Analysis Overview
Threat Level: No (potentially) malicious behavior was detected
The file https://click.linksynergy.com/deeplink?id=8BacdVP0GFs&mid=44583&murl=https%3A%2F%2Fwww.newegg.com%2Famd-ryzen-7-7800x3d-ryzen-7-7000-series%2Fp%2FN82E16819113793 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Checks CPU information
Checks memory information
Modifies data under HKEY_USERS
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-09 07:41
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-09 07:41
Reported
2024-06-09 07:46
Platform
win10v2004-20240508-en
Max time kernel
150s
Max time network
159s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133623926427878618" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1181767204-2009306918-3718769404-1000\{A757FEFF-B2BB-4411-887C-5DDC83125F3D} | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://click.linksynergy.com/deeplink?id=8BacdVP0GFs&mid=44583&murl=https%3A%2F%2Fwww.newegg.com%2Famd-ryzen-7-7800x3d-ryzen-7-7000-series%2Fp%2FN82E16819113793
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9496eab58,0x7ff9496eab68,0x7ff9496eab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1816,i,1328722767224102677,179909148186604481,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1816,i,1328722767224102677,179909148186604481,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2220 --field-trial-handle=1816,i,1328722767224102677,179909148186604481,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1816,i,1328722767224102677,179909148186604481,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3096 --field-trial-handle=1816,i,1328722767224102677,179909148186604481,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4340 --field-trial-handle=1816,i,1328722767224102677,179909148186604481,131072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4200,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=4268 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4812 --field-trial-handle=1816,i,1328722767224102677,179909148186604481,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5100 --field-trial-handle=1816,i,1328722767224102677,179909148186604481,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4416 --field-trial-handle=1816,i,1328722767224102677,179909148186604481,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4436 --field-trial-handle=1816,i,1328722767224102677,179909148186604481,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3324 --field-trial-handle=1816,i,1328722767224102677,179909148186604481,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5244 --field-trial-handle=1816,i,1328722767224102677,179909148186604481,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5256 --field-trial-handle=1816,i,1328722767224102677,179909148186604481,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5524 --field-trial-handle=1816,i,1328722767224102677,179909148186604481,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5540 --field-trial-handle=1816,i,1328722767224102677,179909148186604481,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5908 --field-trial-handle=1816,i,1328722767224102677,179909148186604481,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5944 --field-trial-handle=1816,i,1328722767224102677,179909148186604481,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6212 --field-trial-handle=1816,i,1328722767224102677,179909148186604481,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6240 --field-trial-handle=1816,i,1328722767224102677,179909148186604481,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6656 --field-trial-handle=1816,i,1328722767224102677,179909148186604481,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6644 --field-trial-handle=1816,i,1328722767224102677,179909148186604481,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5940 --field-trial-handle=1816,i,1328722767224102677,179909148186604481,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5776 --field-trial-handle=1816,i,1328722767224102677,179909148186604481,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6664 --field-trial-handle=1816,i,1328722767224102677,179909148186604481,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=7392 --field-trial-handle=1816,i,1328722767224102677,179909148186604481,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=7692 --field-trial-handle=1816,i,1328722767224102677,179909148186604481,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=7672 --field-trial-handle=1816,i,1328722767224102677,179909148186604481,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=7516 --field-trial-handle=1816,i,1328722767224102677,179909148186604481,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=7644 --field-trial-handle=1816,i,1328722767224102677,179909148186604481,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=7388 --field-trial-handle=1816,i,1328722767224102677,179909148186604481,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=7560 --field-trial-handle=1816,i,1328722767224102677,179909148186604481,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6364 --field-trial-handle=1816,i,1328722767224102677,179909148186604481,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6876 --field-trial-handle=1816,i,1328722767224102677,179909148186604481,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2776 --field-trial-handle=1816,i,1328722767224102677,179909148186604481,131072 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | click.linksynergy.com | udp |
| US | 35.212.67.244:443 | click.linksynergy.com | tcp |
| US | 8.8.8.8:53 | www.newegg.com | udp |
| BE | 104.90.24.254:443 | www.newegg.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.67.212.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.24.90.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | assets.adobedtm.com | udp |
| US | 8.8.8.8:53 | c1.neweggimages.com | udp |
| US | 8.8.8.8:53 | promotions.newegg.com | udp |
| GB | 2.16.233.16:443 | assets.adobedtm.com | tcp |
| US | 8.8.8.8:53 | imk.neweggimages.com | udp |
| US | 104.18.21.236:443 | c1.neweggimages.com | tcp |
| US | 104.18.21.236:443 | c1.neweggimages.com | tcp |
| US | 104.18.21.236:443 | c1.neweggimages.com | tcp |
| US | 104.18.21.236:443 | c1.neweggimages.com | tcp |
| US | 104.18.21.236:443 | c1.neweggimages.com | tcp |
| US | 104.18.21.236:443 | c1.neweggimages.com | tcp |
| BE | 104.90.24.254:443 | imk.neweggimages.com | tcp |
| US | 104.18.21.236:443 | c1.neweggimages.com | tcp |
| US | 8.8.8.8:53 | images10.newegg.com | udp |
| BE | 104.90.24.254:443 | images10.newegg.com | tcp |
| US | 8.8.8.8:53 | tags.tiqcdn.com | udp |
| US | 8.8.8.8:53 | secure.newegg.com | udp |
| BE | 104.90.24.254:443 | secure.newegg.com | tcp |
| BE | 104.90.24.254:443 | secure.newegg.com | tcp |
| FR | 3.162.38.123:443 | tags.tiqcdn.com | tcp |
| US | 8.8.8.8:53 | states.newegg.com | udp |
| US | 8.8.8.8:53 | help.newegg.com | udp |
| US | 8.8.8.8:53 | sealserver.trustwave.com | udp |
| BE | 104.90.24.254:443 | help.newegg.com | tcp |
| US | 8.8.8.8:53 | ec-apis.newegg.com | udp |
| US | 8.8.8.8:53 | pf.newegg.com | udp |
| NL | 23.62.61.154:443 | sealserver.trustwave.com | tcp |
| US | 8.8.8.8:53 | www2.newegg.com | udp |
| BE | 104.68.80.203:443 | ec-apis.newegg.com | tcp |
| BE | 104.90.24.254:443 | www2.newegg.com | tcp |
| BE | 104.90.24.254:443 | www2.newegg.com | tcp |
| US | 8.8.8.8:53 | media.flixcar.com | udp |
| NL | 87.248.202.44:443 | media.flixcar.com | tcp |
| US | 8.8.8.8:53 | s.go-mpulse.net | udp |
| BE | 104.90.24.133:443 | s.go-mpulse.net | tcp |
| US | 8.8.8.8:53 | cmp.osano.com | udp |
| FR | 18.164.52.93:443 | cmp.osano.com | tcp |
| NL | 87.248.202.44:443 | media.flixcar.com | tcp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.233.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.38.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.80.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.24.90.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.52.164.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.202.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 196.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.narrativ.com | udp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| FR | 18.164.52.111:443 | static.narrativ.com | tcp |
| FR | 142.250.179.78:443 | www.adsensecustomsearchads.com | tcp |
| US | 8.8.8.8:53 | 111.52.164.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | esuohni.onewegg.com | udp |
| BE | 104.90.24.254:443 | esuohni.onewegg.com | tcp |
