Analysis Overview
SHA256
5cbfcf9de7d0115c7df4b418225cdebc1e543532989eaaa794bc74647528abfa
Threat Level: Known bad
The file o91 was found to be: Known bad.
Malicious Activity Summary
RedLine
RedLine payload
Executes dropped EXE
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
Suspicious use of SetThreadContext
Drops file in Windows directory
Suspicious use of AdjustPrivilegeToken
Modifies data under HKEY_USERS
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-21 12:54
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-21 12:54
Reported
2024-05-21 12:57
Platform
win10-20240404-en
Max time kernel
135s
Max time network
137s
Command Line
Signatures
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\Hack\Setup .exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Hack\Setup .exe | N/A |
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 6628 set thread context of 6548 | N/A | C:\Users\Admin\Desktop\Hack\Setup .exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| PID 4556 set thread context of 6012 | N/A | C:\Users\Admin\Desktop\Hack\Setup .exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rescache\_merged\4272278488\2581520266.pri | C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe | N/A |
| File created | C:\Windows\rescache\_merged\4272278488\2581520266.pri | C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133607696916124973" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\o91.html
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffe7cc49758,0x7ffe7cc49768,0x7ffe7cc49778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1516 --field-trial-handle=1752,i,17506851215809747465,18180961454375825362,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1996 --field-trial-handle=1752,i,17506851215809747465,18180961454375825362,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2040 --field-trial-handle=1752,i,17506851215809747465,18180961454375825362,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3036 --field-trial-handle=1752,i,17506851215809747465,18180961454375825362,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3080 --field-trial-handle=1752,i,17506851215809747465,18180961454375825362,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4396 --field-trial-handle=1752,i,17506851215809747465,18180961454375825362,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4624 --field-trial-handle=1752,i,17506851215809747465,18180961454375825362,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4748 --field-trial-handle=1752,i,17506851215809747465,18180961454375825362,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3888 --field-trial-handle=1752,i,17506851215809747465,18180961454375825362,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4916 --field-trial-handle=1752,i,17506851215809747465,18180961454375825362,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=6004 --field-trial-handle=1752,i,17506851215809747465,18180961454375825362,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=6096 --field-trial-handle=1752,i,17506851215809747465,18180961454375825362,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=6104 --field-trial-handle=1752,i,17506851215809747465,18180961454375825362,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5716 --field-trial-handle=1752,i,17506851215809747465,18180961454375825362,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5644 --field-trial-handle=1752,i,17506851215809747465,18180961454375825362,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5632 --field-trial-handle=1752,i,17506851215809747465,18180961454375825362,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6248 --field-trial-handle=1752,i,17506851215809747465,18180961454375825362,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6632 --field-trial-handle=1752,i,17506851215809747465,18180961454375825362,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6832 --field-trial-handle=1752,i,17506851215809747465,18180961454375825362,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6944 --field-trial-handle=1752,i,17506851215809747465,18180961454375825362,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6980 --field-trial-handle=1752,i,17506851215809747465,18180961454375825362,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=7012 --field-trial-handle=1752,i,17506851215809747465,18180961454375825362,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=7148 --field-trial-handle=1752,i,17506851215809747465,18180961454375825362,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=7220 --field-trial-handle=1752,i,17506851215809747465,18180961454375825362,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4524 --field-trial-handle=1752,i,17506851215809747465,18180961454375825362,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=7596 --field-trial-handle=1752,i,17506851215809747465,18180961454375825362,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=7804 --field-trial-handle=1752,i,17506851215809747465,18180961454375825362,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=8020 --field-trial-handle=1752,i,17506851215809747465,18180961454375825362,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=8012 --field-trial-handle=1752,i,17506851215809747465,18180961454375825362,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5544 --field-trial-handle=1752,i,17506851215809747465,18180961454375825362,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=8464 --field-trial-handle=1752,i,17506851215809747465,18180961454375825362,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=5660 --field-trial-handle=1752,i,17506851215809747465,18180961454375825362,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=8692 --field-trial-handle=1752,i,17506851215809747465,18180961454375825362,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=8844 --field-trial-handle=1752,i,17506851215809747465,18180961454375825362,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=8988 --field-trial-handle=1752,i,17506851215809747465,18180961454375825362,131072 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\Hack\" -ad -an -ai#7zMap18817:66:7zEvent27928
C:\Users\Admin\Desktop\Hack\Setup .exe
"C:\Users\Admin\Desktop\Hack\Setup .exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Desktop\Hack\Setup .exe
"C:\Users\Admin\Desktop\Hack\Setup .exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
"C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe" -ServerName:SecHealthUI.AppXep4x2tbtjws1v9qqs0rmb3hxykvkpqtn.mca
C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
"C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe" -ServerName:SecHealthUI.AppXep4x2tbtjws1v9qqs0rmb3hxykvkpqtn.mca
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | sites.google.com | udp |
| GB | 142.250.179.238:443 | sites.google.com | tcp |
| GB | 142.250.179.238:443 | sites.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.0.0.0.0.0.0.6.0.0.0.0.0.0.0.1.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.180.10:443 | content-autofill.googleapis.com | tcp |
| GB | 142.250.179.238:443 | sites.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 104.16.113.74:443 | www.mediafire.com | tcp |
| US | 104.16.113.74:443 | www.mediafire.com | tcp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 216.58.212.234:443 | ajax.googleapis.com | tcp |
| US | 104.16.114.74:443 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| GB | 18.154.84.124:443 | cdn.amplitude.com | tcp |
| US | 8.8.8.8:53 | 74.113.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.114.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.84.154.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| GB | 142.250.187.238:443 | translate.google.com | tcp |
| GB | 142.250.180.10:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 54.148.107.27:443 | api.amplitude.com | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 8.8.8.8:53 | 43.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.107.148.54.in-addr.arpa | udp |
