Analysis Overview
SHA256
e447e0961b21df259aca7cd8fe13f1be657253d93e6141e4a576cc7caffa7f91
Threat Level: Known bad
The file IMG_0108.png was found to be: Known bad.
Malicious Activity Summary
Kinsing
Enumerates physical storage devices
Checks processor information in registry
Modifies registry class
NTFS ADS
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Uses Task Scheduler COM API
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-01-25 17:32
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-01-25 17:32
Reported
2024-01-25 17:35
Platform
win10-20231215-en
Max time kernel
149s
Max time network
158s
Command Line
Signatures
Kinsing
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1968775928-2924269989-3510977013-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\Super Mario World (USA).zip:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\IMG_0108.png
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4832.0.1420555161\1375409313" -parentBuildID 20221007134813 -prefsHandle 1688 -prefMapHandle 1680 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed080146-2444-4e2a-bf83-4ef91c83db7a} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" 1768 227e02d9858 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4832.1.684497014\1359171506" -parentBuildID 20221007134813 -prefsHandle 2108 -prefMapHandle 2104 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0773b484-de1a-468c-a2f4-c64636326095} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" 2120 227ce072e58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4832.2.1047030291\1801283692" -childID 1 -isForBrowser -prefsHandle 2880 -prefMapHandle 2876 -prefsLen 20866 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {615e9c48-998d-442b-b4c6-0cbb73523cf5} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" 2892 227e449d858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4832.3.1796012923\738015147" -childID 2 -isForBrowser -prefsHandle 3448 -prefMapHandle 3432 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce62d3a4-d83d-4f6a-b87e-6acb378c2482} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" 3476 227ce061358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4832.4.894560266\665178456" -childID 3 -isForBrowser -prefsHandle 4404 -prefMapHandle 4400 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9650c448-4337-4884-bf21-709cff547b7e} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" 4208 227e5484a58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4832.5.408949713\1674652996" -childID 4 -isForBrowser -prefsHandle 4852 -prefMapHandle 1568 -prefsLen 26247 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {86acc784-9fbb-4aa0-aa2a-eb5c702ee8ea} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" 4928 227ce030858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4832.7.1753630925\1123480146" -childID 6 -isForBrowser -prefsHandle 5132 -prefMapHandle 5136 -prefsLen 26247 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9bba22cb-3855-4ada-9cc8-0d497485879a} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" 5052 227e7047e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4832.6.252715677\347377469" -childID 5 -isForBrowser -prefsHandle 5144 -prefMapHandle 5252 -prefsLen 26247 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b53a3259-3211-48a1-bf0c-809eefd0bf13} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" 4988 227e198fd58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4832.8.1087187428\699562590" -childID 7 -isForBrowser -prefsHandle 5676 -prefMapHandle 5680 -prefsLen 26247 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b03cb9d-6d2d-40f9-b4e0-57537251c6c1} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" 5644 227e6705958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4832.9.129772820\955512374" -childID 8 -isForBrowser -prefsHandle 3484 -prefMapHandle 3488 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b752f1b-267a-4da9-a6f4-f24691fe3ff7} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" 4592 227e6705358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4832.10.2026289155\1853985726" -childID 9 -isForBrowser -prefsHandle 5848 -prefMapHandle 5864 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {be44e7c5-340b-4250-b428-aa592ac707b7} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" 3924 227e9141858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4832.12.1517621546\1315751690" -childID 11 -isForBrowser -prefsHandle 8588 -prefMapHandle 8584 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3f1faef-5011-4119-9000-a742786a7778} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" 8600 227ec0bc558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4832.11.21373375\295944254" -childID 10 -isForBrowser -prefsHandle 8964 -prefMapHandle 8972 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ede9be4-16d4-42d4-8192-3d5167ec6584} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" 8956 227ebfd9f58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4832.13.1962836066\1723716793" -childID 12 -isForBrowser -prefsHandle 8352 -prefMapHandle 8348 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1f0644f-7904-4be5-acce-9e436ec33ce4} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" 8228 227e80c3558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4832.14.403472975\1127341379" -childID 13 -isForBrowser -prefsHandle 8088 -prefMapHandle 8084 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2aeb2aa9-99fb-4cb1-b719-262b255d0d1e} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" 8096 227e80c4d58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4832.15.685933177\2145323504" -childID 14 -isForBrowser -prefsHandle 7892 -prefMapHandle 8232 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d0c920c-dfc8-4bec-a4c5-c0fc70a309cf} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" 7792 227e9a97358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4832.16.1480863399\94561671" -childID 15 -isForBrowser -prefsHandle 7872 -prefMapHandle 8988 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {11729a94-ee2a-4396-a6e1-8485f771a59a} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" 7688 227ec4b3358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4832.17.1567461268\2111976583" -childID 16 -isForBrowser -prefsHandle 7476 -prefMapHandle 7668 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {328e2c78-ccec-41e0-982a-8e54fcb981a0} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" 7780 227ecb87758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4832.18.507360602\1723986064" -childID 17 -isForBrowser -prefsHandle 7492 -prefMapHandle 7496 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {618b09b6-29dc-4612-a94e-cb41f69d6d8c} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" 7504 227ecb87a58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4832.19.1094568323\465006023" -childID 18 -isForBrowser -prefsHandle 4544 -prefMapHandle 4640 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {50af2458-460f-4443-882a-30a2d6c33bd9} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" 4620 227e5485c58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4832.22.2049389732\1211992204" -childID 21 -isForBrowser -prefsHandle 9928 -prefMapHandle 9932 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd705058-e351-4b6b-b488-9e58daae5e93} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" 6672 227e94e6e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4832.21.621178399\1085123611" -childID 20 -isForBrowser -prefsHandle 9940 -prefMapHandle 9944 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac0e2f21-6971-4752-b22b-a1c36275a632} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" 9920 227e6793958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4832.20.22804776\1716388299" -childID 19 -isForBrowser -prefsHandle 9952 -prefMapHandle 9956 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8591cc42-c180-43c3-bc40-ac9a0e889d14} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" 6784 227e6793358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4832.23.614010361\711770803" -childID 22 -isForBrowser -prefsHandle 6856 -prefMapHandle 6852 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {64b9bb15-822c-4977-89de-4f1b09dccf11} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" 7460 227e9761958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4832.24.80995467\1450905451" -childID 23 -isForBrowser -prefsHandle 10456 -prefMapHandle 10460 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6316ba9b-018d-4784-9cd3-49837c7b60dd} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" 10444 227ea7f0458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4832.25.1001418116\1158196893" -childID 24 -isForBrowser -prefsHandle 8300 -prefMapHandle 10532 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e796d4c8-12bd-4695-8071-5b0400834bea} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" 10684 227e9788258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4832.26.611753165\466290413" -parentBuildID 20221007134813 -prefsHandle 10800 -prefMapHandle 10812 -prefsLen 26808 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8838c7e0-8b88-4c14-9c66-d33f83350ed2} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" 10872 227e9917058 rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4832.27.1548715643\1264591746" -childID 25 -isForBrowser -prefsHandle 4828 -prefMapHandle 11008 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {893b6644-2ac8-4b17-ada8-56b76c1fbca5} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" 4832 227e60c8558 tab
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Super Mario World (USA)\" -ad -an -ai#7zMap6685:108:7zEvent391
Network
| Country | Destination | Domain | Proto |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| N/A | 127.0.0.1:49775 | tcp | |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 52.11.178.236:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| N/A | 127.0.0.1:49781 | tcp | |
| US | 8.8.8.8:53 | 236.178.11.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vimm.net | udp |
| US | 71.245.171.35:80 | vimm.net | tcp |
| US | 8.8.8.8:53 | vimm.net | udp |
| US | 71.245.171.35:80 | vimm.net | tcp |
| US | 71.245.171.35:80 | vimm.net | tcp |
| US | 8.8.8.8:53 | 35.171.245.71.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vimm.net | udp |
| US | 71.245.171.35:443 | vimm.net | tcp |
| US | 8.8.8.8:53 | efreecode.com | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 18.208.5.78:443 | efreecode.com | tcp |
| US | 8.8.8.8:53 | efreecode.com | udp |
| US | 8.8.8.8:53 | efreecode.com | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.5.208.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.fuseplatform.net | udp |
| GB | 104.77.160.197:443 | cdn.fuseplatform.net | tcp |
| US | 8.8.8.8:53 | a1956.dscr.akamai.net | udp |
| US | 8.8.8.8:53 | a1956.dscr.akamai.net | udp |
| US | 8.8.8.8:53 | 197.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cmp.inmobi.com | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| GB | 18.244.114.102:443 | cmp.inmobi.com | tcp |
| US | 8.8.8.8:53 | d23sp3kzv1t6m5.cloudfront.net | udp |
| US | 8.8.8.8:53 | d1ykf07e75w7ss.cloudfront.net | udp |
| US | 8.8.8.8:53 | securepubads46.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | securepubads46.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | d1ykf07e75w7ss.cloudfront.net | udp |
| US | 8.8.8.8:53 | d23sp3kzv1t6m5.cloudfront.net | udp |
| US | 8.8.8.8:53 | 102.114.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | jsdelivr.map.fastly.net | udp |
| US | 8.8.8.8:53 | jsdelivr.map.fastly.net | udp |
| US | 151.101.1.229:443 | jsdelivr.map.fastly.net | tcp |
| FR | 13.249.10.203:443 | c.amazon-adsystem.com | tcp |
| GB | 172.217.16.226:443 | securepubads46.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.10.249.13.in-addr.arpa | udp |
| GB | 18.244.114.102:443 | d23sp3kzv1t6m5.cloudfront.net | tcp |
| US | 151.101.1.229:443 | jsdelivr.map.fastly.net | udp |
| GB | 172.217.16.226:443 | securepubads46.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | cdn.snigelweb.com | udp |
| US | 104.18.11.248:443 | cdn.snigelweb.com | tcp |
| US | 8.8.8.8:53 | cdn.snigelweb.com | udp |
| US | 8.8.8.8:53 | cdn.snigelweb.com | udp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | 248.11.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| FR | 13.249.10.203:443 | c.amazon-adsystem.com | tcp |
| GB | 52.84.90.86:443 | config.aps.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | cmp.quantcast.com | udp |
