Analysis Overview
Threat Level: Known bad
The file https://easyupload.io/cbm5st was found to be: Known bad.
Malicious Activity Summary
Quasar RAT
Quasar payload
Executes dropped EXE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Modifies registry class
Checks SCSI registry key(s)
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Creates scheduled task(s)
Suspicious use of SetWindowsHookEx
Uses Task Scheduler COM API
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-12 05:07
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-12 05:07
Reported
2024-04-12 05:09
Platform
win10v2004-20240226-en
Max time kernel
110s
Max time network
111s
Command Line
Signatures
Quasar RAT
Quasar payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\RyansProject.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\SubDir\Client.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133573720909907006" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\SubDir\Client.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://easyupload.io/cbm5st
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9533c9758,0x7ff9533c9768,0x7ff9533c9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2000 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2180 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2740 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2748 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4680 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4972 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5276 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5404 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6192 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6220 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=6352 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5872 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5624 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6452 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6472 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6740 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6756 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6920 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6944 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6952 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=7232 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=7244 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=8072 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=7100 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=8208 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=7268 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=8624 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=8588 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=8904 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=8960 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=9376 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=9340 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=4992 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=9728 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=9588 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=10064 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=10172 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=10312 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=10264 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=10324 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=10708 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=10468 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=4716 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=4692 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=10660 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=10336 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=10556 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=10168 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=9672 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=9712 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=9500 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=10568 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=11248 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=10520 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=10504 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9036 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10428 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5656 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:8
