Analysis Overview
Threat Level: Known bad
The file https://www.mediafire.com/folder/t9cxprairpycv/Documents was found to be: Known bad.
Malicious Activity Summary
RedLine
RedLine payload
Reads user/profile data of web browsers
Loads dropped DLL
Executes dropped EXE
Checks installed software on the system
Accesses cryptocurrency files/wallets, possible credential harvesting
Suspicious use of SetThreadContext
Suspicious behavior: LoadsDriver
Suspicious use of FindShellTrayWindow
Modifies registry class
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-21 14:24
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-21 14:24
Reported
2024-05-21 14:30
Platform
win10v2004-20240508-en
Max time kernel
329s
Max time network
330s
Command Line
Signatures
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Setup\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Setup\InstallerV2.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Setup\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Setup\InstallerV2.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Setup\InstallerV2.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Setup\InstallerV2.exe | N/A |
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 5616 set thread context of 6008 | N/A | C:\Users\Admin\Downloads\Setup\Setup.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| PID 4768 set thread context of 6200 | N/A | C:\Users\Admin\Downloads\Setup\InstallerV2.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
| PID 7052 set thread context of 2284 | N/A | C:\Users\Admin\Downloads\Setup\Setup.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| PID 4568 set thread context of 1400 | N/A | C:\Users\Admin\Downloads\Setup\InstallerV2.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/folder/t9cxprairpycv/Documents
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd4dd946f8,0x7ffd4dd94708,0x7ffd4dd94718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5960 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5960 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7096 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7516 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7888 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7892 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6852 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7900 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8616 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9664 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10424 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10440 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10620 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9120 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9428 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6836 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10944 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10700 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8508 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9772 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=10884 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10912 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10140 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Setup\" -spe -an -ai#7zMap19389:72:7zEvent11862
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3398889604096481931,10282965665200044954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8892 /prefetch:1
C:\Users\Admin\Downloads\Setup\Setup.exe
"C:\Users\Admin\Downloads\Setup\Setup.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Downloads\Setup\InstallerV2.exe
"C:\Users\Admin\Downloads\Setup\InstallerV2.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
C:\Users\Admin\Downloads\Setup\Setup.exe
"C:\Users\Admin\Downloads\Setup\Setup.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Downloads\Setup\InstallerV2.exe
