Analysis Overview
Threat Level: Known bad
The file https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa3ZpU1JPQ21RNlNVaEhmT3o5QlV0dV9hYUI2d3xBQ3Jtc0trQWFOWTJYeUdKTGRpWThNb25tS3NEbk9BcHNvWWNJUDU0MGY5bUVlRHBtRXhBMXZ2VW1hejRQV0l5MTFoRFNMR2ZhVi1mbkZfQ1VTQ1Nsb2RXR19ZYm1uMEl6WnVEUXdVaWpFNDlFUEcxYzd3ZGVqUQ&q=https%3A%2F%2Fsites.google.com%2Fview%2Froblj&v=auiSP3878rw was found to be: Known bad.
Malicious Activity Summary
Detect Poverty Stealer Payload
Suspicious use of NtCreateUserProcessOtherParentProcess
Poverty Stealer
Executes dropped EXE
Checks computer location settings
Drops startup file
Reads user/profile data of web browsers
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
Accesses cryptocurrency files/wallets, possible credential harvesting
Suspicious use of SetThreadContext
Enumerates physical storage devices
Enumerates processes with tasklist
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Modifies registry class
Checks SCSI registry key(s)
Enumerates system info in registry
Runs ping.exe
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-19 22:55
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-19 22:55
Reported
2024-02-19 22:58
Platform
win10v2004-20231222-en
Max time kernel
183s
Max time network
180s
Command Line
Signatures
Detect Poverty Stealer Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Poverty Stealer
Suspicious use of NtCreateUserProcessOtherParentProcess
| Description | Indicator | Process | Target |
| PID 6604 created 3472 | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\11058\Parking.pif | C:\Windows\Explorer.EXE |
| PID 4924 created 3472 | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\11065\Parking.pif | C:\Windows\Explorer.EXE |
| PID 4880 created 3472 | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.002\11068\Parking.pif | C:\Windows\Explorer.EXE |
| PID 4880 created 3472 | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.002\11068\Parking.pif | C:\Windows\Explorer.EXE |
| PID 4652 created 3472 | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.003\11205\Parking.pif | C:\Windows\Explorer.EXE |
| PID 540 created 3472 | N/A | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.004\11212\Parking.pif | C:\Windows\Explorer.EXE |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\7zO8DA97818\Electron.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\7zO8DAB0118\Electron.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\7zO8DABB418\Electron.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\7zO8DA0B949\Electron.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\7zO8DA25149\Electron.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\11058\RegAsm.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe | C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\11058\RegAsm.exe | N/A |
Executes dropped EXE
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 7152 set thread context of 5316 | N/A | C:\Users\Admin\AppData\Local\Temp\7zO8DA9E998\loader.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| PID 2524 set thread context of 3820 | N/A | C:\Users\Admin\AppData\Local\Temp\7zO8DA29698\loader.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| PID 4612 set thread context of 6664 | N/A | C:\Users\Admin\AppData\Local\Temp\7zO8DABC269\loader.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\Local Settings | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa3ZpU1JPQ21RNlNVaEhmT3o5QlV0dV9hYUI2d3xBQ3Jtc0trQWFOWTJYeUdKTGRpWThNb25tS3NEbk9BcHNvWWNJUDU0MGY5bUVlRHBtRXhBMXZ2VW1hejRQV0l5MTFoRFNMR2ZhVi1mbkZfQ1VTQ1Nsb2RXR19ZYm1uMEl6WnVEUXdVaWpFNDlFUEcxYzd3ZGVqUQ&q=https%3A%2F%2Fsites.google.com%2Fview%2Froblj&v=auiSP3878rw
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcfb5946f8,0x7ffcfb594708,0x7ffcfb594718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7016 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5104 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7940 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6948 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8800 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8560 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7004 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8924 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9480 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7028 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\ElectronRob.rar"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2028 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\7zO8DA97818\Electron.exe
"C:\Users\Admin\AppData\Local\Temp\7zO8DA97818\Electron.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /k move Agenda Agenda.bat & Agenda.bat & exit
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
C:\Users\Admin\AppData\Local\Temp\7zO8DAB0118\Electron.exe
"C:\Users\Admin\AppData\Local\Temp\7zO8DAB0118\Electron.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "wrsa.exe opssvc.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c md 11058
C:\Windows\SysWOW64\cmd.exe
cmd /c copy /b Rate + Sim + Officially + Kevin + Newsletters 11058\Parking.pif
C:\Windows\SysWOW64\cmd.exe
cmd /c copy /b Desktops + Crafts 11058\k
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\11058\Parking.pif
11058\Parking.pif 11058\k
C:\Windows\SysWOW64\PING.EXE
ping -n 5 localhost
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /k move Agenda Agenda.bat & Agenda.bat & exit
C:\Users\Admin\AppData\Local\Temp\7zO8DABB418\Electron.exe
"C:\Users\Admin\AppData\Local\Temp\7zO8DABB418\Electron.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /k move Agenda Agenda.bat & Agenda.bat & exit
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "wrsa.exe opssvc.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c md 11065
C:\Windows\SysWOW64\cmd.exe
cmd /c copy /b Rate + Sim + Officially + Kevin + Newsletters 11065\Parking.pif
C:\Windows\SysWOW64\cmd.exe
cmd /c copy /b Desktops + Crafts 11065\k
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\11065\Parking.pif
11065\Parking.pif 11065\k
C:\Windows\SysWOW64\PING.EXE
ping -n 5 localhost
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "wrsa.exe opssvc.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c md 11068