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\RyansProject.rar"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\RyansProject.exe
"C:\Users\Admin\Downloads\RyansProject.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
"C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=748 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=6668 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9904 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5680 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=5644 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:1
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | easyupload.io | udp |
| US | 172.67.71.25:443 | easyupload.io | tcp |
| US | 172.67.71.25:443 | easyupload.io | tcp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | cnt.trvdp.com | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.71.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.80.16.104.in-addr.arpa | udp |
| US | 18.239.208.77:443 | cnt.trvdp.com | tcp |
| US | 18.239.208.77:443 | cnt.trvdp.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | cdn.adapex.io | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.234:443 | content-autofill.googleapis.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| GB | 199.232.56.157:443 | platform.twitter.com | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 104.21.234.176:443 | cdn.adapex.io | tcp |
| BE | 64.233.166.157:443 | stats.g.doubleclick.net | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 172.217.16.226:443 | securepubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.177:80 | apps.identrust.com | tcp |
| GB | 172.217.16.226:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | cat2.hbwrapper.com | udp |
| US | 8.8.8.8:53 | ssc.33across.com | udp |
| US | 8.8.8.8:53 | prebid.adnxs.com | udp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | cloudflare.com | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 68.183.18.251:443 | cat2.hbwrapper.com | tcp |
| US | 8.8.8.8:53 | 77.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.24.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.56.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.234.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.166.233.64.in-addr.arpa | udp |
| US | 34.149.20.76:443 | ssc.33across.com | tcp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cat.hbwrapper.com | udp |
| NL | 185.89.208.11:443 | prebid.adnxs.com | tcp |
| US | 8.8.8.8:53 | g2.gumgum.com | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.101.63.23.in-addr.arpa | udp |
| NL | 147.75.84.158:443 | prebid.a-mo.net | tcp |
| US | 8.8.8.8:53 | ads.yieldmo.com | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | udp |
| US | 104.16.133.229:443 | cloudflare.com | tcp |
| US | 8.8.8.8:53 | p2.gcprivacy.com | udp |
| US | 18.239.212.129:443 | c.amazon-adsystem.com | tcp |
| US | 134.122.30.244:443 | cat.hbwrapper.com | tcp |
| US | 3.208.60.250:443 | p2.gcprivacy.com | tcp |
| IE | 99.80.112.84:443 | ads.yieldmo.com | tcp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| US | 8.8.8.8:53 | fastlane.rubiconproject.com | udp |
| IE | 52.208.188.224:443 | g2.gumgum.com | tcp |
| US | 8.8.8.8:53 | grid.bidswitch.net | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | ice.360yield.com | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| US | 8.8.8.8:53 | prebid.smilewanted.com | udp |
| US | 8.8.8.8:53 | s.seedtag.com | udp |
| US | 8.8.8.8:53 | targeting.unrulymedia.com | udp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | udp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| DE | 35.158.166.125:443 | btlr.sharethrough.com | tcp |
| US | 34.149.50.64:443 | s.seedtag.com | tcp |
| NL | 213.19.162.21:443 | fastlane.rubiconproject.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| DE | 51.89.9.253:443 | onetag-sys.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| US | 172.64.151.101:443 | htlb.casalemedia.com | tcp |
| IE | 54.72.196.97:443 | ice.360yield.com | tcp |
| NL | 178.250.1.8:443 | grid.bidswitch.net | tcp |
| NL | 185.89.210.90:443 | ib.adnxs.com | tcp |
| US | 104.22.31.209:443 | prebid.smilewanted.com | tcp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 18.239.212.129:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | secure.quantserve.com | udp |
| US | 18.239.208.36:443 | config.aps.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | secure.cdn.fastclick.net | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | cdn.hadronid.net | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | cdn.browsiprod.com | udp |