"C:\Users\Admin\Downloads\Setup\InstallerV2.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 104.16.113.74:443 | www.mediafire.com | tcp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.202:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.113.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| DK | 18.173.5.61:443 | cdn.amplitude.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| GB | 142.250.187.238:443 | translate.google.com | tcp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 52.11.250.54:443 | api.amplitude.com | tcp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| GB | 172.217.169.42:443 | translate.googleapis.com | tcp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.5.173.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.5.173.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.250.11.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| BE | 74.125.133.157:443 | stats.g.doubleclick.net | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.133.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| BE | 74.125.133.157:443 | stats.g.doubleclick.net | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.200.3:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | 203.33.253.131.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| GB | 172.217.169.42:443 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | www.ezojs.com | udp |
| US | 172.67.199.186:443 | the.gatekeeperconsent.com | tcp |
| US | 104.21.63.106:443 | www.ezojs.com | tcp |
| GB | 142.250.187.238:443 | translate.google.com | udp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | 186.199.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.63.21.104.in-addr.arpa | udp |
| US | 104.21.42.32:443 | privacy.gatekeeperconsent.com | tcp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| FR | 13.39.145.251:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | go.ezodn.com | udp |
| US | 188.114.96.2:443 | go.ezodn.com | tcp |
| US | 188.114.96.2:443 | go.ezodn.com | tcp |
| US | 188.114.96.2:443 | go.ezodn.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | cdn.otnolatrnup.com | udp |
| US | 188.114.96.2:443 | go.ezodn.com | tcp |
| US | 188.114.96.2:443 | go.ezodn.com | tcp |
| US | 188.114.96.2:443 | go.ezodn.com | tcp |
| NL | 23.63.101.171:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | g.ezodn.com | udp |
| US | 104.16.53.110:443 | cdn.otnolatrnup.com | tcp |
| US | 172.67.142.121:443 | g.ezodn.com | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.mediafiredls.com | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| US | 104.26.2.173:443 | www.mediafiredls.com | tcp |
| GB | 142.250.180.10:443 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | bshr.ezodn.com | udp |
| US | 172.67.142.121:443 | bshr.ezodn.com | tcp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 32.42.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.145.39.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.80.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.96.114.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.53.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.142.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.2.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| DK | 143.204.237.111:443 | tags.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| IE | 52.49.45.15:443 | bcp.crwdcntrl.net | tcp |
| IE | 54.220.158.112:443 | bcp.crwdcntrl.net | tcp |
| GB | 172.217.169.42:443 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 111.237.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.158.220.54.in-addr.arpa | udp |
| FR | 13.39.145.251:443 | g.ezoic.net | tcp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | script.4dex.io | udp |
| US | 104.26.8.169:443 | script.4dex.io | tcp |
| US | 8.8.8.8:53 | ghb.adtelligent.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | bidder.criteo.com | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | prebid.smilewanted.com | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| US | 8.8.8.8:53 | cdn.prod.uidapi.com | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| US | 104.18.36.155:443 | htlb.casalemedia.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| DE | 51.89.9.254:443 | onetag-sys.com | tcp |
| DK | 143.204.237.42:443 | hb.yellowblue.io | tcp |
| GB | 185.83.69.58:443 | ghb.adtelligent.com | tcp |
| US | 104.22.30.209:443 | prebid.smilewanted.com | tcp |
| US | 104.22.30.209:443 | prebid.smilewanted.com | tcp |
| US | 104.22.30.209:443 | prebid.smilewanted.com | tcp |