C:\Windows\SysWOW64\cmd.exe
cmd /c copy /b Rate + Sim + Officially + Kevin + Newsletters 11068\Parking.pif
C:\Windows\SysWOW64\cmd.exe
cmd /c copy /b Desktops + Crafts 11068\k
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.002\11068\Parking.pif
11068\Parking.pif 11068\k
C:\Windows\SysWOW64\PING.EXE
ping -n 5 localhost
C:\Windows\System32\fontview.exe
"C:\Windows\System32\fontview.exe" C:\Users\Admin\AppData\Local\Temp\7zO8DA636E8\arialbd.ttf
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Users\Admin\AppData\Local\Temp\7zO8DA9E998\loader.exe
"C:\Users\Admin\AppData\Local\Temp\7zO8DA9E998\loader.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\7zO8DA29698\loader.exe
"C:\Users\Admin\AppData\Local\Temp\7zO8DA29698\loader.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\7zO8DABC269\loader.exe
"C:\Users\Admin\AppData\Local\Temp\7zO8DABC269\loader.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5916 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\11058\RegAsm.exe
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\11058\RegAsm.exe
C:\Users\Admin\AppData\Local\Temp\7zO8DA0B949\Electron.exe
"C:\Users\Admin\AppData\Local\Temp\7zO8DA0B949\Electron.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /k move Agenda Agenda.bat & Agenda.bat & exit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\11065\RegAsm.exe
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\11065\RegAsm.exe
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
C:\Users\Admin\AppData\Local\Temp\7zO8DA25149\Electron.exe
"C:\Users\Admin\AppData\Local\Temp\7zO8DA25149\Electron.exe"
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.002\11068\RegAsm.exe
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.002\11068\RegAsm.exe
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.002\11068\RegAsm.exe
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.002\11068\RegAsm.exe
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /k move Agenda Agenda.bat & Agenda.bat & exit
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "wrsa.exe opssvc.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c md 11205
C:\Windows\SysWOW64\cmd.exe
cmd /c copy /b Rate + Sim + Officially + Kevin + Newsletters 11205\Parking.pif
C:\Windows\SysWOW64\cmd.exe
cmd /c copy /b Desktops + Crafts 11205\k
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.003\11205\Parking.pif
11205\Parking.pif 11205\k
C:\Windows\SysWOW64\PING.EXE
ping -n 5 localhost
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
C:\Windows\SysWOW64\findstr.exe
findstr /I "wrsa.exe opssvc.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\cmd.exe
cmd /c md 11212
C:\Windows\SysWOW64\cmd.exe
cmd /c copy /b Rate + Sim + Officially + Kevin + Newsletters 11212\Parking.pif
C:\Windows\SysWOW64\cmd.exe
cmd /c copy /b Desktops + Crafts 11212\k
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.004\11212\Parking.pif
11212\Parking.pif 11212\k
C:\Windows\SysWOW64\PING.EXE
ping -n 5 localhost
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe"
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.003\11205\RegAsm.exe
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.003\11205\RegAsm.exe
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.004\11212\RegAsm.exe
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.004\11212\RegAsm.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.187.206:443 | www.youtube.com | tcp |
| GB | 142.250.187.206:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| GB | 142.250.187.206:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.178.17.96.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sites.google.com | udp |
| GB | 172.217.16.238:443 | sites.google.com | tcp |
| GB | 172.217.16.238:443 | sites.google.com | tcp |
| GB | 172.217.16.238:443 | sites.google.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 172.217.169.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.169.217.172.in-addr.arpa | udp |
| GB | 172.217.169.14:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.16.238:443 | sites.google.com | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| GB | 142.250.200.14:443 | play.google.com | tcp |
| GB | 142.250.200.14:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 104.16.114.74:443 | www.mediafire.com | tcp |
| US | 104.16.114.74:443 | www.mediafire.com | tcp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.114.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.234:443 | ajax.googleapis.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| AT | 13.32.11.230:443 | cdn.amplitude.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.147.23:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| GB | 172.217.16.238:443 | translate.google.com | tcp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.11.32.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 35.167.20.203:443 | api.amplitude.com | tcp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| GB | 142.250.180.10:443 | translate.googleapis.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| BE | 142.251.173.157:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 69.110.32.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.20.167.35.in-addr.arpa | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| BE | 142.251.173.157:443 | stats.g.doubleclick.net | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.173.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.147.70.163.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 172.217.16.234:443 | translate-pa.googleapis.com | udp |
| GB | 142.250.180.10:443 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 104.21.42.32:443 | the.gatekeeperconsent.com | tcp |
| US | 104.22.74.216:443 | btloader.com | tcp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.ezojs.com | udp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| GB | 172.217.16.238:443 | translate.google.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 172.64.129.8:443 | www.ezojs.com | tcp |
| US | 104.16.56.101:443 | static.cloudflareinsights.com | tcp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | tcp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | cdn.otnolatrnup.com | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| US | 104.19.215.37:443 | cdn.otnolatrnup.com | tcp |
