul=en-us&sr=1280x720&ir=1&uaa=x86&uamb=0&uam=&uap=Windows&uapv=10.0&uaw=0&_eu=EA&_s=2&sid=1700424146&sct=1&seg=0&dl=https%3A%2F%2Fitoolab.com%2Fthankyou%2Finstall-anygo-for-windows%2F&dt=Thanks%20for%20Installing%20AnyGo%20for%20Windows&en=install&_c=1&ep.pro_name=AnyGo%20Windows&_et=52&tfd=2890

msedge.exe

Remote address:

216.58.214.14:443

Request

POST /g/collect?v=2&tid=G-HV4TZRZTZ6&gtm=45je3b81v9132832266z89132743511&_p=1700424144745&gcd=11l1l1l1l1&dma=0&cid=1559062670.1700424146&ul=en-us&sr=1280x720&ir=1&uaa=x86&uamb=0&uam=&uap=Windows&uapv=10.0&uaw=0&_eu=EA&_s=2&sid=1700424146&sct=1&seg=0&dl=https%3A%2F%2Fitoolab.com%2Fthankyou%2Finstall-anygo-for-windows%2F&dt=Thanks%20for%20Installing%20AnyGo%20for%20Windows&en=install&_c=1&ep.pro_name=AnyGo%20Windows&_et=52&tfd=2890 HTTP/2.0
host: analytics.google.com
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://itoolab.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://itoolab.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
POST

https://stats.g.doubleclick.net/g/collect?v=2&tid=G-FZCRLPQMZW&cid=1559062670.1700424146&gtm=45je3b81v887131871z8841305150&aip=1&dma=0&gcd=11l1l1l1l1

msedge.exe

Remote address:

142.250.102.157:443

Request

POST /g/collect?v=2&tid=G-FZCRLPQMZW&cid=1559062670.1700424146&gtm=45je3b81v887131871z8841305150&aip=1&dma=0&gcd=11l1l1l1l1 HTTP/2.0
host: stats.g.doubleclick.net
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://itoolab.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://itoolab.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
POST

https://stats.g.doubleclick.net/g/collect?v=2&tid=G-HV4TZRZTZ6&cid=1559062670.1700424146&gtm=45je3b81v9132832266z89132743511&aip=1&dma=0&gcd=11l1l1l1l1

msedge.exe

Remote address:

142.250.102.157:443

Request

POST /g/collect?v=2&tid=G-HV4TZRZTZ6&cid=1559062670.1700424146&gtm=45je3b81v9132832266z89132743511&aip=1&dma=0&gcd=11l1l1l1l1 HTTP/2.0
host: stats.g.doubleclick.net
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://itoolab.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://itoolab.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
POST

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-172748361-1&cid=1559062670.1700424146&jid=410819879&gjid=67006221&_gid=405594903.1700424146&_u=YADAAEAAAAAAACAAI~&z=471537423

msedge.exe

Remote address:

142.250.102.157:443

Request

POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-172748361-1&cid=1559062670.1700424146&jid=410819879&gjid=67006221&_gid=405594903.1700424146&_u=YADAAEAAAAAAACAAI~&z=471537423 HTTP/2.0
host: stats.g.doubleclick.net
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain
accept: */*
origin: https://itoolab.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://itoolab.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

200.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.179.250.142.in-addr.arpa

IN PTR

Response

200.179.250.142.in-addr.arpa

IN PTR

ams15s42-in-f81e100net
DNS

200.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.179.250.142.in-addr.arpa

IN PTR

Response

200.179.250.142.in-addr.arpa

IN PTR

ams15s42-in-f81e100net
DNS

74.19.199.152.in-addr.arpa

Remote address:

8.8.8.8:53

Request

74.19.199.152.in-addr.arpa

IN PTR

Response
DNS

74.19.199.152.in-addr.arpa

Remote address:

8.8.8.8:53

Request

74.19.199.152.in-addr.arpa

IN PTR

Response
DNS

194.23.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

194.23.217.172.in-addr.arpa

IN PTR

Response

194.23.217.172.in-addr.arpa

IN PTR

prg03s05-in-f1941e100net

194.23.217.172.in-addr.arpa

IN PTR

ams16s37-in-f2�J

194.23.217.172.in-addr.arpa

IN PTR

prg03s05-in-f2�J
DNS

157.102.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

157.102.250.142.in-addr.arpa

IN PTR

Response

157.102.250.142.in-addr.arpa

IN PTR

rb-in-f1571e100net
DNS

157.102.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

157.102.250.142.in-addr.arpa

IN PTR

Response

157.102.250.142.in-addr.arpa

IN PTR

rb-in-f1571e100net
DNS

196.168.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

196.168.217.172.in-addr.arpa

IN PTR

Response

196.168.217.172.in-addr.arpa

IN PTR

ams16s32-in-f41e100net
DNS

14.214.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.214.58.216.in-addr.arpa

IN PTR

Response

14.214.58.216.in-addr.arpa

IN PTR

lhr26s05-in-f141e100net

14.214.58.216.in-addr.arpa

IN PTR

�8

14.214.58.216.in-addr.arpa

IN PTR

ams17s09-in-f14�H
DNS

90.65.42.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

90.65.42.20.in-addr.arpa

IN PTR

Response

188.114.97.0:443

download.itoolab.com

tls

AnyGoW.exe

1.2kB
6.1kB
10
11
188.114.97.0:443

download.itoolab.com

tls

AnyGoW.exe

1.2kB
4.6kB
9
10
208.95.112.1:80

http://ip-api.com/json/

http

AnyGoW.exe

332 B
590 B
4
2

HTTP Request

GET http://ip-api.com/json/

HTTP Response

200
104.21.20.125:443

download.onvideoeditor.com

tls

AnyGoW.exe

1.3kB
6.4kB
10
12
3.130.144.212:443

anygo.itoolab.net

tls

AnyGoW.exe

1.4kB
7.0kB
11
11
127.0.0.1:27015

AnyGoW.exe
13.227.219.21:443

api.mapbox.com

tls

AnyGoW.exe

2.0kB
58.7kB
27
48
188.114.96.0:443

https://itoolab.com/wp-content/themes/itoolab/assets/js/lazysizes.min.js

tls, http2

msedge.exe

11.3kB
227.3kB
157
247

HTTP Request

GET https://itoolab.com/thankyou/install-anygo-for-windows/

HTTP Response

200

HTTP Request

GET https://itoolab.com/wp-content/themes/itoolab/assets/js/cookie-settings.js?v=1.0.3

HTTP Request

GET https://itoolab.com/wp-content/themes/itoolab/assets/css/tailwind.css?v=7.2.4

HTTP Request

GET https://itoolab.com/wp-content/themes/itoolab/assets/css/googlefont.css?v=1.0.0

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://itoolab.com/wp-content/themes/itoolab/assets/img/itoolab-logo.svg

HTTP Request

GET https://itoolab.com/wp-content/themes/itoolab/assets/img/iphone-data-recovery/recovergo-ios.svg

HTTP Request

GET https://itoolab.com/wp-content/themes/itoolab/assets/img/v3/new.svg

HTTP Request

GET https://itoolab.com/wp-content/themes/itoolab/assets/img/recovergo-for-whatsapp-logo.svg

HTTP Request

GET https://itoolab.com/wp-content/themes/itoolab/assets/img/recovergo-for-android-logo.svg

HTTP Request

GET https://itoolab.com/wp-content/themes/itoolab/assets/img/tunespal-icon.svg

HTTP Request

GET https://itoolab.com/wp-content/themes/itoolab/assets/img/v3/free.svg

HTTP Request

GET https://itoolab.com/wp-content/themes/itoolab/assets/img/unlockgo-android.svg

HTTP Request

GET https://itoolab.com/wp-content/themes/itoolab/assets/img/watsgo/watsgo-logo.svg

HTTP Request

GET https://itoolab.com/wp-content/themes/itoolab/assets/img/anygo.svg

HTTP Request

GET https://itoolab.com/wp-content/themes/itoolab/assets/img/v3/hot.svg

HTTP Request

GET https://itoolab.com/wp-content/themes/itoolab/assets/img/unlockgo-win-logo.svg

HTTP Request

GET https://itoolab.com/wp-content/themes/itoolab/assets/img/passwiper-logo.svg

HTTP Request

GET https://itoolab.com/wp-content/themes/itoolab/assets/img/imute-icon-w.svg

HTTP Request

GET https://itoolab.com/wp-content/themes/itoolab/assets/img/logo/anygo_ios.svg

HTTP Request

GET https://itoolab.com/wp-content/themes/itoolab/assets/img/logo/anygo_android.svg

HTTP Request

GET https://itoolab.com/wp-content/themes/itoolab/assets/img/logo/recovergo-android.svg

HTTP Request

GET https://itoolab.com/wp-content/themes/itoolab/assets/img/support.svg

HTTP Request

GET https://itoolab.com/wp-content/themes/itoolab/assets/img/download-center-icon.svg

HTTP Request

GET https://itoolab.com/wp-content/themes/itoolab/assets/img/how-to.svg

HTTP Request

GET https://itoolab.com/wp-content/themes/itoolab/assets/img/contact-us.svg

HTTP Request

GET https://itoolab.com/wp-content/themes/itoolab/assets/img/move-whatsapp-to-new-phone/40off.png

HTTP Request

GET https://itoolab.com/wp-content/themes/itoolab/assets/img/move-whatsapp-to-new-phone/navigation-entry.png

