Analysis Overview
Threat Level: Shows suspicious behavior
The file https://github.com/topics/robux-generator-free-download was found to be: Shows suspicious behavior.
Malicious Activity Summary
Reads user/profile data of web browsers
Drops startup file
Executes dropped EXE
Checks installed software on the system
Accesses cryptocurrency files/wallets, possible credential harvesting
Drops file in Windows directory
Enumerates physical storage devices
Suspicious behavior: GetForegroundWindowSpam
Checks SCSI registry key(s)
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Modifies registry class
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Modifies data under HKEY_USERS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-22 21:22
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-02-22 21:22
Reported
2024-02-22 21:28
Platform
win10v2004-20240221-en
Max time kernel
325s
Max time network
329s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133531105700747458" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/topics/robux-generator-free-download
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7fff80ed9758,0x7fff80ed9768,0x7fff80ed9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 --field-trial-handle=1868,i,3672259273013142615,12740280484998034945,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2196 --field-trial-handle=1868,i,3672259273013142615,12740280484998034945,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1868,i,3672259273013142615,12740280484998034945,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2980 --field-trial-handle=1868,i,3672259273013142615,12740280484998034945,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2928 --field-trial-handle=1868,i,3672259273013142615,12740280484998034945,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4716 --field-trial-handle=1868,i,3672259273013142615,12740280484998034945,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5044 --field-trial-handle=1868,i,3672259273013142615,12740280484998034945,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1120 --field-trial-handle=1868,i,3672259273013142615,12740280484998034945,131072 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.4:443 | github.com | tcp |
| DE | 140.82.121.4:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 216.58.204.74:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.15.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
Files
\??\pipe\crashpad_2988_PQXWYEPZZETCKSXK
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | bb14a480b065e07f9ba99ab1719727f9 |
| SHA1 | 943c1c6612b4ad642fa90f6d145272cd6cba5411 |
| SHA256 | ce0b96386f49f6dfc5988bf587581a6308d0e53f17e6b748b3a9f66435802d3b |
| SHA512 | b57f71d5c5b44bf47fdfad60d32adcc9340e0bd4c31c382b60d1728ea5a6e96521fe85ed0167b2382d0af21eb52487c3bea8e63a9ac328acd81c18ec19fc32da |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8b8e5b8efba19c980683486d440e35e4 |
| SHA1 | 7a0091b7c004186f380505edacd595297a111fd0 |
| SHA256 | 7a6fc5a77ce43ca2fedb1afec2c3cd17b620b1f42ea9729189f7aedf77f9a789 |
| SHA512 | 57beda3b930e610034c5640a389d38d11bb34fdc38ffaea42977b5ec54fd477672dcea4f4d4b0b7bd4fd8f0c0e872f41eb3e94d41a54f3cffa509010e0606583 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 608344c5b803ef985a7d4185aa0f3af2 |
| SHA1 | c466dcf88ea4b29a4f81e10a6cb9814ddd9013b5 |
| SHA256 | 612a328bde234cc6e589630e830df5b4a86bfa785e1a8907c870e6f9c4f02b2a |
| SHA512 | 03e1d8ce94c44e0e1ddf9d9de4996b68e9ae8bf72b57468f59ef10d69950a43413602a073c17fd0422e5c570b6d8bc6565bb92384c25a808740173db9dd2dea4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 10847009286c8c720c54409f8b4b1f6b |
| SHA1 | 6af5041ae4ece710e655216fcf4a6f8a70c1258d |
| SHA256 | a7053f4fccf0b99cf5d3576a05c2a6b716eb280f4194a65dc207f200b782b48f |
| SHA512 | a10e7a3a4a6a17be4b26de907d313db5c8b8601cbf67c41815e5d4628f3f2387418e7902c09abda321fcd58526d7fa09866f27a24abcb8cb6a8cbb74225627c7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | b77e3c162ca006caec3c4ff01077f45a |
| SHA1 | d78ea906e9d4f052662f840fe5fff8f486f12127 |
| SHA256 | 480eac836c527c932fe815034a19685f8195a30a8c1f2516ac0b9822601aea2d |
| SHA512 | a2b0e0fce91c214ded98a1685d7c2d2433d8996f1f1aa7de10e01796f4f172ef98ab0fccdf56d9d4bc40d680ed2e963334fff8fe2ea465c125749cfbbb0f2143 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-22 21:22
Reported
2024-02-22 21:28
Platform
win10-20240221-en
Max time kernel
322s
Max time network
318s
Command Line
Signatures
