Analysis Overview
SHA256
ead2648f0c356193d5440f4835cc638c8c37f563448d8c731b6291baa2fd08d2
Threat Level: Likely benign
The file . was found to be: Likely benign.
Malicious Activity Summary
Drops file in System32 directory
Drops file in Windows directory
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Modifies data under HKEY_USERS
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 16:57
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 16:57
Reported
2024-06-13 17:24
Platform
win10v2004-20240611-en
Max time kernel
1496s
Max time network
1495s
Command Line
Signatures
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00001.jrs | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00002.jrs | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jcp | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSStmp.log | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jtx | C:\Windows\System32\svchost.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Web\Wallpaper\Windows\img0.jpg | C:\Windows\System32\svchost.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133627715502351939" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3665033694-1447845302-680750983-1000\{AE7E1EAA-74FA-42D7-87ED-5B9FF9509572} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3665033694-1447845302-680750983-1000\{A5366F11-3A38-4F78-9D25-9620F71C2BA6} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings | C:\Windows\system32\mspaint.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\.html
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8bee1ab58,0x7ff8bee1ab68,0x7ff8bee1ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1608 --field-trial-handle=1896,i,3451967992904929549,10141866643997457109,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1896,i,3451967992904929549,10141866643997457109,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2212 --field-trial-handle=1896,i,3451967992904929549,10141866643997457109,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1896,i,3451967992904929549,10141866643997457109,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3064 --field-trial-handle=1896,i,3451967992904929549,10141866643997457109,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4436 --field-trial-handle=1896,i,3451967992904929549,10141866643997457109,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4596 --field-trial-handle=1896,i,3451967992904929549,10141866643997457109,131072 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3532,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=4436 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1896,i,3451967992904929549,10141866643997457109,131072 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=1244,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=4824 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Windows\Web\Wallpaper\Windows\img0.jpg" /ForceBootstrapPaint3D
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-redirect=Windows.Launch -contentTile -url 0 https://powerpoint.office.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --field-trial-handle=3880,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=4112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=1288,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=4388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --field-trial-handle=5300,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=5316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5452,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=5468 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5444,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=5516 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=6020,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=6032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --field-trial-handle=4996,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=5040 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=5076,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=6340 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --field-trial-handle=5028,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=6632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --field-trial-handle=4108,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=4800 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6148,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=6140 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --field-trial-handle=5816,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=6828 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --field-trial-handle=5924,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=6844 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --field-trial-handle=6112,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=6680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --field-trial-handle=7044,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=4784 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --field-trial-handle=7036,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=4728 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --field-trial-handle=6672,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=7040 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --field-trial-handle=5916,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=7024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --field-trial-handle=6664,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=6068 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --field-trial-handle=7392,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=6384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=37 --field-trial-handle=7472,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=7596 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=7812,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=7856 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --field-trial-handle=7616,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=7944 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=40 --field-trial-handle=7952,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=7996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=41 --field-trial-handle=8208,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=8224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=42 --field-trial-handle=8356,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=8284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=43 --field-trial-handle=8392,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=8508 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=44 --field-trial-handle=8628,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=8492 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --field-trial-handle=8768,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=8788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=46 --field-trial-handle=9008,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=9016 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=47 --field-trial-handle=9088,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=8632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=48 --field-trial-handle=9340,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=9328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=49 --field-trial-handle=9488,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=9380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=50 --field-trial-handle=9660,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=9516 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=51 --field-trial-handle=9500,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=9336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=52 --field-trial-handle=9364,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=8872 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=53 --field-trial-handle=9300,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=8476 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=54 --field-trial-handle=9384,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=9396 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=55 --field-trial-handle=9052,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=8508 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=56 --field-trial-handle=8520,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=8540 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=57 --field-trial-handle=8172,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=9244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=58 --field-trial-handle=8608,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=8568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=59 --field-trial-handle=9604,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=8252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=60 --field-trial-handle=7984,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=8248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=61 --field-trial-handle=8084,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=8804 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=62 --field-trial-handle=9692,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=7940 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=63 --field-trial-handle=8912,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=7992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=64 --field-trial-handle=9064,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=9440 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=65 --field-trial-handle=7704,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=9000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=66 --field-trial-handle=5596,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=8940 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --field-trial-handle=9896,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=5744 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=68 --field-trial-handle=7396,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=8588 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.142 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=125.0.2535.92 --initial-client-data=0x23c,0x240,0x244,0x238,0x260,0x7ff8a6014ef8,0x7ff8a6014f04,0x7ff8a6014f10
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2308,i,7603100641831778662,16646906556226672322,262144 --variations-seed-version --mojo-platform-channel-handle=2304 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1956,i,7603100641831778662,16646906556226672322,262144 --variations-seed-version --mojo-platform-channel-handle=2336 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2444,i,7603100641831778662,16646906556226672322,262144 --variations-seed-version --mojo-platform-channel-handle=2468 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --field-trial-handle=4384,i,7603100641831778662,16646906556226672322,262144 --variations-seed-version --mojo-platform-channel-handle=4444 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --field-trial-handle=4384,i,7603100641831778662,16646906556226672322,262144 --variations-seed-version --mojo-platform-channel-handle=4444 /prefetch:8
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --field-trial-handle=4492,i,7603100641831778662,16646906556226672322,262144 --variations-seed-version --mojo-platform-channel-handle=4764 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --field-trial-handle=4760,i,7603100641831778662,16646906556226672322,262144 --variations-seed-version --mojo-platform-channel-handle=4780 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=3036,i,7603100641831778662,16646906556226672322,262144 --variations-seed-version --mojo-platform-channel-handle=2940 /prefetch:8
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell wininit
C:\Windows\system32\wininit.exe
"C:\Windows\system32\wininit.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 4.181.190.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| BE | 88.221.83.217:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 217.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cxcs.microsoft.net | udp |