| DE | 91.228.74.166:443 | secure.quantserve.com | tcp |
| US | 172.67.36.110:443 | cdn.hadronid.net | tcp |
| GB | 23.53.174.156:443 | secure.cdn.fastclick.net | tcp |
| GB | 23.53.174.156:443 | secure.cdn.fastclick.net | tcp |
| US | 18.239.208.47:443 | tags.crwdcntrl.net | tcp |
| US | 104.22.52.86:443 | cdn.id5-sync.com | tcp |
| US | 18.239.208.100:443 | cdn.browsiprod.com | tcp |
| US | 8.8.8.8:53 | rules.quantcount.com | udp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | events.browsiprod.com | udp |
| US | 8.8.8.8:53 | yield-manager.browsiprod.com | udp |
| US | 172.67.23.234:443 | id.hadron.ad.gt | tcp |
| US | 18.239.208.17:443 | rules.quantcount.com | tcp |
| IE | 52.48.17.214:443 | bcp.crwdcntrl.net | tcp |
| US | 54.69.143.81:443 | events.browsiprod.com | tcp |
| US | 18.239.208.122:443 | yield-manager.browsiprod.com | tcp |
| US | 8.8.8.8:53 | pixel.quantserve.com | udp |
| US | 8.8.8.8:53 | proc.ad.cpe.dotomi.com | udp |
| NL | 63.215.202.146:443 | proc.ad.cpe.dotomi.com | tcp |
| US | 8.8.8.8:53 | stg.truvidplayer.com | udp |
| US | 172.67.71.25:443 | easyupload.io | tcp |
| US | 8.8.8.8:53 | a.ad.gt | udp |
| US | 18.239.208.48:443 | stg.truvidplayer.com | tcp |
| US | 18.239.208.48:443 | stg.truvidplayer.com | tcp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.20.149.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.208.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.133.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.84.75.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.212.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.112.80.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.18.183.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.188.208.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.60.208.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.50.149.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.63.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.151.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.166.158.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.162.19.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.31.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.9.89.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.196.72.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.74.228.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.36.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.52.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.174.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.23.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.17.48.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.143.69.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.202.215.63.in-addr.arpa | udp |
| US | 172.67.23.234:443 | a.ad.gt | tcp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | p.gcprivacy.com | udp |
| US | 8.8.8.8:53 | ad.360yield.com | udp |
| US | 18.239.207.196:443 | aax.amazon-adsystem.com | tcp |
| US | 18.239.208.42:443 | p.gcprivacy.com | tcp |
| IE | 54.72.196.97:443 | ad.360yield.com | tcp |
| US | 8.8.8.8:53 | pbs.optidigital.com | udp |
| US | 8.8.8.8:53 | ghb.adtelligent.com | udp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| US | 34.160.72.119:443 | pbs.optidigital.com | tcp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | udp |
| US | 107.151.11.18:443 | ghb.adtelligent.com | tcp |
| US | 8.8.8.8:53 | s.trvdp.com | udp |
| US | 18.239.208.82:443 | s.trvdp.com | tcp |
| US | 8.8.8.8:53 | aggle.net | udp |
| US | 3.33.163.81:443 | aggle.net | tcp |
| US | 8.8.8.8:53 | syndication.twitter.com | udp |
| US | 104.244.42.72:443 | syndication.twitter.com | tcp |
| US | 8.8.8.8:53 | rt.ad-score.com | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | api.rlcdn.com | udp |
| US | 35.208.216.174:443 | rt.ad-score.com | tcp |
| US | 35.208.216.174:443 | rt.ad-score.com | tcp |
| DE | 141.95.98.64:443 | lb.eu-1-id5-sync.com | tcp |
| US | 34.120.133.55:443 | api.rlcdn.com | tcp |
| US | 8.8.8.8:53 | 013a018b99f5829c2405f8b199717684.safeframe.googlesyndication.com | udp |
| GB | 142.250.180.1:443 | 013a018b99f5829c2405f8b199717684.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| DE | 162.19.138.83:443 | id5-sync.com | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 48.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.207.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.72.160.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.11.151.107.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.163.33.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.133.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.98.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.216.208.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| GB | 172.217.16.225:443 | cdn.ampproject.org | tcp |