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe | C:\Users\Admin\AppData\Local\Temp\7zOC20FFF18\Setup.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zOC20FFF18\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zOC203CC1A\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zOC209803A\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zOC20CFF2A\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zOC209192A\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zOC20611DA\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zOC20FFF18\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zOC202A9DB\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zOC20F7D9B\Setup.exe | N/A |
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rescache\_merged\1601268389\3877292338.pri | C:\Windows\system32\taskmgr.exe | N/A |
| File created | C:\Windows\rescache\_merged\4183903823\810424605.pri | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133531105715907674" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1104443672-3570440473-4052989528-1000_Classes\Local Settings | C:\Windows\system32\taskmgr.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1104443672-3570440473-4052989528-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1104443672-3570440473-4052989528-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/topics/robux-generator-free-download
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffccefc9758,0x7ffccefc9768,0x7ffccefc9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1840 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2880 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2872 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2124 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4672 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5008 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4548 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5144 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=776 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5632 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5788 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4612 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3568 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6076 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6236 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6404 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6544 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6680 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=7440 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=7612 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=7688 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=7380 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=3568 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6772 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6752 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=7968 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=8084 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=8304 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=7844 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=8596 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=8748 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8204 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8256 --field-trial-handle=1868,i,16290921114639113698,7497751876202154184,131072 /prefetch:8
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Robux Generator.rar"
C:\Users\Admin\AppData\Local\Temp\7zOC20FFF18\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\7zOC20FFF18\Setup.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Users\Admin\AppData\Local\Temp\7zOC203CC1A\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\7zOC203CC1A\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\7zOC209803A\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\7zOC209803A\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\7zOC20CFF2A\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\7zOC20CFF2A\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\7zOC209192A\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\7zOC209192A\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\7zOC20611DA\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\7zOC20611DA\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\7zOC20FFF18\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\7zOC20FFF18\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\7zOC202A9DB\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\7zOC202A9DB\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\7zOC20F7D9B\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\7zOC20F7D9B\Setup.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.4:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 4.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.178.10:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | private-user-images.githubusercontent.com | udp |