| US | 104.22.30.209:443 | prebid.smilewanted.com | tcp |
| US | 104.22.30.209:443 | prebid.smilewanted.com | tcp |
| IE | 54.77.107.197:443 | ap.lijit.com | tcp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| DE | 3.124.64.248:443 | tlx.3lift.com | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| US | 172.67.38.106:443 | cdn.id5-sync.com | tcp |
| NL | 147.75.84.158:443 | prebid.a-mo.net | tcp |
| DK | 143.204.247.175:443 | cdn.prod.uidapi.com | tcp |
| US | 104.18.35.167:443 | cdn-ima.33across.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 104.26.8.169:443 | script.4dex.io | tcp |
| US | 8.8.8.8:53 | cadmus.script.ac | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| US | 104.18.22.145:443 | cadmus.script.ac | tcp |
| DE | 51.89.9.254:443 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | oajs.openx.net | udp |
| US | 34.120.135.53:443 | oajs.openx.net | tcp |
| US | 8.8.8.8:53 | ghb1.adtelligent.com | udp |
| US | 23.227.151.194:443 | ghb1.adtelligent.com | tcp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| DE | 162.19.138.117:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | 330f2ed0908b3ca34aa389a1141d046d.safeframe.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 172.217.169.65:443 | 330f2ed0908b3ca34aa389a1141d046d.safeframe.googlesyndication.com | tcp |
| US | 34.120.135.53:443 | oajs.openx.net | udp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| US | 34.98.64.218:443 | google-bidout-d.openx.net | tcp |
| US | 8.8.8.8:53 | 169.8.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.36.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.69.83.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.30.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.9.89.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.70.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.107.77.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.64.124.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.38.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.146.102.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.35.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.237.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.84.75.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.247.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.22.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.135.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.151.227.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.64.98.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| FR | 185.235.86.95:443 | ag.gbc.criteo.com | tcp |
| FR | 178.250.7.13:443 | dnacdn.net | tcp |
| FR | 185.235.86.70:443 | gem.gbc.criteo.com | tcp |
| US | 8.8.8.8:53 | download1326.mediafire.com | udp |
| US | 205.196.123.14:443 | download1326.mediafire.com | tcp |
| US | 205.196.123.14:443 | download1326.mediafire.com | tcp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.86.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.7.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.86.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.123.196.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sys.ctrackapp.com | udp |
| DK | 143.204.237.69:443 | sys.ctrackapp.com | tcp |
| DK | 143.204.237.69:443 | sys.ctrackapp.com | tcp |
| US | 8.8.8.8:53 | track.donecperficiam.com | udp |
| DK | 18.173.5.96:443 | track.donecperficiam.com | tcp |
| DK | 18.173.5.96:443 | track.donecperficiam.com | tcp |
| US | 8.8.8.8:53 | go.etoro.com | udp |
| DE | 184.25.158.219:443 | go.etoro.com | tcp |
| DE | 184.25.158.219:443 | go.etoro.com | tcp |
| US | 8.8.8.8:53 | 69.237.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.5.173.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | marketing.etorostatic.com | udp |
| US | 8.8.8.8:53 | etoro-cdn.etorostatic.com | udp |
| DE | 23.56.205.5:443 | etoro-cdn.etorostatic.com | tcp |
| DE | 23.56.205.5:443 | etoro-cdn.etorostatic.com | tcp |
| DE | 23.56.205.5:443 | etoro-cdn.etorostatic.com | tcp |
| DE | 23.56.205.5:443 | etoro-cdn.etorostatic.com | tcp |
| DE | 23.56.205.5:443 | etoro-cdn.etorostatic.com | tcp |
| DE | 23.56.205.5:443 | etoro-cdn.etorostatic.com | tcp |
| DE | 23.56.205.5:443 | etoro-cdn.etorostatic.com | tcp |