| FR | 13.39.145.251:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 96.17.179.184:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | go.ezodn.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 172.64.136.15:443 | go.ezodn.com | tcp |
| US | 172.64.136.15:443 | go.ezodn.com | tcp |
| US | 172.64.136.15:443 | go.ezodn.com | tcp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 172.64.136.15:443 | go.ezodn.com | tcp |
| US | 172.64.136.15:443 | go.ezodn.com | tcp |
| US | 172.64.136.15:443 | go.ezodn.com | tcp |
| US | 8.8.8.8:53 | g.ezodn.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.179.226:443 | securepubads.g.doubleclick.net | tcp |
| GB | 96.16.109.9:443 | ads.pubmatic.com | tcp |
| US | 8.8.8.8:53 | 32.42.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.74.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.129.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.199.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.3.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.215.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.145.39.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.136.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bshr.ezodn.com | udp |
| US | 172.64.137.15:443 | bshr.ezodn.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ut.pubmatic.com | udp |
| AT | 13.32.110.83:443 | tags.crwdcntrl.net | tcp |
| IE | 52.209.197.114:443 | ad.crwdcntrl.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| IE | 52.48.220.221:443 | bcp.crwdcntrl.net | tcp |
| GB | 185.64.190.82:443 | ut.pubmatic.com | tcp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.109.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.137.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.110.32.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.197.209.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.220.48.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| FR | 13.39.145.251:443 | g.ezoic.net | tcp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | 97e7f05f0e46b931374dac5dfce96b00.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | script.4dex.io | udp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | bidder.criteo.com | udp |
| US | 8.8.8.8:53 | rt.marphezis.com | udp |
| GB | 216.58.204.65:443 | 97e7f05f0e46b931374dac5dfce96b00.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | prebid.smilewanted.com | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | d.vidoomy.com | udp |
| US | 8.8.8.8:53 | cdn.prod.uidapi.com | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 104.26.9.169:443 | script.4dex.io | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| IE | 52.210.170.222:443 | hb.yellowblue.io | tcp |
| US | 178.128.135.204:443 | rt.marphezis.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| US | 104.18.36.155:443 | htlb.casalemedia.com | tcp |
| DE | 51.89.9.251:443 | onetag-sys.com | tcp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| ES | 212.36.83.246:443 | d.vidoomy.com | tcp |
| ES | 212.36.83.246:443 | d.vidoomy.com | tcp |
| ES | 212.36.83.246:443 | d.vidoomy.com | tcp |
| ES | 212.36.83.246:443 | d.vidoomy.com | tcp |
| ES | 212.36.83.246:443 | d.vidoomy.com | tcp |
| US | 172.67.10.198:443 | prebid.smilewanted.com | tcp |
| US | 172.67.10.198:443 | prebid.smilewanted.com | tcp |
| US | 172.67.10.198:443 | prebid.smilewanted.com | tcp |
| US | 172.67.10.198:443 | prebid.smilewanted.com | tcp |
| US | 172.67.10.198:443 | prebid.smilewanted.com | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| US | 104.22.52.86:443 | cdn.id5-sync.com | tcp |
| US | 172.64.152.89:443 | cdn-ima.33across.com | tcp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| NL | 147.75.84.158:443 | prebid.a-mo.net | tcp |
| GB | 216.58.212.225:443 | tpc.googlesyndication.com | tcp |
| AT | 18.66.20.217:443 | cdn.prod.uidapi.com | tcp |
| US | 104.26.9.169:443 | script.4dex.io | tcp |
| US | 8.8.8.8:53 | oajs.openx.net | udp |
| GB | 216.58.212.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 34.120.135.53:443 | oajs.openx.net | tcp |
| DE | 162.19.138.117:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| US | 34.120.135.53:443 | oajs.openx.net | udp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| US | 8.8.8.8:53 | 65.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.9.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.36.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.170.210.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.10.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.9.89.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.70.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.152.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.146.102.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.84.75.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.52.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.83.36.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.20.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.135.128.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.135.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| US | 34.98.64.218:443 | google-bidout-d.openx.net | tcp |
| GB | 216.58.212.225:443 | tpc.googlesyndication.com | udp |
| DE | 51.89.9.251:443 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | download2289.mediafire.com | udp |
| US | 199.91.155.30:443 | download2289.mediafire.com | tcp |
| US | 199.91.155.30:443 | download2289.mediafire.com | tcp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | 193.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.64.98.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.155.91.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 104.19.215.37:80 | otnolatrnup.com | tcp |
| US | 104.19.215.37:80 | otnolatrnup.com | tcp |
| US | 8.8.8.8:53 | woreppercomming.com | udp |
| AT | 3.161.119.119:443 | woreppercomming.com | tcp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| FR | 185.235.86.245:443 | ag.gbc.criteo.com | tcp |
| FR | 178.250.7.13:443 | dnacdn.net | tcp |