| BE | 104.68.66.114:443 | cxcs.microsoft.net | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 114.66.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | powerpoint.office.com | udp |
| US | 8.8.8.8:53 | powerpoint.office.com | udp |
| US | 8.8.8.8:53 | powerpoint.office.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 13.107.6.156:443 | powerpoint.office.com | tcp |
| US | 13.107.6.156:443 | powerpoint.office.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | 56.104.245.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.6.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft365.com | udp |
| US | 8.8.8.8:53 | www.microsoft365.com | udp |
| US | 8.8.8.8:53 | www.microsoft365.com | udp |
| US | 13.107.9.156:443 | www.microsoft365.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| NL | 2.18.121.10:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 92.123.52.36:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 40.126.31.71:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 51.11.108.188:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | aadcdn.msftauth.net | udp |
| US | 8.8.8.8:53 | aadcdn.msftauth.net | udp |
| US | 8.8.8.8:53 | aadcdn.msauth.net | udp |
| US | 8.8.8.8:53 | aadcdn.msauth.net | udp |
| US | 152.199.21.175:443 | aadcdn.msftauth.net | tcp |
| US | 152.199.21.175:443 | aadcdn.msftauth.net | tcp |
| US | 152.199.21.175:443 | aadcdn.msftauth.net | tcp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.9.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.52.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.108.11.51.in-addr.arpa | udp |
| US | 152.199.21.175:443 | aadcdn.msftauth.net | tcp |
| IE | 40.126.31.71:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 23.62.61.106:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 175.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 106.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| NL | 23.62.61.106:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| NL | 23.62.61.75:443 | th.bing.com | tcp |
| NL | 23.62.61.75:443 | th.bing.com | tcp |
| NL | 23.62.61.75:443 | th.bing.com | tcp |
| NL | 23.62.61.75:443 | th.bing.com | tcp |
| NL | 23.62.61.75:443 | th.bing.com | udp |
| NL | 23.62.61.75:443 | th.bing.com | udp |
| US | 8.8.8.8:53 | 75.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 40.126.32.68:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | 89.33.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | temp-mail.org | udp |
| US | 8.8.8.8:53 | temp-mail.org | udp |
| US | 8.8.8.8:53 | temp-mail.org | udp |
| US | 104.26.7.95:443 | temp-mail.org | tcp |
| US | 104.26.7.95:443 | temp-mail.org | tcp |
| US | 8.8.8.8:53 | cdn.paddle.com | udp |
| US | 8.8.8.8:53 | cdn.paddle.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | cdn4.buysellads.net | udp |
| US | 8.8.8.8:53 | cdn4.buysellads.net | udp |
| US | 172.66.43.196:443 | cdn.paddle.com | tcp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 152.42.150.143:443 | cdn4.buysellads.net | tcp |
| US | 8.8.8.8:53 | 95.7.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.79.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.43.66.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | web2.temp-mail.org | udp |
| US | 8.8.8.8:53 | web2.temp-mail.org | udp |
| US | 172.67.73.98:443 | web2.temp-mail.org | tcp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 104.22.74.216:443 | btloader.com | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| DE | 108.138.32.75:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| DE | 108.138.32.75:443 | c.amazon-adsystem.com | tcp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| BE | 108.177.15.155:443 | stats.g.doubleclick.net | tcp |
| DE | 108.138.36.117:443 | config.aps.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | srv.buysellads.com | udp |
| US | 8.8.8.8:53 | srv.buysellads.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| US | 8.8.8.8:53 | prg.smartadserver.com | udp |
| US | 8.8.8.8:53 | prg.smartadserver.com | udp |
| US | 8.8.8.8:53 | mp.4dex.io | udp |
| US | 8.8.8.8:53 | mp.4dex.io | udp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | rt.marphezis.com | udp |
| US | 8.8.8.8:53 | rt.marphezis.com | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| US | 8.8.8.8:53 | bidder.criteo.com | udp |
| US | 8.8.8.8:53 | bidder.criteo.com | udp |
| US | 8.8.8.8:53 | script.4dex.io | udp |
| US | 8.8.8.8:53 | script.4dex.io | udp |
| US | 8.8.8.8:53 | fastlane.rubiconproject.com | udp |
| US | 8.8.8.8:53 | fastlane.rubiconproject.com | udp |
| US | 8.8.8.8:53 | pbjs.e-planning.net | udp |
| US | 8.8.8.8:53 | pbjs.e-planning.net | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | secure.cdn.fastclick.net | udp |
| US | 8.8.8.8:53 | secure.cdn.fastclick.net | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | cdn.hadronid.net | udp |
| US | 8.8.8.8:53 | cdn.hadronid.net | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| NL | 185.89.210.244:443 | ib.adnxs.com | tcp |
| US | 152.42.150.143:443 | srv.buysellads.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| DE | 51.89.9.252:443 | onetag-sys.com | tcp |
| US | 178.128.135.204:443 | rt.marphezis.com | tcp |
| US | 104.18.34.178:443 | mp.4dex.io | tcp |
| DE | 3.78.168.176:443 | tlx.3lift.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| FR | 185.255.84.150:443 | hb-api.omnitagjs.com | tcp |
| US | 54.230.228.110:443 | hb.yellowblue.io | tcp |
| NL | 81.17.55.99:443 | prg.smartadserver.com | tcp |
| NL | 81.17.55.99:443 | prg.smartadserver.com | tcp |
| NL | 81.17.55.99:443 | prg.smartadserver.com | tcp |
| NL | 81.17.55.99:443 | prg.smartadserver.com | tcp |
| NL | 81.17.55.99:443 | prg.smartadserver.com | tcp |
| NL | 81.17.55.99:443 | prg.smartadserver.com | tcp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| US | 172.67.75.241:443 | script.4dex.io | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 193.3.178.3:443 | pbjs.e-planning.net | tcp |
| DE | 184.30.211.26:443 | secure.cdn.fastclick.net | tcp |
| US | 104.22.52.173:443 | cdn.hadronid.net | tcp |
| US | 8.8.8.8:53 | c.4dex.io | udp |