| US | 8.8.8.8:53 | adengine.snigelweb.com | udp |
| US | 8.8.8.8:53 | cmp.quantcast.com | udp |
| US | 8.8.8.8:53 | cdnx.snigelweb.com | udp |
| US | 8.8.8.8:53 | cmp.quantcast.com | udp |
| US | 8.8.8.8:53 | adengine.snigelweb.com | udp |
| US | 8.8.8.8:53 | d2ipqnz901lbdy.cloudfront.net | udp |
| US | 8.8.8.8:53 | adengine.snigelweb.com | udp |
| US | 8.8.8.8:53 | d2ipqnz901lbdy.cloudfront.net | udp |
| GB | 143.204.68.55:443 | cmp.quantcast.com | tcp |
| US | 104.18.10.248:443 | adengine.snigelweb.com | tcp |
| GB | 13.224.132.64:443 | d2ipqnz901lbdy.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 86.90.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.68.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.10.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.132.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.cmp.inmobi.com | udp |
| DE | 18.197.231.253:443 | api.cmp.inmobi.com | tcp |
| US | 8.8.8.8:53 | secure.cdn.fastclick.net | udp |
| US | 8.8.8.8:53 | choice-apis-prod-2120274730.eu-central-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | choice-apis-prod-2120274730.eu-central-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | e4536.g.akamaiedge.net | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | e4536.g.akamaiedge.net | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| GB | 2.19.152.155:443 | e4536.g.akamaiedge.net | tcp |
| US | 172.67.38.106:443 | cdn.id5-sync.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | gum.nl3.vip.prod.criteo.com | udp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| NL | 178.250.1.11:443 | gum.nl3.vip.prod.criteo.com | tcp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | gum.nl3.vip.prod.criteo.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | 253.231.197.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.38.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.40.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.152.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 104.22.75.216:443 | btloader.com | tcp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | script.4dex.io | udp |
| US | 8.8.8.8:53 | d1jvc9b8z3vcjs.cloudfront.net | udp |
| US | 8.8.8.8:53 | script.4dex.io | udp |
| US | 8.8.8.8:53 | script.4dex.io | udp |
| US | 8.8.8.8:53 | d1jvc9b8z3vcjs.cloudfront.net | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | hb.minutemedia-prebid.com | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | prg.smartadserver.com | udp |
| US | 8.8.8.8:53 | ib.anycast.adnxs.com | udp |
| US | 8.8.8.8:53 | mp.4dex.io | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | hb.digbearings.com | udp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| US | 8.8.8.8:53 | ib.anycast.adnxs.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | bidder.criteo.com | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | hb.digbearings.com | udp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| US | 8.8.8.8:53 | euw2.smartadserver.com | udp |
| US | 8.8.8.8:53 | mp.4dex.io | udp |
| US | 8.8.8.8:53 | eu-tlx.3lift.com | udp |
| US | 8.8.8.8:53 | euw2.smartadserver.com | udp |
| US | 8.8.8.8:53 | mp.4dex.io | udp |
| US | 8.8.8.8:53 | eu-tlx.3lift.com | udp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| US | 8.8.8.8:53 | hbopenbid-ams.pubmnet.com | udp |
| US | 8.8.8.8:53 | bidder.nl3.vip.prod.criteo.com | udp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| US | 8.8.8.8:53 | hbopenbid-ams.pubmnet.com | udp |
| US | 8.8.8.8:53 | bidder.nl3.vip.prod.criteo.com | udp |
| US | 8.8.8.8:53 | btlr-eu-central-1.sharethrough.com | udp |
| US | 8.8.8.8:53 | c.4dex.io | udp |
| US | 8.8.8.8:53 | btlr-eu-central-1.sharethrough.com | udp |
| US | 8.8.8.8:53 | c.4dex.io | udp |
| US | 8.8.8.8:53 | c.4dex.io | udp |
| US | 8.8.8.8:53 | 216.75.22.104.in-addr.arpa | udp |
| FR | 52.222.159.68:443 | aax.amazon-adsystem.com | tcp |
| US | 104.26.8.169:443 | script.4dex.io | tcp |
| IE | 52.48.9.73:443 | hb.yellowblue.io | tcp |
| DE | 51.89.9.251:443 | onetag-sys.com | tcp |
| US | 104.18.34.178:443 | mp.4dex.io | tcp |
| IE | 52.213.157.117:443 | hb.yellowblue.io | tcp |
| US | 35.241.34.106:443 | c.4dex.io | tcp |
| US | 35.241.34.106:443 | c.4dex.io | tcp |
| US | 35.241.34.106:443 | c.4dex.io | tcp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | cdn.prod.uidapi.com | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | d2avimlm6gq3h9.cloudfront.net | udp |
| US | 8.8.8.8:53 | 38eceba2abf2079d478a02ec80a512e3.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | d2avimlm6gq3h9.cloudfront.net | udp |
| US | 8.8.8.8:53 | static.nl3.vip.prod.criteo.net | udp |
| US | 8.8.8.8:53 | static.nl3.vip.prod.criteo.net | udp |
| US | 8.8.8.8:53 | pagead-googlehosted.l.google.com | udp |
| US | 8.8.8.8:53 | 169.8.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.34.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.34.241.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.157.213.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.9.48.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.9.89.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pagead-googlehosted.l.google.com | udp |
| US | 8.8.8.8:53 | d1ykf07e75w7ss.cloudfront.net | udp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 35.241.34.106:443 | c.4dex.io | udp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| GB | 18.245.247.167:443 | d2avimlm6gq3h9.cloudfront.net | tcp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| GB | 142.250.187.193:443 | pagead-googlehosted.l.google.com | tcp |
| US | 104.26.8.169:443 | script.4dex.io | tcp |
| US | 71.245.171.35:443 | vimm.net | tcp |
| US | 34.102.146.192:443 | oa.openxcdn.net | udp |
| GB | 142.250.187.193:443 | pagead-googlehosted.l.google.com | udp |
| US | 8.8.8.8:53 | 19.69.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.146.102.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.247.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | oajs.openx.net | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | oajs.openx.net | udp |
| US | 8.8.8.8:53 | oajs.openx.net | udp |
| GB | 18.165.201.12:443 | tags.crwdcntrl.net | tcp |
| NL | 178.250.1.3:443 | static.nl3.vip.prod.criteo.net | tcp |