| DE | 23.56.205.5:443 | etoro-cdn.etorostatic.com | tcp |
| DE | 23.56.205.5:443 | etoro-cdn.etorostatic.com | tcp |
| DE | 23.56.205.5:443 | etoro-cdn.etorostatic.com | tcp |
| US | 8.8.8.8:53 | id.a-mx.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| DE | 79.127.216.47:443 | id.a-mx.com | tcp |
| US | 8.8.8.8:53 | js-sec.indexww.com | udp |
| US | 8.8.8.8:53 | ads.us.e-planning.net | udp |
| US | 8.8.8.8:53 | eb2.3lift.com | udp |
| US | 104.18.38.76:443 | js-sec.indexww.com | tcp |
| US | 8.8.8.8:53 | csync.smilewanted.com | udp |
| US | 8.8.8.8:53 | s.console.adtarget.com.tr | udp |
| US | 8.8.8.8:53 | cm.adform.net | udp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| US | 8.8.8.8:53 | id.crwdcntrl.net | udp |
| NL | 193.3.178.3:443 | ads.us.e-planning.net | tcp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | ce.lijit.com | udp |
| SE | 104.73.92.198:443 | ads.pubmatic.com | tcp |
| DK | 37.157.2.228:443 | cm.adform.net | tcp |
| US | 172.67.23.234:443 | id.hadron.ad.gt | tcp |
| DE | 142.132.249.184:443 | s.console.adtarget.com.tr | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| IE | 52.19.204.214:443 | ce.lijit.com | tcp |
| DE | 3.75.62.37:443 | ups.analytics.yahoo.com | tcp |
| DE | 3.75.62.37:443 | ups.analytics.yahoo.com | tcp |
| IE | 52.19.204.214:443 | ce.lijit.com | tcp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | 219.158.25.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.205.56.23.in-addr.arpa | udp |
| DE | 162.19.138.116:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | 47.216.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.111.223.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.178.3.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.92.73.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.2.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.23.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.40.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.249.132.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rtb.mfadsrvr.com | udp |
| US | 8.8.8.8:53 | pixel-eu.rubiconproject.com | udp |
| US | 8.8.8.8:53 | sync.mathtag.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| NL | 69.173.156.149:443 | pixel.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | ads.stickyadstv.com | udp |
| FR | 154.54.250.80:443 | ads.stickyadstv.com | tcp |
| US | 8.8.8.8:53 | t.adx.opera.com | udp |
| NL | 69.173.156.149:443 | pixel.rubiconproject.com | tcp |
| DE | 37.252.173.215:443 | ib.adnxs.com | tcp |
| US | 216.200.232.249:443 | sync.mathtag.com | tcp |
| DE | 18.158.184.198:443 | rtb.mfadsrvr.com | tcp |
| US | 8.8.8.8:53 | cs.admanmedia.com | udp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| US | 8.8.8.8:53 | ssbsync-global.smartadserver.com | udp |
| US | 8.8.8.8:53 | static.smilewanted.com | udp |
| US | 8.8.8.8:53 | assets.a-mo.net | udp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| US | 80.77.87.163:443 | cs.admanmedia.com | tcp |
| FR | 217.182.178.229:443 | ssbsync-global.smartadserver.com | tcp |
| DE | 18.158.184.198:443 | rtb.mfadsrvr.com | tcp |
| US | 216.200.232.249:443 | sync.mathtag.com | tcp |
| US | 80.77.87.163:443 | cs.admanmedia.com | tcp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| FR | 217.182.178.229:443 | ssbsync-global.smartadserver.com | tcp |
| GB | 185.64.190.79:443 | image8.pubmatic.com | tcp |
| US | 104.19.159.19:443 | assets.a-mo.net | tcp |
| US | 104.19.159.19:443 | assets.a-mo.net | tcp |
| US | 8.8.8.8:53 | spl.zeotap.com | udp |
| US | 104.22.50.98:443 | spl.zeotap.com | tcp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 52.46.155.104:443 | s.amazon-adsystem.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 8.8.8.8:53 | sync.smartadserver.com | udp |
| US | 8.8.8.8:53 | 214.204.19.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.62.75.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.250.54.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.173.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.184.158.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.213.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.159.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.178.182.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.232.200.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.87.77.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.50.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.149.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.155.46.52.in-addr.arpa | udp |