HTTP Request

GET https://itoolab.com/wp-content/themes/itoolab/assets/img/itoolab-slogan.svg

HTTP Request

GET https://itoolab.com/wp-content/themes/itoolab/assets/img/facebook_icon.svg

HTTP Request

GET https://itoolab.com/wp-content/themes/itoolab/assets/img/twitter_icon.svg

HTTP Request

GET https://itoolab.com/wp-content/themes/itoolab/assets/img/linkedin_icon.svg

HTTP Request

GET https://itoolab.com/wp-content/themes/itoolab/assets/img/whatsapp.svg

HTTP Request

GET https://itoolab.com/wp-content/themes/itoolab/assets/js/lazysizes.min.js

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200
204.79.197.200:443

https://tse1.mm.bing.net/th?id=OADD2.10239317301345_1WOXH94FFUEO6EHH0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

tls, http2

183.1kB
5.5MB
3947
3938

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301720_1RTL8BA2J0Q8NK3V3&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317300912_14SMI9ALS9V9H7HIK&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317300902_14F528RDK55L6SFIC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301335_1DRNDT8YL4OP0BA9X&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301311_18QMRZHF9BCDK2OBJ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301345_1WOXH94FFUEO6EHH0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Response

200
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.3kB
16
14
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.3kB
16
14
13.227.219.21:443

api.mapbox.com

tls

AnyGoW.exe

2.2kB
71.9kB
31
58
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.2kB
16
13
172.67.22.39:443

https://www.linkconnector.com/uts_clickcounts.php?cgid=901731&mid=157821&MerchantURL=https%3A%2F%2Fitoolab.com%2F&cid=&Mode=js&AffiliateReferer=&uts_lcid_arr=[]&uts_mlcid=LC1700424145.932

tls, http2

msedge.exe

1.9kB
7.2kB
15
19

HTTP Request

GET https://www.linkconnector.com/uts_lp.php?cgid=901731

HTTP Response

200

HTTP Request

GET https://www.linkconnector.com/uts_clickcounts.php?cgid=901731&mid=157821&MerchantURL=https%3A%2F%2Fitoolab.com%2F&cid=&Mode=js&AffiliateReferer=&uts_lcid_arr=[]&uts_mlcid=LC1700424145.932

HTTP Response

200
127.0.0.1:5037

adb.exe
204.79.197.200:443

https://bat.bing.com/action/0?ti=134001520&Ver=2&mid=392e3bc4-3f9a-418d-b8eb-a90643a5fa31&sid=8f6a9d00871611ee9a3ba97daa576f28&vid=8f6ad670871611ee8d896bb99bd44731&vids=1&msclkid=N&pi=-1416307915&lg=en-US&sw=1280&sh=720&sc=24&tl=Thanks%20for%20Installing%20AnyGo%20for%20Windows&kw=Thanks%20for%20installing%20AnyGo%20for%20Windows&p=https%3A%2F%2Fitoolab.com%2Fthankyou%2Finstall-anygo-for-windows%2F&r=&lt=2212&evt=pageLoad&sv=1&rn=200749

tls, http2

msedge.exe

2.8kB
23.2kB
25
31

HTTP Request

GET https://bat.bing.com/bat.js

HTTP Response

200

HTTP Request

GET https://bat.bing.com/p/action/134001520.js

HTTP Request

GET https://bat.bing.com/action/0?ti=134001520&Ver=2&mid=392e3bc4-3f9a-418d-b8eb-a90643a5fa31&sid=8f6a9d00871611ee9a3ba97daa576f28&vid=8f6ad670871611ee8d896bb99bd44731&vids=1&msclkid=N&pi=-1416307915&lg=en-US&sw=1280&sh=720&sc=24&tl=Thanks%20for%20Installing%20AnyGo%20for%20Windows&kw=Thanks%20for%20installing%20AnyGo%20for%20Windows&p=https%3A%2F%2Fitoolab.com%2Fthankyou%2Finstall-anygo-for-windows%2F&r=&lt=2212&evt=pageLoad&sv=1&rn=200749

HTTP Response

204

HTTP Response

204
172.217.23.194:443

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10876596137/?random=1700424145667&cv=11&fst=1700424145667&bg=ffffff&guid=ON&async=1&gtm=45He3b81v9132743511&gcd=11l1l1l1l1&dma=0&u_w=1280&u_h=720&url=https%3A%2F%2Fitoolab.com%2Fthankyou%2Finstall-anygo-for-windows%2F&hn=www.googleadservices.com&frm=0&tiba=Thanks%20for%20Installing%20AnyGo%20for%20Windows&auid=2048785268.1700424146&uaa=x86&uamb=0&uap=Windows&uapv=10.0&uaw=0&rfmt=3&fmt=4

tls, http2

msedge.exe

1.9kB
8.2kB
12
15

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10876596137/?random=1700424145667&cv=11&fst=1700424145667&bg=ffffff&guid=ON&async=1&gtm=45He3b81v9132743511&gcd=11l1l1l1l1&dma=0&u_w=1280&u_h=720&url=https%3A%2F%2Fitoolab.com%2Fthankyou%2Finstall-anygo-for-windows%2F&hn=www.googleadservices.com&frm=0&tiba=Thanks%20for%20Installing%20AnyGo%20for%20Windows&auid=2048785268.1700424146&uaa=x86&uamb=0&uap=Windows&uapv=10.0&uaw=0&rfmt=3&fmt=4
188.114.97.0:443

download.itoolab.com

tls

AnyGoW.exe

1.1kB
4.3kB
7
8
152.199.19.74:80

http://sf.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo%2FX8AUm7%2BPSp50CECsg6zOAeSqwEfZiwGT9tHM%3D

http

msiexec.exe

415 B
2.1kB
4
4

HTTP Request

GET http://sf.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo%2FX8AUm7%2BPSp50CECsg6zOAeSqwEfZiwGT9tHM%3D

HTTP Response

200
216.58.214.14:443

https://analytics.google.com/g/collect?v=2&tid=G-HV4TZRZTZ6&gtm=45je3b81v9132832266z89132743511&_p=1700424144745&gcd=11l1l1l1l1&dma=0&cid=1559062670.1700424146&ul=en-us&sr=1280x720&ir=1&uaa=x86&uamb=0&uam=&uap=Windows&uapv=10.0&uaw=0&_eu=EA&_s=2&sid=1700424146&sct=1&seg=0&dl=https%3A%2F%2Fitoolab.com%2Fthankyou%2Finstall-anygo-for-windows%2F&dt=Thanks%20for%20Installing%20AnyGo%20for%20Windows&en=install&_c=1&ep.pro_name=AnyGo%20Windows&_et=52&tfd=2890

tls, http2

msedge.exe

4.8kB
9.9kB
26
27

HTTP Request

POST https://analytics.google.com/g/collect?v=2&tid=G-FZCRLPQMZW&gtm=45je3b81v887131871z8841305150&_p=1700424144745&_gaz=1&gcd=11l1l1l1l1&dma=0&cid=1559062670.1700424146&ul=en-us&sr=1280x720&ir=1&uaa=x86&uamb=0&uam=&uap=Windows&uapv=10.0&uaw=0&_eu=Eg&_s=1&sid=1700424145&sct=1&seg=0&dl=https%3A%2F%2Fitoolab.com%2Fthankyou%2Finstall-anygo-for-windows%2F&dt=Thanks%20for%20Installing%20AnyGo%20for%20Windows&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=2591

HTTP Request

POST https://analytics.google.com/g/collect?v=2&tid=G-FZCRLPQMZW&gtm=45je3b81v887131871z8841305150&_p=1700424144745&gcd=11l1l1l1l1&dma=0&cid=1559062670.1700424146&ul=en-us&sr=1280x720&ir=1&uaa=x86&uamb=0&uam=&uap=Windows&uapv=10.0&uaw=0&_eu=EA&_s=2&sid=1700424145&sct=1&seg=0&dl=https%3A%2F%2Fitoolab.com%2Fthankyou%2Finstall-anygo-for-windows%2F&dt=Thanks%20for%20Installing%20AnyGo%20for%20Windows&en=install&_c=1&ep.install_product_name=install-anygo-for-windows&_et=6&tfd=2616

HTTP Request

POST https://analytics.google.com/g/collect?v=2&tid=G-FZCRLPQMZW&gtm=45je3b81v887131871&_p=1700424144745&gcd=11l1l1l1l1&dma=0&cid=1559062670.1700424146&ul=en-us&sr=1280x720&ir=1&uaa=x86&uamb=0&uam=&uap=Windows&uapv=10.0&uaw=0&_eu=AAg&_s=3&sid=1700424145&sct=1&seg=0&dl=https%3A%2F%2Fitoolab.com%2Fthankyou%2Finstall-anygo-for-windows%2F&dt=Thanks%20for%20Installing%20AnyGo%20for%20Windows&cu=USD&en=install&_c=1&epn.value=0&_et=4&tfd=2628

HTTP Request

POST https://analytics.google.com/g/collect?v=2&tid=G-FZCRLPQMZW&gtm=45je3b81v887131871&_p=1700424144745&gcd=11l1l1l1l1&dma=0&cid=1559062670.1700424146&ul=en-us&sr=1280x720&ir=1&uaa=x86&uamb=0&uam=&uap=Windows&uapv=10.0&uaw=0&_eu=EgAC&_s=4&sid=1700424145&sct=1&seg=1&dl=https%3A%2F%2Fitoolab.com%2Fthankyou%2Finstall-anygo-for-windows%2F&dt=Thanks%20for%20Installing%20AnyGo%20for%20Windows&en=page_view&_ee=1&_et=6&tfd=2698

HTTP Request

POST https://analytics.google.com/g/collect?v=2&tid=G-FZCRLPQMZW&gtm=45je3b81v887131871&_p=1700424144745&gcd=11l1l1l1l1&dma=0&cid=1559062670.1700424146&ul=en-us&sr=1280x720&ir=1&uaa=x86&uamb=0&uam=&uap=Windows&uapv=10.0&uaw=0&_eu=AAg&_s=5&sid=1700424145&sct=1&seg=1&dl=https%3A%2F%2Fitoolab.com%2Fthankyou%2Finstall-anygo-for-windows%2F&dt=Thanks%20for%20Installing%20AnyGo%20for%20Windows&cu=USD&en=install&_c=1&_et=1&epn.value=0&tfd=2698