| NL | 178.250.1.3:443 | static.nl3.vip.prod.criteo.net | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| US | 34.120.135.53:443 | oajs.openx.net | tcp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| DE | 141.95.98.64:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| DE | 141.95.98.65:443 | id5-sync.com | tcp |
| IE | 63.32.187.129:443 | bcp.crwdcntrl.net | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | udp |
| US | 34.120.135.53:443 | oajs.openx.net | udp |
| US | 8.8.8.8:53 | 12.201.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.135.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.98.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.98.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.187.32.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 172.217.16.230:443 | s0.2mdn.net | tcp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| GB | 142.250.200.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.200.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.200.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.200.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.200.1:443 | cdn.ampproject.org | tcp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | udp |
| GB | 172.217.16.230:443 | s0.2mdn.net | udp |
| GB | 142.250.200.1:443 | cdn.ampproject.org | udp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| US | 8.8.8.8:53 | cdn-content.ampproject.org | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | cdn-content.ampproject.org | udp |
| US | 8.8.8.8:53 | 230.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads4.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads4.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads4.g.doubleclick.net | udp |
| NL | 178.250.1.8:443 | bidder.nl3.vip.prod.criteo.com | tcp |
| NL | 185.89.211.116:443 | ib.anycast.adnxs.com | tcp |
| US | 8.8.8.8:53 | ib.anycast.adnxs.com | udp |
| DE | 3.74.40.145:443 | tlx.3lift.com | tcp |
| US | 8.8.8.8:53 | eu-tlx.3lift.com | udp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 8.8.8.8:53 | hbopenbid-ams.pubmnet.com | udp |
| NL | 185.64.189.112:443 | hbopenbid-ams.pubmnet.com | tcp |
| IE | 54.154.36.162:443 | ap.lijit.com | tcp |
| US | 8.8.8.8:53 | blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| NL | 145.40.97.67:443 | prebid.a-mo.net | tcp |
| US | 8.8.8.8:53 | am6-prebid.a-mx.net | udp |
| US | 8.8.8.8:53 | blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | am6-prebid.a-mx.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 8.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.40.74.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.189.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.97.40.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.36.154.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | 1x1.a-mo.net | udp |
| US | 8.8.8.8:53 | 1x1.a-mo.net | udp |
| US | 8.8.8.8:53 | 1x1.a-mo.net | udp |
| US | 8.8.8.8:53 | cdn.fuseplatform.net | udp |
| US | 8.8.8.8:53 | 46baf2e935528bae5cbc4d55bec5299b.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | a1956.dscr.akamai.net | udp |
| US | 8.8.8.8:53 | a1956.dscr.akamai.net | udp |
| NL | 178.250.1.11:443 | gum.nl3.vip.prod.criteo.com | tcp |
| GB | 216.58.204.68:443 | www.google.com | tcp |
| US | 35.244.159.8:443 | google-bidout-d.openx.net | tcp |
| IE | 67.220.226.232:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 3.233.76.209:443 | 1x1.a-mo.net | tcp |
| GB | 142.250.187.193:443 | 46baf2e935528bae5cbc4d55bec5299b.safeframe.googlesyndication.com | tcp |
| DE | 141.95.98.65:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | 68.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.159.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.226.220.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.76.233.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | argus-fra1.snigelweb.com | udp |
| US | 8.8.8.8:53 | argus-fra1.snigelweb.com | udp |
| US | 8.8.8.8:53 | argus-fra1.snigelweb.com | udp |
| GB | 142.250.187.193:443 | 46baf2e935528bae5cbc4d55bec5299b.safeframe.googlesyndication.com | udp |
| IE | 67.220.226.232:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 104.18.10.248:443 | argus-fra1.snigelweb.com | tcp |
| US | 35.244.159.8:443 | google-bidout-d.openx.net | udp |
| GB | 216.58.204.68:443 | www.google.com | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | gbc2.nl3.eu.criteo.com | udp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| US | 8.8.8.8:53 | gbc6.fr3.eu.criteo.com | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | gbc2.nl3.eu.criteo.com | udp |
| US | 8.8.8.8:53 | gbc6.fr3.eu.criteo.com | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| FR | 185.235.86.175:443 | gbc6.fr3.eu.criteo.com | tcp |
| NL | 185.235.87.82:443 | gbc2.nl3.eu.criteo.com | tcp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| NL | 185.235.87.82:443 | gbc2.nl3.eu.criteo.com | tcp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.86.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.87.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 172.217.169.42:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 172.217.169.42:443 | ajax.googleapis.com | udp |
| DE | 51.89.9.251:443 | onetag-sys.com | tcp |
| DE | 51.89.9.251:443 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | download3.vimm.net | udp |
| US | 5.254.40.90:443 | download3.vimm.net | tcp |
| US | 8.8.8.8:53 | download3.vimm.net | udp |
| US | 8.8.8.8:53 | download3.vimm.net | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| GB | 96.16.109.9:443 | ads.pubmatic.com | tcp |
| US | 8.8.8.8:53 | e6603.g.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e6603.g.akamaiedge.net | udp |
| US | 8.8.8.8:53 | 42.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.40.254.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.109.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | eb2.3lift.com | udp |
| US | 13.248.245.213:443 | eb2.3lift.com | tcp |
| US | 8.8.8.8:53 | eu-eb2.3lift.com | udp |
| US | 8.8.8.8:53 | eu-eb2.3lift.com | udp |
| US | 8.8.8.8:53 | acdn.adnxs.com | udp |
| US | 151.101.1.108:443 | acdn.adnxs.com | tcp |
| US | 8.8.8.8:53 | prod.appnexus.map.fastly.net | udp |
| US | 8.8.8.8:53 | prod.appnexus.map.fastly.net | udp |
| US | 8.8.8.8:53 | 213.245.248.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rtb.mfadsrvr.com | udp |