| GB | 172.217.16.225:443 | cdn.ampproject.org | tcp |
| GB | 172.217.16.225:443 | cdn.ampproject.org | tcp |
| GB | 172.217.16.225:443 | cdn.ampproject.org | tcp |
| GB | 172.217.16.225:443 | cdn.ampproject.org | tcp |
| GB | 172.217.16.226:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 83.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | csync.smilewanted.com | udp |
| US | 8.8.8.8:53 | js-sec.indexww.com | udp |
| DE | 51.89.9.253:443 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | ssc-cms.33across.com | udp |
| US | 8.8.8.8:53 | scripts.opti-digital.com | udp |
| US | 8.8.8.8:53 | cs.seedtag.com | udp |
| US | 8.8.8.8:53 | acdn.adnxs.com | udp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| US | 104.18.38.76:443 | js-sec.indexww.com | tcp |
| NL | 72.246.173.47:443 | eus.rubiconproject.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| NL | 72.246.172.22:443 | contextual.media.net | tcp |
| US | 23.53.112.234:443 | ads.pubmatic.com | tcp |
| US | 23.53.112.234:443 | ads.pubmatic.com | tcp |
| US | 104.16.186.87:443 | cs.seedtag.com | tcp |
| US | 104.18.2.52:443 | scripts.opti-digital.com | tcp |
| US | 151.101.1.108:443 | acdn.adnxs.com | tcp |
| US | 67.202.105.21:443 | ssc-cms.33across.com | tcp |
| US | 67.202.105.21:443 | ssc-cms.33across.com | tcp |
| US | 34.160.72.119:443 | pbs.optidigital.com | udp |
| US | 8.8.8.8:53 | 76.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.186.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.2.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.172.246.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.173.246.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.149.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.112.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.105.202.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | image6.pubmatic.com | udp |
| US | 8.8.8.8:53 | ssp-sync.criteo.com | udp |
| NL | 198.47.127.19:443 | image6.pubmatic.com | tcp |
| NL | 178.250.1.7:443 | ssp-sync.criteo.com | tcp |
| US | 8.8.8.8:53 | eb2.3lift.com | udp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| US | 8.8.8.8:53 | ssbsync-global.smartadserver.com | udp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| US | 8.8.8.8:53 | 19.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.111.223.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.1.250.178.in-addr.arpa | udp |
| NL | 89.149.192.75:443 | ssbsync-global.smartadserver.com | tcp |
| NL | 213.19.162.90:443 | pixel.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| US | 8.8.8.8:53 | static.smilewanted.com | udp |
| US | 8.8.8.8:53 | assets.a-mo.net | udp |
| GB | 185.64.190.79:443 | image8.pubmatic.com | tcp |
| US | 104.19.159.19:443 | assets.a-mo.net | tcp |
| US | 8.8.8.8:53 | secure-assets.rubiconproject.com | udp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| US | 8.8.8.8:53 | csync.smartadserver.com | udp |
| BE | 104.68.78.171:443 | secure-assets.rubiconproject.com | tcp |
| NL | 213.19.162.90:443 | token.rubiconproject.com | tcp |
| BE | 104.117.77.115:443 | csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | s.adtelligent.com | udp |
| US | 8.8.8.8:53 | sync.richaudience.com | udp |
| DE | 142.132.249.187:443 | s.adtelligent.com | tcp |
| DE | 138.201.8.249:443 | sync.richaudience.com | tcp |
| US | 8.8.8.8:53 | cacerts.rapidssl.com | udp |
| SE | 192.229.221.95:80 | cacerts.rapidssl.com | tcp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 8.8.8.8:53 | 75.192.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.162.19.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.159.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.78.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.77.117.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.249.132.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.8.201.138.in-addr.arpa | udp |
| FR | 185.255.84.153:443 | visitor.omnitagjs.com | tcp |
| US | 8.8.8.8:53 | match.sharethrough.com | udp |
| DE | 18.197.199.178:443 | match.sharethrough.com | tcp |
| US | 8.8.8.8:53 | bh.contextweb.com | udp |
| US | 8.8.8.8:53 | csync.loopme.me | udp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| NL | 35.214.197.130:443 | csync.loopme.me | tcp |