| FR | 185.235.86.100:443 | gem.gbc.criteo.com | tcp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.119.161.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.ovardu.com | udp |
| US | 172.67.174.4:443 | www.ovardu.com | tcp |
| US | 8.8.8.8:53 | www.opera.com | udp |
| DE | 3.127.11.50:443 | www.opera.com | tcp |
| US | 8.8.8.8:53 | cdn-production-opera-website.operacdn.com | udp |
| US | 8.8.8.8:53 | www.googleoptimize.com | udp |
| GB | 104.84.85.174:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 104.84.85.174:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 104.84.85.174:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 104.84.85.174:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 172.217.169.14:443 | www.googleoptimize.com | tcp |
| US | 8.8.8.8:53 | 13.7.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.86.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.86.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.174.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.11.127.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.85.84.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www-static.operacdn.com | udp |
| GB | 104.84.85.174:443 | cdn-production-opera-website.operacdn.com | tcp |
| US | 138.91.171.81:80 | tcp | |
| US | 8.8.8.8:53 | csync.smilewanted.com | udp |
| US | 8.8.8.8:53 | js-sec.indexww.com | udp |
| US | 8.8.8.8:53 | id.a-mx.com | udp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | id.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| US | 8.8.8.8:53 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | cm.adform.net | udp |
| US | 8.8.8.8:53 | www.redditstatic.com | udp |
| US | 8.8.8.8:53 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| US | 8.8.8.8:53 | snap.licdn.com | udp |
| US | 8.8.8.8:53 | cdn.taboola.com | udp |
| US | 8.8.8.8:53 | tags.creativecdn.com | udp |
| US | 8.8.8.8:53 | s.yimg.com | udp |
| DK | 37.157.4.29:443 | cm.adform.net | tcp |
| GB | 195.181.164.17:443 | tags.creativecdn.com | tcp |
| US | 151.101.1.44:443 | cdn.taboola.com | tcp |
| US | 151.101.1.140:443 | www.redditstatic.com | tcp |
| US | 104.22.4.69:443 | id.hadron.ad.gt | tcp |
| DE | 3.75.62.37:443 | ups.analytics.yahoo.com | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | tcp |
| NL | 131.153.158.209:443 | id.a-mx.com | tcp |
| NL | 213.19.162.80:443 | pixel.rubiconproject.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| AT | 13.32.110.26:443 | static.hotjar.com | tcp |
| GB | 88.221.135.104:443 | snap.licdn.com | tcp |
| NL | 98.98.134.241:443 | pixel-sync.sitescout.com | tcp |
| US | 172.64.149.180:443 | js-sec.indexww.com | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 172.64.149.180:443 | js-sec.indexww.com | tcp |
| NL | 131.153.158.209:443 | id.a-mx.com | tcp |
| DE | 3.75.62.37:443 | ups.analytics.yahoo.com | tcp |
| US | 104.22.4.69:443 | id.hadron.ad.gt | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | tcp |
| NL | 213.19.162.80:443 | pixel.rubiconproject.com | tcp |
| DK | 37.157.4.29:443 | cm.adform.net | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| NL | 98.98.134.241:443 | pixel-sync.sitescout.com | tcp |
| US | 151.101.1.140:443 | www.redditstatic.com | tcp |
| AT | 13.32.110.26:443 | static.hotjar.com | tcp |
| US | 151.101.1.44:443 | cdn.taboola.com | tcp |
| GB | 88.221.135.104:443 | snap.licdn.com | tcp |
| GB | 195.181.164.17:443 | tags.creativecdn.com | tcp |
| US | 172.67.10.198:443 | csync.smilewanted.com | tcp |
| IE | 54.216.166.217:443 | id.crwdcntrl.net | tcp |
| GB | 87.248.114.12:443 | s.yimg.com | tcp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 35.227.252.103:443 | rtb.openx.net | udp |
| DE | 141.95.98.65:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 141.95.98.65:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | a.vidoomy.com | udp |
| US | 8.8.8.8:53 | a-prebid.vidoomy.com | udp |
| ES | 212.36.83.245:443 | a-prebid.vidoomy.com | tcp |
| ES | 212.36.83.246:443 | a-prebid.vidoomy.com | tcp |
| US | 8.8.8.8:53 | 17.164.181.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.4.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.252.227.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.4.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.40.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.158.153.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.162.19.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.134.98.98.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.149.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.62.75.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.110.32.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.166.216.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.114.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.98.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.83.36.212.in-addr.arpa | udp |
| US | 151.101.1.140:443 | www.redditstatic.com | tcp |
| US | 8.8.8.8:53 | assets.a-mo.net | udp |
| US | 8.8.8.8:53 | script.hotjar.com | udp |
| US | 8.8.8.8:53 | ams.creativecdn.com | udp |
| US | 8.8.8.8:53 | alb.reddit.com | udp |
| US | 8.8.8.8:53 | trc.taboola.com | udp |
| US | 8.8.8.8:53 | sp.analytics.yahoo.com | udp |
| NL | 185.184.8.90:443 | ams.creativecdn.com | tcp |
| US | 8.8.8.8:53 | px.ads.linkedin.com | udp |
| US | 104.19.158.19:443 | assets.a-mo.net | tcp |
| AT | 13.32.110.124:443 | script.hotjar.com | tcp |
| US | 151.101.1.140:443 | alb.reddit.com | tcp |
| IE | 212.82.100.181:443 | sp.analytics.yahoo.com | tcp |
| US | 8.8.8.8:53 | static.smilewanted.com | udp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | sync.smartadserver.com | udp |
| DE | 37.252.171.52:443 | ib.adnxs.com | tcp |
| NL | 89.149.192.200:443 | sync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| NL | 185.89.211.116:443 | secure.adnxs.com | tcp |
| US | 8.8.8.8:53 | 19.158.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.8.184.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.110.32.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.100.82.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.42.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.171.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.192.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ice.360yield.com | udp |