| US | 8.8.8.8:53 | c.4dex.io | udp |
| US | 172.67.38.106:443 | cdn.id5-sync.com | tcp |
| DE | 18.173.159.99:443 | aax.amazon-adsystem.com | tcp |
| US | 35.241.34.106:443 | c.4dex.io | tcp |
| US | 35.241.34.106:443 | c.4dex.io | tcp |
| US | 35.241.34.106:443 | c.4dex.io | tcp |
| US | 35.241.34.106:443 | c.4dex.io | tcp |
| US | 35.241.34.106:443 | c.4dex.io | tcp |
| US | 35.241.34.106:443 | c.4dex.io | tcp |
| US | 8.8.8.8:53 | temp-mail.org | udp |
| US | 8.8.8.8:53 | temp-mail.org | udp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 172.67.75.241:443 | script.4dex.io | tcp |
| US | 8.8.8.8:53 | cadmus.script.ac | udp |
| US | 8.8.8.8:53 | cadmus.script.ac | udp |
| US | 8.8.8.8:53 | 98.73.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.74.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.32.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.2.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.36.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.15.177.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.63.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.34.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.75.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.9.89.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.168.78.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.55.17.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.228.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.178.3.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.38.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.211.30.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.159.173.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.52.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.34.241.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.150.42.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| DE | 108.138.36.46:443 | tags.crwdcntrl.net | tcp |
| US | 104.18.23.145:443 | cadmus.script.ac | tcp |
| US | 178.128.135.204:443 | rt.marphezis.com | tcp |
| US | 172.67.23.234:443 | id.hadron.ad.gt | tcp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 35.241.34.106:443 | c.4dex.io | udp |
| DE | 108.138.32.75:443 | c.amazon-adsystem.com | tcp |
| DE | 18.173.159.99:443 | aax.amazon-adsystem.com | tcp |
| IE | 52.48.212.10:443 | bcp.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | a.ad.gt | udp |
| US | 8.8.8.8:53 | a.ad.gt | udp |
| US | 104.22.5.69:443 | a.ad.gt | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | temp-mail.org | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 194.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.23.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.23.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.212.48.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.5.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| DE | 162.19.138.120:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 141.95.33.120:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | b1e1e02d90eb758ef5d08e94a6ec8094.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | b1e1e02d90eb758ef5d08e94a6ec8094.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | b1e1e02d90eb758ef5d08e94a6ec8094.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | temp-mail.org | udp |
| GB | 172.217.169.65:443 | b1e1e02d90eb758ef5d08e94a6ec8094.safeframe.googlesyndication.com | tcp |
| GB | 172.217.169.65:443 | b1e1e02d90eb758ef5d08e94a6ec8094.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | b1e1e02d90eb758ef5d08e94a6ec8094.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | temp-mail.org | udp |
| GB | 172.217.169.65:443 | b1e1e02d90eb758ef5d08e94a6ec8094.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | b1e1e02d90eb758ef5d08e94a6ec8094.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | temp-mail.org | udp |
| US | 8.8.8.8:53 | b1e1e02d90eb758ef5d08e94a6ec8094.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | temp-mail.org | udp |
| US | 8.8.8.8:53 | b1e1e02d90eb758ef5d08e94a6ec8094.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | temp-mail.org | udp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| US | 8.8.8.8:53 | b1e1e02d90eb758ef5d08e94a6ec8094.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | temp-mail.org | udp |
| NL | 185.89.210.180:443 | secure.adnxs.com | tcp |
| NL | 185.89.210.180:443 | secure.adnxs.com | tcp |
| NL | 185.89.210.180:443 | secure.adnxs.com | tcp |
| NL | 185.89.210.180:443 | secure.adnxs.com | tcp |
| US | 8.8.8.8:53 | 120.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.135.128.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.33.95.141.in-addr.arpa | udp |
| NL | 185.89.210.180:443 | secure.adnxs.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | csm.nl3.eu.criteo.net | udp |
| US | 8.8.8.8:53 | csm.nl3.eu.criteo.net | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | b1e1e02d90eb758ef5d08e94a6ec8094.safeframe.googlesyndication.com | udp |
| NL | 178.250.1.25:443 | csm.nl3.eu.criteo.net | tcp |
| NL | 178.250.1.25:443 | csm.nl3.eu.criteo.net | tcp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | b1e1e02d90eb758ef5d08e94a6ec8094.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | b1e1e02d90eb758ef5d08e94a6ec8094.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | b1e1e02d90eb758ef5d08e94a6ec8094.safeframe.googlesyndication.com | udp |
| NL | 185.235.87.192:443 | ag.gbc.criteo.com | tcp |
| FR | 178.250.7.13:443 | dnacdn.net | tcp |
| FR | 185.235.86.48:443 | gem.gbc.criteo.com | tcp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | b1e1e02d90eb758ef5d08e94a6ec8094.safeframe.googlesyndication.com | udp |
| US | 35.241.34.106:443 | c.4dex.io | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.87.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.7.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.86.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | temp-mail.org | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 8.8.8.8:53 | temp-mail.org | udp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| US | 8.8.8.8:53 | temp-mail.org | udp |