| NL | 81.17.55.97:443 | sync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | ow.pubmatic.com | udp |
| US | 8.8.8.8:53 | prebid-server.rubiconproject.com | udp |
| NL | 185.64.189.116:443 | ow.pubmatic.com | tcp |
| NL | 69.173.156.150:443 | prebid-server.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | sync.a-mo.net | udp |
| NL | 147.75.84.158:443 | sync.a-mo.net | tcp |
| NL | 147.75.84.158:443 | sync.a-mo.net | tcp |
| NL | 147.75.84.158:443 | sync.a-mo.net | tcp |
| US | 8.8.8.8:53 | cdn.indexww.com | udp |
| NL | 69.173.156.150:443 | prebid-server.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| NL | 185.89.211.116:443 | secure.adnxs.com | tcp |
| US | 8.8.8.8:53 | ice.360yield.com | udp |
| IE | 52.210.157.137:443 | ice.360yield.com | tcp |
| US | 8.8.8.8:53 | u.openx.net | udp |
| US | 8.8.8.8:53 | 97.55.17.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.189.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.211.89.185.in-addr.arpa | udp |
| US | 34.98.64.218:443 | u.openx.net | udp |
| US | 8.8.8.8:53 | us.shb-sync.com | udp |
| US | 8.8.8.8:53 | s.ad.smaato.net | udp |
| US | 8.2.110.33:443 | us.shb-sync.com | tcp |
| DK | 143.204.237.99:443 | s.ad.smaato.net | tcp |
| US | 8.8.8.8:53 | 99.237.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.157.210.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.110.2.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aa7f8a1ab70c6fd2c036dd972b175af1.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download1580.mediafire.com | udp |
| US | 199.91.152.80:443 | download1580.mediafire.com | tcp |
| US | 199.91.152.80:443 | download1580.mediafire.com | tcp |
| US | 8.8.8.8:53 | 80.152.91.199.in-addr.arpa | udp |
| US | 104.16.52.110:80 | otnolatrnup.com | tcp |
| US | 104.16.52.110:80 | otnolatrnup.com | tcp |
| DE | 79.127.216.47:443 | id.a-mx.com | tcp |
| US | 8.8.8.8:53 | s.adtelligent.com | udp |
| DE | 162.19.138.117:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 168.119.66.90:443 | s.adtelligent.com | tcp |
| DE | 162.19.138.116:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | 110.52.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.66.119.168.in-addr.arpa | udp |
| US | 8.8.8.8:53 | b1sync.zemanta.com | udp |
| US | 8.8.8.8:53 | csync.loopme.me | udp |
| NL | 35.214.132.111:443 | csync.loopme.me | tcp |
| US | 64.74.236.255:443 | b1sync.zemanta.com | tcp |
| US | 8.8.8.8:53 | 111.132.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 255.236.74.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.160:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.113:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 113.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.173.189.20.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| GB | 142.250.200.3:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | csm.nl3.eu.criteo.net | udp |
| NL | 178.250.1.25:443 | csm.nl3.eu.criteo.net | tcp |
| NL | 178.250.1.25:443 | csm.nl3.eu.criteo.net | tcp |
| US | 8.8.8.8:53 | 25.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.94.73.104.in-addr.arpa | udp |
| NL | 109.107.157.17:15866 | tcp | |
| US | 8.8.8.8:53 | 17.157.107.109.in-addr.arpa | udp |
| RU | 147.45.47.93:80 | tcp | |
| US | 8.8.8.8:53 | 93.47.45.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.ip.sb | udp |
| US | 104.26.13.31:443 | api.ip.sb | tcp |
| US | 8.8.8.8:53 | 31.13.26.104.in-addr.arpa | udp |
| NL | 109.107.157.17:15866 | tcp | |
| RU | 147.45.47.93:80 | tcp | |
| US | 104.26.13.31:443 | api.ip.sb | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eaa3db555ab5bc0cb364826204aad3f0 |
| SHA1 | a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca |
| SHA256 | ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b |
| SHA512 | e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4 |
\??\pipe\LOCAL\crashpad_2412_ZOLVQYZYCXKJQDAU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4b4f91fa1b362ba5341ecb2836438dea |