| US | 34.149.50.64:443 | s.seedtag.com | udp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| US | 8.8.8.8:53 | b1sync.zemanta.com | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | cm.adform.net | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 8.8.8.8:53 | u.openx.net | udp |
| DE | 37.252.171.21:443 | secure.adnxs.com | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| NL | 81.17.55.117:443 | sync.smartadserver.com | tcp |
| US | 70.42.32.223:443 | b1sync.zemanta.com | tcp |
| IE | 34.254.148.102:443 | ap.lijit.com | tcp |
| DE | 3.75.62.37:443 | ups.analytics.yahoo.com | tcp |
| US | 35.244.159.8:443 | u.openx.net | tcp |
| DK | 37.157.4.28:443 | cm.adform.net | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| NL | 81.17.55.117:443 | sync.smartadserver.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 8.8.8.8:53 | px.ads.linkedin.com | udp |
| US | 8.8.8.8:53 | pr-bh.ybp.yahoo.com | udp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| US | 8.8.8.8:53 | ced-ns.sascdn.com | udp |
| BE | 104.117.77.115:443 | csync.smartadserver.com | tcp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| GB | 142.250.200.34:443 | cm.g.doubleclick.net | tcp |
| IE | 52.30.158.183:443 | pr-bh.ybp.yahoo.com | tcp |
| US | 54.157.225.250:443 | sync.srv.stackadapt.com | tcp |
| NL | 81.17.55.117:443 | sync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | gw-iad-bid.ymmobi.com | udp |
| US | 8.8.8.8:53 | creativecdn.com | udp |
| BE | 104.117.77.160:443 | ced-ns.sascdn.com | tcp |
| US | 47.253.61.56:443 | gw-iad-bid.ymmobi.com | tcp |
| US | 8.8.8.8:53 | t.adx.opera.com | udp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| US | 35.244.159.8:443 | u.openx.net | udp |
| US | 172.64.151.101:443 | ssum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | 153.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.199.197.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.169.93.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.197.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.171.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.40.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.159.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.148.254.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.55.17.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.62.75.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.4.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.32.42.70.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.42.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.158.30.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.77.117.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.225.157.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.8.184.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.213.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.61.253.47.in-addr.arpa | udp |
| US | 54.157.225.250:443 | sync.srv.stackadapt.com | tcp |
| GB | 142.250.200.34:443 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | cm.smadex.com | udp |
| US | 18.239.208.103:443 | cm.smadex.com | tcp |
| US | 8.8.8.8:53 | us.shb-sync.com | udp |
| US | 8.2.110.33:443 | us.shb-sync.com | tcp |
| US | 8.8.8.8:53 | s.ad.smaato.net | udp |
| US | 8.8.8.8:53 | hbx.media.net | udp |
| US | 23.220.112.27:443 | hbx.media.net | tcp |
| US | 18.239.208.71:443 | s.ad.smaato.net | tcp |
| US | 8.8.8.8:53 | 103.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.110.2.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.112.220.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dis.criteo.com | udp |
| US | 8.8.8.8:53 | api-2-0.spot.im | udp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| US | 70.42.32.223:443 | b1sync.zemanta.com | tcp |
| NL | 35.214.197.130:443 | csync.loopme.me | tcp |
| US | 8.8.8.8:53 | cs-server-s2s.yellowblue.io | udp |
| US | 8.8.8.8:53 | public.servenobid.com | udp |
| IE | 52.48.73.249:443 | match.prod.bidr.io | tcp |
| IE | 52.51.67.139:443 | jadserve.postrelease.com | tcp |
| US | 18.239.208.41:443 | api-2-0.spot.im | tcp |
| US | 3.228.105.225:443 | cs-server-s2s.yellowblue.io | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| US | 8.8.8.8:53 | cs.admanmedia.com | udp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 18.239.208.83:443 | public.servenobid.com | tcp |
| US | 80.77.87.166:443 | cs.admanmedia.com | tcp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| US | 35.244.174.68:443 | id.rlcdn.com | tcp |
| US | 8.8.8.8:53 | bttrack.com | udp |