| BE | 104.90.24.254:443 | esuohni.onewegg.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| FR | 142.250.179.106:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | c.go-mpulse.net | udp |
| BE | 104.90.24.254:443 | esuohni.onewegg.com | tcp |
| BE | 104.90.24.254:443 | esuohni.onewegg.com | tcp |
| BE | 104.90.24.133:443 | c.go-mpulse.net | tcp |
| BE | 104.90.24.254:443 | esuohni.onewegg.com | tcp |
| BE | 104.90.24.254:443 | esuohni.onewegg.com | tcp |
| US | 8.8.8.8:53 | 106.179.250.142.in-addr.arpa | udp |
| FR | 142.250.179.106:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | states.newegg.com | udp |
| US | 8.8.8.8:53 | events.release.narrativ.com | udp |
| FR | 142.250.179.78:443 | www.adsensecustomsearchads.com | udp |
| US | 54.221.238.61:443 | events.release.narrativ.com | tcp |
| US | 8.8.8.8:53 | 61.238.221.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | afs.googleusercontent.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn1.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn2.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn3.gstatic.com | udp |
| FR | 142.250.179.97:443 | afs.googleusercontent.com | tcp |
| FR | 142.250.179.97:443 | afs.googleusercontent.com | tcp |
| FR | 142.250.179.110:443 | encrypted-tbn3.gstatic.com | tcp |
| FR | 142.250.179.110:443 | encrypted-tbn3.gstatic.com | tcp |
| FR | 142.250.179.110:443 | encrypted-tbn3.gstatic.com | tcp |
| FR | 142.250.179.110:443 | encrypted-tbn3.gstatic.com | tcp |
| FR | 142.250.179.110:443 | encrypted-tbn3.gstatic.com | tcp |
| FR | 142.250.179.110:443 | encrypted-tbn3.gstatic.com | tcp |
| FR | 172.217.20.206:443 | encrypted-tbn2.gstatic.com | tcp |
| FR | 172.217.20.206:443 | encrypted-tbn2.gstatic.com | tcp |
| FR | 142.250.179.97:443 | afs.googleusercontent.com | udp |
| FR | 142.250.179.110:443 | encrypted-tbn3.gstatic.com | udp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | ads.servebom.com | udp |
| US | 8.8.8.8:53 | bordeaux.futurecdn.net | udp |
| US | 8.8.8.8:53 | prod.euid.eu | udp |
| US | 54.221.238.61:443 | events.release.narrativ.com | tcp |
| GB | 3.10.60.123:443 | prod.euid.eu | tcp |
| US | 8.8.8.8:53 | cdn.pbxai.com | udp |
| FR | 52.222.149.3:443 | ads.servebom.com | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| FR | 52.222.169.86:443 | bordeaux.futurecdn.net | tcp |
| GB | 143.244.38.136:443 | cdn.pbxai.com | tcp |
| FR | 142.250.201.162:443 | securepubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 97.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.60.10.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.149.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.169.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.38.244.143.in-addr.arpa | udp |
| FR | 52.222.169.86:443 | bordeaux.futurecdn.net | tcp |
| BE | 104.90.24.133:443 | c.go-mpulse.net | udp |
| US | 8.8.8.8:53 | sommelier.futurehybrid.tech | udp |
| IE | 52.18.239.8:443 | sommelier.futurehybrid.tech | tcp |
| US | 8.8.8.8:53 | cdn-ws.turnto.com | udp |
| NL | 87.248.202.44:443 | media.flixcar.com | tcp |
| US | 18.245.199.129:443 | cdn-ws.turnto.com | tcp |
| FR | 142.250.201.162:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 162.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.239.18.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.199.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sync.go.sonobi.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | us-u.openx.net | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 8.8.8.8:53 | ssc-cms.33across.com | udp |
| US | 8.8.8.8:53 | eb2.3lift.com | udp |
| US | 69.166.1.35:443 | sync.go.sonobi.com | tcp |
| US | 8.8.8.8:53 | purch-sync.go.sonobi.com | udp |
| US | 34.98.64.218:443 | us-u.openx.net | tcp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| US | 69.166.1.35:443 | purch-sync.go.sonobi.com | tcp |
| IE | 99.80.216.153:443 | ap.lijit.com | tcp |
| US | 67.202.105.22:443 | ssc-cms.33across.com | tcp |
| DE | 37.252.172.123:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | sync.bfmio.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | secure-assets.rubiconproject.com | udp |
| US | 8.8.8.8:53 | pixel.advertising.com | udp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | match.sharethrough.com | udp |
