Analysis Overview
Threat Level: No (potentially) malicious behavior was detected
The file https://tinyurl.com/25lolumt#m8bIAT was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 07:48
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 07:48
Reported
2024-06-03 07:48
Platform
win10v2004-20240508-en
Max time kernel
18s
Max time network
18s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133618745143300347" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://tinyurl.com/25lolumt#m8bIAT
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed416ab58,0x7ffed416ab68,0x7ffed416ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1584 --field-trial-handle=1792,i,1895233780015305590,5671320571224004393,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1792,i,1895233780015305590,5671320571224004393,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2240 --field-trial-handle=1792,i,1895233780015305590,5671320571224004393,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2980 --field-trial-handle=1792,i,1895233780015305590,5671320571224004393,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2988 --field-trial-handle=1792,i,1895233780015305590,5671320571224004393,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4300 --field-trial-handle=1792,i,1895233780015305590,5671320571224004393,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4400 --field-trial-handle=1792,i,1895233780015305590,5671320571224004393,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4568 --field-trial-handle=1792,i,1895233780015305590,5671320571224004393,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4696 --field-trial-handle=1792,i,1895233780015305590,5671320571224004393,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5228 --field-trial-handle=1792,i,1895233780015305590,5671320571224004393,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5240 --field-trial-handle=1792,i,1895233780015305590,5671320571224004393,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5236 --field-trial-handle=1792,i,1895233780015305590,5671320571224004393,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5520 --field-trial-handle=1792,i,1895233780015305590,5671320571224004393,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5684 --field-trial-handle=1792,i,1895233780015305590,5671320571224004393,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6084 --field-trial-handle=1792,i,1895233780015305590,5671320571224004393,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6424 --field-trial-handle=1792,i,1895233780015305590,5671320571224004393,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 --field-trial-handle=1792,i,1895233780015305590,5671320571224004393,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6588 --field-trial-handle=1792,i,1895233780015305590,5671320571224004393,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6876 --field-trial-handle=1792,i,1895233780015305590,5671320571224004393,131072 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f0 0x2f4
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | tinyurl.com | udp |
| US | 172.67.1.225:443 | tinyurl.com | tcp |
| US | 172.67.1.225:443 | tinyurl.com | udp |
| US | 8.8.8.8:53 | a.pub.network | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.1.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 104.18.20.206:443 | a.pub.network | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | udp |
| US | 104.18.20.206:443 | a.pub.network | udp |
| US | 8.8.8.8:53 | optimise.net | udp |
| US | 8.8.8.8:53 | api.floors.dev | udp |
| US | 8.8.8.8:53 | d.pub.network | udp |
| US | 34.160.128.112:443 | api.floors.dev | tcp |
| US | 34.111.152.239:443 | optimise.net | tcp |
| US | 34.160.152.31:443 | d.pub.network | tcp |
| US | 34.111.152.239:443 | optimise.net | tcp |
| US | 34.111.152.239:443 | optimise.net | udp |
| US | 34.160.128.112:443 | api.floors.dev | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| US | 34.160.128.112:443 | api.floors.dev | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 206.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.152.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.128.160.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.152.160.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.confiant-integrations.net | udp |
| US | 8.8.8.8:53 | freestar-io.videoplayerhub.com | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | cdn.hadronid.net | udp |
| US | 104.18.43.90:443 | cdn.confiant-integrations.net | tcp |
| US | 104.26.9.50:443 | freestar-io.videoplayerhub.com | tcp |
| US | 18.245.194.122:443 | c.amazon-adsystem.com | tcp |
| US | 104.22.52.173:443 | cdn.hadronid.net | tcp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 104.18.43.90:443 | cdn.confiant-integrations.net | udp |