HTTP Request

POST https://analytics.google.com/g/collect?v=2&tid=G-HV4TZRZTZ6&gtm=45je3b81v9132832266z89132743511&_p=1700424144745&_gaz=1&gcd=11l1l1l1l1&dma=0&cid=1559062670.1700424146&ul=en-us&sr=1280x720&ir=1&uaa=x86&uamb=0&uam=&uap=Windows&uapv=10.0&uaw=0&_eu=EA&_s=1&sid=1700424146&sct=1&seg=0&dl=https%3A%2F%2Fitoolab.com%2Fthankyou%2Finstall-anygo-for-windows%2F&dt=Thanks%20for%20Installing%20AnyGo%20for%20Windows&en=page_view&_fv=1&_ss=1&tfd=2832

HTTP Request

POST https://analytics.google.com/g/collect?v=2&tid=G-HV4TZRZTZ6&gtm=45je3b81v9132832266z89132743511&_p=1700424144745&gcd=11l1l1l1l1&dma=0&cid=1559062670.1700424146&ul=en-us&sr=1280x720&ir=1&uaa=x86&uamb=0&uam=&uap=Windows&uapv=10.0&uaw=0&_eu=EA&_s=2&sid=1700424146&sct=1&seg=0&dl=https%3A%2F%2Fitoolab.com%2Fthankyou%2Finstall-anygo-for-windows%2F&dt=Thanks%20for%20Installing%20AnyGo%20for%20Windows&en=install&_c=1&ep.pro_name=AnyGo%20Windows&_et=52&tfd=2890
216.58.214.14:443

analytics.google.com

tls, http2

msedge.exe

1.0kB
8.3kB
10
10
216.58.214.14:443

analytics.google.com

tls, http2

msedge.exe

1.0kB
8.3kB
10
10
216.58.214.14:443

analytics.google.com

tls, http2

msedge.exe

1.0kB
8.3kB
10
10
216.58.214.14:443

analytics.google.com

tls, http2

msedge.exe

1.0kB
8.3kB
10
10
142.250.102.157:443

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-172748361-1&cid=1559062670.1700424146&jid=410819879&gjid=67006221&_gid=405594903.1700424146&_u=YADAAEAAAAAAACAAI~&z=471537423

tls, http2

msedge.exe

2.4kB
7.2kB
19
21

HTTP Request

POST https://stats.g.doubleclick.net/g/collect?v=2&tid=G-FZCRLPQMZW&cid=1559062670.1700424146&gtm=45je3b81v887131871z8841305150&aip=1&dma=0&gcd=11l1l1l1l1

HTTP Request

POST https://stats.g.doubleclick.net/g/collect?v=2&tid=G-HV4TZRZTZ6&cid=1559062670.1700424146&gtm=45je3b81v9132832266z89132743511&aip=1&dma=0&gcd=11l1l1l1l1

HTTP Request

POST https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-172748361-1&cid=1559062670.1700424146&jid=410819879&gjid=67006221&_gid=405594903.1700424146&_u=YADAAEAAAAAAACAAI~&z=471537423
216.58.214.14:443

analytics.google.com

tls

msedge.exe

1.0kB
7.3kB
11
9
142.250.102.157:443

stats.g.doubleclick.net

msedge.exe

98 B
52 B
2
1
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.3kB
16
14
127.0.0.1:53850

adb.exe
127.0.0.1:5555

adb.exe
127.0.0.1:5557

adb.exe
127.0.0.1:5037

adb.exe
127.0.0.1:5037

adb.exe
127.0.0.1:5037

adb.exe
127.0.0.1:5559

adb.exe
127.0.0.1:5561

adb.exe
127.0.0.1:5037

adb.exe
127.0.0.1:5037

adb.exe
127.0.0.1:5563

adb.exe
127.0.0.1:5565

adb.exe
127.0.0.1:5567

adb.exe
127.0.0.1:5037

adb.exe
127.0.0.1:5037

adb.exe
127.0.0.1:5569

adb.exe
127.0.0.1:5571

adb.exe
127.0.0.1:5037

adb.exe
127.0.0.1:5037

adb.exe
127.0.0.1:5573

adb.exe
127.0.0.1:5575

adb.exe
127.0.0.1:5037

adb.exe
127.0.0.1:5037

adb.exe
127.0.0.1:5577

adb.exe
127.0.0.1:5579

adb.exe
127.0.0.1:5581

adb.exe
127.0.0.1:5037

adb.exe
127.0.0.1:5037

adb.exe

8.8.8.8:53

2.136.104.51.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

2.136.104.51.in-addr.arpa
8.8.8.8:53

72.32.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

72.32.126.40.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

146.78.124.51.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

146.78.124.51.in-addr.arpa
8.8.8.8:53

103.169.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

103.169.127.40.in-addr.arpa
8.8.8.8:53

18.31.95.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

18.31.95.13.in-addr.arpa
8.8.8.8:53

254.111.26.67.in-addr.arpa

dns

72 B
126 B
1
1

DNS Request

254.111.26.67.in-addr.arpa
8.8.8.8:53

126.20.238.8.in-addr.arpa

dns

71 B
125 B
1
1

DNS Request

126.20.238.8.in-addr.arpa
8.8.8.8:53

57.169.31.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

57.169.31.20.in-addr.arpa
8.8.8.8:53

43.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

43.229.111.52.in-addr.arpa
8.8.8.8:53

download.itoolab.com

dns

AnyGoW.exe

66 B
98 B
1
1

DNS Request

download.itoolab.com

DNS Response

188.114.97.0

188.114.96.0
8.8.8.8:53

ip-api.com

dns

AnyGoW.exe

56 B
72 B
1
1

DNS Request

ip-api.com

DNS Response

208.95.112.1
8.8.8.8:53

download.onvideoeditor.com

dns

AnyGoW.exe

72 B
104 B
1
1

DNS Request

download.onvideoeditor.com

DNS Response

104.21.20.125

172.67.192.227
8.8.8.8:53

anygo.itoolab.net

dns

AnyGoW.exe

63 B
79 B
1
1

DNS Request

anygo.itoolab.net

DNS Response

3.130.144.212
8.8.8.8:53

206.23.217.172.in-addr.arpa

dns

73 B
173 B
1
1

DNS Request

206.23.217.172.in-addr.arpa
8.8.8.8:53

0.97.114.188.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

0.97.114.188.in-addr.arpa
8.8.8.8:53

1.112.95.208.in-addr.arpa

dns

71 B
95 B
1
1

DNS Request

1.112.95.208.in-addr.arpa
8.8.8.8:53

125.20.21.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

125.20.21.104.in-addr.arpa
8.8.8.8:53

212.144.130.3.in-addr.arpa

dns

72 B
135 B
1
1

DNS Request

212.144.130.3.in-addr.arpa
224.0.0.251:5353

mDNSResponder.exe

3.3kB
25
8.8.8.8:53

api.mapbox.com

dns

AnyGoW.exe

60 B
124 B
1
1

DNS Request

api.mapbox.com

DNS Response

13.227.219.21

13.227.219.29

13.227.219.119

13.227.219.52
8.8.8.8:53

itoolab.com

dns

msedge.exe

57 B
89 B
1
1

DNS Request

itoolab.com

DNS Response

188.114.96.0

188.114.97.0
8.8.8.8:53

21.219.227.13.in-addr.arpa

dns

72 B
129 B
1
1

DNS Request

21.219.227.13.in-addr.arpa
8.8.8.8:53

0.96.114.188.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

0.96.114.188.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

62 B
173 B
1
1

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200
127.0.0.1:50745

AppleMobileDeviceProcess.exe
8.8.8.8:53

www.linkconnector.com

dns

msedge.exe

67 B
115 B
1
1

DNS Request

www.linkconnector.com

DNS Response

172.67.22.39

104.22.49.169

104.22.48.169
8.8.8.8:53

113.39.65.18.in-addr.arpa

dns

71 B
126 B
1
1

DNS Request

113.39.65.18.in-addr.arpa
8.8.8.8:53

39.22.67.172.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

39.22.67.172.in-addr.arpa
8.8.8.8:53

bat.bing.com

dns

msedge.exe

58 B
162 B
1
1

DNS Request

bat.bing.com

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

googleads.g.doubleclick.net

dns

msedge.exe

73 B
89 B
1
1

DNS Request

googleads.g.doubleclick.net

DNS Response

172.217.23.194
8.8.8.8:53

sf.symcd.com

dns

msiexec.exe

116 B
344 B
2
2

DNS Request

sf.symcd.com

DNS Request

sf.symcd.com

DNS Response

152.199.19.74

DNS Response

152.199.19.74
8.8.8.8:53

analytics.google.com

dns

msedge.exe

66 B
82 B
1
1

DNS Request

analytics.google.com

DNS Response

216.58.214.14
8.8.8.8:53

stats.g.doubleclick.net

dns

msedge.exe

69 B
133 B
1
1

DNS Request

stats.g.doubleclick.net

DNS Response

142.250.102.157

142.250.102.154

142.250.102.155

142.250.102.156
8.8.8.8:53

200.179.250.142.in-addr.arpa

dns

148 B
224 B
2
2

DNS Request

200.179.250.142.in-addr.arpa

DNS Request

200.179.250.142.in-addr.arpa
8.8.8.8:53

74.19.199.152.in-addr.arpa

dns

144 B
286 B
2
2

DNS Request

74.19.199.152.in-addr.arpa

DNS Request

74.19.199.152.in-addr.arpa
8.8.8.8:53

194.23.217.172.in-addr.arpa

dns

73 B
171 B
1
1

DNS Request

194.23.217.172.in-addr.arpa
8.8.8.8:53

157.102.250.142.in-addr.arpa

dns

148 B
216 B
2
2

DNS Request

157.102.250.142.in-addr.arpa

DNS Request

157.102.250.142.in-addr.arpa
8.8.8.8:53

196.168.217.172.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

196.168.217.172.in-addr.arpa
8.8.8.8:53

14.214.58.216.in-addr.arpa

dns

72 B
155 B
1
1

DNS Request

14.214.58.216.in-addr.arpa
8.8.8.8:53

90.65.42.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

90.65.42.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e597a69.rbs

Filesize
126KB

MD5
58785f0088b5ba86217df62bfa5f57ee

SHA1
67ab941c5d27518f3d11efa83daea832aabdb3d9

SHA256
0042388c04dc4741a4bfeadff7fceab01ddbcda623da217c688a2b58a495c0fd

SHA512
40356398fdb657db1070a2056d134d2bd03c808edfe30ce5b59ed24af896bebf60733c79fdb63be1d433713d9fc86828acda245ade4af742e224697a73fa86bc