| GB | 142.250.187.234:443 | translate.googleapis.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| BE | 74.125.133.154:443 | stats.g.doubleclick.net | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 142.250.200.3:443 | www.google.co.uk | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 234.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.133.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| GB | 142.250.187.234:443 | translate-pa.googleapis.com | udp |
| GB | 216.58.212.234:443 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | www.ezojs.com | udp |
| US | 172.67.199.186:443 | the.gatekeeperconsent.com | tcp |
| US | 104.21.63.106:443 | www.ezojs.com | tcp |
| GB | 142.250.187.238:443 | translate.google.com | udp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.21.42.32:443 | privacy.gatekeeperconsent.com | tcp |
| US | 8.8.8.8:53 | cdn.otnolatrnup.com | udp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| US | 104.16.52.110:443 | cdn.otnolatrnup.com | tcp |
| FR | 13.39.145.251:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | go.ezodn.com | udp |
| US | 104.21.42.32:443 | privacy.gatekeeperconsent.com | udp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | www.mediafiredls.com | udp |
| US | 188.114.96.2:443 | go.ezodn.com | tcp |
| US | 188.114.96.2:443 | go.ezodn.com | tcp |
| US | 188.114.96.2:443 | go.ezodn.com | tcp |
| US | 104.26.3.173:443 | www.mediafiredls.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | g.ezodn.com | udp |
| US | 188.114.96.2:443 | g.ezodn.com | tcp |
| US | 188.114.96.2:443 | g.ezodn.com | tcp |
| US | 188.114.96.2:443 | g.ezodn.com | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 2.18.190.80:80 | apps.identrust.com | tcp |
| US | 188.114.96.2:443 | g.ezodn.com | tcp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | 186.199.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.63.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.42.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.79.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.52.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.145.39.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.3.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.96.114.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 188.114.96.2:443 | g.ezodn.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | bshr.ezodn.com | udp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | tcp |
| US | 172.67.142.121:443 | bshr.ezodn.com | tcp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| GB | 18.245.143.118:443 | tags.crwdcntrl.net | tcp |
| IE | 18.203.86.130:443 | bcp.crwdcntrl.net | tcp |
| IE | 18.202.122.123:443 | bcp.crwdcntrl.net | tcp |
| US | 172.67.142.121:443 | bshr.ezodn.com | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.142.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.143.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.86.203.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.122.202.18.in-addr.arpa | udp |
| GB | 142.250.187.234:443 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | script.4dex.io | udp |
| US | 8.8.8.8:53 | ghb.adtelligent.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| US | 8.8.8.8:53 | bidder.criteo.com | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | prebid.smilewanted.com | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| FR | 13.39.145.251:443 | g.ezoic.net | tcp |
| US | 172.67.75.241:443 | script.4dex.io | tcp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| DE | 142.132.249.188:443 | ghb.adtelligent.com | tcp |
| GB | 108.138.217.61:443 | hb.yellowblue.io | tcp |
| US | 172.64.151.101:443 | htlb.casalemedia.com | tcp |
| FR | 185.255.84.150:443 | hb-api.omnitagjs.com | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| US | 8.8.8.8:53 | cdn.prod.uidapi.com | udp |