| US | 104.22.75.216:443 | btloader.com | tcp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| US | 104.22.5.69:443 | id.hadron.ad.gt | tcp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 18.245.194.122:443 | c.amazon-adsystem.com | tcp |
| US | 18.245.175.88:443 | config.aps.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | secure.cdn.fastclick.net | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 104.22.75.216:443 | btloader.com | tcp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| GB | 23.53.174.156:443 | secure.cdn.fastclick.net | tcp |
| US | 104.22.52.86:443 | cdn.id5-sync.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | api.intentiq.com | udp |
| US | 8.8.8.8:53 | sync.intentiq.com | udp |
| FR | 99.86.91.79:443 | api.intentiq.com | tcp |
| FR | 52.222.149.10:443 | sync.intentiq.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| FR | 99.86.91.79:443 | api.intentiq.com | udp |
| US | 8.8.8.8:53 | pb-rtd.ccgateway.net | udp |
| US | 8.8.8.8:53 | secure.quantserve.com | udp |
| US | 8.8.8.8:53 | pb-ing.ccgateway.net | udp |
| US | 35.94.16.34:443 | pb-ing.ccgateway.net | tcp |
| US | 104.22.5.69:443 | id.hadron.ad.gt | tcp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| DE | 91.228.74.200:443 | secure.quantserve.com | tcp |
| US | 8.8.8.8:53 | a.usbrowserspeed.com | udp |
| US | 35.94.16.34:443 | pb-ing.ccgateway.net | tcp |
| US | 35.166.44.218:443 | a.usbrowserspeed.com | tcp |
| US | 18.245.175.156:443 | aax.amazon-adsystem.com | tcp |
| US | 18.245.175.156:443 | aax.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | a.ad.gt | udp |
| US | 8.8.8.8:53 | c.pub.network | udp |
| US | 8.8.8.8:53 | s2s.t13.io | udp |
| US | 104.22.4.69:443 | a.ad.gt | tcp |
| US | 34.160.152.31:443 | c.pub.network | tcp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 34.107.140.113:443 | s2s.t13.io | tcp |
| US | 34.107.140.113:443 | s2s.t13.io | tcp |
| US | 8.8.8.8:53 | bidder.criteo.com | udp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| US | 34.107.140.113:443 | s2s.t13.io | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| FR | 18.244.28.86:443 | hb.yellowblue.io | tcp |
| FR | 18.244.28.86:443 | hb.yellowblue.io | tcp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| US | 8.8.8.8:53 | rules.quantcount.com | udp |
| US | 34.160.152.31:443 | c.pub.network | udp |
| FR | 18.244.28.79:443 | rules.quantcount.com | tcp |
| US | 35.94.16.34:443 | pb-ing.ccgateway.net | tcp |
| US | 35.94.16.34:443 | pb-ing.ccgateway.net | tcp |
| US | 8.8.8.8:53 | pixel.quantserve.com | udp |
| US | 8.8.8.8:53 | 54c7cdd4dc9cefb45500ef4fccf1bb74.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 90.43.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.9.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.194.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.52.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.75.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.5.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.175.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.2.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.52.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.174.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.91.86.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.149.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.74.228.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.175.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.4.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.140.107.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.28.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.44.166.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.28.244.18.in-addr.arpa | udp |
| GB | 172.217.169.65:443 | 54c7cdd4dc9cefb45500ef4fccf1bb74.safeframe.googlesyndication.com | tcp |
| US | 35.94.16.34:443 | pb-ing.ccgateway.net | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | a.remarketstats.com | udp |
| US | 104.26.2.122:443 | a.remarketstats.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | qsearch-a.akamaihd.net | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| BE | 2.17.107.59:443 | qsearch-a.akamaihd.net | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 8.8.8.8:53 | i.liadm.com | udp |
| US | 44.206.92.83:443 | i.liadm.com | tcp |
| US | 8.8.8.8:53 | widgets.outbrain.com | udp |
| GB | 2.21.189.145:443 | widgets.outbrain.com | tcp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| DE | 141.95.33.120:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| DE | 141.95.98.64:443 | lb.eu-1-id5-sync.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 34.107.140.113:443 | s2s.t13.io | udp |
| US | 8.8.8.8:53 | tcheck.outbrainimg.com | udp |
| US | 8.8.8.8:53 | widget-pixels.outbrain.com | udp |
| US | 8.8.8.8:53 | ssp-sync.criteo.com | udp |