| US | 185.199.108.133:443 | private-user-images.githubusercontent.com | tcp |
| GB | 142.250.178.10:443 | content-autofill.googleapis.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 228.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | telegra.ph | udp |
| NL | 149.154.164.13:443 | telegra.ph | tcp |
| NL | 149.154.164.13:443 | telegra.ph | tcp |
| US | 8.8.8.8:53 | t.me | udp |
| NL | 149.154.167.99:443 | t.me | tcp |
| US | 8.8.8.8:53 | edit.telegra.ph | udp |
| US | 8.8.8.8:53 | 13.164.154.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.167.154.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gg.gg | udp |
| RU | 91.215.42.31:80 | gg.gg | tcp |
| RU | 91.215.42.31:80 | gg.gg | tcp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 104.16.114.74:443 | www.mediafire.com | tcp |
| US | 8.8.8.8:53 | 74.114.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.42.215.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 104.21.42.32:443 | the.gatekeeperconsent.com | tcp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | www.ezojs.com | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | tcp |
| US | 104.22.74.216:443 | btloader.com | tcp |
| US | 172.64.193.22:443 | www.ezojs.com | tcp |
| DE | 52.222.190.45:443 | cdn.amplitude.com | tcp |
| GB | 172.217.16.238:443 | translate.google.com | tcp |
| US | 8.8.8.8:53 | cdn.otnolatrnup.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.19.214.37:443 | cdn.otnolatrnup.com | tcp |
| US | 8.8.8.8:53 | 232.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.42.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.199.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.193.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.74.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 104.16.56.101:443 | static.cloudflareinsights.com | tcp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | udp |
| US | 104.21.42.32:443 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| FR | 35.181.89.222:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 96.17.179.205:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | go.ezodn.com | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 172.64.193.4:443 | go.ezodn.com | tcp |
| US | 172.64.193.4:443 | go.ezodn.com | tcp |
| US | 172.64.193.4:443 | go.ezodn.com | tcp |
| GB | 172.217.169.34:443 | securepubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| GB | 142.250.200.10:443 | translate.googleapis.com | tcp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 104.21.42.32:443 | privacy.gatekeeperconsent.com | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| US | 100.20.204.53:443 | api.amplitude.com | tcp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| DE | 52.28.151.15:443 | tlx.3lift.com | tcp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| DE | 18.197.85.154:443 | btlr.sharethrough.com | tcp |
| DE | 18.197.85.154:443 | btlr.sharethrough.com | tcp |
| DE | 18.197.85.154:443 | btlr.sharethrough.com | tcp |
| DE | 18.197.85.154:443 | btlr.sharethrough.com | tcp |
| DE | 18.197.85.154:443 | btlr.sharethrough.com | tcp |
| BE | 64.233.184.156:443 | stats.g.doubleclick.net | tcp |
| BE | 64.233.184.156:443 | stats.g.doubleclick.net | tcp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 172.64.193.4:443 | go.ezodn.com | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | 45.190.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.214.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.56.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.89.181.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.92.85.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.69.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.193.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.63.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.85.197.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.151.28.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.184.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.204.20.100.in-addr.arpa | udp |