| US | 8.8.8.8:53 | acdn.adnxs.com | udp |
| US | 8.8.8.8:53 | acdn.adnxs.com | udp |
| US | 8.8.8.8:53 | acdn.adnxs.com | udp |
| US | 8.8.8.8:53 | temp-mail.org | udp |
| US | 8.8.8.8:53 | eb2.3lift.com | udp |
| US | 8.8.8.8:53 | eb2.3lift.com | udp |
| US | 8.8.8.8:53 | eb2.3lift.com | udp |
| US | 8.8.8.8:53 | temp-mail.org | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | temp-mail.org | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | temp-mail.org | udp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| US | 8.8.8.8:53 | temp-mail.org | udp |
| FR | 185.255.84.152:443 | visitor.omnitagjs.com | tcp |
| BE | 92.123.50.49:443 | contextual.media.net | tcp |
| DE | 51.38.120.206:443 | onetag-sys.com | tcp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| GB | 2.21.188.239:443 | ads.pubmatic.com | tcp |
| BE | 104.68.78.171:443 | eus.rubiconproject.com | tcp |
| GB | 2.21.188.221:443 | acdn.adnxs.com | tcp |
| FR | 185.255.84.152:443 | visitor.omnitagjs.com | tcp |
| BE | 92.123.50.49:443 | contextual.media.net | tcp |
| US | 8.8.8.8:53 | sync.adkernel.com | udp |
| GB | 2.21.188.221:443 | acdn.adnxs.com | tcp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| GB | 2.21.188.239:443 | ads.pubmatic.com | tcp |
| BE | 104.68.78.171:443 | eus.rubiconproject.com | tcp |
| NL | 77.245.57.72:443 | sync.adkernel.com | tcp |
| US | 8.8.8.8:53 | gum.aidemsrv.com | udp |
| US | 8.8.8.8:53 | gum.aidemsrv.com | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| DE | 51.38.120.206:443 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | 18.111.223.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.50.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.120.38.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.78.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.188.21.2.in-addr.arpa | udp |
| US | 104.17.43.93:443 | gum.aidemsrv.com | tcp |
| US | 8.8.8.8:53 | 221.188.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.57.245.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | player.aniview.com | udp |
| US | 8.8.8.8:53 | player.aniview.com | udp |
| US | 8.8.8.8:53 | player.aniview.com | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 8.8.8.8:53 | dis.criteo.com | udp |
| US | 8.8.8.8:53 | dis.criteo.com | udp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | creativecdn.com | udp |
| US | 8.8.8.8:53 | creativecdn.com | udp |
| US | 8.8.8.8:53 | api-2-0.spot.im | udp |
| US | 8.8.8.8:53 | api-2-0.spot.im | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| US | 8.8.8.8:53 | b1sync.zemanta.com | udp |
| US | 8.8.8.8:53 | b1sync.zemanta.com | udp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| NL | 2.18.121.26:443 | player.aniview.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| IE | 34.251.183.115:443 | match.prod.bidr.io | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| US | 70.42.32.255:443 | b1sync.zemanta.com | tcp |
| US | 70.42.32.255:443 | b1sync.zemanta.com | tcp |
| US | 54.230.228.59:443 | api-2-0.spot.im | tcp |
| GB | 185.64.191.214:443 | image8.pubmatic.com | tcp |
| US | 8.8.8.8:53 | ssc-cms.33across.com | udp |
| US | 8.8.8.8:53 | ssc-cms.33across.com | udp |
| US | 8.8.8.8:53 | ssc-cms.33across.com | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 8.8.8.8:53 | secure-assets.rubiconproject.com | udp |
| US | 8.8.8.8:53 | secure-assets.rubiconproject.com | udp |
| US | 8.8.8.8:53 | secure-assets.rubiconproject.com | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 67.202.105.21:443 | ssc-cms.33across.com | tcp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| US | 67.202.105.21:443 | ssc-cms.33across.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| BE | 104.68.78.171:443 | secure-assets.rubiconproject.com | tcp |
| BE | 104.68.78.171:443 | secure-assets.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| NL | 69.173.156.148:443 | token.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| US | 8.8.8.8:53 | cs-server-s2s.yellowblue.io | udp |
| US | 8.8.8.8:53 | cs-server-s2s.yellowblue.io | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| FR | 5.135.209.101:443 | ssbsync.smartadserver.com | tcp |
| FR | 5.135.209.101:443 | ssbsync.smartadserver.com | tcp |
| US | 54.161.232.244:443 | cs-server-s2s.yellowblue.io | tcp |
| US | 52.71.174.196:443 | sync.srv.stackadapt.com | tcp |
| IE | 54.73.1.184:443 | ap.lijit.com | tcp |
| US | 8.8.8.8:53 | jadserve.postrelease.com | udp |
| US | 8.8.8.8:53 | jadserve.postrelease.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | cs.admanmedia.com | udp |
| US | 8.8.8.8:53 | cs.admanmedia.com | udp |
| US | 8.8.8.8:53 | sync.aniview.com | udp |
| US | 8.8.8.8:53 | sync.aniview.com | udp |
| US | 8.8.8.8:53 | rtb.mfadsrvr.com | udp |
| US | 8.8.8.8:53 | rtb.mfadsrvr.com | udp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| US | 80.77.87.166:443 | cs.admanmedia.com | tcp |
| US | 96.46.186.182:443 | sync.aniview.com | tcp |
| US | 8.8.8.8:53 | bttrack.com | udp |
| US | 8.8.8.8:53 | bttrack.com | udp |
| IE | 34.255.106.93:443 | jadserve.postrelease.com | tcp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| US | 192.132.33.67:443 | bttrack.com | tcp |
| US | 35.244.174.68:443 | id.rlcdn.com | tcp |
| DE | 3.122.62.224:443 | rtb.mfadsrvr.com | tcp |
| NL | 185.89.210.180:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| US | 8.8.8.8:53 | player.aniview.com | udp |
| US | 8.8.8.8:53 | secure-assets.rubiconproject.com | udp |
| US | 8.8.8.8:53 | player.aniview.com | udp |
| US | 8.8.8.8:53 | sync.search.spotxchange.com | udp |
| US | 8.8.8.8:53 | sync.search.spotxchange.com | udp |
| US | 8.8.8.8:53 | sync.search.spotxchange.com | udp |
| US | 8.8.8.8:53 | player.aniview.com | udp |
| US | 8.8.8.8:53 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | player.aniview.com | udp |
| US | 8.8.8.8:53 | sync.aniview.com | udp |