| DE | 51.38.120.206:443 | onetag-sys.com | tcp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| IE | 34.240.192.124:443 | ap.lijit.com | tcp |
| US | 104.22.30.209:443 | prebid.smilewanted.com | tcp |
| US | 104.22.30.209:443 | prebid.smilewanted.com | tcp |
| US | 104.22.30.209:443 | prebid.smilewanted.com | tcp |
| US | 104.22.30.209:443 | prebid.smilewanted.com | tcp |
| US | 104.22.30.209:443 | prebid.smilewanted.com | tcp |
| NL | 145.40.97.67:443 | prebid.a-mo.net | tcp |
| US | 8.8.8.8:53 | 3379acb9fb126c2d05e5a0749e0d4931.safeframe.googlesyndication.com | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| US | 172.67.38.106:443 | cdn.id5-sync.com | tcp |
| GB | 18.245.254.89:443 | cdn.prod.uidapi.com | tcp |
| US | 172.64.152.89:443 | cdn-ima.33across.com | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| GB | 172.217.169.65:443 | 3379acb9fb126c2d05e5a0749e0d4931.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 172.67.75.241:443 | script.4dex.io | tcp |
| US | 8.8.8.8:53 | cadmus.script.ac | udp |
| US | 8.8.8.8:53 | oajs.openx.net | udp |
| US | 8.8.8.8:53 | ghb1.adtelligent.com | udp |
| US | 172.64.151.101:443 | htlb.casalemedia.com | udp |
| DE | 51.38.120.206:443 | onetag-sys.com | udp |
| NL | 145.40.97.67:443 | prebid.a-mo.net | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 104.18.22.145:443 | cadmus.script.ac | tcp |
| US | 34.120.107.143:443 | oajs.openx.net | tcp |
| GB | 185.239.172.170:443 | ghb1.adtelligent.com | tcp |
| DE | 162.19.138.82:443 | id5-sync.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 34.120.107.143:443 | oajs.openx.net | udp |
| US | 8.8.8.8:53 | adsdk.microsoft.com | udp |
| US | 8.8.8.8:53 | cdn.adnxs.com | udp |
| US | 8.8.8.8:53 | 241.75.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.217.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.151.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.249.132.142.in-addr.arpa | udp |
| US | 151.101.1.108:443 | cdn.adnxs.com | tcp |
| US | 13.107.253.64:443 | adsdk.microsoft.com | tcp |
| US | 8.8.8.8:53 | 209.30.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.192.240.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.120.38.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.97.40.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.146.102.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.38.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.70.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.152.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.254.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.22.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.107.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.172.239.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| US | 35.244.159.8:443 | google-bidout-d.openx.net | tcp |
| US | 8.8.8.8:53 | ams3-ib.adnxs.com | udp |
| NL | 23.62.61.113:443 | www.bing.com | tcp |
| NL | 23.62.61.113:443 | www.bing.com | tcp |
| NL | 185.89.210.20:443 | ams3-ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 104.16.52.110:443 | otnolatrnup.com | udp |
| NL | 23.62.61.113:443 | www.bing.com | udp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | download2288.mediafire.com | udp |
| US | 199.91.155.29:443 | download2288.mediafire.com | tcp |
| US | 199.91.155.29:443 | download2288.mediafire.com | tcp |
| US | 8.8.8.8:53 | 108.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.253.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.159.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.155.91.199.in-addr.arpa | udp |
| US | 104.16.52.110:80 | otnolatrnup.com | tcp |
| US | 104.16.52.110:80 | otnolatrnup.com | tcp |
| US | 8.8.8.8:53 | woreppercomming.com | udp |
| GB | 18.165.227.80:443 | woreppercomming.com | tcp |
| US | 8.8.8.8:53 | www.ovardu.com | udp |