| GB | 172.217.169.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| DE | 52.85.92.52:443 | tags.crwdcntrl.net | tcp |
| IE | 52.213.118.200:443 | bcp.crwdcntrl.net | tcp |
| IE | 99.81.54.149:443 | ad.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.92.85.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.54.81.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.118.213.52.in-addr.arpa | udp |
| FR | 35.181.89.222:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | cdn.prod.uidapi.com | udp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| US | 8.8.8.8:53 | 488df78eb8d5447db46b794dd3dafdd0.safeframe.googlesyndication.com | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| US | 104.22.53.86:443 | cdn.id5-sync.com | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| DE | 54.192.210.17:443 | cdn.prod.uidapi.com | tcp |
| US | 172.64.152.89:443 | cdn-ima.33across.com | tcp |
| GB | 216.58.204.65:443 | 488df78eb8d5447db46b794dd3dafdd0.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | oajs.openx.net | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 34.120.107.143:443 | oajs.openx.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| DE | 162.19.138.118:443 | id5-sync.com | tcp |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | tcp |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | tcp |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | tcp |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | tcp |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | udp |
| US | 34.120.107.143:443 | oajs.openx.net | udp |
| GB | 172.217.169.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 35.244.159.8:443 | google-bidout-d.openx.net | tcp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 192.146.102.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.70.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.53.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.152.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.210.192.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.107.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.159.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 104.19.214.37:443 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | download2350.mediafire.com | udp |
| US | 199.91.155.91:443 | download2350.mediafire.com | tcp |
| US | 199.91.155.91:443 | download2350.mediafire.com | tcp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | eb2.3lift.com | udp |
| FR | 178.250.7.13:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| GB | 96.16.109.9:443 | ads.pubmatic.com | tcp |
| GB | 23.37.0.27:443 | contextual.media.net | tcp |
| US | 8.8.8.8:53 | 194.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.7.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.111.223.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.155.91.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.0.37.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.109.16.96.in-addr.arpa | udp |
| GB | 142.250.200.10:443 | translate-pa.googleapis.com | udp |
| US | 104.19.214.37:80 | otnolatrnup.com | tcp |
| US | 104.19.214.37:80 | otnolatrnup.com | tcp |
| US | 8.8.8.8:53 | image6.pubmatic.com | udp |
| GB | 185.64.190.78:443 | image6.pubmatic.com | tcp |
| US | 8.8.8.8:53 | dis.criteo.com | udp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| IE | 52.94.223.167:443 | aax-eu.amazon-adsystem.com | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| US | 8.8.8.8:53 | cms.quantserve.com | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | sync.crwdcntrl.net | udp |
| DE | 91.228.74.206:443 | cms.quantserve.com | tcp |
| GB | 142.250.200.34:443 | cm.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | cr.frontend.weborama.fr | udp |
| US | 8.8.8.8:53 | simage2.pubmatic.com | udp |
| US | 34.111.129.221:443 | cr.frontend.weborama.fr | tcp |
| US | 8.8.8.8:53 | woreppercomming.com | udp |
| GB | 185.64.191.210:443 | simage2.pubmatic.com | tcp |
| US | 8.8.8.8:53 | image2.pubmatic.com | udp |
| DE | 54.230.206.4:443 | woreppercomming.com | tcp |
| GB | 185.64.191.210:443 | image2.pubmatic.com | tcp |
| US | 34.111.129.221:443 | cr.frontend.weborama.fr | udp |
| US | 8.8.8.8:53 | a.audrte.com | udp |
| IE | 52.213.12.53:443 | a.audrte.com | tcp |