| US | 8.8.8.8:53 | sync.search.spotxchange.com | udp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 8.8.8.8:53 | sync.search.spotxchange.com | udp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 8.8.8.8:53 | 93.43.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.40.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.8.184.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.191.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.183.251.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.228.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 255.32.42.70.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.149.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.105.202.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.209.135.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.1.73.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.232.161.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.174.71.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.106.255.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.87.77.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.186.46.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.174.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.62.122.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.33.132.192.in-addr.arpa | udp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | 150.216.36.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | signup.live.com | udp |
| US | 8.8.8.8:53 | signup.live.com | udp |
| US | 8.8.8.8:53 | signup.live.com | udp |
| US | 13.107.42.22:443 | signup.live.com | tcp |
| US | 8.8.8.8:53 | signup.live.com | udp |
| US | 8.8.8.8:53 | acctcdn.msauth.net | udp |
| US | 8.8.8.8:53 | acctcdn.msauth.net | udp |
| US | 13.107.246.64:443 | acctcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | acctcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | acctcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | acctcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | acctcdn.msauth.net | tcp |
| US | 8.8.8.8:53 | acctcdnvzeuno.azureedge.net | udp |
| US | 8.8.8.8:53 | acctcdnvzeuno.azureedge.net | udp |
| US | 13.107.246.64:443 | acctcdn.msauth.net | tcp |
| US | 8.8.8.8:53 | acctcdnmsftuswe2.azureedge.net | udp |
| US | 8.8.8.8:53 | acctcdnmsftuswe2.azureedge.net | udp |
| US | 8.8.8.8:53 | acctcdn.msftauth.net | udp |
| US | 8.8.8.8:53 | acctcdn.msftauth.net | udp |
| US | 8.8.8.8:53 | 22.42.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fpt.live.com | udp |
| US | 8.8.8.8:53 | fpt.live.com | udp |
| US | 8.8.8.8:53 | fpt.live.com | udp |
| US | 8.8.8.8:53 | signup.live.com | udp |
| US | 52.167.30.171:443 | fpt.live.com | tcp |
| US | 8.8.8.8:53 | fpt2.microsoft.com | udp |
| US | 8.8.8.8:53 | fpt2.microsoft.com | udp |
| US | 8.8.8.8:53 | fpt2.microsoft.com | udp |
| US | 8.8.8.8:53 | fpt.live.com | udp |
| US | 52.167.30.171:443 | fpt.live.com | tcp |
| US | 8.8.8.8:53 | 171.30.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fpt2.microsoft.com | udp |
| US | 8.8.8.8:53 | fpt.microsoft.com | udp |
| US | 8.8.8.8:53 | fpt.microsoft.com | udp |
| US | 8.8.8.8:53 | fpt.microsoft.com | udp |
| US | 8.8.8.8:53 | nleditor.osi.office.net | udp |
| US | 8.8.8.8:53 | nleditor.osi.office.net | udp |
| IE | 52.111.236.33:443 | nleditor.osi.office.net | tcp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| US | 2.17.251.5:443 | aefd.nelreports.net | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 2.17.251.5:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | 5.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| AU | 40.79.173.40:443 | browser.events.data.microsoft.com | tcp |
| AU | 40.79.173.40:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 40.173.79.40.in-addr.arpa | udp |
| AU | 40.79.173.40:443 | browser.events.data.microsoft.com | tcp |
| AU | 40.79.173.40:443 | browser.events.data.microsoft.com | tcp |
| NL | 23.62.61.155:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 155.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | signup.live.com | udp |
| US | 8.8.8.8:53 | acctcdn.msauth.net | udp |
| US | 8.8.8.8:53 | acctcdn.msauth.net | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 8.8.8.8:53 | aka.ms | udp |
| US | 8.8.8.8:53 | aka.ms | udp |
| NL | 23.62.61.194:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 35.241.34.106:443 | c.4dex.io | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 54.192.228.183:443 | aax.amazon-adsystem.com | tcp |
| US | 18.245.174.120:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | 120.174.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.228.192.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | temp-mail.org | udp |
| US | 8.8.8.8:53 | temp-mail.org | udp |
| US | 8.8.8.8:53 | temp-mail.org | udp |
| US | 8.8.8.8:53 | temp-mail.org | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | srv.buysellads.com | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 152.42.150.143:443 | srv.buysellads.com | tcp |
| IE | 34.253.110.95:443 | bcp.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | csm.nl3.eu.criteo.net | udp |
| US | 8.8.8.8:53 | csm.nl3.eu.criteo.net | udp |
| NL | 178.250.1.25:443 | csm.nl3.eu.criteo.net | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | temp-mail.org | udp |
| US | 8.8.8.8:53 | 95.110.253.34.in-addr.arpa | udp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | prg.smartadserver.com | udp |
| US | 8.8.8.8:53 | prg.smartadserver.com | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| NL | 178.250.1.8:443 | bidder.criteo.com | tcp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| US | 8.8.8.8:53 | rt.marphezis.com | udp |
| US | 8.8.8.8:53 | rt.marphezis.com | udp |
| US | 8.8.8.8:53 | prod.tahoe-analytics.publishers.advertising.a2z.com | udp |
| US | 8.8.8.8:53 | prod.tahoe-analytics.publishers.advertising.a2z.com | udp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| DE | 51.89.9.252:443 | onetag-sys.com | udp |
| NL | 185.89.210.46:443 | ib.adnxs.com | tcp |
| FR | 185.255.84.151:443 | hb-api.omnitagjs.com | tcp |
| US | 178.128.135.204:443 | rt.marphezis.com | tcp |
| US | 54.200.192.168:443 | prod.tahoe-analytics.publishers.advertising.a2z.com | tcp |
| NL | 81.17.55.99:443 | prg.smartadserver.com | tcp |
| NL | 81.17.55.99:443 | prg.smartadserver.com | tcp |