| US | 8.8.8.8:53 | sync.mathtag.com | udp |
| US | 8.8.8.8:53 | pixel-origin.mathtag.com | udp |
| US | 8.8.8.8:53 | pixel-eu.rubiconproject.com | udp |
| US | 8.8.8.8:53 | ads.stickyadstv.com | udp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| US | 8.8.8.8:53 | cs.admanmedia.com | udp |
| US | 8.8.8.8:53 | ssbsync-global.smartadserver.com | udp |
| US | 8.8.8.8:53 | t.adx.opera.com | udp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| US | 80.77.87.162:443 | cs.admanmedia.com | tcp |
| US | 8.8.8.8:53 | pixel.rubiconproject.net.akadns.net | udp |
| US | 8.8.8.8:53 | cs.admanmedia.com | udp |
| US | 8.8.8.8:53 | pixel-origin.mathtag.com | udp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| US | 8.8.8.8:53 | cs.admanmedia.com | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| US | 8.8.8.8:53 | pixel.rubiconproject.net.akadns.net | udp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | elb-aws-fr-dorpat-283474803.eu-central-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | elb-aws-fr-dorpat-283474803.eu-central-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | ssbsync-euw2.smartadserver.com | udp |
| US | 8.8.8.8:53 | pixel-eu.rubiconproject.net.akadns.net | udp |
| US | 8.8.8.8:53 | ssbsync-euw2.smartadserver.com | udp |
| US | 8.8.8.8:53 | pixel-eu.rubiconproject.net.akadns.net | udp |
| US | 8.8.8.8:53 | outspot2-ams.adx.opera.com | udp |
| US | 8.8.8.8:53 | eu-west-dual.ads.stickyadstv.com.akadns.net | udp |
| US | 8.8.8.8:53 | 162.87.77.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | imagesync-lhrc.pubmnet.com | udp |
| US | 8.8.8.8:53 | outspot2-ams.adx.opera.com | udp |
| US | 8.8.8.8:53 | eu-west-dual.ads.stickyadstv.com.akadns.net | udp |
| US | 8.8.8.8:53 | ats-eks.eu-central-1.dcs-online-targeting-prd.aws.oath.cloud | udp |
| US | 8.8.8.8:53 | imagesync-lhrc.pubmnet.com | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | ats-eks.eu-central-1.dcs-online-targeting-prd.aws.oath.cloud | udp |
| US | 8.8.8.8:53 | user-data-eu.bidswitch.net | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | user-data-eu.bidswitch.net | udp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| DE | 18.197.230.231:443 | elb-aws-fr-dorpat-283474803.eu-central-1.elb.amazonaws.com | tcp |
| US | 216.200.232.249:443 | pixel-origin.mathtag.com | tcp |
| NL | 213.19.162.80:443 | pixel-eu.rubiconproject.net.akadns.net | tcp |
| NL | 185.89.211.116:443 | ib.anycast.adnxs.com | tcp |
| NL | 213.19.162.80:443 | pixel-eu.rubiconproject.net.akadns.net | tcp |
| NL | 82.145.213.8:443 | outspot2-ams.adx.opera.com | tcp |
| FR | 5.196.111.69:443 | ssbsync-euw2.smartadserver.com | tcp |
| US | 35.244.174.68:443 | id.rlcdn.com | tcp |
| NL | 154.57.158.26:443 | ads.stickyadstv.com | tcp |
| GB | 185.64.190.79:443 | imagesync-lhrc.pubmnet.com | tcp |
| DE | 3.71.149.231:443 | ats-eks.eu-central-1.dcs-online-targeting-prd.aws.oath.cloud | tcp |
| NL | 35.214.149.91:443 | user-data-eu.bidswitch.net | tcp |
| US | 52.46.151.131:443 | s.amazon-adsystem.com | tcp |
| NL | 185.89.211.116:443 | ib.anycast.adnxs.com | tcp |
| NL | 185.89.211.116:443 | ib.anycast.adnxs.com | tcp |
| US | 8.8.8.8:53 | 79.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.174.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.162.19.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.158.57.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.213.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.149.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.230.197.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.149.71.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.151.46.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.232.200.216.in-addr.arpa | udp |
| US | 35.244.174.68:443 | id.rlcdn.com | udp |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| GB | 172.217.16.226:443 | ade.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| GB | 172.217.16.226:443 | ade.googlesyndication.com | udp |
| US | 8.8.8.8:53 | retroarch.net | udp |
| US | 8.8.8.8:53 | retroarch.net | udp |
| US | 104.21.59.102:80 | retroarch.net | tcp |
| US | 104.21.59.102:80 | retroarch.net | tcp |
| US | 104.21.59.102:443 | retroarch.net | tcp |
| US | 8.8.8.8:53 | 102.59.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | retroarch.com | udp |
| DE | 5.9.202.203:80 | retroarch.com | tcp |
| US | 8.8.8.8:53 | retroarch.com | udp |
| DE | 5.9.202.203:80 | retroarch.com | tcp |
| US | 8.8.8.8:53 | retroarch.com | udp |
| DE | 5.9.202.203:443 | retroarch.com | tcp |
| US | 8.8.8.8:53 | 203.202.9.5.in-addr.arpa | udp |
| DE | 5.9.202.203:443 | retroarch.com | tcp |
| DE | 5.9.202.203:443 | retroarch.com | tcp |
| US | 8.8.8.8:53 | consent.cookiebot.com | udp |
| US | 8.8.8.8:53 | cse.google.com | udp |
| US | 8.8.8.8:53 | craig.global.ssl.fastly.net | udp |
| US | 151.101.1.194:443 | craig.global.ssl.fastly.net | tcp |
| GB | 142.250.179.238:443 | cse.google.com | tcp |
| GB | 95.101.143.88:443 | consent.cookiebot.com | tcp |
| US | 8.8.8.8:53 | craig.global.ssl.fastly.net | udp |
| US | 8.8.8.8:53 | cse.google.com | udp |
| US | 8.8.8.8:53 | e110990.dsca.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e110990.dsca.akamaiedge.net | udp |
| US | 8.8.8.8:53 | craig.global.ssl.fastly.net | udp |
| US | 8.8.8.8:53 | cse.google.com | udp |
| US | 8.8.8.8:53 | 194.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.143.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| GB | 142.250.179.238:443 | cse.google.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| DE | 5.9.202.203:443 | retroarch.com | tcp |
| DE | 5.9.202.203:443 | retroarch.com | tcp |
| DE | 5.9.202.203:443 | retroarch.com | tcp |
| US | 8.8.8.8:53 | consentcdn.cookiebot.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 104.84.69.31:443 | consentcdn.cookiebot.com | tcp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | e3849.dsca.akamaiedge.net | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| GB | 172.217.16.226:443 | ade.googlesyndication.com | tcp |
| GB | 172.217.16.226:443 | ade.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 31.69.84.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.204.58.216.in-addr.arpa | udp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| GB | 216.58.204.68:443 | www.google.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | udp |