| US | 192.132.33.67:443 | bttrack.com | tcp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| FR | 178.32.210.231:443 | ssbsync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | 9.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.73.48.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.67.51.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.105.228.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.87.77.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.174.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.33.132.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ce.lijit.com | udp |
| US | 8.8.8.8:53 | p.rfihub.com | udp |
| US | 8.8.8.8:53 | sync.go.sonobi.com | udp |
| US | 8.8.8.8:53 | ssp.disqus.com | udp |
| US | 23.220.112.27:443 | hbx.media.net | udp |
| US | 8.8.8.8:53 | ads.servenobid.com | udp |
| IE | 18.200.58.164:443 | ce.lijit.com | tcp |
| US | 69.166.1.35:443 | sync.go.sonobi.com | tcp |
| US | 172.64.145.29:443 | cdn.dxkulture.com | tcp |
| US | 52.45.36.42:443 | ssp.disqus.com | tcp |
| IE | 54.194.237.178:443 | ads.servenobid.com | tcp |
| NL | 193.0.160.131:443 | p.rfihub.com | tcp |
| IE | 54.194.237.178:443 | ads.servenobid.com | tcp |
| US | 8.8.8.8:53 | us-u.openx.net | udp |
| US | 8.8.8.8:53 | sync.ipredictive.com | udp |
| US | 8.8.8.8:53 | match.deepintent.com | udp |
| US | 8.8.8.8:53 | i.liadm.com | udp |
| US | 8.8.8.8:53 | ad.turn.com | udp |
| US | 8.8.8.8:53 | dsum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| NL | 35.214.197.130:443 | csync.loopme.me | tcp |
| US | 8.8.8.8:53 | s.company-target.com | udp |
| IE | 54.194.237.178:443 | ads.servenobid.com | tcp |
| US | 8.8.8.8:53 | cm.adgrx.com | udp |
| US | 8.8.8.8:53 | euexchangesync.digitaleast.mobi | udp |
| US | 54.162.112.116:443 | sync.ipredictive.com | tcp |
| US | 38.91.45.7:443 | match.deepintent.com | tcp |
| US | 52.54.191.93:443 | i.liadm.com | tcp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| US | 52.46.143.56:443 | s.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | c1.adform.net | udp |
| US | 34.96.71.22:443 | s.company-target.com | tcp |
| US | 34.95.81.168:443 | euexchangesync.digitaleast.mobi | tcp |
| IE | 54.217.19.5:443 | cm.adgrx.com | tcp |
| US | 8.8.8.8:53 | usersync.gumgum.com | udp |
| IE | 52.210.15.1:443 | usersync.gumgum.com | tcp |
| US | 8.8.8.8:53 | tg.socdm.com | udp |
| JP | 124.146.153.161:443 | tg.socdm.com | tcp |
| US | 8.8.8.8:53 | u.ipw.metadsp.co.uk | udp |
| US | 8.8.8.8:53 | rtb.gumgum.com | udp |
| IE | 52.210.15.1:443 | usersync.gumgum.com | tcp |
| IE | 52.210.15.1:443 | usersync.gumgum.com | tcp |
| IE | 52.210.15.1:443 | usersync.gumgum.com | tcp |
| IE | 52.210.15.1:443 | usersync.gumgum.com | tcp |
| NL | 35.214.132.90:443 | u.ipw.metadsp.co.uk | tcp |
| IE | 63.34.90.152:443 | rtb.gumgum.com | tcp |
| US | 8.8.8.8:53 | eexsync.com | udp |
| US | 45.55.126.71:443 | ads.dxkulture.com | tcp |
| US | 80.77.87.108:443 | eexsync.com | tcp |
| US | 8.8.8.8:53 | sync.targeting.unrulymedia.com | udp |
| JP | 124.146.153.161:443 | tg.socdm.com | tcp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| US | 8.8.8.8:53 | 231.210.32.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.145.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.58.200.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.237.194.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.160.0.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.1.166.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.36.45.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.164.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.71.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.81.95.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.19.217.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.112.162.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.45.91.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.191.54.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.143.46.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.15.210.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.132.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.90.34.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | eu5.easyupload.io | udp |
| US | 8.8.8.8:53 | 108.87.77.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.126.55.45.in-addr.arpa | udp |
| US | 45.55.126.71:443 | ads.dxkulture.com | tcp |
| US | 45.55.126.71:443 | ads.dxkulture.com | tcp |
| US | 8.8.8.8:53 | idsync.rlcdn.com | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| NL | 185.89.210.90:443 | secure.adnxs.com | tcp |
| NL | 178.250.1.8:443 | grid.bidswitch.net | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| NL | 213.19.162.21:443 | fastlane.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | ghb1.adtelligent.com | udp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| US | 23.227.151.242:443 | ghb1.adtelligent.com | tcp |