Download Submit
C:\Program Files (x86)\AnyGo\AnyGoW.exe

Filesize
27.2MB

MD5
2f9facb278d46b733e80d31fc8c868b8

SHA1
62c6699be3365a3603d78adcf196992ba293f2b2

SHA256
ba0d7c9cecfeab8696d708b9d32761d2d83e563e4384933866260cfe6c0e50c1

SHA512
c1f2850354312275b0ec9c34ff8e3278e80a837daf1de2afd4f0bd61813adc5a31da4884ff98e14b3eeb1dfbfe20e7b1d39d859744b8d4c42a6b355d9934b3eb

Download Submit
C:\Program Files (x86)\AnyGo\AnyGoW.exe

Filesize
27.2MB

MD5
2f9facb278d46b733e80d31fc8c868b8

SHA1
62c6699be3365a3603d78adcf196992ba293f2b2

SHA256
ba0d7c9cecfeab8696d708b9d32761d2d83e563e4384933866260cfe6c0e50c1

SHA512
c1f2850354312275b0ec9c34ff8e3278e80a837daf1de2afd4f0bd61813adc5a31da4884ff98e14b3eeb1dfbfe20e7b1d39d859744b8d4c42a6b355d9934b3eb

Download Submit
C:\Program Files (x86)\AnyGo\AnyGoW.exe

Filesize
27.2MB

MD5
2f9facb278d46b733e80d31fc8c868b8

SHA1
62c6699be3365a3603d78adcf196992ba293f2b2

SHA256
ba0d7c9cecfeab8696d708b9d32761d2d83e563e4384933866260cfe6c0e50c1

SHA512
c1f2850354312275b0ec9c34ff8e3278e80a837daf1de2afd4f0bd61813adc5a31da4884ff98e14b3eeb1dfbfe20e7b1d39d859744b8d4c42a6b355d9934b3eb

Download Submit
C:\Program Files (x86)\AnyGo\BugSplat.dll

Filesize
452KB

MD5
92d519cecc628fb0fa717bf6622b9f69

SHA1
6131aeaecd1bce67fc6dad18fe9ce63281098e97

SHA256
24696f3e39bd30d4462675d870adfb1b1a2e0a2f7b2dd978ef3e5632b92e4326

SHA512
42f957118abc2a0e3ea16cc909b5a6584c0058e2cdb05831b131623de3114e73e64dcf5ca1758b86fbccce3ffc9741249a8bb1b4567c1668284f4b2e1374c25d

Download Submit
C:\Program Files (x86)\AnyGo\BugSplat.dll

Filesize
452KB

MD5
92d519cecc628fb0fa717bf6622b9f69

SHA1
6131aeaecd1bce67fc6dad18fe9ce63281098e97

SHA256
24696f3e39bd30d4462675d870adfb1b1a2e0a2f7b2dd978ef3e5632b92e4326

SHA512
42f957118abc2a0e3ea16cc909b5a6584c0058e2cdb05831b131623de3114e73e64dcf5ca1758b86fbccce3ffc9741249a8bb1b4567c1668284f4b2e1374c25d

Download Submit
C:\Program Files (x86)\AnyGo\MSVCP140.dll

Filesize
429KB

MD5
cfbdf284c12056347e6773cb3949fbba

SHA1
ad3fa5fbbc4296d4a901ea94460762faf3d6a2b8

SHA256
bbecdfda2551b01aa16005c88305982c360a9fb9ba3d9be2fb15f2e9c6eb809f

SHA512
2f24eac94d51f8f28c8e6b6234ca2e481e0f8f1a73df62766ff4f5640480377fb2c4a469babedb87d303503994b469e570aaf725e16da6f9b2d6a77f15b4623f

Download Submit
C:\Program Files (x86)\AnyGo\Qt5Core.dll

Filesize
4.9MB

MD5
8e7cffe99c1902650c209e4a7fa81951

SHA1
4e43b83a29b8ddbf7cd42d50175ce1ad230f6394

SHA256
2ad941d9c2c6766fc325e3236de8fec188e7e182ccc8816dce40a6a066281fc7

SHA512
e332984a777713f94ced693b903c334b410f2be803e1c8d45fc06547ee1bf0619373c4c51c9b1fa18497453bd6a4e0f5f183a4b090cc4c04750ea73948592794

Download Submit
C:\Program Files (x86)\AnyGo\Qt5Core.dll

Filesize
4.9MB

MD5
8e7cffe99c1902650c209e4a7fa81951

SHA1
4e43b83a29b8ddbf7cd42d50175ce1ad230f6394

SHA256
2ad941d9c2c6766fc325e3236de8fec188e7e182ccc8816dce40a6a066281fc7

SHA512
e332984a777713f94ced693b903c334b410f2be803e1c8d45fc06547ee1bf0619373c4c51c9b1fa18497453bd6a4e0f5f183a4b090cc4c04750ea73948592794

Download Submit
C:\Program Files (x86)\AnyGo\Qt5Gui.dll

Filesize
5.2MB

MD5
054f9087fecc5293a504dd17b5c4c306

SHA1
239a2f913adc26b3ebd641a9a3f7014e6a197a8e

SHA256
4217205e5d84811cd5bf100ab1dc373102abb5b15f22efe1d2ff4be62f76df8e

SHA512
4c9288a54cbe939e0c078b24cc94a360816b247456e303bbf7f9940fc0413af911845c00f910f776256fd52939aacf584ad58003434c34cba50e17260a447c66

Download Submit
C:\Program Files (x86)\AnyGo\Qt5Gui.dll

Filesize
5.2MB

MD5
054f9087fecc5293a504dd17b5c4c306

SHA1
239a2f913adc26b3ebd641a9a3f7014e6a197a8e

SHA256
4217205e5d84811cd5bf100ab1dc373102abb5b15f22efe1d2ff4be62f76df8e

SHA512
4c9288a54cbe939e0c078b24cc94a360816b247456e303bbf7f9940fc0413af911845c00f910f776256fd52939aacf584ad58003434c34cba50e17260a447c66

Download Submit
C:\Program Files (x86)\AnyGo\Qt5Network.dll

Filesize
1.0MB

MD5
3b186b2d1f83e7a0b8b4766cfbfa0c42

SHA1
6aef17608916a031875f048874e8c531a50b454f

SHA256
01df746a1e5901d23a1b39be5449b03104e13d5d18328d86f424cffe7388bc65

SHA512
bfcab60afc545c7bf9db175a97410e4a40ee785248b6a2e2814c84f6b0651057e15fbd39e26e0600f879c4f20b73610117b8ef84702b36618109a80af6d972d9

Download Submit
C:\Program Files (x86)\AnyGo\Qt5Network.dll

Filesize
1.0MB

MD5
3b186b2d1f83e7a0b8b4766cfbfa0c42

SHA1
6aef17608916a031875f048874e8c531a50b454f

SHA256
01df746a1e5901d23a1b39be5449b03104e13d5d18328d86f424cffe7388bc65

SHA512
bfcab60afc545c7bf9db175a97410e4a40ee785248b6a2e2814c84f6b0651057e15fbd39e26e0600f879c4f20b73610117b8ef84702b36618109a80af6d972d9

Download Submit
C:\Program Files (x86)\AnyGo\Qt5Positioning.dll

Filesize
279KB

MD5
0ad4b8ee8a8668088e763aabc45fcf47

SHA1
55b9212d677c91643df8e7b33929718b8b81ea2a

SHA256
7b884f8fd50908d9c039bc370d363a82dcf22115b41236898cbfff4d80555389

SHA512
dcb2ff7fefe958859ff02068b0f7dee7e2a3b058aed251523d39cc8ab4df783eb6a2a840831e7407952bfb9d5a33e354d67667142d067c742dbff445810fa108

Download Submit
C:\Program Files (x86)\AnyGo\Qt5Positioning.dll

Filesize
279KB

MD5
0ad4b8ee8a8668088e763aabc45fcf47

SHA1
55b9212d677c91643df8e7b33929718b8b81ea2a

SHA256
7b884f8fd50908d9c039bc370d363a82dcf22115b41236898cbfff4d80555389

SHA512
dcb2ff7fefe958859ff02068b0f7dee7e2a3b058aed251523d39cc8ab4df783eb6a2a840831e7407952bfb9d5a33e354d67667142d067c742dbff445810fa108

Download Submit
C:\Program Files (x86)\AnyGo\Qt5PrintSupport.dll

Filesize
287KB

MD5
ea9c95a8e4ccb98a3e3704d7ef91fa8c

SHA1
ef7d7ab6ec6dea8cfd71e80634c635bb24bf237d

SHA256
5f07fcaf5cc449d301bc4103643997c613253d3a85e9d9e0b6669eb3d040a151

SHA512
af5762810278a4d544aecdf9dfddfd2e5b17d3135ad4789405b2b346c80e97a49058f2c80742f4f009834b49c4c0bf9fa5e0ee349001fa25cd0380629d4c6591

Download Submit
C:\Program Files (x86)\AnyGo\Qt5PrintSupport.dll

Filesize
287KB

MD5
ea9c95a8e4ccb98a3e3704d7ef91fa8c

SHA1
ef7d7ab6ec6dea8cfd71e80634c635bb24bf237d

SHA256
5f07fcaf5cc449d301bc4103643997c613253d3a85e9d9e0b6669eb3d040a151

SHA512
af5762810278a4d544aecdf9dfddfd2e5b17d3135ad4789405b2b346c80e97a49058f2c80742f4f009834b49c4c0bf9fa5e0ee349001fa25cd0380629d4c6591