| GB | 216.58.204.68:443 | www.google.com | udp |
| US | 8.8.8.8:53 | imgsct.cookiebot.com | udp |
| GB | 104.84.69.31:443 | imgsct.cookiebot.com | tcp |
| GB | 216.58.212.206:443 | youtube-ui.l.google.com | tcp |
| GB | 216.58.212.206:443 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | clients1.google.com | udp |
| GB | 142.250.179.238:443 | clients1.google.com | tcp |
| US | 8.8.8.8:53 | clients.l.google.com | udp |
| GB | 142.250.179.238:443 | clients.l.google.com | udp |
| US | 8.8.8.8:53 | clients.l.google.com | udp |
| US | 8.8.8.8:53 | 206.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 216.58.212.202:443 | jnn-pa.googleapis.com | tcp |
| GB | 216.58.212.202:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 216.58.212.202:443 | jnn-pa.googleapis.com | udp |
| GB | 216.58.204.70:443 | static.doubleclick.net | tcp |
| GB | 216.58.204.70:443 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | 202.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.204.58.216.in-addr.arpa | udp |
| GB | 216.58.212.206:443 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.187.214:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 142.250.187.214:443 | i.ytimg.com | udp |
| GB | 216.58.201.97:443 | yt3.ggpht.com | tcp |
| US | 8.8.8.8:53 | photos-ugc.l.googleusercontent.com | udp |
| GB | 216.58.201.97:443 | photos-ugc.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | photos-ugc.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 214.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.201.58.216.in-addr.arpa | udp |
| GB | 216.58.212.206:443 | youtube-ui.l.google.com | udp |
| DE | 5.9.202.203:443 | retroarch.com | tcp |
| GB | 172.217.16.226:443 | ade.googlesyndication.com | udp |
| DE | 5.9.202.203:443 | retroarch.com | tcp |
| US | 8.8.8.8:53 | web.libretro.com | udp |
| US | 172.67.135.120:443 | web.libretro.com | tcp |
| US | 8.8.8.8:53 | web.libretro.com | udp |
| US | 8.8.8.8:53 | web.libretro.com | udp |
| US | 172.67.135.120:443 | web.libretro.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | maxcdn.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | rawgit.com | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 151.101.66.137:443 | code.jquery.com | tcp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 188.114.97.2:443 | rawgit.com | tcp |
| US | 8.8.8.8:53 | rawgit.com | udp |
| US | 104.18.11.207:443 | maxcdn.bootstrapcdn.com | tcp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | rawgit.com | udp |
| US | 8.8.8.8:53 | maxcdn.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | maxcdn.bootstrapcdn.com | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | udp |
| US | 104.18.11.207:443 | maxcdn.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | 120.135.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.24.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.66.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.97.114.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.11.18.104.in-addr.arpa | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | udp |
| US | 104.18.11.207:443 | maxcdn.bootstrapcdn.com | udp |
| GB | 172.217.16.226:443 | ade.googlesyndication.com | udp |
| US | 188.114.97.2:443 | rawgit.com | udp |
| DE | 5.9.202.203:443 | retroarch.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 170.117.168.52.in-addr.arpa | udp |
| DE | 5.9.202.203:443 | retroarch.com | tcp |
| GB | 216.58.212.206:443 | youtube-ui.l.google.com | udp |
| DE | 5.9.202.203:443 | retroarch.com | tcp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\45vkl36a.default-release\datareporting\glean\pending_pings\a68fe306-6629-4bcc-9d32-61b3af736ae1
| MD5 | f928c3892628cc6ffc2e977e8ae986ca |
| SHA1 | 58531fdf3c44a27eb354f3a4a701e608cff23adb |
| SHA256 | 5fd52e985ddeaac5e73a034ffa2d97621c60a99ff76e38c06d3e244ee079fef8 |
| SHA512 | fd5a9307a7de1a61789d08a93df07662bb87e3e983b5ca929ea939689ee65f8b2717ab290aece36139b2f1d6e8c51351fcdadb406274afc4e4f8fedcbba395e7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\45vkl36a.default-release\datareporting\glean\pending_pings\93eba3f2-cac0-447a-a692-f2c5ca06a92c
| MD5 | 080cdc3dfef5c411b12150c7b8a7c098 |
| SHA1 | 4220b1a9441a5de2b82b1f373ae62ac1e2bb3d0e |
| SHA256 | 77cef4447f343d99a774def56b4ac3a05beec0bb275237ebd6ed6272223c19e2 |
| SHA512 | 68fa66c7321a7cd33d858022351a419d74148d46887c5a3eb164f0343bf13aa80b1a0e423ab84c496bea94e344800d82190b2bfff40431c6bf8cfc8859971091 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\45vkl36a.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 4d90608267faf4b2e92e989c647be9c6 |
| SHA1 | 7beaecf806e7f607363378b05cc794b5d88c1504 |
| SHA256 | 4c9d16a483fe37a2b712f550425f8276dce522585c21c485cfdbd44654823098 |
| SHA512 | f2b942b3f9aa3807176643aa436334a7e7a6015db4a77c0bd78d48e8e8e094c36106e872c49686f3687f182d8de1380dc73b31f92ffcab2e3e52d72d53d00bad |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\45vkl36a.default-release\prefs-1.js
| MD5 | 9d836fe2750ae7e91337d63f086b86a0 |
| SHA1 | cd3011ef0e5dfd45793cec532fa1270a4f22a1db |
| SHA256 | 70030be4c6c19b2c52691a66f503d2c042af4de4550f8b98b098ddf803ec7994 |
| SHA512 | 05dbbaa8c53d4e9c20383a48a8e89df7eb9da5e387ade77599960e4b51dc4a16e6639039c7170151294d86849f624904561572edfcaf922da729466e24dd8413 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\45vkl36a.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 16fd0b758b4a0a47ff93df8ddde3ac75 |
| SHA1 | eb1ece5efe6519992ceb826ac2b74ab33234cb1e |
| SHA256 | df190394b93b692df76a77124cc1cd8fdea37465a20006f9e79531ca3a349ff2 |
| SHA512 | f9c777765df4f29d054bec4acbb1c7060f1d5a46522e2cddea2a1116317d0cb997f6d6a64f39a78e1a25d7f4d4f1262c6df5231f6ca41e4617937992d7f3b8f4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\45vkl36a.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 72e69ec12776f7da33280941863cc498 |
| SHA1 | dcc6e749891186dfc293d9a4ed84d9df2ffd4f00 |
| SHA256 | 3d201345dfa02839c04cdd7d70f972065930e498dac457196792e16891e1c783 |
| SHA512 | 337ee561f52d9f02a3187aca4e22b2da1949a74dd3988bf374206f6ea9c4a1218966591dea4b6de023e57a92fa59b5a543778cf19d7ec50cf7ba3c297d847954 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\45vkl36a.default-release\prefs-1.js