| US | 8.8.8.8:53 | 78.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.223.94.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.74.228.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.191.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.129.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.206.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | idsync.frontend.weborama.fr | udp |
| US | 34.111.131.239:443 | idsync.frontend.weborama.fr | tcp |
| GB | 142.250.200.34:443 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.ovardu.com | udp |
| US | 104.21.96.72:443 | www.ovardu.com | tcp |
| US | 8.8.8.8:53 | um.simpli.fi | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| NL | 34.91.62.186:443 | um.simpli.fi | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 8.8.8.8:53 | www.opera.com | udp |
| US | 8.8.8.8:53 | c1.adform.net | udp |
| DE | 18.195.1.56:443 | www.opera.com | tcp |
| DK | 37.157.4.28:443 | c1.adform.net | tcp |
| US | 8.8.8.8:53 | pr-bh.ybp.yahoo.com | udp |
| IE | 54.170.49.205:443 | pr-bh.ybp.yahoo.com | tcp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | cdn-production-opera-website.operacdn.com | udp |
| US | 8.8.8.8:53 | www.googleoptimize.com | udp |
| DE | 3.75.62.37:443 | ups.analytics.yahoo.com | tcp |
| GB | 104.84.85.174:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 104.84.85.174:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 104.84.85.174:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 104.84.85.174:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 104.84.85.174:443 | cdn-production-opera-website.operacdn.com | tcp |
| US | 8.8.8.8:53 | 239.131.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.12.213.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.96.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.62.91.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.40.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.1.195.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.4.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.49.170.54.in-addr.arpa | udp |
| GB | 216.58.213.14:443 | www.googleoptimize.com | tcp |
| US | 8.8.8.8:53 | image4.pubmatic.com | udp |
| NL | 198.47.127.20:443 | image4.pubmatic.com | tcp |
| US | 8.8.8.8:53 | www-static.operacdn.com | udp |
| US | 8.8.8.8:53 | www.redditstatic.com | udp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| US | 8.8.8.8:53 | snap.licdn.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | tags.creativecdn.com | udp |
| US | 151.101.1.140:443 | www.redditstatic.com | tcp |
| GB | 163.70.147.23:443 | connect.facebook.net | tcp |
| DE | 52.85.92.13:443 | static.hotjar.com | tcp |
| GB | 104.84.85.174:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 96.17.178.185:443 | snap.licdn.com | tcp |
| GB | 195.181.164.20:443 | tags.creativecdn.com | tcp |
| US | 8.8.8.8:53 | simage4.pubmatic.com | udp |
| BE | 64.233.184.156:443 | stats.g.doubleclick.net | udp |
| US | 151.101.1.140:443 | www.redditstatic.com | tcp |
| US | 8.8.8.8:53 | alb.reddit.com | udp |
| US | 8.8.8.8:53 | ams.creativecdn.com | udp |
| US | 151.101.1.140:443 | alb.reddit.com | tcp |
| GB | 163.70.147.23:443 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | script.hotjar.com | udp |
| NL | 185.184.8.90:443 | ams.creativecdn.com | tcp |
| US | 8.8.8.8:53 | px.ads.linkedin.com | udp |
| DE | 18.155.153.85:443 | script.hotjar.com | tcp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| NL | 185.184.8.90:443 | ams.creativecdn.com | tcp |
| US | 8.8.8.8:53 | 37.62.75.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.85.84.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.92.85.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.164.181.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.8.184.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | vc.hotjar.io | udp |
| DE | 54.230.206.38:443 | vc.hotjar.io | tcp |
| US | 8.8.8.8:53 | www.linkedin.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| DE | 37.252.171.53:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | 85.153.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.42.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.206.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| DE | 18.195.1.56:443 | www.opera.com | tcp |
| US | 204.79.197.200:443 | bat.bing.com | tcp |
| US | 8.8.8.8:53 | dsp.adfarm1.adition.com | udp |
| DE | 85.114.159.93:443 | dsp.adfarm1.adition.com | tcp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| US | 54.205.227.51:443 | sync.srv.stackadapt.com | tcp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| US | 8.8.8.8:53 | p.rfihub.com | udp |