Download Submit
C:\Program Files (x86)\AnyGo\Qt5Qml.dll

Filesize
3.2MB

MD5
5edfb69c7973bc5cb1ae5a31bfea0631

SHA1
23435219cf4e63a4263bdcbf16d15fa923e392d9

SHA256
bdc419e4405202a1592ab452f1e1aea9b516499dd385ce6ff425bbdbe6effb31

SHA512
4ea3ff14400290117be234f98818e7e725c7efe8ce6967341371953dc6bd22197be882b3b30af60003500e8a6506dfa3d9df5ae348ef955038d0826fce66754b

Download Submit
C:\Program Files (x86)\AnyGo\Qt5Qml.dll

Filesize
3.2MB

MD5
5edfb69c7973bc5cb1ae5a31bfea0631

SHA1
23435219cf4e63a4263bdcbf16d15fa923e392d9

SHA256
bdc419e4405202a1592ab452f1e1aea9b516499dd385ce6ff425bbdbe6effb31

SHA512
4ea3ff14400290117be234f98818e7e725c7efe8ce6967341371953dc6bd22197be882b3b30af60003500e8a6506dfa3d9df5ae348ef955038d0826fce66754b

Download Submit
C:\Program Files (x86)\AnyGo\Qt5Quick.dll

Filesize
3.1MB

MD5
85a21f5fa94f9e9f4f885d761803b906

SHA1
a43e54cb98897c505b31890d05422f037e5ac238

SHA256
4ca7efde2ec17eb803d027c8455278e8bafe6cbdf6c4a9324a85503e7122924a

SHA512
548ea8c016c70eb78c8802d23ae7729c631a7bf25622ecedb3405770f749960b99f3f105716ac12ff73ee1162ff8b7a98e618559cfff374a1c3e768bc7c7b670

Download Submit
C:\Program Files (x86)\AnyGo\Qt5Quick.dll

Filesize
3.1MB

MD5
85a21f5fa94f9e9f4f885d761803b906

SHA1
a43e54cb98897c505b31890d05422f037e5ac238

SHA256
4ca7efde2ec17eb803d027c8455278e8bafe6cbdf6c4a9324a85503e7122924a

SHA512
548ea8c016c70eb78c8802d23ae7729c631a7bf25622ecedb3405770f749960b99f3f105716ac12ff73ee1162ff8b7a98e618559cfff374a1c3e768bc7c7b670

Download Submit
C:\Program Files (x86)\AnyGo\Qt5QuickWidgets.dll

Filesize
84KB

MD5
85b772e36483ee2817c4587304ff0cf1

SHA1
222df06347f5c4dfa78db100c7b3ea7ee81ee4dd

SHA256
755686ca3a7d0f6f8164b3a9ebfba3adc63a229db88df3920529769ac39aeeab

SHA512
2e82b566e2ee9f2baca27151f7c5e71a0a02c5eaf7859161ff9e731a9664a3cb468b05fb81357dc554b290a4610cb24c13914e9f07449ec4af297c0c0d7d16e0

Download Submit
C:\Program Files (x86)\AnyGo\Qt5QuickWidgets.dll

Filesize
84KB

MD5
85b772e36483ee2817c4587304ff0cf1

SHA1
222df06347f5c4dfa78db100c7b3ea7ee81ee4dd

SHA256
755686ca3a7d0f6f8164b3a9ebfba3adc63a229db88df3920529769ac39aeeab

SHA512
2e82b566e2ee9f2baca27151f7c5e71a0a02c5eaf7859161ff9e731a9664a3cb468b05fb81357dc554b290a4610cb24c13914e9f07449ec4af297c0c0d7d16e0

Download Submit
C:\Program Files (x86)\AnyGo\Qt5WebChannel.dll

Filesize
116KB

MD5
bd65f74f65e684e4754103e2603ef2d0

SHA1
da9df71bcfb3096268c65c473338892594c506de

SHA256
e59de4ced5c2d1374f8dcdd07dbbc20d4bb1425be4de4ff7e41843ed391ac483

SHA512
433c49e88e377a271617135bae17bd9c9493d7562c082de4c87fb38c5296dcfdb7ca75242955b2994eaca5996ad7e72d40dd09c366fabf8fcd70b3850f00870e

Download Submit
C:\Program Files (x86)\AnyGo\Qt5WebChannel.dll

Filesize
116KB

MD5
bd65f74f65e684e4754103e2603ef2d0

SHA1
da9df71bcfb3096268c65c473338892594c506de

SHA256
e59de4ced5c2d1374f8dcdd07dbbc20d4bb1425be4de4ff7e41843ed391ac483

SHA512
433c49e88e377a271617135bae17bd9c9493d7562c082de4c87fb38c5296dcfdb7ca75242955b2994eaca5996ad7e72d40dd09c366fabf8fcd70b3850f00870e

Download Submit
C:\Program Files (x86)\AnyGo\Qt5WebEngineCore.dll

Filesize
54.9MB

MD5
e4186f35675f558c27df513246a8f344

SHA1
61c17083934c69453467a9a7444eb13da19bbcf7

SHA256
4abe80eff2b237bfd931f923929ebcc917d70caea07185f9d0b65936a04f6140

SHA512
898c2f83f1cde7d9f02767cf61f27abcd51018d1fcb8df9c36fa052f4cf4fa6284ff93dfbb049452978e81c43048e6a54937edd76e9076bca1a53955e01b89ea

Download Submit
C:\Program Files (x86)\AnyGo\Qt5WebEngineCore.dll

Filesize
54.9MB

MD5
e4186f35675f558c27df513246a8f344

SHA1
61c17083934c69453467a9a7444eb13da19bbcf7

SHA256
4abe80eff2b237bfd931f923929ebcc917d70caea07185f9d0b65936a04f6140

SHA512
898c2f83f1cde7d9f02767cf61f27abcd51018d1fcb8df9c36fa052f4cf4fa6284ff93dfbb049452978e81c43048e6a54937edd76e9076bca1a53955e01b89ea

Download Submit
C:\Program Files (x86)\AnyGo\Qt5WebEngineWidgets.dll

Filesize
207KB

MD5
880279b53dd158257536c3dcbe14bd8d

SHA1
16bbeffbf23be427802ed585b3cd84a75592e252

SHA256
2aa57b5c28332d14ffa88d8fddae646a3e0f7e04d7e35e687a0ace8d5045399d

SHA512
c02c170f18d96d279682b298855e4e781e5e22970d1ef2c807acb2ec139e53f2298574ff5c502518ff7058672f234ef832aca6ecd6e439e71943a747f1dee440

Download Submit
C:\Program Files (x86)\AnyGo\Qt5WebEngineWidgets.dll

Filesize
207KB

MD5
880279b53dd158257536c3dcbe14bd8d

SHA1
16bbeffbf23be427802ed585b3cd84a75592e252

SHA256
2aa57b5c28332d14ffa88d8fddae646a3e0f7e04d7e35e687a0ace8d5045399d

SHA512
c02c170f18d96d279682b298855e4e781e5e22970d1ef2c807acb2ec139e53f2298574ff5c502518ff7058672f234ef832aca6ecd6e439e71943a747f1dee440

Download Submit
C:\Program Files (x86)\AnyGo\Qt5Widgets.dll

Filesize
4.4MB

MD5
d4c8f46ff4914e1d94c779df3dddf297

SHA1
ae20da4433361216f35582a20fd9927581d184b6

SHA256
5a0d5348e714b3131e1016591f5376557c71f3fa910c26de83f71d235c059865

SHA512
103b97beb67345bfc9f1355328e85b1521f13f35290a1e70f5ca35163f625ab2353b1d3b8e1f881b7905f0e9e459ceec22115e6521dd929a598df56777103c88

Download Submit
C:\Program Files (x86)\AnyGo\Qt5Widgets.dll

Filesize
4.4MB

MD5
d4c8f46ff4914e1d94c779df3dddf297

SHA1
ae20da4433361216f35582a20fd9927581d184b6

SHA256
5a0d5348e714b3131e1016591f5376557c71f3fa910c26de83f71d235c059865

SHA512
103b97beb67345bfc9f1355328e85b1521f13f35290a1e70f5ca35163f625ab2353b1d3b8e1f881b7905f0e9e459ceec22115e6521dd929a598df56777103c88

Download Submit
C:\Program Files (x86)\AnyGo\VCRUNTIME140.dll

Filesize
81KB

MD5
8e65e033799eb9fd46bc5c184e7d1b85

SHA1
e1cc5313be1f7df4c43697f8f701305585fe4e71

SHA256
be38a38e22128af9a529af33d1f02dd24b2a344d29175939e229cf3a280673e4

SHA512
e0207fe2c327e7a66c42f23b3cbabc771d3819275dc970a9fa82d7af5f26606685644b8ea511f87ec511eb3a086a9506adec96c01c1b80b788c253bd0d459fbd

Download Submit
C:\Program Files (x86)\AnyGo\bearer\qgenericbearer.dll

Filesize
63KB

MD5
b25fa723302713941ed8eaf73f5ccf6f

SHA1
0fcbde6da7ed15d53fabc71b3ac07c8f3c08d02a

SHA256
a9cfea18bfde01f3caad4cc42cf3f849c6f0f1e9c353c4db4db70e0da96975c2

SHA512
0ede462c608243b55f478011c045c24d4d88b3041594f6804b4cec25fa126de4f790d31d18b51a099eed757915a9d5c68341aa920f05f92b940b97130eae28e6

Download Submit
C:\Program Files (x86)\AnyGo\bearer\qgenericbearer.dll

Filesize
63KB

MD5
b25fa723302713941ed8eaf73f5ccf6f

SHA1
0fcbde6da7ed15d53fabc71b3ac07c8f3c08d02a

SHA256
a9cfea18bfde01f3caad4cc42cf3f849c6f0f1e9c353c4db4db70e0da96975c2

SHA512
0ede462c608243b55f478011c045c24d4d88b3041594f6804b4cec25fa126de4f790d31d18b51a099eed757915a9d5c68341aa920f05f92b940b97130eae28e6