| SHA1 | 9561f5aabed742404d455da735259a2c6781fa07 |
| SHA256 | d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c |
| SHA512 | fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 720a834a235ea527d75cdf21c0b1eeac |
| SHA1 | 12b5bf53eefa6a06cd2dac5e900f37fd347158e1 |
| SHA256 | bfe282e78fec1abb4c2c3cb2306b36a494df36cb6af2d97162867a50b0cc81de |
| SHA512 | dd47b4419ccd11e75c03e85e42b64998248df91c3094f9ab991771d93dc6df2dd090ff367319b32a470958c3688b56cfd33ce2b204c707008eb4647eb91de67c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1ac581ef17b8111e88ecd49ac2d0ae71 |
| SHA1 | 715cb1b07af7ce697a23a9e0501435f173db98ae |
| SHA256 | ee9c8ef53fee156c46df1b4eb8eace77b00ca04e309784bb6e8206407f1a4670 |
| SHA512 | a9e456ddb277332c7d8e007e625d00e1e6f7dbcaae1c07df0653c39eb11279c1ad28853eb1f6c03581fe5c076177853aa9b86dbaa696111ddeeacda11cfe7684 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f3349d38975b7aee2891c0cc145639fd |
| SHA1 | b42a78810b19f58c40b2fd155eacdbe67563abb6 |
| SHA256 | e6653a47d1a1011f51f5de81a401b6e5ee906b53e30bb1a9b1c8334c18dbf814 |
| SHA512 | 94a7934f46dd88702f1ecbd10b2e3053ee25a3133d357da26e370ee5435669a9f9b29b764ea343052f6339f812e9e85a48965ed0fbbf7b1a1f066ca9e5c06cc1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c310b633c62eb99473a27046ede849cb |
| SHA1 | 592344d76a05d2e73e0e50cebf959cef7c624c6b |
| SHA256 | ec6587988f347617a72005ab511afa9fa7b70f843756a94f93c6424562665e35 |
| SHA512 | ec86e756750493735375fe791a96b3e989c2274d76c6133a897123c2d817928c925332bd8a0904b9607f19b9f0412cf5b3f97f6d32d03ddda2f1e3284386c61c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028
| MD5 | 41785febb3bce5997812ab812909e7db |
| SHA1 | c2dae6cfbf5e28bb34562db75601fadd1f67eacb |
| SHA256 | 696a298fa617f26115168d70442c29f2d854f595497ea2034124a7e27b036483 |
| SHA512 | b82cfd843b13487c79dc5c7f07c84a236cf2065d69c9e0a79d36ac1afc78fa04fba30c31903f48d1d2d44f17fb951002e90fb4e92b9eae7677dbb6f023e68919 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ff1009bf73eb6b8e9e21287e68e8d7ff |
| SHA1 | a7f34c312178653118633415e91288ba422dfa4b |
| SHA256 | 98a33b2e4e8694a1c66c003f69d662d043913a79c9baee670f8c1843e388f839 |
| SHA512 | df0173f6b1e3f3d10d5fcddd9ceea5a564b30bc3d08f4248d42e011a2119d65bebd451d6e85f1a0ba4ef8e947af40efcdc24fb51c78fd27a7f9fa28781324fae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b94d.TMP
| MD5 | fa5351854670e330bfca0dc8ea55751c |
| SHA1 | dcae84d7a33dc672f7f7b00c2c74dc8a22606e6c |
| SHA256 | 361d4c17bd48818bcaac9339f5570930dbb69ca8f2c80a955ca88b256be30110 |
| SHA512 | 15c6995620a77101538179d15bba118d026781d4317e29ac460bcd98c17c3c52db8d5486b8bb2185fdc462e9de3572b5b1007194ae1bcb7fd65fb4ad5f9a41b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e
| MD5 | bdcfed56131a72bd10b85bbec015d50d |
| SHA1 | f46d407d2494627617ebdb03ba5c1eaae17c1417 |
| SHA256 | 92c701712d4fba194b11340cc9595021b31475d4e19bae5c97d2b551ab07afea |
| SHA512 | 55aa3591986b38a8f32b04660acd1b3245bfe45044dfdc980817258d8d417d37dbce13f98c1e1faf27fb27c5e7b4de26d2396bea161e06cf66a76c1b8cdb7332 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 178690f95ec44a74b63bf3bf26383884 |
| SHA1 | 5ad65f8769fda6e5d97ce082a2ad5eda43854888 |
| SHA256 | bef581b046a176bf5a609abb9ecf16236991e7ee520e8945bc304aa2e508e04d |
| SHA512 | 6c807208d4fcadbfb5b217441cf3e4510f5832618fba5719f3d00b2ba0374cc6a2aae2d0d142d52982dea109b22f429dac4a5266b2f99b3bba4738f8507530ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b59085c078b51d90d448454592d41dd1 |
| SHA1 | 813708f1a3bf7c316740bda09b01dbd16d4a47d0 |
| SHA256 | 613a742b4c4727cb0363b6ce5c02f7d6fffb95951eb6d8a14ab18b330719166a |
| SHA512 | b3b8cca7b9b3f5238a5c7a98edb9b8d5c5b00d5ffb098300feb23ac146c4ca800b48cea98a90072e63e5749838f91bf8ebdc5570f5f7d53cb58bbdfdc58fb222 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e3f6e31bfc036025340d7a32b588f82e |
| SHA1 | 1864cab884cb5c7aeae5d0412197c73e708953b5 |
| SHA256 | cea808026287e3415b560289b20e7cb92a0e7532facac81c746ccbbf8628e8f9 |
| SHA512 | 726888138b9ee5b03eff4bedfcac2f3c2bba4e734d6b613476f2cf212e80d9982555315ee07444e304172dbd3d89ef7f0cfa5627c55232a1af02e8b35505c5fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 326a43e433e992cd15a958e99ebe850b |
| SHA1 | acbacdb7f8eb63727186076b522229061bcbccc7 |