| US | 104.18.36.155:443 | ssum-sec.casalemedia.com | tcp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 52.54.132.127:443 | sync.bfmio.com | tcp |
| FR | 185.255.84.152:443 | visitor.omnitagjs.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| DE | 3.71.149.231:443 | ups.analytics.yahoo.com | tcp |
| DE | 3.123.122.241:443 | match.sharethrough.com | tcp |
| GB | 2.16.232.228:443 | ads.pubmatic.com | tcp |
| BE | 104.68.78.171:443 | secure-assets.rubiconproject.com | tcp |
| DE | 3.75.62.37:443 | ups.analytics.yahoo.com | tcp |
| US | 104.18.36.155:443 | ssum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | prod.flixgvid.flix360.io | udp |
| US | 34.98.64.218:443 | us-u.openx.net | udp |
| US | 8.8.8.8:53 | fastlane.rubiconproject.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| FR | 52.222.149.20:443 | prod.flixgvid.flix360.io | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| US | 8.8.8.8:53 | 218.64.98.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.1.166.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.111.223.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.216.80.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.36.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.172.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.105.202.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.132.54.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.149.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.122.123.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.149.71.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.78.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.62.75.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.232.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | i.liadm.com | udp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| FR | 172.217.20.194:443 | cm.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | trace.mediago.io | udp |
| US | 8.8.8.8:53 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | dsum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | pixel.servebom.com | udp |
| US | 44.195.167.64:443 | i.liadm.com | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 8.8.8.8:53 | rp.liadm.com | udp |
| US | 52.46.155.104:443 | s.amazon-adsystem.com | tcp |
| FR | 18.244.28.4:443 | pixel.servebom.com | tcp |
| FR | 18.244.28.4:443 | pixel.servebom.com | tcp |
| FR | 18.244.28.4:443 | pixel.servebom.com | tcp |
| FR | 18.244.28.4:443 | pixel.servebom.com | tcp |
| US | 54.156.192.59:443 | rp.liadm.com | tcp |
| FR | 18.244.28.4:443 | pixel.servebom.com | tcp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| US | 8.8.8.8:53 | dis.criteo.com | udp |
| US | 8.8.8.8:53 | api-2-0.spot.im | udp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 8.8.8.8:53 | creativecdn.com | udp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| FR | 99.86.91.62:443 | api-2-0.spot.im | tcp |
| IE | 52.48.246.250:443 | match.prod.bidr.io | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| BE | 104.90.26.20:443 | eus.rubiconproject.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| US | 35.208.249.213:443 | trace.mediago.io | tcp |
| US | 8.8.8.8:53 | gum.aidemsrv.com | udp |
| US | 8.8.8.8:53 | b1sync.zemanta.com | udp |
| FR | 99.86.91.62:443 | api-2-0.spot.im | tcp |
| US | 104.17.44.93:443 | gum.aidemsrv.com | tcp |
| US | 8.8.8.8:53 | player.aniview.com | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| DE | 51.89.9.252:443 | onetag-sys.com | tcp |
| US | 64.74.236.255:443 | b1sync.zemanta.com | tcp |
| GB | 23.73.139.80:443 | player.aniview.com | tcp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| US | 64.74.236.255:443 | b1sync.zemanta.com | tcp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| FR | 51.178.195.212:443 | ssbsync.smartadserver.com | tcp |
| US | 64.74.236.255:443 | b1sync.zemanta.com | tcp |
| GB | 185.64.191.214:443 | image8.pubmatic.com | tcp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| US | 8.8.8.8:53 | rtb.mfadsrvr.com | udp |
| US | 8.8.8.8:53 | cs.admanmedia.com | udp |
| US | 8.8.8.8:53 | cs-server-s2s.yellowblue.io | udp |
| BE | 104.90.26.20:443 | eus.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | 51d59a60fe120d3099512cba84be2f45.safeframe.googlesyndication.com | udp |