| US | 8.8.8.8:53 | u.openx.net | udp |
| IE | 3.248.126.2:443 | ice.360yield.com | tcp |
| US | 35.244.159.8:443 | u.openx.net | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| IE | 54.73.49.52:443 | ap.lijit.com | tcp |
| US | 8.8.8.8:53 | us.shb-sync.com | udp |
| US | 8.2.110.33:443 | us.shb-sync.com | tcp |
| US | 8.8.8.8:53 | ow.pubmatic.com | udp |
| US | 8.8.8.8:53 | prebid-server.rubiconproject.com | udp |
| US | 8.8.8.8:53 | rtb.mfadsrvr.com | udp |
| NL | 185.64.189.116:443 | ow.pubmatic.com | tcp |
| GB | 142.250.180.10:443 | translate-pa.googleapis.com | udp |
| NL | 213.19.162.71:443 | prebid-server.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | sync.mathtag.com | udp |
| US | 8.8.8.8:53 | pixel-eu.rubiconproject.com | udp |
| US | 8.8.8.8:53 | ads.stickyadstv.com | udp |
| US | 8.8.8.8:53 | sync.a-mo.net | udp |
| US | 8.8.8.8:53 | cdn.indexww.com | udp |
| US | 216.200.232.253:443 | sync.mathtag.com | tcp |
| NL | 213.19.162.90:443 | pixel-eu.rubiconproject.com | tcp |
| FR | 154.54.250.151:443 | ads.stickyadstv.com | tcp |
| DE | 18.198.96.60:443 | rtb.mfadsrvr.com | tcp |
| NL | 147.75.84.158:443 | sync.a-mo.net | tcp |
| NL | 147.75.84.158:443 | sync.a-mo.net | tcp |
| NL | 147.75.84.158:443 | sync.a-mo.net | tcp |
| US | 8.8.8.8:53 | 116.211.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.126.248.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.159.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.49.73.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.110.2.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.189.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.162.19.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.162.19.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.250.54.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.96.198.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cs.admanmedia.com | udp |
| US | 8.8.8.8:53 | t.adx.opera.com | udp |
| US | 8.8.8.8:53 | ssbsync-global.smartadserver.com | udp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| US | 80.77.87.161:443 | cs.admanmedia.com | tcp |
| FR | 178.32.197.52:443 | ssbsync-global.smartadserver.com | tcp |
| US | 8.8.8.8:53 | s.ad.smaato.net | udp |
| NL | 198.47.127.18:443 | image8.pubmatic.com | tcp |
| US | 35.244.174.68:443 | id.rlcdn.com | tcp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| AT | 13.32.110.72:443 | s.ad.smaato.net | tcp |
| US | 52.46.155.104:443 | s.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | 8.213.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.232.200.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.197.32.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.174.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.87.77.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.110.32.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.155.46.52.in-addr.arpa | udp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| ES | 212.36.83.246:443 | a-prebid.vidoomy.com | tcp |
| DE | 18.198.96.60:443 | rtb.mfadsrvr.com | tcp |
| US | 35.244.174.68:443 | id.rlcdn.com | udp |
| US | 8.8.8.8:53 | t.pubmatic.com | udp |
| NL | 185.64.189.226:443 | t.pubmatic.com | tcp |
| US | 8.8.8.8:53 | hbx.media.net | udp |
| GB | 104.78.176.27:443 | hbx.media.net | tcp |
| US | 8.8.8.8:53 | 27.176.78.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.189.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ads.us.e-planning.net | udp |
| NL | 193.3.178.3:443 | ads.us.e-planning.net | tcp |
| FR | 178.32.197.52:443 | ssbsync-global.smartadserver.com | tcp |
| GB | 216.58.212.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 3.178.3.193.in-addr.arpa | udp |
| GB | 142.250.179.226:443 | cm.g.doubleclick.net | udp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | lexicon.33across.com | udp |
| US | 35.244.193.51:443 | lexicon.33across.com | tcp |
| US | 8.8.8.8:53 | 51.193.244.35.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | focKpcZNFzOsLAPbkDVXv.focKpcZNFzOsLAPbkDVXv | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | w3-reporting-nel.reddit.com | udp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| DE | 51.89.9.251:443 | onetag-sys.com | tcp |
| US | 8.8.8.8:53 | d.vidoomy.com | udp |
| US | 178.128.135.204:443 | rt.marphezis.com | tcp |
| ES | 212.36.83.246:443 | d.vidoomy.com | tcp |
| ES | 212.36.83.246:443 | d.vidoomy.com | tcp |
| GB | 216.58.212.225:443 | tpc.googlesyndication.com | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| GB | 172.217.16.234:443 | translate-pa.googleapis.com | udp |
| GB | 142.250.179.230:443 | s0.2mdn.net | tcp |
| GB | 216.58.212.225:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.179.226:443 | cm.g.doubleclick.net | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 230.179.250.142.in-addr.arpa | udp |
| DE | 146.70.169.164:2227 | tcp | |
| US | 8.8.8.8:53 | 164.169.70.146.in-addr.arpa | udp |
| DE | 146.70.169.164:2227 | tcp | |
| NL | 45.15.156.186:29975 | tcp | |
| US | 8.8.8.8:53 | focKpcZNFzOsLAPbkDVXv.focKpcZNFzOsLAPbkDVXv | udp |
| US | 8.8.8.8:53 | 186.156.15.45.in-addr.arpa | udp |
| NL | 45.15.156.186:29975 | tcp | |
| NL | 45.15.156.186:29975 | tcp | |
| NL | 45.15.156.186:29975 | tcp | |
| NL | 45.15.156.186:29975 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3e71d66ce903fcba6050e4b99b624fa7 |
| SHA1 | 139d274762405b422eab698da8cc85f405922de5 |
| SHA256 | 53b34e24e3fbb6a7f473192fc4dec2ae668974494f5636f0359b6ca27d7c65e3 |
| SHA512 | 17e2f1400000dd6c54c8dc067b31bcb0a3111e44a9d2c5c779f484a51ada92d88f5b6e6847270faae8ff881117b7ceaaf8dfe9df427cbb8d9449ceacd0480388 |
\??\pipe\LOCAL\crashpad_1340_DUAQXWCNTFGCKLHT
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\decbb1f3-78ad-465c-a229-16c64fba5ac0.tmp
| MD5 | 5262dcb81059643deef54d81a9badc8b |
| SHA1 | 547fecd82793bab535803f785092e02cacf9521b |
| SHA256 | 831e03845119755f03732028eec5ef65f3fe0e9ef25093172b06cf12a3cce76d |
| SHA512 | 328fc391df45b1c84e0a99bb6d4b201a9e944a0f144babf066253b66e3f5aeff32b848a6a83dde766b83fe41725e3c27b607b8c8c64ff663841b43f5a99da0c2 |