Download Submit
C:\Program Files (x86)\AnyGo\dbghelp.dll

Filesize
1.0MB

MD5
5c5e3afd499e5146fef1da5ef8a23205

SHA1
8245691416e509a3a1bd8e321aa6d2ff1925a224

SHA256
9a26ffaffb26fa6549c6da75f76238a903ca723f9dad356fba8d91067fe312fd

SHA512
595eb2a4928092a64224077a3fee0dc80a58cb12cf174bf648efe381f81846f345f1f1556cfd90026715ae4fd5c7913eeb46cc7df08f97118a76c58422e7d0dc

Download Submit
C:\Program Files (x86)\AnyGo\dbghelp.dll

Filesize
1.0MB

MD5
5c5e3afd499e5146fef1da5ef8a23205

SHA1
8245691416e509a3a1bd8e321aa6d2ff1925a224

SHA256
9a26ffaffb26fa6549c6da75f76238a903ca723f9dad356fba8d91067fe312fd

SHA512
595eb2a4928092a64224077a3fee0dc80a58cb12cf174bf648efe381f81846f345f1f1556cfd90026715ae4fd5c7913eeb46cc7df08f97118a76c58422e7d0dc

Download Submit
C:\Program Files (x86)\AnyGo\iconengines\qsvgicon.dll

Filesize
53KB

MD5
63c46f853cd849466921416862ee1cef

SHA1
33d9d608f7bac76c037056cf80f810b0a1b45fab

SHA256
b95ec7429e9e0b8a5d3af651fd2bacb91e036a5a96385799a4fe024dc978fc8b

SHA512
74093421d7482092e416333b24a0f3b0c8133ca94b51b3e2818959d37a4324d23eae75ba5c400e036b52c607d41670a33eefe097fb574d2c8e500ad65ce2c17e

Download Submit
C:\Program Files (x86)\AnyGo\imageformats\qgif.dll

Filesize
51KB

MD5
5eb2f46d6d5bdf6a8d9075aca552c3ec

SHA1
09d0159edebce99a8bf6947465d96d627a8fadf8

SHA256
c6f7a448e32547bce5ecd108fc4cae6a916bbf1395116eb6116c9c722f64f2c9

SHA512
12a7a72ae628d4f318f269741b4724215ae9a6349f7da9cbca88e2e4f456786c54aad0d606532b8979f988dbbf8db057e46a38fabd452bf1c849b30709f447a4

Download Submit
C:\Program Files (x86)\AnyGo\imobiledevice.dll

Filesize
210KB

MD5
131ef6657a4e5937de98b060fe98c3e1

SHA1
f1144eab818a14b039edb02f153e253258f54647

SHA256
69626bd7cdca3d3c7c9fe419d0634d61af82c58eaf12a45657e88652b9e62b8a

SHA512
0b8166edb522fb1367dc97c54daeb2508e29bd49af54718b139af57728baf5c8a3fb0eae59c9c91a116c21560dc0f38a0b37a6a31d75a0f6cd18c81fe2c872e6

Download Submit
C:\Program Files (x86)\AnyGo\imobiledevice.dll

Filesize
210KB

MD5
131ef6657a4e5937de98b060fe98c3e1

SHA1
f1144eab818a14b039edb02f153e253258f54647

SHA256
69626bd7cdca3d3c7c9fe419d0634d61af82c58eaf12a45657e88652b9e62b8a

SHA512
0b8166edb522fb1367dc97c54daeb2508e29bd49af54718b139af57728baf5c8a3fb0eae59c9c91a116c21560dc0f38a0b37a6a31d75a0f6cd18c81fe2c872e6

Download Submit
C:\Program Files (x86)\AnyGo\libEGL.DLL

Filesize
41KB

MD5
c798b7d6157e424b90cbed998b631b5a

SHA1
811781a423e6a28f24a46d7d0ed2b0af92cceaaf

SHA256
4cf6203b0ec1c21f688ed52657380ac2a60c9c393479a02323fbeb2c7f318d5d

SHA512
13cccc75faeeb221ea9aa681017b5f6c63a4da9ae2fed2bd9f2f13dde06b695206821c93f0f1da174a3e1904f8b4e1d6e36190017ffaee2b08eb745cea1ed53b

Download Submit
C:\Program Files (x86)\AnyGo\libEGL.dll

Filesize
41KB

MD5
c798b7d6157e424b90cbed998b631b5a

SHA1
811781a423e6a28f24a46d7d0ed2b0af92cceaaf

SHA256
4cf6203b0ec1c21f688ed52657380ac2a60c9c393479a02323fbeb2c7f318d5d

SHA512
13cccc75faeeb221ea9aa681017b5f6c63a4da9ae2fed2bd9f2f13dde06b695206821c93f0f1da174a3e1904f8b4e1d6e36190017ffaee2b08eb745cea1ed53b

Download Submit
C:\Program Files (x86)\AnyGo\libGLESV2.dll

Filesize
2.7MB

MD5
fd33865865b1f39b46fd099360e2e2e5

SHA1
d36a375e67777f1fa548ce6f6b3fd21ef3f6294d

SHA256
d8456b2e723dfc92f76b9b84081762d3de0cafaf2505c1659d9d0c3fdc8dea02

SHA512
4f3ca8409d1b2d5503f31a399c2a122d8caabe6bbfaa355d54150558212bd53ba9b93a785c969f3c0b5b758c6388400e05c166657176de2e90b047c863b77949

Download Submit
C:\Program Files (x86)\AnyGo\libGLESv2.dll

Filesize
2.7MB

MD5
fd33865865b1f39b46fd099360e2e2e5

SHA1
d36a375e67777f1fa548ce6f6b3fd21ef3f6294d

SHA256
d8456b2e723dfc92f76b9b84081762d3de0cafaf2505c1659d9d0c3fdc8dea02

SHA512
4f3ca8409d1b2d5503f31a399c2a122d8caabe6bbfaa355d54150558212bd53ba9b93a785c969f3c0b5b758c6388400e05c166657176de2e90b047c863b77949

Download Submit
C:\Program Files (x86)\AnyGo\libcrypto-1_1.dll

Filesize
2.4MB

MD5
7b6f46420a61772eba099e661b8b13fe

SHA1
ca5b78d0f2f751b1f4e9fc3e4722b9ac0268c3e1

SHA256
ad73b309e1556e32f2a1d327a6fb9dccd0f10a2937e30ccde505d05dceb47613

SHA512
b073bfbe466569750c1ede87142ff14cca76c4a612f4dab54b8a9eca82f60a988be56f63b7356220a42cf9462b25df5959da4d00dcf235217b664ddc893b84fa

Download Submit
C:\Program Files (x86)\AnyGo\libcrypto-1_1.dll

Filesize
2.4MB

MD5
7b6f46420a61772eba099e661b8b13fe

SHA1
ca5b78d0f2f751b1f4e9fc3e4722b9ac0268c3e1

SHA256
ad73b309e1556e32f2a1d327a6fb9dccd0f10a2937e30ccde505d05dceb47613

SHA512
b073bfbe466569750c1ede87142ff14cca76c4a612f4dab54b8a9eca82f60a988be56f63b7356220a42cf9462b25df5959da4d00dcf235217b664ddc893b84fa

Download Submit
C:\Program Files (x86)\AnyGo\libcrypto-3.dll

Filesize
2.7MB

MD5
fd05ceea0fbc6ca7897cc1d43cea4a99

SHA1
d947017d2c4866802128619aeb6708805e83447a

SHA256
de22131193c45f2d6966e3cbd14560ceba07054ea855e3ff8ac2dda68f802ecc

SHA512
cf63f535d1a895a6556fa2a358c3802f3e6e85a333aff86101a2245ff5d880f8ccd7d82e85e61c56c9b97f5fa197ce577165d1b76e26a490cca9c55449838fb6

Download Submit
C:\Program Files (x86)\AnyGo\libcrypto-3.dll

Filesize
2.7MB

MD5
fd05ceea0fbc6ca7897cc1d43cea4a99

SHA1
d947017d2c4866802128619aeb6708805e83447a

SHA256
de22131193c45f2d6966e3cbd14560ceba07054ea855e3ff8ac2dda68f802ecc

SHA512
cf63f535d1a895a6556fa2a358c3802f3e6e85a333aff86101a2245ff5d880f8ccd7d82e85e61c56c9b97f5fa197ce577165d1b76e26a490cca9c55449838fb6

Download Submit
C:\Program Files (x86)\AnyGo\libssl-1_1.dll

Filesize
543KB

MD5
437e641c6467a27e7ec78658a980512f

SHA1
8411dd23315905d45944f6e9c72f033365cf130a

SHA256
9d72c8212099d84214763ea9cc47db63f456c304d042a4cee2ad84f848876801

SHA512
679e8ceed2741d08493490f4f409153d8a512e66883b80e3fc3ebaea3daa587a6ac60b2e4b84f8ff78e5316ac14f9bd1233d56c6c52c764f4826040502abc75c

Download Submit
C:\Program Files (x86)\AnyGo\libssl-1_1.dll

Filesize
543KB

MD5
437e641c6467a27e7ec78658a980512f

SHA1
8411dd23315905d45944f6e9c72f033365cf130a

SHA256
9d72c8212099d84214763ea9cc47db63f456c304d042a4cee2ad84f848876801

SHA512
679e8ceed2741d08493490f4f409153d8a512e66883b80e3fc3ebaea3daa587a6ac60b2e4b84f8ff78e5316ac14f9bd1233d56c6c52c764f4826040502abc75c