| US | 104.21.96.72:443 | www.ovardu.com | tcp |
| US | 8.8.8.8:53 | www.opera.com | udp |
| DE | 18.156.141.44:443 | www.opera.com | tcp |
| US | 8.8.8.8:53 | 80.227.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.96.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.141.156.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | id.a-mx.com | udp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| US | 8.8.8.8:53 | id.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | csync.smilewanted.com | udp |
| US | 8.8.8.8:53 | cm.adform.net | udp |
| NL | 79.127.227.46:443 | id.a-mx.com | tcp |
| US | 172.67.23.234:443 | id.hadron.ad.gt | tcp |
| DE | 3.71.149.231:443 | ups.analytics.yahoo.com | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 8.8.8.8:53 | hbx.media.net | udp |
| DK | 37.157.5.132:443 | cm.adform.net | tcp |
| SE | 23.32.84.24:443 | hbx.media.net | tcp |
| US | 8.8.8.8:53 | js-sec.indexww.com | udp |
| US | 172.64.149.180:443 | js-sec.indexww.com | tcp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| SE | 104.73.92.198:443 | ads.pubmatic.com | tcp |
| US | 8.8.8.8:53 | cdn-production-opera-website.operacdn.com | udp |
| US | 8.8.8.8:53 | www.googleoptimize.com | udp |
| BE | 104.68.66.120:443 | cdn-production-opera-website.operacdn.com | tcp |
| BE | 104.68.66.120:443 | cdn-production-opera-website.operacdn.com | tcp |
| BE | 104.68.66.120:443 | cdn-production-opera-website.operacdn.com | tcp |
| BE | 104.68.66.120:443 | cdn-production-opera-website.operacdn.com | tcp |
| BE | 104.68.66.120:443 | cdn-production-opera-website.operacdn.com | tcp |
| BE | 104.68.66.120:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 172.217.16.238:443 | www.googleoptimize.com | tcp |
| US | 8.8.8.8:53 | ce.lijit.com | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| IE | 54.72.69.177:443 | ce.lijit.com | tcp |
| US | 8.8.8.8:53 | sync.adtelligent.com | udp |
| US | 8.8.8.8:53 | c3.a-mo.net | udp |
| FR | 185.255.84.152:443 | visitor.omnitagjs.com | tcp |
| NL | 79.127.227.46:443 | c3.a-mo.net | tcp |
| GB | 185.83.71.234:443 | sync.adtelligent.com | tcp |
| BE | 104.68.66.120:443 | cdn-production-opera-website.operacdn.com | tcp |
| US | 8.8.8.8:53 | www-static.operacdn.com | udp |
| US | 8.8.8.8:53 | 46.227.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.23.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.40.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.149.71.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.5.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.84.32.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.92.73.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.66.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.69.72.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.71.83.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rtb.mfadsrvr.com | udp |
| US | 8.8.8.8:53 | sync.mathtag.com | udp |
| US | 8.8.8.8:53 | pixel-eu.rubiconproject.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | ads.stickyadstv.com | udp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| US | 8.8.8.8:53 | cs.admanmedia.com | udp |
| US | 8.8.8.8:53 | t.adx.opera.com | udp |
| US | 8.8.8.8:53 | ssbsync-global.smartadserver.com | udp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| US | 216.200.232.249:443 | sync.mathtag.com | tcp |
| DE | 37.252.171.52:443 | ib.adnxs.com | tcp |
| DE | 37.252.171.52:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | um.simpli.fi | udp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| DE | 18.157.153.25:443 | rtb.mfadsrvr.com | tcp |
| FR | 154.54.250.81:443 | ads.stickyadstv.com | tcp |
| IE | 34.240.216.83:443 | match.prod.bidr.io | tcp |
| IE | 34.240.216.83:443 | match.prod.bidr.io | tcp |
| GB | 185.64.190.79:443 | image8.pubmatic.com | tcp |
| DE | 91.228.74.166:443 | cms.quantserve.com | tcp |
| FR | 149.202.238.101:443 | ssbsync-global.smartadserver.com | tcp |