memory/5080-33-0x00000221DD720000-0x00000221DD721000-memory.dmp
memory/5080-34-0x00000221DD720000-0x00000221DD721000-memory.dmp
memory/5080-35-0x00000221DD720000-0x00000221DD721000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
memory/5080-45-0x00000221DD720000-0x00000221DD721000-memory.dmp
memory/5080-46-0x00000221DD720000-0x00000221DD721000-memory.dmp
memory/5080-48-0x00000221DD720000-0x00000221DD721000-memory.dmp
memory/5080-49-0x00000221DD720000-0x00000221DD721000-memory.dmp
memory/5080-50-0x00000221DD720000-0x00000221DD721000-memory.dmp
memory/5080-39-0x00000221DD720000-0x00000221DD721000-memory.dmp
memory/5080-51-0x00000221DD720000-0x00000221DD721000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6da623d089d7e786cb820751edccb514 |
| SHA1 | 6b7a55a5772a4fe307a04da90e453cb7a33de3c9 |
| SHA256 | dc85226ebcc5ff661b03d4766b3f12ce719026831dfc32042a9cdbf219f7bb8f |
| SHA512 | 5e25083ac1a852212a46df9cd3097cdf55ecc3734c46b18913e8408c7ed963b82725ba8d263daa9e9be2b10ad1bd0733077532292bdf0cac7e35b1c80a447b26 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 14eb2a3dfce11477307f27f5424549f8 |
| SHA1 | 57809723dab0c1a597679bea356ed5d7ce243033 |
| SHA256 | 8fcfff362b83e98389274be55f97808529dec2b823eb47f79e8bb3bc7d476145 |
| SHA512 | 11732be77f69da3ee92ad9913a24606c1e21ad34a3fe4788e18761b048777dcea548522c43a64b4e3f1e83837eea68d81903fe959c1c5d5ba031e2ef5a640274 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 1b1b142e24215f033793d1311e24f6e6 |
| SHA1 | 74e23cffbf03f3f0c430e6f4481e740c55a48587 |
| SHA256 | 3dca3ec65d1f4109c6b66a1a47b2477afaf8d15306a523f297283da0eccbe8b1 |
| SHA512 | a569385710e3a0dc0d6366476c457927a847a2b2298c839e423c485f7dcce2468a58d20133f6dc81913056fb579957e67f63cf1e20b910d61816210447cd1f1f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ee003dd490b3c54fc54c4552b9bca984 |
| SHA1 | 2cb3ba43826f236c800830403a9fede6f94b9e26 |
| SHA256 | 590e70db1fc0f91ff2eca1ecd3ae119545d411bec47c425ffca26e78cb5a0d50 |
| SHA512 | c60ee037a2a6c3c4ba3afd825aed6cd70801a66d930a0d1d72f7eac8ac9bf9f0d8ecd4b7cd8633210fa8c3373b48479341b1c61f4c3d2a6b2123c073e215390f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 16c83211c32bf469184acadbbef57512 |
| SHA1 | afeb919e1f0c17f328d8937b2fbf2ac7c1b01235 |
| SHA256 | 8de5c0c58d2a0da22232549cdd71095a2742295b8054be9f9155a5fea7210d68 |
| SHA512 | 0f3729c91948157c1b9f9ee066b22407cef84cbabb28de9a922019f2d85294fd4c19fe74b203b18ceaa6268ef369348a15326b4b7a2f95b5a9504066c4e0bdbf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 11f0f6ade334dd766f95cdd4a4062663 |
| SHA1 | 21a965bb9fdeefbb4095db4bf32348252fd31cd9 |
| SHA256 | 6c44bf7f4e164e78221d24b6fe628db0dfce918b3ab91774b29e9665aef07946 |
| SHA512 | 4a64768acfd90d995c23d24fb4c611d112de16898e4131d1568627e38e9f36fb1586ae4c2343c74f8dafd27658f371e1b9d8ae0f55b7df57f691036d4b94234a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a23b.TMP
| MD5 | 5a1fcfc80ab7bc1087575d7163ed4079 |
| SHA1 | c528fb4471c7c2a1dcae3601e58be0515122f80b |
| SHA256 | 70e3c6495687e0236d4687836b390a431f7521e5ef1a97c28097b4908822a93f |
| SHA512 | eab3c32920e61b4342c7df5b8af95d90a25edce87b96af35492c5e96e9df6e5f76943c46b712b21cffb79b0439b4592c9eb33b6626631cadff22517036af58e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7c00edaeb16a162a5b5d0138e9c696f3 |
| SHA1 | a9eaac4cfe90e67dd67c615a8bf9d3ebd53a0e10 |
| SHA256 | 852ed1e0713aabba3328cddfe92e2ecd71329493fe140f7e1d0359e7265e503d |
| SHA512 | c8decffdb7764464177f70fb1a638fe7862d9b651cd6d0275507a46fb3c60ea4b29ef8576ff562ba26e1ff558f56456ca7ef9c2258f12c7aba6549ea2141098c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004f
| MD5 | 87e8230a9ca3f0c5ccfa56f70276e2f2 |
| SHA1 | eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7 |
| SHA256 | e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9 |
| SHA512 | 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 099bca9623fa00a17dc0e0e41ca9a2ec |
| SHA1 | a412f157c11079f7c25a7ed9462c554abf59f800 |
| SHA256 | 3d5bcc23c48607b144a74fe814eb3b44045c720265d4d9331005a68b93f75262 |
| SHA512 | 182d2c046b75c471a3f117dd37c64b28e10e0e8146bc76b4687663ad023ed6e98df861f7a788b4730f2bee23dd3e073adac03e17e4c683c383ae2e171f20ebc8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | de5f6f6d8267b2af9106550df6f1fec4 |
| SHA1 | 4ae124239cb7f5d3960683ae39a17650f4323531 |
| SHA256 | 4e32a0364ab089f16db5f13a962a69f9b726869112b577b056efcd40a8940666 |
| SHA512 | 77a79bf7c88ebbf2932c61a276db5f3f24d42a0867ae9ab22cf1bfda1959de5dd6c1c541a300ab56fdd1a024176ce25d5642d1e2440dd81626ba6ca295fa4dd1 |
C:\Users\Admin\Downloads\ElectronRob.rar
| MD5 | 9d6efe2e33a816ef58fcdcc6a44b53ed |
| SHA1 | 281f905402e0a8f1b08a06203decd831e0334e3d |
| SHA256 | 62e09ffbae42a36d9f992cda8d6d8285e1654575355fdc03cfcb426e159e59ce |
| SHA512 | 4b0dfc523cce8cd9d03d690f9a9cdd557fbdad67483f1a8f8571571f044285a53724f5f3f48bb05399fd4899374c0e34449f8fe654ca5d2b522ae6a5f729cd08 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d916d40017848dd8b623d5f581bb46c5 |
| SHA1 | 239d0e530ba938c67c671c72ef34d9229faf8da4 |
| SHA256 | 111f1da9b67209bffe05f26cd0067f96e274a953651d37e76b63b2ce91a71ecc |
| SHA512 | eb193ae79c580811b34bdd4d0eeb0f00a5a07a43a707ac341e9c5446f17d13173aab043b4e7ec097b3e45659acc85897317d1d2da2bce3d9345e5b6d56491677 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7c5398ad59d8a7d2860b5656357c0faa |
| SHA1 | 38d90896010b6376355254a2cffed6b1d7effae4 |
| SHA256 | c83df2769bb9d9f5ea2c7c441aad6222fd56ef8d712d9845d20fe62f105c66fb |
| SHA512 | ebd57e98038fec39edf07884abab93e82fdd0a0c15f2bb4f7bf0955e693eb249a869d3f86d5b4b3f798a787d1f8de6c41f29b1363ab7e61615803eb4ab3d79b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | fcbe3bf8ce446fe31ec29b42a345962b |
| SHA1 | 26fa2a1f15ceaff431ded387ad524116a151e7ec |
| SHA256 | 6393fc1af2a7e1d265198f575f98f6ecac722f140aa8b524840362c09af2fad8 |
| SHA512 | d4ebd854834e76ba0df10537e836e5babe83b10b049830aeccd5173261dd5b46b2eef1e20eb6f801129601a9b3b86a0b8d67af7c2da121da7300a7db80cb82cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\64d51e58-2fbe-409f-8dfd-ccd420fcecad.tmp
| MD5 | 1d1b2f098cbf79a58ab1e60da95ece84 |
| SHA1 | 28eb5c77fc42eba21f9dafaf3da4b8d35b05740e |
| SHA256 | 5418004fcea60b750cf6dd512a024d4e158e9419c3ff3e20949b6d3f294d47e2 |