| GB | 2.21.190.8:443 | tcheck.outbrainimg.com | tcp |
| NL | 178.250.1.7:443 | ssp-sync.criteo.com | tcp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| US | 8.8.8.8:53 | rock.defybrick.com | udp |
| NL | 185.89.210.180:443 | secure.adnxs.com | tcp |
| FR | 18.164.52.9:443 | rock.defybrick.com | tcp |
| US | 8.8.8.8:53 | 2.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.2.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.92.206.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.33.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.98.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.16.94.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.190.21.2.in-addr.arpa | udp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 8.8.8.8:53 | flint.defybrick.com | udp |
| US | 34.199.234.25:443 | flint.defybrick.com | tcp |
| US | 34.199.234.25:443 | flint.defybrick.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| BE | 2.17.107.59:443 | qsearch-a.akamaihd.net | tcp |
| US | 8.8.8.8:53 | log.outbrainimg.com | udp |
| US | 8.8.8.8:53 | mv.outbrain.com | udp |
| US | 64.74.236.159:443 | log.outbrainimg.com | tcp |
| US | 64.74.236.159:443 | log.outbrainimg.com | tcp |
| US | 64.74.236.159:443 | log.outbrainimg.com | tcp |
| US | 151.101.190.132:443 | mv.outbrain.com | tcp |
| US | 151.101.190.132:443 | mv.outbrain.com | tcp |
| US | 151.101.190.132:443 | mv.outbrain.com | tcp |
| US | 34.199.234.25:443 | flint.defybrick.com | tcp |
| US | 8.8.8.8:53 | dis.criteo.com | udp |
| US | 35.94.16.34:443 | pb-ing.ccgateway.net | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| US | 64.74.236.159:443 | log.outbrainimg.com | tcp |
| US | 64.74.236.159:443 | log.outbrainimg.com | tcp |
| US | 64.74.236.159:443 | log.outbrainimg.com | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 180.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.52.164.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.149.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.234.199.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.190.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.236.74.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.1.250.178.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | eb2.3lift.com | udp |
| US | 8.8.8.8:53 | acdn.adnxs.com | udp |
| US | 8.8.8.8:53 | cdn.undertone.com | udp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| US | 151.101.1.108:443 | acdn.adnxs.com | tcp |
| GB | 2.21.188.239:443 | ads.pubmatic.com | tcp |
| US | 13.248.245.213:443 | eb2.3lift.com | tcp |
| BE | 23.55.98.169:443 | eus.rubiconproject.com | tcp |
| FR | 13.249.9.20:443 | cdn.undertone.com | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 35.94.16.34:443 | pb-ing.ccgateway.net | tcp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| US | 35.94.16.34:443 | pb-ing.ccgateway.net | tcp |
| US | 172.64.151.101:443 | ssum-sec.casalemedia.com | tcp |
| US | 8.8.8.8:53 | secure-assets.rubiconproject.com | udp |
| US | 8.8.8.8:53 | us-u.openx.net | udp |
| US | 8.8.8.8:53 | pixel.advertising.com | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| US | 8.8.8.8:53 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| BE | 104.68.78.171:443 | secure-assets.rubiconproject.com | tcp |
| US | 35.244.159.8:443 | us-u.openx.net | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| NL | 69.173.156.149:443 | pixel.rubiconproject.com | tcp |
| DE | 3.75.62.37:443 | ups.analytics.yahoo.com | tcp |
| GB | 185.64.191.214:443 | image8.pubmatic.com | tcp |
| DE | 3.75.62.37:443 | ups.analytics.yahoo.com | tcp |
| US | 8.8.8.8:53 | image6.pubmatic.com | udp |
| US | 172.64.151.101:443 | ssum-sec.casalemedia.com | udp |
| GB | 185.64.190.78:443 | image6.pubmatic.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 8.8.8.8:53 | sync.crwdcntrl.net | udp |
| IE | 52.215.133.162:443 | sync.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | pixel.tapad.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 34.111.113.62:443 | pixel.tapad.com | tcp |
| US | 8.8.8.8:53 | 108.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.188.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.9.249.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.245.248.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.98.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.78.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.159.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.40.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.216.36.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.191.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.62.75.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.133.215.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.113.111.34.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | cdn.springserve.com | udp |