| NL | 81.17.55.99:443 | prg.smartadserver.com | tcp |
| NL | 81.17.55.99:443 | prg.smartadserver.com | tcp |
| NL | 81.17.55.99:443 | prg.smartadserver.com | tcp |
| NL | 81.17.55.99:443 | prg.smartadserver.com | tcp |
| NL | 193.3.178.3:443 | pbjs.e-planning.net | tcp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| NL | 185.235.87.192:443 | ag.gbc.criteo.com | tcp |
| FR | 185.235.86.48:443 | gem.gbc.criteo.com | tcp |
| US | 35.241.34.106:443 | c.4dex.io | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | udp |
| FR | 178.250.7.13:443 | dnacdn.net | tcp |
| US | 8.8.8.8:53 | ssp-sync.criteo.com | udp |
| US | 8.8.8.8:53 | ssp-sync.criteo.com | udp |
| US | 178.128.135.204:443 | rt.marphezis.com | tcp |
| US | 8.8.8.8:53 | temp-mail.org | udp |
| US | 8.8.8.8:53 | temp-mail.org | udp |
| NL | 178.250.1.7:443 | ssp-sync.criteo.com | tcp |
| DE | 51.89.9.252:443 | onetag-sys.com | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| BE | 108.177.15.155:443 | stats.g.doubleclick.net | udp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | temp-mail.org | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 46.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.192.200.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.1.250.178.in-addr.arpa | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 178.128.135.204:443 | rt.marphezis.com | tcp |
| US | 8.8.8.8:53 | 9e5ead53550d4bf32389c9a34e8fc0bf.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 9e5ead53550d4bf32389c9a34e8fc0bf.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 9e5ead53550d4bf32389c9a34e8fc0bf.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | temp-mail.org | udp |
| US | 178.128.135.204:443 | rt.marphezis.com | tcp |
| GB | 172.217.169.65:443 | 9e5ead53550d4bf32389c9a34e8fc0bf.safeframe.googlesyndication.com | tcp |
| US | 178.128.135.204:443 | rt.marphezis.com | tcp |
| GB | 172.217.169.65:443 | 9e5ead53550d4bf32389c9a34e8fc0bf.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 9e5ead53550d4bf32389c9a34e8fc0bf.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | temp-mail.org | udp |
| US | 8.8.8.8:53 | 9e5ead53550d4bf32389c9a34e8fc0bf.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | temp-mail.org | udp |
| US | 8.8.8.8:53 | 9e5ead53550d4bf32389c9a34e8fc0bf.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | temp-mail.org | udp |
| US | 8.8.8.8:53 | 9e5ead53550d4bf32389c9a34e8fc0bf.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | temp-mail.org | udp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| NL | 185.89.210.180:443 | secure.adnxs.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | 9e5ead53550d4bf32389c9a34e8fc0bf.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | 9e5ead53550d4bf32389c9a34e8fc0bf.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | 9e5ead53550d4bf32389c9a34e8fc0bf.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | 9e5ead53550d4bf32389c9a34e8fc0bf.safeframe.googlesyndication.com | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| US | 8.8.8.8:53 | eb2.3lift.com | udp |
| US | 8.8.8.8:53 | temp-mail.org | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 8.8.8.8:53 | temp-mail.org | udp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| US | 8.8.8.8:53 | temp-mail.org | udp |
| US | 8.8.8.8:53 | acdn.adnxs.com | udp |
| US | 8.8.8.8:53 | acdn.adnxs.com | udp |
| US | 8.8.8.8:53 | acdn.adnxs.com | udp |
| US | 8.8.8.8:53 | temp-mail.org | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | temp-mail.org | udp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| US | 8.8.8.8:53 | temp-mail.org | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | temp-mail.org | udp |
| US | 8.8.8.8:53 | sync.adkernel.com | udp |
| US | 8.8.8.8:53 | sync.adkernel.com | udp |
| US | 151.101.1.108:443 | acdn.adnxs.com | tcp |
| GB | 2.21.189.68:443 | eus.rubiconproject.com | tcp |
| FR | 185.255.84.152:443 | visitor.omnitagjs.com | tcp |
| FR | 185.255.84.152:443 | visitor.omnitagjs.com | tcp |
| DE | 51.38.120.206:443 | onetag-sys.com | tcp |
| GB | 2.21.188.27:443 | contextual.media.net | udp |
| GB | 2.21.188.239:443 | ads.pubmatic.com | tcp |
| NL | 77.245.57.72:443 | sync.adkernel.com | tcp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 104.17.43.93:443 | gum.aidemsrv.com | udp |
| US | 8.8.8.8:53 | gum.aidemsrv.com | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 8.8.8.8:53 | dis.criteo.com | udp |
| US | 8.8.8.8:53 | dis.criteo.com | udp |
| US | 8.8.8.8:53 | creativecdn.com | udp |
| US | 8.8.8.8:53 | api-2-0.spot.im | udp |
| US | 8.8.8.8:53 | api-2-0.spot.im | udp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| US | 70.42.32.255:443 | b1sync.zemanta.com | tcp |
| US | 70.42.32.255:443 | b1sync.zemanta.com | tcp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| US | 8.8.8.8:53 | cs-server-s2s.yellowblue.io | udp |
| US | 8.8.8.8:53 | cs-server-s2s.yellowblue.io | udp |
| US | 8.8.8.8:53 | rtb.mfadsrvr.com | udp |
| US | 8.8.8.8:53 | rtb.mfadsrvr.com | udp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| IE | 34.255.106.93:443 | jadserve.postrelease.com | tcp |
| IE | 34.240.216.83:443 | match.prod.bidr.io | tcp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 8.8.8.8:53 | cs.admanmedia.com | udp |
| US | 8.8.8.8:53 | cs.admanmedia.com | udp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| US | 192.132.33.67:443 | bttrack.com | tcp |
| US | 8.8.8.8:53 | ssc-cms.33across.com | udp |
| US | 8.8.8.8:53 | ssc-cms.33across.com | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 3.235.200.90:443 | cs-server-s2s.yellowblue.io | tcp |
| US | 54.174.166.97:443 | sync.srv.stackadapt.com | tcp |
| DE | 3.122.62.224:443 | rtb.mfadsrvr.com | tcp |
| US | 8.8.8.8:53 | secure-assets.rubiconproject.com | udp |
| US | 8.8.8.8:53 | secure-assets.rubiconproject.com | udp |
| US | 8.8.8.8:53 | secure-assets.rubiconproject.com | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 80.77.87.161:443 | cs.admanmedia.com | tcp |
| IE | 52.16.203.89:443 | ap.lijit.com | tcp |
| US | 35.244.174.68:443 | id.rlcdn.com | udp |