Download Submit
C:\Program Files (x86)\AnyGo\msvcp140.dll

Filesize
429KB

MD5
cfbdf284c12056347e6773cb3949fbba

SHA1
ad3fa5fbbc4296d4a901ea94460762faf3d6a2b8

SHA256
bbecdfda2551b01aa16005c88305982c360a9fb9ba3d9be2fb15f2e9c6eb809f

SHA512
2f24eac94d51f8f28c8e6b6234ca2e481e0f8f1a73df62766ff4f5640480377fb2c4a469babedb87d303503994b469e570aaf725e16da6f9b2d6a77f15b4623f

Download Submit
C:\Program Files (x86)\AnyGo\platforms\qwindows.dll

Filesize
1.2MB

MD5
cc89f2337821b12328ad7839c278f7e9

SHA1
ddbe97127c185ebcc62efad8ab341404567be188

SHA256
592637871533addb04c9203d6d44f52479eb411f65676917b4fc2a56f6b5ea92

SHA512
7173089a71eeace6c89002a07a2f673af4a4fb5c101e13985e80965f8a74cdb496df53e70546334a7f6d7127080c5a615054a9ae06ea0ad5590907bf41651f80

Download Submit
C:\Program Files (x86)\AnyGo\platforms\qwindows.dll

Filesize
1.2MB

MD5
cc89f2337821b12328ad7839c278f7e9

SHA1
ddbe97127c185ebcc62efad8ab341404567be188

SHA256
592637871533addb04c9203d6d44f52479eb411f65676917b4fc2a56f6b5ea92

SHA512
7173089a71eeace6c89002a07a2f673af4a4fb5c101e13985e80965f8a74cdb496df53e70546334a7f6d7127080c5a615054a9ae06ea0ad5590907bf41651f80

Download Submit
C:\Program Files (x86)\AnyGo\plist.dll

Filesize
81KB

MD5
72827f522a6e1f34cc69073099a59942

SHA1
d87874aff72d7312c8697e496d05408731b5b4ab

SHA256
a4e19ece2f7e8593e71d9c7f960704a1e01ddc29cb95448591a6666ba3ba0aa1

SHA512
e8821a7c8da9dc6089fa9cf8a03285a02b2706d286af99925aa442347570e1fdcfc85a99a9f195db938e238239c2d0ae811d80eba5dff9b4f3e2258603f075bd

Download Submit
C:\Program Files (x86)\AnyGo\plist.dll

Filesize
81KB

MD5
72827f522a6e1f34cc69073099a59942

SHA1
d87874aff72d7312c8697e496d05408731b5b4ab

SHA256
a4e19ece2f7e8593e71d9c7f960704a1e01ddc29cb95448591a6666ba3ba0aa1

SHA512
e8821a7c8da9dc6089fa9cf8a03285a02b2706d286af99925aa442347570e1fdcfc85a99a9f195db938e238239c2d0ae811d80eba5dff9b4f3e2258603f075bd

Download Submit
C:\Program Files (x86)\AnyGo\snvrfy.DLL

Filesize
5.2MB

MD5
f3789798c0a958646f2909acfe368eb1

SHA1
3eaeffe4bc95e50b5fff0132bad6c1ff02e87902

SHA256
cb1bad7e87e0db3ba7c632e82a2c6c032d53d5dac21fc41e11fbfabcf9e4ba05

SHA512
ec67610e10f57e62f5d087b5a04be616e9a37f42f0fe2b23e56160aa40085f0faf0831c73715a2280b61110b056bcf8ef4ee8d53d9806fa598c4ba3b060240e1

Download Submit
C:\Program Files (x86)\AnyGo\snvrfy.dll

Filesize
5.2MB

MD5
f3789798c0a958646f2909acfe368eb1

SHA1
3eaeffe4bc95e50b5fff0132bad6c1ff02e87902

SHA256
cb1bad7e87e0db3ba7c632e82a2c6c032d53d5dac21fc41e11fbfabcf9e4ba05

SHA512
ec67610e10f57e62f5d087b5a04be616e9a37f42f0fe2b23e56160aa40085f0faf0831c73715a2280b61110b056bcf8ef4ee8d53d9806fa598c4ba3b060240e1

Download Submit
C:\Program Files (x86)\AnyGo\spdlogCore.dll

Filesize
263KB

MD5
8de27d6993a3a894ec6184090f6dc589

SHA1
3bf00d3ae580b8fd00617ffa640876803642c1aa

SHA256
a674e9405b8c33328f3f96af1533b959b4a7df07e49fd1404ac891b8edd9e745

SHA512
7af08abe18dcebfd54c7dd169c9e96bb1ba6deac57fe93ab712bfab33cd64d6aa58c3cc30b9e54dfc60a1426703ce4204421d71e8f649b414ac2c75cc5e67fce

Download Submit
C:\Program Files (x86)\AnyGo\spdlogCore.dll

Filesize
263KB

MD5
8de27d6993a3a894ec6184090f6dc589

SHA1
3bf00d3ae580b8fd00617ffa640876803642c1aa

SHA256
a674e9405b8c33328f3f96af1533b959b4a7df07e49fd1404ac891b8edd9e745

SHA512
7af08abe18dcebfd54c7dd169c9e96bb1ba6deac57fe93ab712bfab33cd64d6aa58c3cc30b9e54dfc60a1426703ce4204421d71e8f649b414ac2c75cc5e67fce

Download Submit
C:\Program Files (x86)\AnyGo\styles\qwindowsvistastyle.dll

Filesize
145KB

MD5
940c58fe011da63e9ed23255c6d10854

SHA1
06ff11a13423792a6ce180d00ce40ffd9c9c2db6

SHA256
f523aaabb5259c34fa161e20ecbaa4289fcf20fef9e54be44656768408f55741

SHA512
bce6cf4e360408816fef828cb2cc667662636b4c0b8986a3d6866f0f5fa84e70f784d062c6ca17301e015b07c1d03576c38060b8ef68665e493f70d4abf69ebf

Download Submit
C:\Program Files (x86)\AnyGo\styles\qwindowsvistastyle.dll

Filesize
145KB

MD5
940c58fe011da63e9ed23255c6d10854

SHA1
06ff11a13423792a6ce180d00ce40ffd9c9c2db6

SHA256
f523aaabb5259c34fa161e20ecbaa4289fcf20fef9e54be44656768408f55741

SHA512
bce6cf4e360408816fef828cb2cc667662636b4c0b8986a3d6866f0f5fa84e70f784d062c6ca17301e015b07c1d03576c38060b8ef68665e493f70d4abf69ebf

Download Submit
C:\Program Files (x86)\AnyGo\usbmuxd.dll

Filesize
60KB

MD5
3f2cd6daf8977decb522e05315600a57

SHA1
5d57d7bc3b08097c8a54de65cbde7cda2d02dbe4

SHA256
3feb5479f65361b670d055d48fb7fb0a23b64e8513b2783a48884dcb877f31d1

SHA512
7ef09f3a741598049a85d88b120265eb083bcacb52b561ba09891227200cce016cceb8983ca0dc67281742099fc1c3342996b5710d9dec20241d3b33e09777e7

Download Submit
C:\Program Files (x86)\AnyGo\usbmuxd.dll

Filesize
60KB

MD5
3f2cd6daf8977decb522e05315600a57

SHA1
5d57d7bc3b08097c8a54de65cbde7cda2d02dbe4

SHA256
3feb5479f65361b670d055d48fb7fb0a23b64e8513b2783a48884dcb877f31d1

SHA512
7ef09f3a741598049a85d88b120265eb083bcacb52b561ba09891227200cce016cceb8983ca0dc67281742099fc1c3342996b5710d9dec20241d3b33e09777e7

Download Submit
C:\Program Files (x86)\AnyGo\vcruntime140.dll

Filesize
81KB

MD5
8e65e033799eb9fd46bc5c184e7d1b85

SHA1
e1cc5313be1f7df4c43697f8f701305585fe4e71

SHA256
be38a38e22128af9a529af33d1f02dd24b2a344d29175939e229cf3a280673e4

SHA512
e0207fe2c327e7a66c42f23b3cbabc771d3819275dc970a9fa82d7af5f26606685644b8ea511f87ec511eb3a086a9506adec96c01c1b80b788c253bd0d459fbd

Download Submit
C:\Program Files\Java\jre-1.8\lib\ext\dns_sd.jar

Filesize
17KB

MD5
ce9a2f5a7fcfff341d6d901ad919a2ab

SHA1
341f9d9a0b3fd8cfbefe0169b148dcc55688ee93

SHA256
cc36a44467f41cf2dc91c126e368e357b28a0d57101472d2dfd1c06a4091cdf7

SHA512
1f53e652b042ee27fe05b11ccda2ed9ae9a8f44b948b8658aa7a2d7ad2f5bd94ea16f3d9a92e65a8c65b7480517f1d05a066a4fb8d961b927d0d305399ca4e8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
483924abaaa7ce1345acd8547cfe77f4

SHA1
4190d880b95d9506385087d6c2f5434f0e9f63e8

SHA256
9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684

SHA512
e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
5ac6b07af3a3c2a726bc97fe03c12f23

SHA1
869a59f15b3d78b7ee0099122bcb7da962efb177

SHA256
fa18f4b267edb58a66e2e01367f5f985a4856b56ad87d8467307df57a2b91075

SHA512
591cf833d8c9001886fdd8a716d1d8c3a860dcee93f3ab887f99c48731f50a2e5f7d4a430430835c27490a0524d18665e7e368602862f398278c9ece2d2a9365

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dad3791d431c9164f861b1babd5dea32

SHA1
ce2b4d3a48fc61af87589d028bfcd74dd159a5d9

SHA256
adfe7e968d7be897a9e5fccbbabcc1ff6a88b7944fa00527d8f15f6ee82bbb53

SHA512
874eabefab649a8412a5220f0a6a6baee607922a7a62d62dfab4daa818e83ee7f6266b8bd8b082652a5170a08b3163e08f844d1fd08126319193d45aff18fc78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0452f5aeb59510a50f337e4524de2d1d