| IE | 52.211.227.29:443 | match.prod.bidr.io | tcp |
| US | 8.8.8.8:53 | sync-tm.everesttech.net | udp |
| NL | 193.0.160.131:443 | p.rfihub.com | tcp |
| US | 8.8.8.8:53 | ws.rqtrk.eu | udp |
| US | 8.8.8.8:53 | mwzeom.zeotap.com | udp |
| US | 8.8.8.8:53 | uipglob.semasio.net | udp |
| US | 8.8.8.8:53 | pixel.onaudience.com | udp |
| US | 8.8.8.8:53 | creativecdn.com | udp |
| US | 8.8.8.8:53 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | pubmatic-match.dotomi.com | udp |
| US | 151.101.2.49:443 | sync-tm.everesttech.net | tcp |
| DE | 57.129.18.113:443 | ws.rqtrk.eu | tcp |
| CA | 15.235.15.221:443 | pixel.onaudience.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| DK | 77.243.51.122:443 | uipglob.semasio.net | tcp |
| US | 172.67.40.173:443 | mwzeom.zeotap.com | tcp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| NL | 64.158.223.140:443 | pubmatic-match.dotomi.com | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | bh.contextweb.com | udp |
| US | 8.8.8.8:53 | 53.171.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.159.114.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.227.205.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.149.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.227.211.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.160.0.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.18.129.57.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.216.36.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.40.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.51.243.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.15.235.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.223.158.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| US | 8.8.8.8:53 | spl.zeotap.com | udp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| IE | 68.219.88.97:443 | c.clarity.ms | tcp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 8.8.8.8:53 | rtb-csync.smartadserver.com | udp |
| FR | 217.182.178.233:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | 131.169.93.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.178.182.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.88.219.68.in-addr.arpa | udp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | tcp |
| NL | 45.15.156.127:23000 | tcp | |
| US | 8.8.8.8:53 | 229.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.156.15.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.16.208.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| NL | 45.15.156.127:23000 | tcp | |
| NL | 45.15.156.127:23000 | tcp | |
| US | 8.8.8.8:53 | 211.178.17.96.in-addr.arpa | udp |
| NL | 45.15.156.127:23000 | tcp | |
| NL | 45.15.156.127:23000 | tcp | |
| NL | 45.15.156.127:23000 | tcp | |
| NL | 45.15.156.127:23000 | tcp | |
| NL | 45.15.156.127:23000 | tcp | |
| NL | 45.15.156.127:23000 | tcp |
Files
\??\pipe\crashpad_5032_FOVIFLNDMFYOBZIC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 80d33eaa3c55829749548d341ead12b4 |
| SHA1 | 676857b166bd2c3a55773564ad7ff56ad859f556 |
| SHA256 | 555e9f266b2fa8e64405c11f38c2f1b1ff8a152664cbefb178392c6a95cabfc4 |
| SHA512 | 495d80c66289313528755d929b81c6263f6d7a1a97ab9811af0cb3013872667d676db2af7d73f0c831f772beb4e39e22ab5a385f9ea71ddd4cea820473f404ed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a6ed12c4eedd1bbbb62ca71a4c4ad17c |
| SHA1 | 081e4b34d8e6ae0f42a93c68649a9e5027bd207e |
| SHA256 | 77b18a3d3cc731058fd07eb8a669f038dafb295abbabd41137138a70a8fc7724 |
| SHA512 | eb3e062520e741651c414deb00131008db09fb0b35bb10038c86e8343260e150009a91ea4d1f035fde40b21d0c5648f02254fe2c3bf479905ee4e25446feb2d4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6b4eede2b7ef15d39033f84e913eeaae |
| SHA1 | 22271064fb910a52e2dd3c9d45295bedadb3238d |
| SHA256 | 1ead3ab8f1e69ffbd8d449fd6eb5db592baea3f93b4e0ef84d297722743d7f0e |
| SHA512 | 661bd6d321edea88301c277da9a8e73c569c24d9df068b1c853dc92648ec836aefdfba000a44d3b009cba930f44b64b65c3972d1e7182d344291ea6a18d8cb42 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ab23f1ef389b0881fcac235e1fb0310c |
| SHA1 | ade18de67fe4b74c8045805bc09375fdec3b3572 |
| SHA256 | 9bd8f90ddd2019066901be148ee80ce888e13beaf7ac58ba10ecb2e409e1e2d7 |
| SHA512 | ebda06ea8649b3810f4af94db1aa9254e3ba7c781282e0090699d7eb9b3e6f6a0bbed1e2afb5b6bdf345463af136060024a760271ff70a4432b823050c6da79d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 2c1f1fb05f0f152aa09b611b0879e9e7 |
| SHA1 | 14cdc1860b3c3aed1534eb6416e7e27f599de026 |