| MD5 | b29cf8b66fac2803cc6227689f8a27d8 |
| SHA1 | 442054168a66d88903fd06a71ae9f0daabb0f206 |
| SHA256 | 9b1b43e873e20e7ad9b53ed467506c1f099ecc96f34d6c60944b6a10dd206576 |
| SHA512 | 63831730812fbe8743b2f084e396595742fe8a992ff6cc1562c67a9d3fa7715fb29df1d9f16d71ac6c63c9c5fb8005cc208023fde4836809ac9f3c7fc3a2b332 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\doomed\416
| MD5 | 7376e9705ffb1d46d4dc6a3b85b07ad7 |
| SHA1 | 30c224d7ed6260cab7798b7390c06578000800ef |
| SHA256 | eed7dd31eb085cc3eb9aec5350173fa863f8429bc13cfe6b2e18d63b36643f37 |
| SHA512 | 72dedaf96437125e26a2b991452271cc215ab148daac762d19c86fe38d3fb0f3b6db65d38dffc1f8e091b3af2d0a895b2eb0e5bda1b1cbaa0aa670cf9dcc7e8c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\doomed\20351
| MD5 | ae7a09f1547b382ea2203379521f3c26 |
| SHA1 | 4e671537fb17fcd2c0c77a7b4753d24878a7bb59 |
| SHA256 | 86243058430e741ea3c574d1203dde6a07870e621a610a57654feb212034e8fd |
| SHA512 | 684be1a9addaf8e514597bb3b89c48cb1060a456f96e65d01af3a9d2f4e5c0b8c14995dcd89d6c4b2056e172c867dccf0a09b2bacc6ffebcc38558643eefdb37 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\doomed\13932
| MD5 | 06bc85aa0b9af3b767b3a1d1131f1458 |
| SHA1 | 8940fa9bb70c4357f2ced189bd97fb906439f984 |
| SHA256 | f5997dbf76354bbff903ec49c4ab3a308f678dd30f85f0dcca415d36a4a2c5c0 |
| SHA512 | d984383bdaa575da66c640bd739b5483785c5a31de2a73b4d5be0043ebd59165ff3d6b4cf8825465b9d275deb6da6fc4ea85bacca5f40185ef4adbf96f36e930 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\45vkl36a.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | c095657108dce64262609ab9c1299ceb |
| SHA1 | 1b11eb2dde1ed74bca7a6d65992e5a66f8d83fbc |
| SHA256 | b01c684c91089ddecc56998bd6d91926519a881eb5d5a8379a9ac2bb55ce67a2 |
| SHA512 | d2929ac33d266f682a7b790900f48d3b7e9e21d6f1e660960dd6fafafe47c03046eb02ace48adb1f1da751bb69608301c69cfde738dbce94b00b9ee4cc6be5ee |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\45vkl36a.default-release\prefs-1.js
| MD5 | 4c5814f428d2a048a330a24340c753ca |
| SHA1 | 5ea4a5431e5a9c072073bb59e25a96e95a5c378b |
| SHA256 | fe1b8f66409c1bfad7eed6f89b35cd7709ba654eee55b6781c175fbd1e619835 |
| SHA512 | e2d6582ce99b045c31a69763751ece34bab4c09bd25abf59c3abe3a5e6666ee3ee7cc121b8014bcfbb81465cfd04c5acf2f7f59611cd9ffc7cc1da7295063e30 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\doomed\32029
| MD5 | 12ba171e38313aee859d3240c9c64308 |
| SHA1 | f0ef12dc9903a04fa212d700cfaf4cd4fef511ac |
| SHA256 | 69ba9d86de1772356e6bfd72c42413f7f1047624aaa1d3c9a2416bbd4573a5f5 |
| SHA512 | 08321043474809afc51e0ca3858808a2aac8b2e1a4023568fe3a94a6777362ce86718ecadd3397bd26fb79dca422ec184bbe7973a4fa7e458ad629e9bf286076 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\entries\BB5A6FC901CB7AD61E649C81521B5703793A0B27
| MD5 | c6c66bb241c2d677e63046acfa234719 |
| SHA1 | ec4aba30256da79326c8bfa1cf95ccaa595b891d |
| SHA256 | c671db10b99d7657a4dacf812d991c87e128263d80d239dbee75d4a89400da5c |
| SHA512 | 435b70e83b5f166d5d73def6f139d9f429a4a3387d9240a719a881673832963da075372af46f7395f012687179d34c68c561bb74b7f08c59cf453cee9a1d8b54 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\doomed\1342
| MD5 | a18ccd14cdef3a98eed5c087f3e3c629 |
| SHA1 | ae9d85b272e506180f81eb182e0c31edbc0dc0ab |
| SHA256 | 9e4e8ff23b7791593076c1ccb81f2ad00d3a644a38d54d1ae12b03adaf3850fd |
| SHA512 | 2759b9a043c2507f7ffb098ea491d870801013d036a0c5a6184ec5a27722ba8b04f8bfb0439c96b8f4e9ce56c8e3618b8bde9ff02d712b49c949d6140bffb7a9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\45vkl36a.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 833dffb49d409bf890c9fe8d19a8f103 |
| SHA1 | 9e7c4067e1828c0530225f349af379805271bdeb |
| SHA256 | 39c30f1fe33b215a0120501d4716719b8dd6ded7dab74630a2e09bde748a74c6 |
| SHA512 | 5346bd9161f24d26e4f4a23926c2c356f3f6c4c511fd20e98db08f91ddfcb30b22327901f509164bbe5e46f314c98c279108471884dc668a011f683982a481b8 |
C:\Users\Admin\Downloads\Super Mario World (USA).CtRJMvgv.zip.part
| MD5 | 04e89f84b4e0e17b7c869d36b6f70c12 |
| SHA1 | 8168412bb3931c9bd72503510ee526ad1a6d1759 |
| SHA256 | d97bb14668c6c667b335540ce87e0a995000a1305c907b259faad484e71273e8 |
| SHA512 | 6cf668bda694ecbaf7c04c49cec6119e7eadde6d45f3083b4e189c4ab736d718a36d0d7faf082b07f33f91df12499d5804a426b0494c480b3739a7538235d194 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\entries\5E88AFBE8E57325558C76A8F3BCC3BA267E4918D
| MD5 | 76659a59a0e4bcef857cd2e12f4aa97d |
| SHA1 | 63c9527dcd5b7d20b3bc20be8ad0b68ae0f6e2f9 |
| SHA256 | 40252b8bc988417bca194eb9b0bd96b253515827d392533f7d62975328a34e85 |
| SHA512 | a793e3b9331f857b42fafff847ec4c03a31ce9fa78f84fc8ecf8da448bae089bfb877af5b18a360496a2a9e4d48c983a6703af540dd92db73ab8129a6ceaddf9 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\entries\C9A12159F4226625BD68013D28E47D25D6D505FF
| MD5 | b18a846766034d15ef1bd65883961e7a |
| SHA1 | 45e6713d41eaf213f0adb1133e53880e369a8973 |
| SHA256 | 1407d84477df8ed0e244083cb05e784446f4f4df6c87528ac576a3c697849ffe |
| SHA512 | bf1ab85dc95f803055c83cbffbd2c549948c02b5134ee3edef0cb8f53916820fcb34ae86c42cde062b41f955360a90cdd0bf623170a4463fbfd0841fafc7a4d7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\45vkl36a.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | b962803d8ce45849f6c8d0b0e28532bc |
| SHA1 | af9aa0cbd85178e42d7a63af535922f54b58e4c8 |
| SHA256 | 90936c152c17f00171712a7a13ec5a5143dbac32250388011beeee60f27d2995 |
| SHA512 | 530102c95533d40db0e51019f5271123d35254508a1e68894723b699614b8d00f5242a8c9980569a702896473d3a3c9f7307e6f28db1253eb384ebe0693f4860 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\entries\C52B86A7B94418A82D04AC02036B80E0ED50B188
| MD5 | 822c2fcecbe634608709c1dcdd81beae |
| SHA1 | aef75ff0dc64e9cdaa7e04e478b8f6b6d84462e0 |
| SHA256 | 73519f1b74ae5ce1b89ac63db8f885d594e175c913ca4402a5357aab7d469992 |
| SHA512 | 66f19af389914143a8ada4d951876abe3b50ae7b80e23eebc21ccc1a3f64ab0b2162fe8370fa778d8d90a26c24ef593f9d1ef38ac5b34e5cae359b814ae33bbc |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\entries\AC4E0A824F7B1ED413F5044557255B73EF3734F0
| MD5 | 51b776e1ef68b169850e8d5554b2d156 |
| SHA1 | 570f1461cb8b9218bd8aaa31cbce4cbd2d057255 |
| SHA256 | ff6744b53e7260ea3594cc1e8e0bc1a93b8ba5e8f6ce6310c2237ddb0cf47fec |