| SHA256 | 9aa577b48c68c1aa0fb35e6968c7d05f82b6005fe831bb7e3c54b30562e31a3a |
| SHA512 | 5cfd5211294496e187b0f04939005e0c79ecb6668ecdb9c13816a1838ac39ec1ce890c6a88d1783a4fcb167ec96203f1607b995a62fb46312d7684b689a1ef95 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4a62aa86761dc139889071921a6007b2 |
| SHA1 | 4618cde3f9f28802d6f57720537ec1879ef85b8e |
| SHA256 | 402dd98934c0ead8af6f5b636adcedbb0ac8f981971edea711648f897213dcf8 |
| SHA512 | f068c0e667e08954637bd472c51c5aabd412cb0bc572259567c48694f055fc5b3a5364422deca09e17986e441c663f20720f513cdd91b7a3d67bce6e0a2c8589 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 2a8998a6e97ac33e905cd5c45f378e51 |
| SHA1 | ea69771d86978b07230c1da2e0bc2642ca0904eb |
| SHA256 | 3b22f036a07af7a5ff35eeb3209391413da8f5b4e4e92ff4b5672c6dcb4a02af |
| SHA512 | 1712ca233f4d4d2f1d82a6858020354ec24e71b23ed3f720f0a2f666721ba568ece3248ca6273ef2357ba18510aeaab8dd5218523b77194868427901149a6fc5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4345dfc076a3564169369d5b0326077d |
| SHA1 | 8986cd1d47041df2dc5bfdb3e071f7e2eecdb3b6 |
| SHA256 | cbe44b12288886da79e62843503643a2f601cda1a0f0ffa7bdabbc9d616eb729 |
| SHA512 | ef8047301b5edaa460aa21426fa93fe29a5cf25d170e74fa4a535657fc8da00ef735fa5a1f3026e380ad7d0cc2753538473910ab86cd4dfc149a752abcbdb40b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8c61f36a2d0188186f5164a06e5abdc0 |
| SHA1 | b3c63dace1bc4b40fd8f6a18c8c4fd15e6c7e72e |
| SHA256 | f45c2ce24f15badb46898151d9c282fda97db8d096cc3201b93525f1e99b3636 |
| SHA512 | caee6a7674ba69b15be625e8afe70ff870e346d2b3480e15b6582c7c7ac35a8f768f6d095ae1a3208909930af7efec0793dc8f5ce31fccd5d5d862ec97f3c613 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 57ccb7d2d7a2855d1a5fedd078f868de |
| SHA1 | d1b3da6fcfac5bf94685a69d6e131c9451032759 |
| SHA256 | f9838cf40dc8e7bb79b4861e9ba87fe2a108143ddc98dbf65fb56cbf14c95a1b |
| SHA512 | 8bccbf276a15a1cc4e9309c8f30d7a3e09b0b5d15ef9cb1ea9d061459e7ffe86ea7b79d2e31b15ffa0621b70171654c81cb2ff73368e71d6e75250a394bbcbe9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 1a14bb7e7891742bfedf1d623496d14a |
| SHA1 | 2c9c572f79cd3b97b1fb0585340df8282746ef74 |
| SHA256 | 8cb607c72376dc40d345f651d1460913eb002f07da8a8bb4795c84aafa3b91ba |
| SHA512 | 9c4881e9b0efb8504519f61d033c08d127b80beeb4cca8f1d075a48dab2d940cf85a6a7efe6dc002bdeb8dd398e1e5dda23b648163b0aa7da5b95dcdb6b26f42 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9ff34de0aec390dd01aede9dd2b77e08 |
| SHA1 | 46ee051a634612dd5110fd1d2e32c5df1c2c9d69 |
| SHA256 | 8279e028b8959d093a9b0e5f3407261813651b8cc9fcd4d55bac6897854ca0b6 |
| SHA512 | f62a558a4b3f3d35948f758d54c8216be30f5f0149c5300adca909a39a04167a57a41615f3ee83cf278b6faed00e9ca98df3b5ed774b9805c1ecbacb9ceae072 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 882e9b19125e05e8616344f48258d827 |
| SHA1 | 6169483c5536a226e349aa7a0da0f5c8f564d78f |
| SHA256 | 997e1617b2845502fb3c5c8eb832a15ed0770eb0e5d776b33543fbf12e72ec54 |
| SHA512 | 3d6cc5524d3213fcc988633d34f9e91085e9c89674320fe4dc075209ed8ad9ba27fc3fdba2d22a7ba284170fae64b7b22b59f94a04decbd3890541c9e0f0d437 |
C:\Users\Admin\Downloads\Setup\packages\Data\cef.pak
| MD5 | 4290bf19c70db819b4ca7a80ebabca3c |
| SHA1 | 2aaefa1183234d661f9e82ba40bd3c58e106d42b |
| SHA256 | fb346203c063d5e48ea230b2c4947e5b9e8e600a0b5940e42b325426637c441a |
| SHA512 | c2a9afce86f768e4406c4d51dd659bcd0428ddffea5b3032ca2783dae646f7274480cc74ca5dc0151c69d734ffb6c1e9188e41c62cf8bd2ea46fe890fec09944 |
C:\Users\Admin\Downloads\Setup\packages\Data\cef_100_percent.pak
| MD5 | 20c53b63527023e3bc2300fe83e62941 |
| SHA1 | 0dccc5c4fa3e79cb258406050eeda2c224b6ce31 |
| SHA256 | 65eb3dcbadc41708c3b6347f13ef1d6b0fdc48fe72dac91c41ff38d390231af7 |
| SHA512 | ef54e4a0c47b0621845b1f677b0136933a571c857f46ef7b556f509a5d36c771708505e3216248b540ffbcada08dc289167d91c4ceba7d678de70f499900cd22 |
C:\Users\Admin\Downloads\Setup\packages\Data\data_0
| MD5 | ccdad492bf2837b5c39af24e1edeba19 |
| SHA1 | 559849e557ea273c8b093520f25f71999bb842dd |
| SHA256 | 48b6feeab56e590821508aca66a4d4347276719248a39caf4019c41884b51c65 |
| SHA512 | 638b4a53e3c8210cd60b16b69b8ac96745451f9b28abca9106e56bc740f98461cf06d8be0b355f429db358bcdcdc232c6d6e10eb51948d5f43783901658807a6 |
C:\Users\Admin\Downloads\Setup\packages\Data\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\Downloads\Setup\packages\Data\data_1