| FR | 52.84.174.108:443 | cdn.springserve.com | tcp |
| US | 8.8.8.8:53 | vid-io.springserve.com | udp |
| IE | 52.49.61.124:443 | vid-io.springserve.com | tcp |
| US | 8.8.8.8:53 | vid.springserve.com | udp |
| US | 8.8.8.8:53 | serving.stat-rock.com | udp |
| IE | 52.48.31.126:443 | vid.springserve.com | tcp |
| NL | 78.140.185.31:443 | serving.stat-rock.com | tcp |
| NL | 78.140.185.31:443 | serving.stat-rock.com | tcp |
| US | 8.8.8.8:53 | vpaid.springserve.com | udp |
| FR | 52.222.149.11:443 | vpaid.springserve.com | tcp |
| US | 8.8.8.8:53 | 108.174.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.61.49.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.31.48.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ads.yieldmo.com | udp |
| US | 8.8.8.8:53 | prebid-server.rubiconproject.com | udp |
| IE | 54.229.123.28:443 | ads.yieldmo.com | tcp |
| IE | 54.229.123.28:443 | ads.yieldmo.com | tcp |
| IE | 54.229.123.28:443 | ads.yieldmo.com | tcp |
| NL | 69.173.156.150:443 | prebid-server.rubiconproject.com | tcp |
| NL | 69.173.156.150:443 | prebid-server.rubiconproject.com | tcp |
| NL | 69.173.156.150:443 | prebid-server.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| DE | 3.124.64.248:443 | tlx.3lift.com | tcp |
| US | 8.8.8.8:53 | imasdk.googleapis.com | udp |
| GB | 142.250.200.10:443 | imasdk.googleapis.com | tcp |
| GB | 142.250.200.10:443 | imasdk.googleapis.com | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| GB | 216.58.204.70:443 | s0.2mdn.net | tcp |
| US | 8.8.8.8:53 | pubads.g.doubleclick.net | udp |
| GB | 142.250.200.2:443 | pubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 31.185.140.78.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.149.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.123.229.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.64.124.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| US | 8.8.8.8:53 | bc-ssb-dub.springserve.com | udp |
| IL | 172.217.22.3:443 | csi.gstatic.com | tcp |
| IL | 172.217.22.3:443 | csi.gstatic.com | tcp |
| US | 8.8.8.8:53 | assets.springserve.com | udp |
| FR | 3.162.38.28:443 | assets.springserve.com | tcp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.22.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.38.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vid-io-iad.springserve.com | udp |
| US | 8.8.8.8:53 | vid-io-cle.springserve.com | udp |
| US | 8.8.8.8:53 | vid-io-sin.springserve.com | udp |
| US | 18.206.52.149:443 | vid-io-iad.springserve.com | tcp |
| US | 18.206.52.149:443 | vid-io-iad.springserve.com | tcp |
| US | 18.206.52.149:443 | vid-io-iad.springserve.com | tcp |
| US | 54.70.182.55:443 | vid-io-cle.springserve.com | tcp |
| US | 54.70.182.55:443 | vid-io-cle.springserve.com | tcp |
| US | 54.70.182.55:443 | vid-io-cle.springserve.com | tcp |
| US | 54.70.182.55:443 | vid-io-cle.springserve.com | tcp |
| US | 54.70.182.55:443 | vid-io-cle.springserve.com | tcp |
| US | 54.70.182.55:443 | vid-io-cle.springserve.com | tcp |
| SG | 54.179.183.174:443 | vid-io-sin.springserve.com | tcp |
| SG | 54.179.183.174:443 | vid-io-sin.springserve.com | tcp |
| SG | 54.179.183.174:443 | vid-io-sin.springserve.com | tcp |
| SG | 54.179.183.174:443 | vid-io-sin.springserve.com | tcp |
| SG | 54.179.183.174:443 | vid-io-sin.springserve.com | tcp |
| SG | 54.179.183.174:443 | vid-io-sin.springserve.com | tcp |
| US | 8.8.8.8:53 | vid-io-dub.springserve.com | udp |
| US | 8.8.8.8:53 | 149.52.206.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.182.70.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.183.179.54.in-addr.arpa | udp |
Files
\??\pipe\crashpad_208_UUOXVQQBDICECUCM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 5601937de92ab84f2448f4e6ef45460d |
| SHA1 | 0036b9734ec916bef7e3dbd43b6692049eea31e0 |
| SHA256 | 4bd537ee74320d1c37334efad763ca1d6efb2ae14767e2d75b1f826761af5c88 |
| SHA512 | fe50035d225fc4dd14b1ec1481bf5273f94f1e060bcf6e16031fbc6f313d9e5908dac6e0c9d376cd332b50e11cc426c7bc3f42d97bc13667cc531dd366df9bdb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 01a0f16f312cc34b06537c15a7a3ccb5 |
| SHA1 | 3f35266397a57d7ce9a2e25a42c931480cdc0ab5 |
| SHA256 | 8818e6de96da978cc349b3f12d50549b8b820823bb25a149cb79b2cfe1ca673c |
| SHA512 | fe4f28dfcce7627d2e1da5b6f2bb831d60cc5e10a5073dd30f6ed7e1ae4b3b392fa1788b09e47b4625d44032fe0a204764d9c2ed7071d8c449f69c8e6eeb9726 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 34e1bc49525244384b3f1e353ed45df0 |
| SHA1 | 3a1bbcef038b7f990508adc61a5b3c494c22f452 |
| SHA256 | d02a27e530df7886c49d305fbc7fe452244b70334ae120ae872a4159e90b21e3 |
| SHA512 | 74420eded0ca3a1d0d31f8881bea67d575f94cabe94c40c5b235f3f64d02b46ac12da63dc16de1b63a762e6baa57999839d4df6042b7f457e22fb6b8d53ccc6d |