| US | 54.198.181.57:443 | sync.srv.stackadapt.com | tcp |
| DE | 18.197.7.178:443 | rtb.mfadsrvr.com | tcp |
| FR | 216.58.214.161:443 | 51d59a60fe120d3099512cba84be2f45.safeframe.googlesyndication.com | tcp |
| US | 34.197.100.197:443 | cs-server-s2s.yellowblue.io | tcp |
| US | 80.77.87.162:443 | cs.admanmedia.com | tcp |
| US | 8.8.8.8:53 | jadserve.postrelease.com | udp |
| US | 8.8.8.8:53 | sync.aniview.com | udp |
| IE | 52.50.65.213:443 | jadserve.postrelease.com | tcp |
| US | 8.8.8.8:53 | 139.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.149.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.40.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.28.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.167.195.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.155.46.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.192.156.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.216.36.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.8.184.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.246.48.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.26.90.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.249.208.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.91.86.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.44.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.9.89.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 255.236.74.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.191.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.195.178.51.in-addr.arpa | udp |
| US | 96.46.186.182:443 | sync.aniview.com | tcp |
| US | 8.8.8.8:53 | 98.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| US | 8.8.8.8:53 | bttrack.com | udp |
| NL | 69.173.156.149:443 | token.rubiconproject.com | tcp |
| NL | 69.173.156.149:443 | token.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | cdn.us.zip.co | udp |
| US | 8.8.8.8:53 | pdpone.syfpayments.com | udp |
| US | 192.132.33.67:443 | bttrack.com | tcp |
| US | 152.199.21.175:443 | cdn.us.zip.co | tcp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| BE | 104.68.64.227:443 | pdpone.syfpayments.com | tcp |
| US | 35.244.174.68:443 | id.rlcdn.com | tcp |
| US | 8.8.8.8:53 | sync.search.spotxchange.com | udp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 8.8.8.8:53 | sync.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | sli.newegg.com | udp |
| IE | 52.213.38.247:443 | sync.crwdcntrl.net | tcp |
| FR | 52.222.201.75:443 | sli.newegg.com | tcp |
| US | 8.8.8.8:53 | pixel.tapad.com | udp |
| US | 34.111.113.62:443 | pixel.tapad.com | tcp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| FR | 216.58.213.65:443 | cdn.ampproject.org | tcp |
| FR | 216.58.213.65:443 | cdn.ampproject.org | tcp |
| FR | 216.58.213.65:443 | cdn.ampproject.org | tcp |
| FR | 216.58.213.65:443 | cdn.ampproject.org | tcp |
| FR | 216.58.213.65:443 | cdn.ampproject.org | tcp |
| FR | 216.58.213.65:443 | cdn.ampproject.org | tcp |
| US | 34.111.113.62:443 | pixel.tapad.com | udp |
| US | 8.8.8.8:53 | eventsproxy.gargantuan.futureplc.com | udp |
| IE | 54.220.148.68:443 | eventsproxy.gargantuan.futureplc.com | tcp |
| US | 8.8.8.8:53 | googleads4.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 178.7.197.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.181.198.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.87.77.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.100.197.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.65.50.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.186.46.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.64.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.174.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 247.38.213.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.33.132.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.113.111.34.in-addr.arpa | udp |
| FR | 142.250.179.66:443 | googleads.g.doubleclick.net | tcp |
| FR | 142.250.179.66:443 | googleads.g.doubleclick.net | tcp |
| FR | 142.250.75.230:443 | s0.2mdn.net | tcp |
| BE | 104.68.80.203:443 | ec-apis.newegg.com | tcp |
| US | 8.8.8.8:53 | cdn1.affirm.com | udp |
| US | 8.8.8.8:53 | rt.flix360.com | udp |
| FR | 216.58.214.66:443 | googleads4.g.doubleclick.net | tcp |
| FR | 216.58.214.66:443 | googleads4.g.doubleclick.net | tcp |