| SHA512 | 46e194c5085e593a2d4a74f6d6b06a5750fda5e05cd7d7659c2a3bd18f7330c0b3710700556eab5460dc2d1d787db1ced443785ceec484ac2f63499670f34eb3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2989c5635665710118c4f977b7cef5e5 |
| SHA1 | cfa8d7050bb9f8aa5f47faf5cb46ba8b2ca78c41 |
| SHA256 | 8f519485ee7dd06690c3fb1b159a80aa2d100f5393abb26586f2a3e957576004 |
| SHA512 | 6ecf670c49839b28522e5039c8826814720cffef56f107edad3417a4823883ade834b186856ba1f11af99dd7fc0396e4bde3c0282cac260d0e8348c208993ee4 |
C:\Users\Admin\AppData\Local\Temp\7zO8DA97818\Electron.exe
| MD5 | b9365cf5db51ca0c7be7ae8c756bdc36 |
| SHA1 | e131e54f56f6bdb6d625cc36489632c566db373c |
| SHA256 | 08af419eac40b70060ff44899f63d122507e91178e2d2d23bcbb90759ca48a32 |
| SHA512 | a423db1d7a2ecefda0ac796c97d73cbc964ce5c892839e48451674412268f151f16f853abf8c88a5189fc859226942dc77b8627b24afc4679fce6e80fa309d9f |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Agenda
| MD5 | 84be9d39c853622f948f0963715dd7d7 |
| SHA1 | 8417d86e3057bb97a90db5d898289c77f5007a01 |
| SHA256 | 5af5c1257f8b82a3b75d826ed2219ce87b5b951f63ef1fe7ef68981c8d2cad46 |
| SHA512 | 36bfa859edfba4465483f998888c1f6d1e2413f465fc8ca86313a5ff6cfb20b0b4abf8a1ad3e512b60627dcb7c3d56b405ec7b9c1d50df8b0b891ea98c590be8 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Rate
| MD5 | 8a0b5a0cb6bd130b35253f17701b18a5 |
| SHA1 | a1b6d05d741c6a23ba081fe021d0293a43a478b4 |
| SHA256 | 34035ccbeb5445ab0fe053cdaa7c9cbe456197763b19b5731d9a24bc574e173a |
| SHA512 | a7d42f4b6a624ca83642172af0a5a67db4dec3015a613bd04464cb36bfe77b4b8d4cfb9e5a4281fe323769b8531eb6834cff3e526c14daee589205af2d2151b7 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Sim
| MD5 | a77a4b2535895e941a6b04adced00660 |
| SHA1 | ff4b9e57b6cc84a23f98e5bef3b9d4f9b2ac6895 |
| SHA256 | 7fd8f4366ccc36aadb7640ab4bc89ea660b139790699176107de19aa17821da4 |
| SHA512 | b137123c6e249cb2f62e1329d14b98da02b6da8b9ee9bb93e8bd661939d0d6074a97abbfb88ee9736b3178904a2b0922161ecb8278f47ed0c8af51ed1c29edda |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\11058\Parking.pif
| MD5 | 848164d084384c49937f99d5b894253e |
| SHA1 | 3055ef803eeec4f175ebf120f94125717ee12444 |
| SHA256 | f58d3a4b2f3f7f10815c24586fae91964eeed830369e7e0701b43895b0cefbd3 |
| SHA512 | aabe1cf076f48f32542f49a92e4ca9f054b31d5a9949119991b897b9489fe775d8009896408ba49ac43ec431c87c0d385daead9dbbde7ef6309b0c97bbaf852a |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Newsletters
| MD5 | f0cb00add562050fb113c63b8d565ce3 |
| SHA1 | 3dff8eb31dcc00461fe553c923fa9669adfcf4dc |
| SHA256 | a5c8778695f435441447309f14e14fcccfda579f087ef460607a2817a72511c3 |
| SHA512 | fa159af81b82f0714ce22abce5c13d430d75080dae396f41b7bb914fcb1115ebe345c9d11ca04359734babc8fb842b6783fb13d01715af8e3a1f9b893bc6ebf9 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Kevin
| MD5 | e34e4592f6825b7e779adbf914216af5 |
| SHA1 | 267a120db921bf5ced410226f80663c7476390d1 |
| SHA256 | 36c293a698908452c0933d5190987fae8259ee12453f35746563cb9b5902b767 |
| SHA512 | e75f093eb179124c31f1501e905b8a4fdc316fc05eec9fdda18630eb96461ffc5baa3d1acad05d9b187f32636cdc2aaeb5555b3f64ec6c2cd3e86a99ba36560e |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Officially
| MD5 | de6766a3fa2f7aca6e959cf4452573ae |
| SHA1 | b6858a5730266cdf3e2ed64181b707979fbaad7b |
| SHA256 | 96bc72c835f63542e5793b7dbf3adbc0844d0e73c3225968e1f88eb68b5e0530 |
| SHA512 | e5eac20e0979e3bab06d6e2022d9fe491538b2ebdfad0e251151920b8769dbf3f7b7e4e94a3d9dc7ee0c3ee50546d184bfa9c118dc03f5e6dc3e74fd4c7ea9ce |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\11058\k
| MD5 | 59ba4b04710d8e6fab7b4c6e3cc639e5 |
| SHA1 | 8f5d6965914a55f7a7a9a1eee60ebdefaef312a8 |
| SHA256 | f0bba22b273586bc492b117f90de4e14c55e0b5304b0dfa8d90f675cc1c6c76b |
| SHA512 | 0471c37ffd2703c2d2988725409daa43c4454172898ed080d2b5b928ad5c034680c71a84f181f405b675b765fd028ee2fd16ff2b7569be4ee5ca9d530b117708 |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Crafts
| MD5 | ea7698521f51a5eeb2b18716cc594a6c |
| SHA1 | 351a38abb41abc0521c34a2f35609e44a824805a |
| SHA256 | 519bd2b5dd03306da46ace6baf49025182d42e204b9d4d3ea84aaf25fc908d7c |
| SHA512 | 6cac00028105f3364d4186230d1e3e0fcf14976d45f35de0c8bdf6240761b9b368ca2f454cd1573651daa11e32b493a536c373948ec1228741aa7e25a165e13a |
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Desktops
| MD5 | f2f3a0d52007c71281666caa21e78211 |
| SHA1 | 76eed58f7e5610f03e1db835180fb070183f2112 |
| SHA256 | a393d7469d1c9eb74f4438b69a41502cfaceff7d27cf05604b4462fb6c4423a4 |
| SHA512 | 8965ef625de9f24485c88e74f4291eaeb75fe263dd6da9cb5226dc2268cfdda2a5a5480976d8f1737d8e58aab8375f12b5c1a8447e6213cc0ee20063ec961762 |
memory/6604-698-0x0000000076F21000-0x0000000077041000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zO8DA636E8\arialbd.ttf
| MD5 | ac8ce60bf9ef976a52176e90335cab62 |
| SHA1 | 77307ba38a136e1329c595f001a4dff1e98274d1 |
| SHA256 | be221654612db226df09f0246de80d4e1aaf07d4484a7117ee34c303358fa44f |
| SHA512 | 3fdbebb145c6fcc825808dd011d893bba944c36fbfb69b35a711389a46f0c8e7aa6fe8b3a562b7453e0acec6d2aac5a7535404f8b3efac494b575ada5532d4d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c91f9a8a738983400294f2e43825568b |
| SHA1 | ff17c8167f32dec2d35e63f238364b977383d736 |
| SHA256 | 438c00a34c19126086110e6aff0a2e6cc8c961e82cb3680cdc351830e5e7ed80 |
| SHA512 | de81252d7c4988b0d6c11a8977d8bb10027fffbc661de660765c163feb4d739747ec84ea18ea13576a7d95f67b4d894df8483c90c79f618489cbd3afd8901dc7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c
| MD5 | 91ce41fccb77d96dce2d738e6b9cb167 |
| SHA1 | 4beae19a90b16916792c88d651f123b627a25fce |
| SHA256 | 5189d731040fb20bd486c8a67cceb62b49a329eef42abeacf1828d26cd73d23a |
| SHA512 | 4267dfdc5dcc859c8432c79c16351decf348e8d92b4b3608be944e93c1afa1d822dc23bd202f1318179ae5877764a70b97793571d980adcea8ec8dc714cb2619 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d
| MD5 | 41c2e7b0e6aa227ccbccf9ff65ce30b5 |
| SHA1 | afae04787131d8bf53f45f97fa84a31f03f86907 |
| SHA256 | 60e1c433b16d34ce86ad5ab9faedd15de3ccdbc31d3e640f02433f8a66358a42 |
| SHA512 | dbc01951f9bdd804c734becf0fa56464097631e9f9893a1f71627e97116928afb7fe056db75ea1ddf9cacd25b832aa646807391970dbf8734a4f09b6166eacb6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d0c5abcfc13abc90f66944ac4653cf97 |