| SHA256 | 13febea14e02b89efde7f3322fce61d01a4118fd8d025fd7873b556ba0b7d451 |
| SHA512 | 068848fdcc3e0d67b298ecb47eb417e41784e416d591b68fdf149404c3eaf6c3b5086948a0f8f2b994d7e281794d9deb71b9c59e912876c8495caa02ea695d50 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ca39f25af97d1d1ef895c9dd78e3c91d |
| SHA1 | e90195834cefc4127374e1661d831c49d71f5c9b |
| SHA256 | 8edfb81f4c53d86497c3e1f4c0bf8f0fa147b934eb8a16b04c9d5f04f5fe28de |
| SHA512 | e014331ff1c3b6cb0c7643d84e9863b47f57989a17c0700dffd53009825659a6f5d338473f75750d5b437e015d05b392d88da47f6ccf6aaf87df51299fbd292e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | cf8a8d8b06f36ce47a17a6459a23c7eb |
| SHA1 | 01e027ad552c9dc2737309c5e51cd0253c496d83 |
| SHA256 | f69da8b3f83c697d826b32e07bf45021b9f536adba450678bc3592151c5b0021 |
| SHA512 | b1805f80df4550de77eb02b3bed1a8458cc67e234828aac84eb81c6d0f925d3dc984d0d76bd095f9ce3a68990829009b16c47fc981b8f8135e1507ee06aaa366 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7e1ec81fbec4ed6edb17daf59a4e9c3f |
| SHA1 | 80bdb35badb6e09b70195ec23d5366aafb36367a |
| SHA256 | bf4c4d24d4253a95270b9c28fe153d53e90f94ff011a64419d7205a0bb77ed0b |
| SHA512 | 1a0370243ead2b28d62f4925a12e28c43a400da322cac34d16150bd1a12df867a221ef4985a91169256707edc5abdeb9ba72be910f91f4260300e38013514e28 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d4f63fc89ffd9f7fc25e450e74c11bd1 |
| SHA1 | c92753d3e56e7417759df3b6ddf0d680386a6362 |
| SHA256 | 086514f1c162180d87e3cfe006797085e56915f97a8dcb7316faa8e3bdf2b047 |
| SHA512 | 300f5c53a84e088ff3e57b84dd9e85bbef05140e2d37264155af5fec320ac58aa75b435ff519d7e3f4f7f65c3dee1c131880fe0f7fd741a4f3f36f817b5918c6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 4ca51cd347a777dae2c061a36c4849ae |
| SHA1 | df708e28463548aabb49f5faeb6dbbf6886aa5b8 |
| SHA256 | e0ea48a3ddf61a4c25f7a727b9538d4fd5419e96bad481374855ccfe86f6fb9a |
| SHA512 | 12fd96a2b952e91890ddef901ce6a4903152c5d9fc070e6840a6023af50b424e957719636edbf71b5be85d35cc079c402f1a82cfb824d302dd2b821eed45e9fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 6fafe8fd5e23381afad7df8c828fa739 |
| SHA1 | aaf10c5d058691c63c6a5d57eb19b1bb170547a4 |
| SHA256 | e199f04203b77e926a18a81f490242477c932ed0d25102d7a30fed587e22d515 |
| SHA512 | 0d8f3a1fab6d8f3945d15796cd3d3da46763765b1d85a401da58753ff9f077c730c46e088d2eda934ae62b4c42c3ed88cc2f7cc32f0300c4571892520036edf0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe583709.TMP
| MD5 | f2f320c4fdea6b76334785736b8fd1bb |
| SHA1 | a1960a720edd84253d7c0d22ce91bf4ac2ed9b69 |
| SHA256 | 04fa88f62836f5b43865c68a0b0d004673f59c8cede9bb9bd400f5cb67d64c88 |
| SHA512 | fbe5d12d1ffb2ada48f0a254df8c3be0c68d117bf54552d4c345f06611c7315903c7a07921eacfb3e0807f0876f186b585b301cc3c8e75027428e05bd22f86dc |
C:\Users\Admin\Downloads\Robux Generator.rar
| MD5 | 652997d766a2ee63e1f702b6942af8c2 |
| SHA1 | fcd448d2a34b5f8525983407e8de68e3a4b663f4 |
| SHA256 | e33b6eb7060a9686e296ad4b7619b75ae5cfccc5c49f63552697ab1f746e8642 |
| SHA512 | 9a8c41d4bf32f93d16a318151e30b8aff923c83c906de6ff0557c62b2e496c7f6d96d6211c79dbe05170be74df8d3aa53652e7df461c174e4167bcb6fdeb215f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d91895ca82c130e47f4d2f19259e5c33 |
| SHA1 | 6ace1ce61949768b806f68a92c5477269605fffc |
| SHA256 | 884f7124eb5a180e49f417582948b9fed019bb68b5829b4eaca859fc8d7025be |
| SHA512 | 90aebfd864a13d252f8ede7128ca35410b4cf6d386a56eab4dd733a82e477f534afa0451321c506c0b4e313dbd036290ad0f6fc125e9c44fa4dd9349aa285349 |
C:\Users\Admin\AppData\Local\Temp\7zOC20FFF18\Setup.exe
| MD5 | f0b2a4746586e5ad4d4a1325c6cd0914 |
| SHA1 | 0f88773aa73ceab16e43612af00b30f51fdcae23 |
| SHA256 | 13a5d2dac747be8385c04ab9f60bebc16a5ad457d10d1426b9173e4ee20d41c9 |
| SHA512 | 96effd8298bea5ab715fe0e10fdc6c59bf6cd5c59e9398c1c29f53ab9cb96957b7e0caec49a86d6c7e2623fbc0199a1d661920a9d299c19717d612b4224120ac |
memory/5792-627-0x0000000000D00000-0x0000000000D92000-memory.dmp
memory/5792-631-0x0000000072C60000-0x000000007334E000-memory.dmp
memory/5792-632-0x0000000005320000-0x0000000005330000-memory.dmp
memory/5792-633-0x0000000005940000-0x0000000005F46000-memory.dmp
memory/5792-635-0x00000000052B0000-0x00000000052C2000-memory.dmp
memory/5792-636-0x0000000005440000-0x000000000554A000-memory.dmp
memory/5792-637-0x0000000005330000-0x000000000536E000-memory.dmp
memory/5792-638-0x0000000005370000-0x00000000053BB000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 77c1326baa8af9dfd14aae916b49d21c |
| SHA1 | 361bee2b14e049976ffc8cbf96a751e62ef2c848 |
| SHA256 | e30073b0ffe6fd1b53897c274588d7bd1a723c0f58a6b745ced0c9c9ecba6b23 |