| US | 172.66.0.33:443 | cdn1.affirm.com | tcp |
| IE | 3.248.31.47:443 | rt.flix360.com | tcp |
| IE | 3.248.31.47:443 | rt.flix360.com | tcp |
| IE | 3.248.31.47:443 | rt.flix360.com | tcp |
| US | 8.8.8.8:53 | states.newegg.com | udp |
| US | 8.8.8.8:53 | widgets.syfpayments.com | udp |
| US | 69.166.1.35:443 | purch-sync.go.sonobi.com | tcp |
| US | 8.8.8.8:53 | s.ad.smaato.net | udp |
| DE | 51.89.9.252:443 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | match.360yield.com | udp |
| FR | 172.217.20.194:443 | cm.g.doubleclick.net | udp |
| FR | 18.164.52.25:443 | s.ad.smaato.net | tcp |
| US | 8.8.8.8:53 | px.ads.linkedin.com | udp |
| US | 8.8.8.8:53 | ums.acuityplatform.com | udp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| US | 8.8.8.8:53 | cc.adingo.jp | udp |
| US | 64.74.236.255:443 | b1sync.zemanta.com | tcp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| US | 8.8.8.8:53 | cdn.optimizely.com | udp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| NL | 154.59.122.79:443 | ums.acuityplatform.com | tcp |
| JP | 54.65.56.119:443 | cc.adingo.jp | tcp |
| FR | 142.250.201.162:443 | securepubads.g.doubleclick.net | udp |
| US | 64.74.236.255:443 | b1sync.zemanta.com | tcp |
| US | 8.8.8.8:53 | sync.targeting.unrulymedia.com | udp |
| BE | 92.123.50.203:443 | cdn.optimizely.com | tcp |
| US | 8.8.8.8:53 | api-cf.affirm.com | udp |
| US | 8.8.8.8:53 | www.affirm.com | udp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| FR | 216.58.214.66:443 | googleads4.g.doubleclick.net | udp |
| US | 64.74.236.255:443 | b1sync.zemanta.com | tcp |
| JP | 54.65.56.119:443 | cc.adingo.jp | tcp |
| US | 8.8.8.8:53 | 202.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.148.220.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.0.66.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.31.248.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.52.164.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.42.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.122.59.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.50.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.56.65.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gateway.us.zip.co | udp |
| US | 8.8.8.8:53 | check.analytics.rlcdn.com | udp |
| US | 13.107.246.64:443 | gateway.us.zip.co | tcp |
| FR | 99.86.91.124:443 | check.analytics.rlcdn.com | tcp |
| US | 8.8.8.8:53 | cdn-assets.affirm.com | udp |
| US | 162.159.140.33:443 | cdn-assets.affirm.com | tcp |
| US | 162.159.140.33:443 | cdn-assets.affirm.com | tcp |
| US | 162.159.140.33:443 | cdn-assets.affirm.com | tcp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | image6.pubmatic.com | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 162.159.140.33:443 | cdn-assets.affirm.com | tcp |
| DE | 85.114.159.118:443 | dsp.adfarm1.adition.com | tcp |
| US | 172.66.0.33:443 | cdn-assets.affirm.com | tcp |
| GB | 185.64.190.78:443 | image6.pubmatic.com | tcp |
| BE | 104.68.64.227:443 | widgets.syfpayments.com | tcp |
| IE | 52.208.202.34:443 | match.360yield.com | tcp |
| US | 8.8.8.8:53 | api.rlcdn.com | udp |
| US | 8.8.8.8:53 | idx.liadm.com | udp |
| US | 54.166.147.213:443 | idx.liadm.com | tcp |
| US | 34.120.133.55:443 | api.rlcdn.com | tcp |
| US | 8.8.8.8:53 | r.casalemedia.com | udp |
| US | 8.8.8.8:53 | api.quadpay.com | udp |
| US | 13.107.246.64:443 | api.quadpay.com | tcp |
| US | 8.8.8.8:53 | assets.quadpay.com | udp |
| US | 172.64.148.201:443 | assets.quadpay.com | tcp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.91.86.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.140.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.24.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.159.114.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.202.208.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.133.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.147.166.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tags.syf.com | udp |
| US | 18.245.199.108:443 | tags.syf.com | tcp |
| US | 8.8.8.8:53 | 201.148.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.199.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pdpone.syfpos.com | udp |
| BE | 104.68.64.227:443 | pdpone.syfpos.com | tcp |