| SHA512 | 5323997de8747fd504fbef73ca4ec9374e56710991b78c9f4306669b08345b48efdd9a029d78a05dfc94115a4c8706e65d28b2f1e8a016d8e5acf0eb5795ffd5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\entries\FC8E3EA94B7EE06D8CFEB6BA6CAA286851BC76AF
| MD5 | ebbed0699c7cf2d6de379d805bbbed1f |
| SHA1 | ccaa1b74cbaefaeb546266e6f5c73f09ab181c70 |
| SHA256 | 2326ab025eb4bef2c978be4fb206a7af1a90b973bc0bf842b8bd6826694c9eb8 |
| SHA512 | a6bdf4da45d2a1b8a335c7632a049851c4074d929471ba36e28b58a05ee381097008d120dbe3ee6db8233647b957cb535d30c5f6ec324db477177a1592b45a5f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\entries\FE082F3ABBE25F1130D92FA542747C67C278C85B
| MD5 | 74388680ff211f69cd3afe4187accce5 |
| SHA1 | ddec2b7b8a6f92ce976c1c80dd9268ecdc310e01 |
| SHA256 | 0f2496d0b31c68c5c4b1dc0db72438905830e53b61c14a0cfb68becff1d32a1c |
| SHA512 | 149f6140d7cf87f980bd6e6d368e0f99fa1df8dfca0955326b9343d2b424e61d0501ebd10bd7b806b43952e7fa0dba22e657a6e00180854e3a5bdf2f88084b62 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\entries\D2DBA74E4539E99428C57D12B8AA19468050F3C5
| MD5 | 79ed6762c1a5154295f20440b17497ed |
| SHA1 | dccda2f5b08bbb0e52bf61cc4fcc58740c312e79 |
| SHA256 | 5c355f43e57e9f38cd55ba4b19be60eb8335b994e8071045e43f41e00a0814bd |
| SHA512 | 08c895738077b49bbfc8428a15c6b4e0594cf49924b7447f60f698b12afb6dae4acbbc03252c102f01232e3f9ceb8f3a049c9fc5f6561205a8fb8cae3d252468 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\doomed\29512
| MD5 | 44aaa5e42c7df7bb79e7b8bb9593dec2 |
| SHA1 | 6fcc03a19a38a907c8354756639f508a9b50fdfe |
| SHA256 | a684f2083a448f2221d89985d38f088f46638e574a7f3f51f0f6900b0021aee6 |
| SHA512 | d3a579bd3558b835147cb8811c1c48dadd7dc161fe9f81c669c9a6ff2e6d41605480f42908452c5a65db59e58e4294b9768e4b3df5361d33e7a14e06253b291d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\doomed\31431
| MD5 | 82fe3542c61ca4918fdba8a1cfce11d1 |
| SHA1 | 459c5a75bd16c183d0f79ee99612e2c57616b0a3 |
| SHA256 | a25838228be34b332fb43eaf2b1f91fcd4eb50088dc99160635123491b4b35f4 |
| SHA512 | 950582345623e20a042abe6e8acdb41d27c665dfd3c2732bb13f4d36f5ff5607920a40d219eb39f500e81c3358e901bfa438f63b5f1ac1e03384b2fd68c3e077 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\45vkl36a.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | b5a22f7fdd1c32cef73dc454367a02f3 |
| SHA1 | e1a9b1a9b233e0f48c791759608dee5d8d554155 |
| SHA256 | 07ff284906b3091be072307dd82b6aa7883ed59d15e41a790f497260080c713a |
| SHA512 | abea4de9bba0cf3be17c11035d67aef68f074df4311b21add475a0744a3e26d7d93a603e8b8da4a3e81578ca517b3240f1f9812c2cbf81f7024b4ebed8d0102c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\entries\116A5C2C96BF587414190822443A52D3F20F6627
| MD5 | 9fc8c09af6b9a2918343baea37d68caa |
| SHA1 | d0cac3b3f8d9aaa6d0f7d5ef67684f41cb24519f |
| SHA256 | f2e1646318d9f1ea96ce658fb8cba58e4a8720a86dec2d62ee7ac24fd3531adf |
| SHA512 | aa8d4d6392a06a763fd88b930ee764769cdace70bbe6897214fb8b7721509fcc901621da35b74a99ec1daf3168e186ed72e79d12f5d5f08c314f16f9b5abdf0a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\doomed\6925
| MD5 | f182f81641b8fdf9f0ac2ce41c7c4ce8 |
| SHA1 | bd85bce2c8c176735160b47df88e762dacdfd156 |
| SHA256 | 3b30cf1c23842da31d3e99a5c990541de86042f139fe0470889dcb8e0a5bf875 |
| SHA512 | bc38cee84f0ff88ed62c5403f1886e69c6e346aa828e13c609824cdfc9eca8598cee8c840dd752fbd804a96307d0b040f0519c803ddf8b7bf59cd0688f52cca6 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\doomed\19538
| MD5 | 49f225094cd7c6b4b2603b4d3794e5dd |
| SHA1 | ebb060a703c858394f9732d0f70f4d2d2210332b |
| SHA256 | 50a44d9d2529a178fde37e6a808bf2066e9ce3cd3b72f6135e363b342857d630 |
| SHA512 | 163b68dba20a2485b0380e8bd8241cd2cd08f925de7475370d35d3e0261563b4115914030c4d8a8eee418d7ddb4d4dbd2fc40737dc9a0c41bbb762937ee3a5cd |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\45vkl36a.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 9d616ea84c8a5b31ca27061de9fd024b |
| SHA1 | f679825c898e1351692f06444fd2c0e39655f106 |
| SHA256 | 8f8a05dbaa924c4f16d87d916b0a8501474fcd9096157144b1e3fd51c770694d |
| SHA512 | 125240a60f36f70538a9676ef7bfacc1c295f79277c23be780f1f03959c49ea2332e11a4ddded89064177136f9d9e3a8c9b766637c5e3292531682bc78f3a3c8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\45vkl36a.default-release\storage\default\https+++www.youtube.com^partitionKey=%28https%2Cretroarch.com%29\idb\2232182701SeesravbiacteaWDosrgk.sqlite
| MD5 | b3a4f450a642efc8c97d617828dcd890 |
| SHA1 | e75795ce3d31afee763e26715d19cb1c4e06ca78 |
| SHA256 | 030a0f119b3a36a31e58e5218a3232b58112f674ec3c3892d2a7ed6edb26d8df |
| SHA512 | 6e10278bb7f3cb0c8f7e4cd1938d1ac5c0aa7c02754de9b6be7535913fc6cbe18b520f720f3751e8fd1927107f36890b851d3cf2459ca8b7ab2425738e92bdb1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\45vkl36a.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 34603ff957e680a858b1659e881e7174 |
| SHA1 | c5b588865842af68eaea4a9ff14184fd7023da3a |
| SHA256 | 5b53f736ea576724489cd64fd21d86d26b708bc8ab733f8c975223972e824839 |
| SHA512 | 48f000ffe35eb15039ef665be42df028a454d5d451db55be772a195749ab7e3688ecae1a23420fd4df11f69e9301ae935ae6dfd6732de570e920947b5051c285 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\45vkl36a.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 4735ea6f9b79cbcdd810f3eb88e90e38 |
| SHA1 | e92ef7d849ebe98471ce02c0813c395e59a7043a |
| SHA256 | ebb0b0bfa645d887ed871e32067dead64e123cce29ccf724d152670a62c7a8af |
| SHA512 | a7e04f3ab48434d059cd0c073f30f05cf54de0be56761d7eb61f375c9eea6cabaf26decbad93b2c6e866521b08b4d4d477b4d4c779451285d80d153cbff7d0dd |
C:\Users\Admin\Downloads\Super Mario World (USA).zip
| MD5 | 79d65e3b4f6be423d542d8d0a2d4a2cf |
| SHA1 | 009ad4e803d804e47819e0311457060086800b90 |
| SHA256 | ba26d0938019ac04bf30d9c53d9681990ad2190196d27589a480a4df134fb009 |
| SHA512 | 86c7bd0ef3de4f663e308c4e35b16866abd7fd09e974818599305db95fb61238fb19b6e94e26207a8751fa4202081b6a0aa21e2e4014444e910e9ddbd32850db |
Analysis: behavioral2
Detonation Overview
Submitted
2024-01-25 17:32
Reported
2024-01-25 17:35
Platform
win10v2004-20231215-en
Max time kernel
143s
Max time network
151s
Command Line
Signatures
Kinsing
Enumerates physical storage devices
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\IMG_0108.png
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | 22.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.171.91.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.173.189.20.in-addr.arpa | udp |