| MD5 | abac4265c823916c5e7eff156e9efa0c |
| SHA1 | afe2336ff1030e766bdc0f23bb489518fecf9245 |
| SHA256 | c1fee2558ca5efb77691635b1ff92ba3661b8217653f2ffe6150699d44137e6b |
| SHA512 | ee27854a771076d397b0135e7c4cf415d59031479be5739b99b51ec54ca1bee6d0f411ffe7ffee1f2df2a5aa88360ddb94621f6c5ac8ec30c120d7b86c9ef95b |
C:\Users\Admin\Downloads\Setup\packages\Data\index
| MD5 | 2b19239fdfc1ce97f23509562dae213c |
| SHA1 | 89874206b901d33a4033cde558f515000d436183 |
| SHA256 | 2947e7b436276b77907ca9cc9a6a9a0521701086f3bc373e285ddd7bd9551b6c |
| SHA512 | 8c92dc7046b25a4537ef88cbc83016894f2b41e04b14bcbae2e947342c15d563998868b27fd119d8b067e9c12914d3e1a37e3be019333f407e3d4551ce511dd4 |
C:\Users\Admin\Downloads\Setup\packages\Data\data_3
| MD5 | 9cee917599959084a52bab23760d377a |
| SHA1 | f656fd8a9ba69ab6ab6b4197a5ea315391c987e4 |
| SHA256 | 11b5e06939869ecee30f05494b91b4707ac8ecd0cdd376e88e0fb0d4ac925900 |
| SHA512 | 54576a2d1f9062cf58022b1e3c84129ad427f5e47e301cc4819d34aa168a958600d47827f16ee44f350b39ae703dd6106352470adb75068fbf6d5b8ad319bea2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6762d9efbeffd2bfdd6845b06119d55c |
| SHA1 | 75703d0407d9cb0f76f239995a0871bb4ad798f4 |
| SHA256 | 5173bef2f0d11571cb735ab8dbc99c69be6be246f2f48ecb2fd3af2cdeb80ea6 |
| SHA512 | a99fa5adb21678e97f91f0ef7ca490ddcfff330a17b5ae229a47db55196df3dc198ec2bfd188b7a792567072d6335dd01e44ed48a32707bc394ae5864afcfce8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5a6a3c20afc5210b7cdab3c23215fce9 |
| SHA1 | ee2bb23e4fc0035f340adcc6b6e796164eddc84b |
| SHA256 | 1986372ccfe961b4e7d4e92585adfde4b057324c694aca1560fbd26148c3067d |
| SHA512 | 0b14a93c27e6931db06fd8aebdc2fa60a658573ff55d1727de2297aa6c1eeaabaa24d85a35760dc75f810fdcdbe4891c4665cf38b63a53a66a12f5e3a5427e5d |
C:\Users\Admin\Downloads\Setup\Setup.exe
| MD5 | ba34e142fb69b389272bec35858a66a7 |
| SHA1 | 5122e24c062e338db3b69faa6c2a22b5c9063241 |
| SHA256 | b33bce2603af56f1e140f7e78f58bc9eb303bd2d91298a7bde2f405f6c038398 |
| SHA512 | 11c5c7153257f16807867c7070e118c7e61f5f8b4f5dedecfea946537f7711d8dd37ea1fe8683d03abaf2dbfcde47cbaa97aaebec50eac5ff2f8f1e35f1b8981 |
memory/5616-909-0x00000000003D0000-0x00000000003D1000-memory.dmp
memory/6008-910-0x0000000000400000-0x000000000045A000-memory.dmp
memory/5616-911-0x00000000003D0000-0x00000000003D1000-memory.dmp
memory/6008-912-0x00000000057E0000-0x0000000005D84000-memory.dmp
memory/6008-913-0x00000000052D0000-0x0000000005362000-memory.dmp
memory/6008-914-0x00000000052B0000-0x00000000052BA000-memory.dmp
memory/6008-915-0x00000000089C0000-0x0000000008FD8000-memory.dmp
memory/6008-916-0x0000000008510000-0x000000000861A000-memory.dmp
memory/6008-917-0x0000000008450000-0x0000000008462000-memory.dmp
memory/6008-918-0x00000000084B0000-0x00000000084EC000-memory.dmp
memory/6008-919-0x0000000008620000-0x000000000866C000-memory.dmp
memory/6008-920-0x00000000087A0000-0x0000000008806000-memory.dmp
memory/6008-921-0x0000000009260000-0x00000000092D6000-memory.dmp
memory/6008-922-0x0000000009200000-0x000000000921E000-memory.dmp
memory/6008-923-0x000000000A0E0000-0x000000000A2A2000-memory.dmp
memory/6008-924-0x000000000A7E0000-0x000000000AD0C000-memory.dmp
memory/4768-926-0x0000000000A60000-0x0000000000AD4000-memory.dmp
memory/6200-932-0x0000000000400000-0x0000000000452000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\TmpD185.tmp
| MD5 | 1420d30f964eac2c85b2ccfe968eebce |
| SHA1 | bdf9a6876578a3e38079c4f8cf5d6c79687ad750 |
| SHA256 | f3327793e3fd1f3f9a93f58d033ed89ce832443e2695beca9f2b04adba049ed9 |
| SHA512 | 6fcb6ce148e1e246d6805502d4914595957061946751656567a5013d96033dd1769a22a87c45821e7542cde533450e41182cee898cd2ccf911c91bc4822371a8 |
memory/6200-952-0x0000000008EC0000-0x0000000008F0C000-memory.dmp
memory/6200-955-0x0000000009F90000-0x0000000009FE0000-memory.dmp
memory/7052-958-0x0000000000B30000-0x0000000000B31000-memory.dmp
C:\Users\Admin\AppData\Roaming\d3d9.dll
| MD5 | 8a5b1a7f593e750f4fa492c7eaae3e58 |
| SHA1 | 4d8e390d3d6467cd86de616d240580845f09b68f |
| SHA256 | 9a062a50ff2b5f57dfc0b64c9b4fbc6a1f738ea87468cf194503a304ebb89be8 |
| SHA512 | bf5f66a9d448f4e374f8ef4b16bd8f688b864411e8db601bc072d7edb1e25165a15796587bc9de883eb80db715ff00b812a42201203f50843dbf8e8d3122f2d7 |