| US | 8.8.8.8:53 | synchronyfinancial.d1.sc.omtrdc.net | udp |
| IE | 66.235.152.221:443 | synchronyfinancial.d1.sc.omtrdc.net | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 221.152.235.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tattle.api.osano.com | udp |
| US | 54.83.252.152:443 | tattle.api.osano.com | tcp |
| US | 8.8.8.8:53 | 152.252.83.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | tcp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | tcp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | tcp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | tcp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 195.49.178.192.in-addr.arpa | udp |
Files
\??\pipe\crashpad_2260_ZSBYEBJPYUJDYVUZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | dc96f336ec4babfe0e67d1afe61555b4 |
| SHA1 | 1e0b4d61a639c809e8a1e1b935129bc2624c210e |
| SHA256 | f22ba2faddecaa3eb3d99ef9a3c216483dbe78c9ff5d8e6bab14693e604527f0 |
| SHA512 | 074da0b35103a2cedf657a31580abe8a7ac5bf75703df295a3051c226a03cb23604ad66b6d30a3b065f4f38c19ba13be0b7a941366021b8c5bcdd4b0608841db |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c89bcd2f3117b54f58955fbb449011f0 |
| SHA1 | 64769469acd6273bd93f3af63874d5da0d0cf7e0 |
| SHA256 | 26a32f3f7edb0dde25e19f19f2c2b19f424ccd75289b1a4bcee6ec5b10f093b1 |
| SHA512 | a30567065d279b7ad049629549cb9d558f915ec442acd2d57e899e9d430fb2ce8ee299889dc50efa70494259ed9c88fcd25ed4a6497ca9ca725e5ad1a0aa8ae6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c6d31085d509237e5913b47b9e8f8926 |
| SHA1 | d3b9d0278bf97522415d80a662db98c0631b2e1f |
| SHA256 | 053733ad9195bbfc0493cadf444f49fa296c8e56865b8a8b4f26649486c3968a |
| SHA512 | f02e7aab16b807fb9ab33a38b08741f6ae234e4cd2acbefeed7b8a62ed0b5c80e890a6fe5c0053042c8cf245cfffb2e6e27380dddc4746a0fd403e11fb08b562 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d9ebecf927a36113d7515852285dceff |
| SHA1 | 2c82966f00f81d79ec220537d1952ed514406e09 |
| SHA256 | c888f331df25140a75eccdf11ec3f533294b43f93c229f749f305dd33054957e |
| SHA512 | 90b28bcdceeb5cca24533acd43a52cacb6f6a686e9514df9002d425ee533bb3544b3cd3ab779de08ff2d1974554451f27741cf05ec186ebc6d40fafc1c6ff9bf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d7045d6e40fa279bcf326e975fbb21ae |
| SHA1 | 946de5178af4fe2880ec7ff9be268e6072cd025b |
| SHA256 | dcd72d3f1574f1053b27751c6c300a91bbf199bb94c7bef03b6ffce494491b66 |
| SHA512 | 974b4acfd1ca37551c87b9a740e6f5f26afc7249c98389c1b7c1dad4ec0c5d1c7e6b9361700bbe6251469f3b8a126592996ec905624bd6371d27818d8e9af9ff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | e1f1ff32ace0da20e7a452a7db6c7519 |
| SHA1 | 2cebd07f1595ce171b2a53260159badf3b549369 |
| SHA256 | ac5375e47b4f6869ff716ab15cee6ab7ac241c63e511113f313ca758abc44b9a |
| SHA512 | 04c62d913d68d7ee3b833484d142aa3ba36e0b0a4149719ed79325d7fe65451d4027a8efacc9fc183266fbcb035f5e12844b6c04b5bdd0ede0f361634e2374a2 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-09 07:41
Reported
2024-06-09 07:44
Platform
android-33-x64-arm64-20240603-en
Max time kernel
15s
Max time network
23s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.228:443 | udp | |
| GB | 142.250.187.228:443 | udp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.212.202:443 | tcp | |
| US | 172.64.41.3:443 | tcp | |
| US | 172.64.41.3:443 | tcp | |
| US | 172.64.41.3:443 | tcp | |
| US | 1.1.1.1:53 | click.linksynergy.com | udp |
| US | 35.212.67.244:443 | click.linksynergy.com | tcp |
| US | 35.212.67.244:443 | click.linksynergy.com | tcp |
| US | 1.1.1.1:53 | www.newegg.com | udp |
| GB | 95.100.244.248:443 | www.newegg.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| BE | 173.194.76.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 35.212.67.244:443 | click.linksynergy.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | udp |
| GB | 2.18.108.245:443 | c1.neweggimages.com | tcp |
| GB | 2.18.108.245:443 | tcp | |
| GB | 2.18.108.245:443 | c1.neweggimages.com | tcp |
| GB | 2.18.108.245:443 | tcp | |
| US | 1.1.1.1:53 | gmscompliance-pa.googleapis.com | udp |
| GB | 87.248.212.15:443 | media.flixcar.com | tcp |
| GB | 95.100.244.132:443 | s.go-mpulse.net | tcp |
| GB | 23.44.64.244:443 | promotions.newegg.com | tcp |
| GB | 108.156.39.49:443 | tcp | |
| GB | 23.44.64.244:443 | tcp | |
| GB | 23.44.64.244:443 | tcp |