| US | 8.8.8.8:53 | bh.contextweb.com | udp |
| US | 8.8.8.8:53 | s.ad.smaato.net | udp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | data.adsrvr.org | udp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | aorta.clickagy.com | udp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| US | 8.8.8.8:53 | dis.criteo.com | udp |
| US | 80.77.87.161:443 | cs.admanmedia.com | tcp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| GB | 108.156.39.69:443 | s.ad.smaato.net | tcp |
| US | 34.198.38.143:443 | aorta.clickagy.com | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| NL | 34.91.62.186:443 | um.simpli.fi | tcp |
| GB | 108.156.39.69:443 | s.ad.smaato.net | tcp |
| US | 34.198.38.143:443 | aorta.clickagy.com | tcp |
| NL | 34.91.62.186:443 | um.simpli.fi | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| US | 8.8.8.8:53 | creativecdn.com | udp |
| US | 8.8.8.8:53 | api-2-0.spot.im | udp |
| US | 8.8.8.8:53 | b1sync.zemanta.com | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | us-u.openx.net | udp |
| US | 8.8.8.8:53 | player.aniview.com | udp |
| US | 8.8.8.8:53 | secure-assets.rubiconproject.com | udp |
| US | 8.8.8.8:53 | gum.aidemsrv.com | udp |
| US | 8.8.8.8:53 | ssc-cms.33across.com | udp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | spl.zeotap.com | udp |
| US | 8.8.8.8:53 | sync.serverbid.com | udp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| US | 67.202.105.24:443 | ssc-cms.33across.com | tcp |
| US | 52.46.155.104:443 | s.amazon-adsystem.com | tcp |
| NL | 104.109.143.30:443 | player.aniview.com | tcp |
| US | 104.17.43.93:443 | gum.aidemsrv.com | tcp |
| BE | 104.68.78.171:443 | secure-assets.rubiconproject.com | tcp |
| GB | 18.164.68.59:443 | api-2-0.spot.im | tcp |
| DE | 162.19.138.118:443 | lb.eu-1-id5-sync.com | tcp |
| US | 50.31.142.31:443 | b1sync.zemanta.com | tcp |
| US | 50.31.142.31:443 | b1sync.zemanta.com | tcp |
| US | 104.22.50.98:443 | spl.zeotap.com | tcp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| GB | 143.204.194.105:443 | sync.serverbid.com | tcp |
| US | 8.8.8.8:53 | cs.krushmedia.com | udp |
| US | 8.2.110.134:443 | cs.krushmedia.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 8.8.8.8:53 | 52.171.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.232.200.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.250.54.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.213.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.216.240.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.153.157.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.74.228.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.87.77.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.238.202.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.62.91.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.169.93.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.38.198.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.43.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.8.184.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.68.164.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.78.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.194.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.143.109.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.50.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.155.46.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.105.202.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.142.31.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.110.2.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.149.214.35.in-addr.arpa | udp |
| RU | 147.45.47.64:11837 | tcp | |
| US | 8.8.8.8:53 | 64.47.45.147.in-addr.arpa | udp |
| RU | 147.45.47.64:11837 | tcp | |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | watson.telemetry.microsoft.com | udp |
| US | 20.42.73.29:443 | watson.telemetry.microsoft.com | tcp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.73.42.20.in-addr.arpa | udp |