| SHA512 | 6ea0ce858d2594aa3661651a485e207aac037f8b4e7303d95c7a11ee2b18d0c20113884f633b43260ed65cc7144b3703a502016397633f6c710221854eadd4d3 |
memory/5792-648-0x0000000005640000-0x00000000056A6000-memory.dmp
memory/5792-649-0x0000000006650000-0x0000000006B4E000-memory.dmp
memory/5792-651-0x0000000006210000-0x0000000006286000-memory.dmp
memory/5792-650-0x0000000006370000-0x0000000006402000-memory.dmp
memory/5792-652-0x0000000006530000-0x000000000654E000-memory.dmp
memory/5792-653-0x0000000007130000-0x0000000007180000-memory.dmp
memory/5792-655-0x0000000007550000-0x0000000007712000-memory.dmp
memory/5792-656-0x00000000089C0000-0x0000000008EEC000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
| MD5 | 74a1ccd708a0420d15bfc218acf91bff |
| SHA1 | c414d6814b420333ceddbd7233b20d2b090c0eaa |
| SHA256 | 41303b14406eda78e8f3721be2ed767e7de99b98d46144afe40bdeae75ddb178 |
| SHA512 | 1ee907416c1b04c035693fb21e8d0cc7f19e45252de24701a8ad3863bdef5813b3384e619c10e711d12a4b4902c5be524b9cefba51e163e5c45511e40a7c0376 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe
| MD5 | a5ce3aba68bdb438e98b1d0c70a3d95c |
| SHA1 | 013f5aa9057bf0b3c0c24824de9d075434501354 |
| SHA256 | 9b860be98a046ea97a7f67b006e0b1bc9ab7731dd2a0f3a9fd3d710f6c43278a |
| SHA512 | 7446f1256873b51a59b9d2d3498cef5a41dbce55864c2a5fb8cb7d25f7d6e6d8ea249d551a45b75d99b1ad0d6fb4b5e4544e5ca77bcd627717d6598b5f566a79 |
memory/6024-668-0x0000000000ED0000-0x0000000000ED8000-memory.dmp
memory/5792-669-0x0000000072C60000-0x000000007334E000-memory.dmp
memory/6024-670-0x00007FFCBB120000-0x00007FFCBBB0C000-memory.dmp
memory/6024-671-0x00007FFCBB120000-0x00007FFCBBB0C000-memory.dmp
memory/2940-679-0x00000000006D0000-0x0000000000762000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\AppLaunch.exe.log
| MD5 | b2eebc7eb257c75cdc75b4f09bf1434c |
| SHA1 | 76caeb620e64afb0085af0acc3da237cfe72ca84 |
| SHA256 | e12b6597453a2d9fd50ef405195d61d94a960c3a38b35eecc9e0a82913af5a54 |
| SHA512 | 9ce85f97c5deba4cefaaf304053f0a1114b37dbf7386585e2f95dba8ff3a25063dccfa61e7c58e9fe909deed67c9942085cd1480db6d600eb9f21af8739fb6c0 |
memory/2940-684-0x0000000072C60000-0x000000007334E000-memory.dmp
memory/2940-685-0x0000000000880000-0x0000000000890000-memory.dmp
memory/2940-687-0x0000000072C60000-0x000000007334E000-memory.dmp
memory/6048-694-0x0000000000D50000-0x0000000000DE2000-memory.dmp
memory/6048-698-0x0000000072C60000-0x000000007334E000-memory.dmp
memory/6048-699-0x0000000002A40000-0x0000000002A50000-memory.dmp
memory/6080-706-0x0000000002CC0000-0x0000000002D52000-memory.dmp
memory/6080-710-0x0000000072C60000-0x000000007334E000-memory.dmp
memory/6080-711-0x00000000059C0000-0x00000000059D0000-memory.dmp
memory/5896-718-0x0000000002C60000-0x0000000002CF2000-memory.dmp
memory/5896-722-0x0000000072C60000-0x000000007334E000-memory.dmp
memory/5896-723-0x0000000005870000-0x0000000005880000-memory.dmp
memory/3808-730-0x00000000014D0000-0x0000000001562000-memory.dmp
memory/3808-734-0x0000000072C60000-0x000000007334E000-memory.dmp
memory/3808-735-0x0000000003330000-0x0000000003340000-memory.dmp
memory/6080-737-0x0000000072C60000-0x000000007334E000-memory.dmp
memory/6048-739-0x0000000072C60000-0x000000007334E000-memory.dmp
memory/5896-741-0x0000000072C60000-0x000000007334E000-memory.dmp
memory/3808-743-0x0000000072C60000-0x000000007334E000-memory.dmp
memory/1544-745-0x00000000025E0000-0x0000000002672000-memory.dmp
memory/1544-749-0x0000000072C60000-0x000000007334E000-memory.dmp
memory/1544-750-0x0000000005130000-0x0000000005140000-memory.dmp
memory/1544-752-0x0000000072C60000-0x000000007334E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zOC2008D3B\Robux Generator.jpg
| MD5 | 0aae66e26f7831f2283fca55e2371512 |
| SHA1 | 31565d263b99f68281e0325e7ddea8e769736481 |
| SHA256 | cfcbedfa85ad557b5644cd0cb81d9efa978974ba44c95db8a8495cffa4ca6a68 |
| SHA512 | 12a794abedcbba59fc4270c4f1b1e53a96982475862f31febd04987e3dccc24ec8b882c4f4014f5ec2883baefec48634fb349307fe213df76ee6b4933c71e51d |
memory/436-765-0x0000000000D10000-0x0000000000DA2000-memory.dmp
memory/436-769-0x0000000072C60000-0x000000007334E000-memory.dmp
memory/436-770-0x00000000052B0000-0x00000000052C0000-memory.dmp
memory/436-772-0x0000000072C60000-0x000000007334E000-memory.dmp
memory/5880-779-0x00000000027A0000-0x0000000002832000-memory.dmp
memory/5880-783-0x0000000072C60000-0x000000007334E000-memory.dmp
memory/5880-784-0x0000000005420000-0x0000000005430000-memory.dmp
memory/5880-786-0x0000000072C60000-0x000000007334E000-memory.dmp