| US | 8.8.8.8:53 | 24.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.151.227.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | adsdk.microsoft.com | udp |
| US | 8.8.8.8:53 | cdn.adnxs.com | udp |
| US | 13.107.246.64:443 | adsdk.microsoft.com | tcp |
| US | 23.53.112.216:443 | cdn.adnxs.com | tcp |
| US | 8.8.8.8:53 | ams3-ib.adnxs.com | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| US | 8.8.8.8:53 | cms.quantserve.com | udp |
| US | 8.8.8.8:53 | cs.chocolateplatform.com | udp |
| US | 8.8.8.8:53 | sync.teads.tv | udp |
| DE | 37.252.171.21:443 | secure.adnxs.com | tcp |
| US | 159.203.145.121:443 | cs.chocolateplatform.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | udp |
| NL | 72.246.173.80:443 | sync.teads.tv | tcp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.112.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.173.246.72.in-addr.arpa | udp |
| US | 159.203.145.121:443 | cs.chocolateplatform.com | tcp |
| US | 8.8.8.8:53 | 121.145.203.159.in-addr.arpa | udp |
| N/A | 192.168.1.226:4782 | tcp | |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 192.178.49.163:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 192.178.49.163:443 | beacons.gcp.gvt2.com | tcp |
| BE | 64.233.166.157:443 | stats.g.doubleclick.net | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| BE | 64.233.166.157:443 | stats.g.doubleclick.net | tcp |
| BE | 64.233.166.157:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.46:443 | apis.google.com | tcp |
| GB | 142.250.200.46:443 | apis.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 192.178.49.163:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 142.250.187.234:443 | content-autofill.googleapis.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| N/A | 192.168.1.226:4782 | tcp | |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 52.111.227.14:443 | tcp | |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| N/A | 192.168.1.226:4782 | tcp |
Files
\??\pipe\crashpad_3876_XYRLXIOTWCONBXQE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | f8aa2440bfe79d992b0f60220cd49ced |
| SHA1 | 9b0fa98bd3354c5596a154485fc2225e1223c19d |
| SHA256 | a1c48f34b53ad2ec50a8a0766f33becc2db9b68b0f0d7be3f23b800cb2a9dd45 |
| SHA512 | 5001299f1c9d1bcacf77b65a4de2cd8e72f5225da192b53d84d24472ea055fad86df5934a8fe237ef299bc8d7e9c3d8ac3277c9c9a3182b2141b504ae485082c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a7286daa4736fe3a0f3832d330dc743c |
| SHA1 | 9296356f692aa9bb77e88d0daf72cfadf370f26e |
| SHA256 | b20e6aba4dc2aba2d1a11a5c63234802fe08f89ae565e4c319e13009cd3afc20 |
| SHA512 | d881260dd5850c0f5a020d63d40608e45466d69b698ab1d58ba18d49ad29eaeee62d0bf90c961d920cfd73829bdd0208539a2aef9903337e0d258106c85ee085 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d4a9cfdc7dccd16469e56745f5d19b5f |
| SHA1 | 2fb78146d78c991941c3e536a1b68af943a15016 |
| SHA256 | 0b9906de076030e564a6e471f7a833020240d4ef303528990e2fc5b848b6e73d |
| SHA512 | 245f3d1da6f9fe5f681240358e6ea4122daaad760abef86958f8590b9378d4bfbc6c2faab75adfa33e9f7a648f976a8b4258f846f445b43fb96f0bec813bc38c |
C:\Users\Admin\Downloads\RyansProject.rar.crdownload
| MD5 | 44d6e8a53cff50cc3363e729ce3ecb04 |
| SHA1 | c9b66072ab2179194baee927b4ab04d43d64ddf5 |
| SHA256 | 17f1c062b320bd3c8b938a07f9518affaf837fc253fe20c624187faa114938ae |
| SHA512 | a93a888e5438c9a1d7453874da93d6aa860fd92be616d4a349870f025c3c79ab3ed24403f635d3e1496799930ac08c9c1f58cf0580720a70bbf43c2aaad11189 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4b70f44abd30c268b3854351b8873a81 |
| SHA1 | ce6d96bb0fa7d83ca6c2b41c8aea0833e0b01e57 |
| SHA256 | d5db848cfe74a90465e1f2afb56206d55d7b597463b64ea6b6dfa71e5b998539 |
| SHA512 | 7d2e60bd248b03aa4e2eb6fcb181ed6d4dc560878aeb2769e339941e3bf2e716191df3458057a183f037ff8022d3c29244ae08d09ca8658946b6f82eb1b24658 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | cc764f1cfc960924912263aa818d502f |
| SHA1 | 982c077bf32080a8254e832d3a1d78468e0d7d1b |
| SHA256 | e27d21e22a49f723ae43ab90ab6230b349d7564bfb1a4d6877879f8e2f73bf9b |
| SHA512 | 5562433d0e4d9e3ac13e0c7b15ecbe8d2aebba1dbd975c2f8ba447f7687762c15d26836408d7a9fa840ee7bc75b3ed39a48f377919587022a73eeef0369d83aa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | de14cfb351687c0ae0183021724809d2 |
| SHA1 | 77bcb04a01b68fe00748936c575484fcb3ca8323 |
| SHA256 | 712a40ec6ad5da6d51a16f9445a9e8d6748192611ddff25cc30499c26fd57ced |