| US | 20.42.73.29:443 | watson.telemetry.microsoft.com | tcp |
| US | 8.8.8.8:53 | 28.73.42.20.in-addr.arpa | udp |
Files
\??\pipe\crashpad_2544_KKGCVMUBXYUOKQRA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b338cd41d8e095aa86ccab69fa0b5744 |
| SHA1 | a0f4179913dd26100bc03fcc17d2faa77d3766c7 |
| SHA256 | 3905aeb18ad1553422bd470f6a098cf705c5833687b5ed700700c3726887a7c3 |
| SHA512 | 1bc04e98b8f2af24515a82074d2a4ce66a37ea1e0a3f65478c0710e50eead94576cda64a5129e4575d298a287c75ff251ed32410e5fb781a86941f2382ca6629 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c695e221ac26c70be0010b114bfd993a |
| SHA1 | c7bd3a00ac042132d57015818a08fdc832859ab3 |
| SHA256 | ee74789dbbbcbdc1b1552fbeee1daccb98374bffcca9b5a0a8d42b35370e8cf0 |
| SHA512 | 9751ec76bda0b0b4cc1c84feea75a83da10d4157733c4854d4367776de8b653bb034704059c7483c91ed528a4b934a141c8985ccfea54c7bd1238d5141d337a1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9980f616290ccc0ea54875c109ca853a |
| SHA1 | 15d226ca5415cc5d6708e82dab2eb7062ad6f083 |
| SHA256 | 425e0def9fce2effabf78899add2fd0e2280ca84c482569674be238bbb2639d1 |
| SHA512 | 36573c29f9d99405d1a042645f275552bd90db496f127e179545ace1e011350e86a8a5c339333761abc3ae1cbf635006cab2c1510fedcdafe47ad05b22982a57 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8318645ea5264055c52d420d9ca835c0 |
| SHA1 | 07a1ed02916d6d89925b27a66c1545a4544372d3 |
| SHA256 | 3b5e683dff10854bdd20c9f7c6f3dc5250fc12f0e48ef9431b03738cb922399f |
| SHA512 | e4645cbc44caa144ef8ecef61b908c481654abb72b46e23647a7352c83e4c70b14b761541199ad1866410b3fd987bf27635160d93009a0ca010cd099ee16e7f8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | cdc096427906e4dc10918c065b997f35 |
| SHA1 | 0f9cc03325890d399c3160427ef0376e40c1243c |
| SHA256 | d9b2221b12237380d840d60ac4ca6e9cf5dfb315848021820a6b96f0919e2c40 |
| SHA512 | 1dbb5f3ebb2ee59e5a8da0b46ffc6cda912675c06472ddb508e89d110e4e40f0a87e30986f5473447c81c6ac40c7ff7412eb14ac955aa42ab1ea5383974a1ce4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0eb4ef7c565868b09049a5a474b0cbbe |
| SHA1 | 224a4d5e264aa1b38f0342ae21dc766bd113aed1 |
| SHA256 | 3cb86717d56a59c5942840974959b936aadd63023d4b67bb29ec705f684785ad |
| SHA512 | 287905fbedba84d7db656d3f00df2ffc73568bc3f7158af5c2349c0fec2d477368c3079163c4cc1f6ff4af0dc9349d7384ed04413efa48fad63039b89efbcc7a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 8f3843a9da63a7c396a894b5865b2f67 |
| SHA1 | 2e7f9776d1ba8b15aea00d84eff977929ed70022 |
| SHA256 | 76841dc7ebcb954ee1442bff5ef2356159574207e77f9b74b5303d298980b26a |
| SHA512 | 06c417f3f8a5010105ced178e9d478c82253cc2ffb08135827ea8a5b905101b684d532d7f6cd776adce49200d4e719242bf44b88311c5d3f7ccdb6bbcba200ba |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 7a307917e81cdde6d5c5d01194ac2113 |
| SHA1 | ed9578214d75fe73758791fae26a958f9b4674bf |
| SHA256 | c2277e219882d77167c9721efa2ba3a922efebd3ab1d3c2ec234b8ebcf5ca6f7 |
| SHA512 | 9c4c69cb349026e84e095077be5021d6244f4897a220fcbfb000eeb0b08798ab5d1bae9ae74d2df0d371f4c037e2f039dbf0f6316f8665e710455f381a4d15c6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | da44ae4a53eea754c3ae7cfa0ed385b7 |
| SHA1 | 5819b0462e68053e5d93341dcd1fd219e62bc91f |
| SHA256 | e03315ca0219b3d5eda5effba5623591addbcf6ee8d78a82c60711185e481d66 |
| SHA512 | 5bdbdd1625385e8c4dd94aa6dfe8a75ec14e72474bc369c114cc0c5528f0c9522d4073266a402e97bc60b3f3de30d185f1f72a3e3ecd5a43b4b92c0b25ef748b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 46550bd9ece2eea37a41f1cd963d45d0 |
| SHA1 | de5cd27d48cbe3a38c833b37932869d9fb248985 |
| SHA256 | 1921c055e25ff32063c590e0b9ce806f2d0943a5c8b5dc4a1996b5dccee2f573 |
| SHA512 | 478439780203585818aab5cb1b0567778dad847df89915d61c007f27588ac365b174a38998db68250c220f3768b2e6a23d65539225602f6e53cd0f2553cbdbb7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 97c87e38b66e1ad37128fcba512165c1 |
| SHA1 | 814e6a845197ab3f13d87d3195137a2b2255b740 |