SHA1
f60ca89aba973fc089591a88950b33c088403037

SHA256
de7b18b6bc498c7bc4ab796b22f8613600a58e23db813ac1b71fb8b4ff420c9a

SHA512
8dbc4cf8fc4a3a338f4abfa73c36dcdca29e36f2671b25b689760271682d40ae8d8bd9e9edace29e05e17a4022435e9dde8ab8545cbca0a42bfc706df9268e38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1c706d53e85fb5321a8396d197051531

SHA1
0d92aa8524fb1d47e7ee5d614e58a398c06141a4

SHA256
80c44553381f37e930f1c82a1dc2e77acd7b955ec0dc99d090d5bd6b32c3c932

SHA512
d43867392c553d4afffa45a1b87a74e819964011fb1226ee54e23a98fc63ca80e266730cec6796a2afa435b1ea28aed72c55eae1ae5d31ec778f53be3e2162fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
52b71be3f4466f06c9c4143025ac1d89

SHA1
649cd27d158fd3d07c752441d2612df4bc9ccc13

SHA256
136adf32cc18aa0e69fbbe9df7997decd8c5f0b061cdcbdbddd572a1744f35ef

SHA512
040183b6949dc3d64fd0deefb1a80e539097859822b4830801e4470ff20e822b842e71fd7618dd79ef50d76def9875c535a423cedee4f3d01123aae2246f8502

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-MB9MK.tmp\anygo.tmp

Filesize
2.5MB

MD5
ddb4a85b7e5e7eafa981a69f05e1b7c9

SHA1
7f7e070c8b20dc16da7c319a4e4394e905782be4

SHA256
b23d626c65515216d8cbc29412cc92262d6a067ad67322599d67ab1455fde6fd

SHA512
bedd2b13522f2a635f561dfd9d60dfcb6e7151c80062df952064c22a98f28935665f14cf331bbfa3f542e13f31eb8c20b0094749cd6e55d92974e16df1819f3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-MB9MK.tmp\anygo.tmp

Filesize
2.5MB

MD5
ddb4a85b7e5e7eafa981a69f05e1b7c9

SHA1
7f7e070c8b20dc16da7c319a4e4394e905782be4

SHA256
b23d626c65515216d8cbc29412cc92262d6a067ad67322599d67ab1455fde6fd

SHA512
bedd2b13522f2a635f561dfd9d60dfcb6e7151c80062df952064c22a98f28935665f14cf331bbfa3f542e13f31eb8c20b0094749cd6e55d92974e16df1819f3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\{9a23568b-a1a4-a841-b92a-348264e2a542}\USBAAPL.CAT

Filesize
14KB

MD5
97f4158a43852869de6ba9f1c754bbc8

SHA1
0565f0874d623268529b86967b93a7ae8d57dab5

SHA256
1daa9a80eaf692e1c1490afafcc435e37cafa94e9a9dfe453a82b1b472f3b1ba

SHA512
ba75a483ac75deab29c4174f1991dbcf4a76857dac23c99065e07585a5958e49f1ade0133fabdb3c8a28ba35e8df06fb529f81c756ae549b35543ad39817a44e

Download Submit
C:\Users\Admin\AppData\Local\Temp\{9a23568b-a1a4-a841-b92a-348264e2a542}\usbaapl.inf

Filesize
5KB

MD5
ca3a369e3993295e11d5fb6b7663f3b9

SHA1
7771a0176a543725d7bbf70a546c096a4ee2dd40

SHA256
4494c8af156d9dc7deea76491d73716e16b42e3e8b5b4555b0fd247b6cacab8b

SHA512
650b0f23b6470ad84a001821bd5ba6fc906db0e6fd616d734a87b9777ac1f5f6d6d0dc52f5aef223bf362109b77cd89c5b4e93562c1168fbd049756d714b64cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\{bb3a967d-ab07-6642-a4ac-152789180557}\SET6EFE.tmp

Filesize
14KB

MD5
26eee7af8aa1ef8c1bd7c9327c602844

SHA1
990a56215aac7000eac9371f489a0fc57d560078

SHA256
946b0a8150213d6a4dd3aef6248ebb923f8167c84c7ff1b10137e5030ec8bf30

SHA512
1cce53edb09f449720005ee9ca013fabb0be498991adf38ce738330a02b336790cb835e235e097c57a7cf983b4bf18664bc113b074cd94f9118901565d83e24d

Download Submit
C:\Users\Admin\AppData\Local\Temp\{bb3a967d-ab07-6642-a4ac-152789180557}\usbaapl64.inf

Filesize
5KB

MD5
2da3a91b71919d035d8fd17b6b90bbc2

SHA1
c2c6a29f3abc80fd992777a92df30699124d37c5

SHA256
edea577e694efceec5b26d745fff8125e9fc8a78cacd7365e77ef35031ebc49b

SHA512
71b98c884c338902110c83f6c858b906bd8d63e09e5f92d3e019f586d82961fdc71a459e6456a3e9a56b9b109838b4556aee91e0befb68c2ae505c93a41fe56b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{bb3a967d-ab07-6642-a4ac-152789180557}\usbaapl64.sys

Filesize
53KB

MD5
f957092c63cd71d85903ca0d8370f473

SHA1
9d76d3df84ca8b3b384577cb87b7aba0ee33f08d

SHA256
4dec2fc20329f248135da24cb6694fd972dcce8b1bbea8d872fde41939e96aaf

SHA512
a43ca7f24281f67c63c54037fa9c02220cd0fa34a10b1658bae7e544236b939f26a1972513f392a5555dd97077bba91bbe920d41b19737f9960ef427599622bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\{bb3a967d-ab07-6642-a4ac-152789180557}\usbaaplrc.dll

Filesize
5.8MB

MD5
1428a8b3dbf4f73b257c4a461df9b996

SHA1
0fe85ab508bd44dfb2fa9830f98de4714dfce4fa

SHA256
5ed0d8f2066dd19d5aec42c5498fdd1db9cefab4d024a1015c707dfd0cfd5b20

SHA512
916a61feb9a36872a7c1adece8933599e55b46f7d113966ec4ad2af0e2568f1a339629ec48eca10bd1e071c88171fe88292dab27ce509ceea42afbd049599cc7

Download Submit
C:\Windows\Installer\MSI846C.tmp

Filesize
76KB

MD5
950087e828e1b7426f703678e446c799

SHA1
c9f28be9b9f810132ec8d78c161e5a232491e60e

SHA256
8a41eaa0d699f48661c2560aeffe4b0432cf755f1b15e31ac9aff667d498b3ee

SHA512
9ab24bf84a4534e219df132a0b43874c1d6410ef802c69e65c5aaf3d0c46085470690851ef23303f9a48076e8ae552d816903e02c43c1af83e6fc3457d2acb93

Download Submit
C:\Windows\Installer\MSI8885.tmp

Filesize
75KB

MD5
6f8e3e4f72620bddc633f0175f47161e

SHA1
53ed75a208cc84f1a065e9e4ece356371cac0341

SHA256
2adf199f6baf245f0b07d31a3a1401d4262c3e6c98b8f10df923ceb2c937291e

SHA512
80187277e78f59b7ea71ed3caa55452e730d93b8c296d5820d470776a428cbb7e7fead87240e811436f85e4d89df2b9f31d6d16658d21abf59395cab7074a869

Download Submit
C:\Windows\Installer\e597a66.msi

Filesize
2.6MB

MD5
86e2b390629665fbc20e06dfbf01a48f

SHA1
d9f4697a6f4eceea24735822cb1df501268ca0b0

SHA256
46e31e284da64d6c2d366352b8a8abcf7db28d3e2a870d8fcf15c4a6fe0a6dd1

SHA512
05ecd3be5779f39db09329dda4dce0e3c49ac5d3950e92833031622b53542dadbe9e2948df35faeb4c41dbc8e01992935087c4a2975c797bd008ae177f7c3fea

Download Submit
memory/528-890-0x0000000000400000-0x000000000059A000-memory.dmp

Filesize
1.6MB

Download
memory/1344-918-0x0000000000400000-0x000000000059A000-memory.dmp

Filesize
1.6MB

Download
memory/1500-917-0x0000000000400000-0x000000000059A000-memory.dmp

Filesize
1.6MB

Download
memory/1500-920-0x0000000000400000-0x000000000059A000-memory.dmp

Filesize
1.6MB

Download
memory/1832-791-0x0000000000400000-0x000000000059A000-memory.dmp

Filesize
1.6MB

Download
memory/2440-7-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/2440-559-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/2440-0-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/2704-579-0x000000006CA40000-0x000000006D293000-memory.dmp

Filesize
8.3MB

Download
memory/2704-576-0x000000006CA40000-0x000000006D293000-memory.dmp

Filesize
8.3MB

Download
memory/2704-575-0x00000000081D0000-0x00000000081D1000-memory.dmp

Filesize
4KB

Download
memory/2704-577-0x000000006CA40000-0x000000006D293000-memory.dmp

Filesize
8.3MB

Download
memory/4128-11-0x0000000002760000-0x0000000002761000-memory.dmp

Filesize
4KB

Download
memory/4128-5-0x0000000002760000-0x0000000002761000-memory.dmp

Filesize
4KB

Download
memory/4128-8-0x0000000000400000-0x0000000000688000-memory.dmp

Filesize
2.5MB

Download
memory/4128-28-0x0000000000400000-0x0000000000688000-memory.dmp

Filesize
2.5MB

Download
memory/4128-300-0x0000000000400000-0x0000000000688000-memory.dmp

Filesize
2.5MB

Download
memory/4128-558-0x0000000000400000-0x0000000000688000-memory.dmp

Filesize
2.5MB

Download
memory/5544-936-0x0000000000400000-0x000000000059A000-memory.dmp

Filesize
1.6MB

Download
memory/5632-796-0x0000000000400000-0x000000000059A000-memory.dmp

Filesize
1.6MB

Download
memory/5748-919-0x0000000000400000-0x000000000059A000-memory.dmp

Filesize
1.6MB

Download
memory/5796-926-0x0000000000400000-0x000000000059A000-memory.dmp

Filesize
1.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request