| SHA512 | 1699287a290e4aeb28178afae3450a28c2aa693f8b19a5452bebceaf9a71d8addb219d5f2b8f5d329e9d92e004fabf868ec0f8484451bef12cfe2236f1ab7d09 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 8c03c13632b1af6bf07325516db44903 |
| SHA1 | 2b208c13444ebeae43a35db8b083d193b08bba5d |
| SHA256 | 2e2b0669d7bb1f94e6d2c6ab344e22f40b857c544ac17273914299308741049d |
| SHA512 | 0136b7eceba95c35a915b92a2eb9ebd1fb9842cb5a10ef7d2c29db99037934e3cd6f8d46ed0e698f9752c61d503fd224e0438149195fbe8d8a062889b461c392 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57ddcd.TMP
| MD5 | 08013f933d042c2e654f4f7d2ea2420a |
| SHA1 | cde6f69a0b77a3c0f3392daa16971cd48b7821d2 |
| SHA256 | 3885d0395a532ddbec2146c7496fde9e22e49a7ed086d63da0f6f13f7c841551 |
| SHA512 | c605b477d3295cadc2fcd8dfdf2a1621c5b70a182f1fbb4fd5e7f658f8e597c0b2ff73c45065a590f85e5ecf104b5a14cbc65142444cb6fbfd76e3ddf460bd6c |
C:\Users\Admin\Downloads\RyansProject.exe
| MD5 | 20edba711349a03803c2f96bbbe18b39 |
| SHA1 | 675607f2c3510c35ea0784c1051e3a96c3b44416 |
| SHA256 | 8e3077a2601f2727d79389b445d9e90336a0055c0f5a7ce330cbd4006876f1f9 |
| SHA512 | 85130c87a19dc29bb6b6c26aea68f7173bf0df69c2a4b80e90bc2e14c19acdb1457f680e69d75c916fe7d546c470da5bb38b970843b33feda74847f5a675ee4e |
memory/6892-331-0x00000000009A0000-0x0000000000CC4000-memory.dmp
memory/6892-332-0x00007FF93FE70000-0x00007FF940931000-memory.dmp
memory/6892-333-0x000000001B9C0000-0x000000001B9D0000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c37c2c3e85d7e794e6591216a98dc83b |
| SHA1 | 54160ba732e9f391b71550791997cae2d25c0fa9 |
| SHA256 | 70db338c3fef0b90c509bdefcde502dee65b4f30000f6196fa694ab2deda6a5b |
| SHA512 | 7388fd498479cd149dcef41b217b1091ec514b3da6b0959840f92dde19fafb745a629078260fb0d3026434c133775f59ac82faded1e21b903d3392092ac99c87 |
memory/7504-349-0x00007FF93FE70000-0x00007FF940931000-memory.dmp
memory/6892-350-0x00007FF93FE70000-0x00007FF940931000-memory.dmp
memory/7504-351-0x000000001B8B0000-0x000000001B8C0000-memory.dmp
memory/7504-352-0x000000001B860000-0x000000001B8B0000-memory.dmp
memory/7504-353-0x000000001C170000-0x000000001C222000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 29eab28c08ecf616fcf6b6201918f07e |
| SHA1 | 8c0c0489b70b346e53b6fc816ff001cceff5c0d8 |
| SHA256 | c0ea4a9a99ca90cf76fb075aadc85291d250eb4ac42aae8d0f1b011a6c6ce4ae |
| SHA512 | a2d407e8f973c38262eb0a00eff784f27e360316afd4a251dd90a3bfa81ec599a04e932255f92d8bc55fa8a5fc6b5c76c8b1e4d7352098f0139248fa480c630b |
memory/7504-373-0x000000001C960000-0x000000001CE88000-memory.dmp
memory/7504-384-0x00007FF93FE70000-0x00007FF940931000-memory.dmp
memory/7504-424-0x000000001B8B0000-0x000000001B8C0000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 11f88c9ecb2c898ef348ad18c2c44246 |
| SHA1 | c44e8570ee87a700c6b7e9b2ad560907b2d44228 |
| SHA256 | 93870f66f59af1743df030d0a5d156456444c1c045bb2e73670f30ca130db68a |
| SHA512 | ec7bbcbd0397ec4bceb62c4e5fd308bf8bc31ec3c4afd590a072332d54f8a9369512ac329526fc5915e69c638e3b913f28a22c70d91a52b45b7eb806bd3c5c79 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 917e27520ce9076378d4ecfab9e2d7db |
| SHA1 | e78dc2b58ca579269f1b74cb9cb770cf19bc4dbc |
| SHA256 | fce3055a6fe74b6f25c6e4adb06e980ccb7a190442aa6ff2818b9a946f35730d |
| SHA512 | 2831d979a80fa232403b0ae0f16d92b2e2626e65ead446f271bc28c91bfb652297705e6cde47e3c7f23ec9440a4c9ceb4f067fd867fb74580a17fa363b8ab91c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | ea77c486ad630e92a3160dadf3d91f9b |
| SHA1 | b80f9a6811d2e4fd6c4debf55f056b2088d158d3 |
| SHA256 | 16cbd78c6f826b2d86f64698c0e4512ff9076ca2169cd653bd460cca518db9ed |
| SHA512 | 8533f2e0dc107d9bc258f903b8c842e58699d00f1b7c77aedd4f727f33306bb5e24ec2304e313f4363d8f4a53dacd16f34116091151676a38a031cbc5f44dd56 |
memory/7192-458-0x000001B6056B0000-0x000001B6056B1000-memory.dmp
memory/7192-459-0x000001B6056B0000-0x000001B6056B1000-memory.dmp
memory/7192-460-0x000001B6056B0000-0x000001B6056B1000-memory.dmp
memory/7192-464-0x000001B6056B0000-0x000001B6056B1000-memory.dmp
memory/7192-465-0x000001B6056B0000-0x000001B6056B1000-memory.dmp
memory/7192-466-0x000001B6056B0000-0x000001B6056B1000-memory.dmp
memory/7192-467-0x000001B6056B0000-0x000001B6056B1000-memory.dmp
memory/7192-468-0x000001B6056B0000-0x000001B6056B1000-memory.dmp
memory/7192-469-0x000001B6056B0000-0x000001B6056B1000-memory.dmp
memory/7192-470-0x000001B6056B0000-0x000001B6056B1000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 575950233722153f56167d98ad959144 |
| SHA1 | 917947a4c96a09076deccca299fc334a6dce0f9d |
| SHA256 | f6034726bfbf814d6e0f01628f8094d44d7d62576fd1b39bcf6696b6e79eecc5 |
| SHA512 | 2502bdefde351a3489bb1a8719149b84b7f610f5448d97d487aeff390518eac00f293bab8245a3cfb500dbb6615a1aef95ef1b83e4e341a7d80e526f613c4f3a |