| SHA1 | 6892e53c4ca1bae182d7876da4afefb330217dce |
| SHA256 | 4a7c5d9899bf58b6f3249bc5714cf1d36c932319f5dd7589d676d67b243463c3 |
| SHA512 | 78688fc29afad874e72ba1d83e7367d12f52d8822fa4ed9fb408c54345fb125731244897db89c16a960460a7d846b46818de0f0efbbd91c0e7c56887cd1b9a17 |
C:\Users\Admin\AppData\Local\Temp\7zO8DA9E998\loader.exe
| MD5 | 7616b1df832a2a22416d2157795419ba |
| SHA1 | c1a73a0c7c979902b3a9218c6ca7e8d557562cc7 |
| SHA256 | 411b16a9da220c8533d6403f92226fad78e086dc6e76b6f56f346fbb4228946f |
| SHA512 | 5790e494e2c8f46ee615bf0ca3f842ebb1ca70f2270b0f86da3851498b2a2275985f2125ae895c1f0ca5613c39bb7e0c67e831172e3edf99277625e38fb2a08f |
memory/7152-844-0x00000000021C0000-0x00000000021D4000-memory.dmp
memory/7152-846-0x0000000004B40000-0x00000000050E4000-memory.dmp
memory/7152-848-0x0000000002450000-0x0000000002464000-memory.dmp
memory/7152-849-0x0000000004B30000-0x0000000004B40000-memory.dmp
memory/7152-847-0x0000000004B30000-0x0000000004B40000-memory.dmp
memory/7152-850-0x0000000004B30000-0x0000000004B40000-memory.dmp
memory/7152-845-0x00000000729A0000-0x0000000073150000-memory.dmp
memory/7152-851-0x0000000004B30000-0x0000000004B40000-memory.dmp
memory/5316-854-0x0000000000400000-0x000000000040A000-memory.dmp
memory/5316-857-0x0000000000400000-0x000000000040A000-memory.dmp
memory/7152-858-0x0000000002470000-0x0000000004470000-memory.dmp
memory/7152-861-0x00000000729A0000-0x0000000073150000-memory.dmp
memory/5316-860-0x0000000000400000-0x000000000040A000-memory.dmp
memory/5316-862-0x0000000000400000-0x000000000040A000-memory.dmp
memory/5316-863-0x0000000000400000-0x000000000040A000-memory.dmp
memory/2524-876-0x00000000729A0000-0x0000000073150000-memory.dmp
memory/2524-875-0x0000000002170000-0x0000000002184000-memory.dmp
memory/2524-877-0x0000000004900000-0x0000000004910000-memory.dmp
memory/2524-880-0x0000000004900000-0x0000000004910000-memory.dmp
memory/2524-879-0x0000000004900000-0x0000000004910000-memory.dmp
memory/2524-878-0x0000000004F40000-0x0000000004F54000-memory.dmp
memory/3820-888-0x0000000000400000-0x000000000040A000-memory.dmp
memory/2524-889-0x0000000002460000-0x0000000004460000-memory.dmp
memory/2524-893-0x00000000729A0000-0x0000000073150000-memory.dmp
memory/5316-894-0x00000000011D0000-0x00000000011D1000-memory.dmp
memory/5316-890-0x0000000000400000-0x000000000040A000-memory.dmp
memory/4612-903-0x0000000002150000-0x0000000002164000-memory.dmp
memory/4612-904-0x00000000729A0000-0x0000000073150000-memory.dmp
memory/4612-905-0x0000000004A90000-0x0000000004AA0000-memory.dmp
memory/4612-906-0x0000000004A90000-0x0000000004AA0000-memory.dmp
memory/4612-913-0x0000000002520000-0x0000000004520000-memory.dmp
memory/6664-914-0x0000000000400000-0x000000000040A000-memory.dmp
memory/6664-916-0x0000000000400000-0x000000000040A000-memory.dmp
memory/4612-915-0x00000000729A0000-0x0000000073150000-memory.dmp
memory/6664-917-0x0000000000400000-0x000000000040A000-memory.dmp
memory/6664-920-0x0000000000400000-0x000000000040A000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c8f24c9c5b9647d551d385b7f019739f |
| SHA1 | 5b9f0cd4afa5844e15799a5b29825f15a2107584 |
| SHA256 | ae75445afa3166fb16284151a5a76a938ec1263d77b87373c224d053aecf0a60 |
| SHA512 | 83e7a11cc513bb64d860d1e4924f3fda31d74587c9b2a07b177a7a8d82528242543d7bb090547b0a805a536f9d33ae8d92fd9dc5aaaea1a06ae5eded1bf5494c |
memory/6604-932-0x0000000000F30000-0x0000000000F31000-memory.dmp
memory/6236-963-0x0000000000F00000-0x0000000000F42000-memory.dmp
memory/6236-974-0x0000000072180000-0x0000000072930000-memory.dmp
memory/6236-975-0x00000000052E0000-0x00000000052F0000-memory.dmp
memory/6236-986-0x0000000006C00000-0x0000000007218000-memory.dmp
memory/6236-988-0x0000000005B90000-0x0000000005BA2000-memory.dmp
memory/6236-987-0x0000000005C60000-0x0000000005D6A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.002\11068\RegAsm.exe
| MD5 | 0d5df43af2916f47d00c1573797c1a13 |
| SHA1 | 230ab5559e806574d26b4c20847c368ed55483b0 |
| SHA256 | c066aee7aa3aa83f763ebc5541daa266ed6c648fbffcde0d836a13b221bb2adc |
| SHA512 | f96cf9e1890746b12daf839a6d0f16f062b72c1b8a40439f96583f242980f10f867720232a6fa0f7d4d7ac0a7a6143981a5a130d6417ea98b181447134c7cfe2 |
memory/6236-997-0x0000000005BF0000-0x0000000005C2C000-memory.dmp
memory/6236-999-0x0000000005E70000-0x0000000005EBC000-memory.dmp
memory/6236-1005-0x0000000005F90000-0x0000000005FF6000-memory.dmp
memory/6236-1006-0x0000000006680000-0x0000000006712000-memory.dmp
memory/6236-1007-0x0000000006720000-0x0000000006796000-memory.dmp
memory/6236-1008-0x0000000006660000-0x000000000667E000-memory.dmp
memory/6236-1009-0x0000000007720000-0x0000000007770000-memory.dmp
memory/6236-1010-0x0000000007E40000-0x0000000008002000-memory.dmp
memory/6236-1011-0x0000000008540000-0x0000000008A6C000-memory.dmp
memory/5348-1015-0x0000000001200000-0x0000000001242000-memory.dmp
memory/5348-1016-0x0000000072180000-0x0000000072930000-memory.dmp
memory/5348-1017-0x00000000056E0000-0x00000000056F0000-memory.dmp
memory/6584-1018-0x0000000000760000-0x00000000007A2000-memory.dmp
memory/6584-1019-0x0000000072180000-0x0000000072930000-memory.dmp
memory/6584-1020-0x0000000004C40000-0x0000000004C50000-memory.dmp
memory/700-1023-0x0000000000FD0000-0x0000000000FD8000-memory.dmp
memory/700-1025-0x00007FFCEBE20000-0x00007FFCEC8E1000-memory.dmp
memory/6236-1024-0x0000000072180000-0x0000000072930000-memory.dmp
memory/5348-1030-0x0000000072180000-0x0000000072930000-memory.dmp
memory/5720-1031-0x0000000000B10000-0x0000000000B52000-memory.dmp
memory/5348-1032-0x00000000056E0000-0x00000000056F0000-memory.dmp
memory/5720-1033-0x0000000072180000-0x0000000072930000-memory.dmp
memory/6584-1034-0x0000000072180000-0x0000000072930000-memory.dmp
memory/6584-1035-0x0000000004C40000-0x0000000004C50000-memory.dmp
memory/6432-1036-0x0000000000F30000-0x0000000000F72000-memory.dmp
memory/700-1037-0x00007FFCEBE20000-0x00007FFCEC8E1000-memory.dmp
memory/6432-1038-0x0000000072180000-0x0000000072930000-memory.dmp
memory/6432-1039-0x00000000055E0000-0x00000000055F0000-memory.dmp
memory/5720-1040-0x0000000072180000-0x0000000072930000-memory.dmp
memory/5720-1041-0x0000000072180000-0x0000000072930000-memory.dmp
memory/6432-1042-0x0000000072180000-0x0000000072930000-memory.dmp