| SHA256 | 64f9f8a48864b15557d7a840387ec859664eec77e77bcf53e25ad3d65d5b9d0f |
| SHA512 | 981889661a742f043f6b0917882d7715d3b603734b6f0e2a24ba69da025a7816ce9fca37e25f3d07fe28161abeed5560eee48fed72d483002861a9e6aa556001 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c6faee296fd5f0f18726c94da877b324 |
| SHA1 | b370d09170117385fea770f2f89fc2fb9adb35d2 |
| SHA256 | 5b4254405be27b844fca5635a2cb16c08b8dc73e016a75c45b482052090254ca |
| SHA512 | b46762c3776bcb06d4ac2b700e8cb0cc834fece9d8c7a88f0892f4102f7982e40e94a1f550164b3959751313c6fd4386b0da3f3ac7131b9fae4c7f30db36ac63 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | 857186cb4b4a5a0d5421f181d8f577d4 |
| SHA1 | a7a94887f2806863491f7d3fd734db4190ea9250 |
| SHA256 | 45d9fe4f28ca5a72d146d3d06c4dedd9f819e6f71f613b9956acccfaaa73edc6 |
| SHA512 | 1a782038bbb9a2f67d83ba049f5bc7a103233cfdb0a37e9695b8728b0e64d0ec561a6b0b9f64d52ca788fa2405e573534d18e8db701f245152e27b50e9ab9e31 |
C:\Users\Admin\Desktop\Hack.rar
| MD5 | 64e66e5114e39923b1afe6165df5a07b |
| SHA1 | 112a498f6cc54fff930118284c9631c0029928e2 |
| SHA256 | c639e265b1383d4630e7b819739a4bd84d0dd6d0456ef06d95a8eaf4fcfee3d6 |
| SHA512 | e1fc44adddabd7bade70f009abde6d29a0fbb3cb73dfabe5641e63b35d6576ce66c692b399788d91711b9b384e083f6e8e792bdb1caafb5f4cb253d1f8ad4dd5 |
C:\Users\Admin\Desktop\Hack\Setup .exe
| MD5 | 83a5b3e0c7f2ab91c37910f1d75804e2 |
| SHA1 | 56e2e1d7c05c1859e9512b0dfc49d04d51e45bd6 |
| SHA256 | 957db06383fc02550341e62d2b37e08c1a359ebc6eb582d43d6e3e78f8dabf25 |
| SHA512 | bbcedc0a398da98a1997ce9746a05b91b5fd6283743544eb642d5d8e43c1e7e5c4317b77fe88674c6172f129ca07f52d6b054a08b3c6585804f76d9cc772fbaa |
memory/6628-581-0x00000000005B0000-0x00000000005B1000-memory.dmp
memory/6628-583-0x00000000005B0000-0x00000000005B1000-memory.dmp
memory/6548-582-0x0000000000400000-0x000000000044A000-memory.dmp
memory/6548-584-0x0000000005600000-0x0000000005AFE000-memory.dmp
memory/6548-585-0x0000000005100000-0x0000000005192000-memory.dmp
memory/6548-586-0x00000000050A0000-0x00000000050AA000-memory.dmp
memory/6548-587-0x0000000006590000-0x0000000006B96000-memory.dmp
memory/6548-588-0x0000000006120000-0x000000000622A000-memory.dmp
memory/6548-589-0x0000000006050000-0x0000000006062000-memory.dmp
memory/6548-590-0x00000000060B0000-0x00000000060EE000-memory.dmp
memory/6548-591-0x0000000006230000-0x000000000627B000-memory.dmp
memory/6548-592-0x00000000063C0000-0x0000000006426000-memory.dmp
memory/6548-593-0x0000000006D20000-0x0000000006D96000-memory.dmp
memory/6548-594-0x0000000006CB0000-0x0000000006CCE000-memory.dmp
memory/6548-596-0x0000000007CF0000-0x0000000007EB2000-memory.dmp
memory/6548-597-0x0000000008AB0000-0x0000000008FDC000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
| MD5 | 05eada32a30528d97aef5793fce4e856 |
| SHA1 | 67ab45779cfe2561528724f115769f877c34ec02 |
| SHA256 | bbb8bb0188b3cbcbd26b8c25f8d645582a320244643cc852c541a9b85d256fa2 |
| SHA512 | 5c3fd1eb9e63f87ee964c311b8122c4be06a152382207b60759ff7f5bffc374bab8caf22183f574da233abaad025c557fc302cf3e9db452a15f4f90298a3c137 |
memory/4556-602-0x0000000000660000-0x0000000000661000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RegAsm.exe.log
| MD5 | 7f38048a5b4bb647a43e93df970417c3 |
| SHA1 | f7022125ba74f50d0d4515ca0b47ccc88c2f47e1 |
| SHA256 | 81d8c4d06be3654f64a49a2effb3606bb48a37556f4db38a524033d9949915bc |
| SHA512 | 06adc7711a98548c94954546a4a547b2547d63d1f26351a58e17d38b73c02e54823daf99d9aae8311225c02bf9e2f40bbb903ff6707c3ddaa64b1caafbbe342f |
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.sechealthui_cw5n1h2txyewy\AC\Microsoft\Windows\4272278488\2581520266.pri
| MD5 | dc37deff2947a4ec8bf9b40a3dc25c49 |
| SHA1 | 422bdce2dc21c634760c8b06a60c4ebf131cc592 |
| SHA256 | 00dee1b03565baf7c105f1484f27a2e04d900538c153372482fbedd8cde61d85 |
| SHA512 | bbe9730344e0f648c53d2d5c518791ce8d92c1f04e1b9646bb4feca24d5f41fae255eff57ad7c36ff1d26869ad25eede25bbd4e98a59267d41ee71f3885d9dd4 |