| US | 67.202.105.24:443 | ssc-cms.33across.com | tcp |
| US | 67.202.105.24:443 | ssc-cms.33across.com | tcp |
| NL | 69.173.156.148:443 | token.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| BE | 104.68.78.171:443 | secure-assets.rubiconproject.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 8.8.8.8:53 | player.aniview.com | udp |
| US | 8.8.8.8:53 | player.aniview.com | udp |
| US | 8.8.8.8:53 | player.aniview.com | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| NL | 2.18.121.26:443 | player.aniview.com | udp |
| US | 8.8.8.8:53 | 27.188.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.216.240.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.203.16.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| FR | 217.182.178.228:443 | ssbsync.smartadserver.com | tcp |
| FR | 217.182.178.228:443 | ssbsync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | 97.166.174.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.200.235.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.87.77.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.105.202.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.178.182.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | signup.live.com | udp |
| US | 8.8.8.8:53 | signup.live.com | udp |
| US | 8.8.8.8:53 | acctcdn.msauth.net | udp |
| US | 8.8.8.8:53 | acctcdn.msauth.net | udp |
| US | 13.107.246.64:443 | acctcdn.msauth.net | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | iframe.arkoselabs.com | udp |
| US | 8.8.8.8:53 | iframe.arkoselabs.com | udp |
| US | 8.8.8.8:53 | iframe.arkoselabs.com | udp |
| US | 8.8.8.8:53 | signup.live.com | udp |
| US | 104.18.33.170:443 | iframe.arkoselabs.com | tcp |
| US | 8.8.8.8:53 | client-api.arkoselabs.com | udp |
| US | 8.8.8.8:53 | client-api.arkoselabs.com | udp |
| US | 172.64.154.86:443 | client-api.arkoselabs.com | udp |
| US | 8.8.8.8:53 | client-api.arkoselabs.com | udp |
| US | 8.8.8.8:53 | iframe.arkoselabs.com | udp |
| US | 8.8.8.8:53 | 86.154.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.33.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | client-api.arkoselabs.com | udp |
| US | 8.8.8.8:53 | client-api.arkoselabs.com | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 8.8.8.8:53 | client-api.arkoselabs.com | udp |
| US | 8.8.8.8:53 | client-api.arkoselabs.com | udp |
| US | 172.64.154.86:443 | client-api.arkoselabs.com | tcp |
| BE | 23.41.178.65:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 65.178.41.23.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| NL | 178.250.1.25:443 | csm.nl3.eu.criteo.net | tcp |
| US | 8.8.8.8:53 | edge-mobile-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-mobile-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-mobile-static.azureedge.net | tcp |
| BE | 23.41.178.128:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 128.178.41.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cxcs.microsoft.net | udp |
| BE | 104.68.66.114:443 | cxcs.microsoft.net | tcp |
| BE | 23.41.178.80:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 80.178.41.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-consumer-static.azureedge.net | tcp |
Files
\??\pipe\crashpad_928_FBHBMZKAJQVLSJRD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 64b79e90011cb2ba93e8ec1f83b12c5b |
| SHA1 | 98b062dd56ceef97306ab437bbeb77be0b2d4b38 |
| SHA256 | e10d4ad54fca85d7cee5765537f46a03a8731028ee4a7dd3e8d9e6bf3b2f90dc |
| SHA512 | a42feefe2dcf1de9488ff42b31283b970f4eb79ba64a4ac168c46b043771630bec185a690af9aa7954150981266804aa777f91588159bea7763f8610c80d5362 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 032a9e1454e9d9f8bca15b1d77a2a9f6 |
| SHA1 | 91a4a3137ca40a9f8ce064d94395c7a90b370bb2 |
| SHA256 | 9ccb31042c916c8f1cc7f15d542fd6374b9a1416a8652183b4e33b23491f37ef |
| SHA512 | 95fa14dcb2a187f9cca08cda02131ba2853eff046de4c0531c9d95a1a2127b7909c1d8f91d76127f641ad0d2f5914efe10916337629fbc31579fbc4478a1e1ab |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 717d5867938d353b9525f57ba00ab4ae |
| SHA1 | f1a86ca31d0e96b554713d47697f47bb9f5a644e |
| SHA256 | f6ff81b2b7be03ff0431d7cb9d629452c31f2591a052a6b1a5df40dd4962d152 |
| SHA512 | ad56761f892d24e7b8a06e74607f2818fc0acb4e6a533c6c59105b73a860a9ae1fadc1a63b708ac8946305f5e3243b50e0a1dfe0764c436997ed00eedb90e02a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 8f609aeeff29563b5f40e372e577567f |
| SHA1 | d40ac3cd5a896a6b613ecd917f3c6e9c4ba75356 |
| SHA256 | 42d477ad5e7354fbdd41e0a2e5e92a7a7f521970fac8118d8296c0823e0f8177 |
| SHA512 | 124551fb164e22c079355417a86bb8a4af1307dfc9e6e0c385697cf08c90955648c6dd200e96dd8f6cbef801737ccf152ffdda51c86de7894710103c5f8d94fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | 6716a36cdfbaa6b19ed295c28241120c |
| SHA1 | 177d2deae8e30a61ea50ac2377e35a8b6d6c169f |
| SHA256 | 88dd1119eed5193fcd90bbeab358c933780fe5432d86bfd30bf32347bc3e425d |
| SHA512 | 03a6242bfb3d4aadb2fa274cb84ca7fe705f75f3dc6c90b10389e358d78cb043c0b8b1c1dc67cc5fc54f78326be4127327f028a9b22cc5274944d0b03890f859 |
C:\Users\Public\Desktop\VLC media player.lnk
| MD5 | d2b46e1454f9a9ba031b2aee3e727749 |
| SHA1 | 902f96c830ad074d4e1f5937f5a7c3ab81f3975d |
| SHA256 | 42ca875efd8bb29e0637b7ad58d5623730fbc147ad5383f586811e652b32a931 |
| SHA512 | 28d7bfad6d7a8071aa596764e57a22ba4a601759513f76bc5580c9d3b94c912b4c8efd5afdd48d6c7f560232984994aa8dbbd03fd68c636ec872a38eff523796 |
C:\Users\Public\Desktop\Firefox.lnk
| MD5 | f7bbc3002fcbf369bcb7cd2f8b1a27cd |
| SHA1 | 833d43d60966b61a4f7762acbecfa6459f829f93 |
| SHA256 | cd6c75b0191cf5856a81fc7566775c749cf278bfc365906043eff642fcf112a3 |
| SHA512 | 18af4d1c55316d4d40bda5fffa83765eaa09c40bb9c98347d1c4f6f99fbfc746afaf493ae38e1faa9af56e68ed9abc723dcf79bfffb87fbe84ea283741919454 |
C:\Users\Public\Desktop\Google Chrome.lnk
| MD5 | 3fe2cd9daa377c54606d915705b7a2c0 |
| SHA1 | 4c0fd613b99d7d1d57dbd3e3fd634ef5a9810845 |
| SHA256 | e49a795099dcac9215160c9b356eb387b9c4c18c7d2076096018311bae10d60b |
| SHA512 | 5d6bf6ca41746fbcc66ad8e3ecddf8d0cdbcd06fe087baaf1400dcef703a9f375b66c3955a0d848057468895ba0657dd5b5637d800d2877bda2df0676b7d8cd8 |
C:\Users\Admin\Desktop\RedoTrace.reg
| MD5 | 753ef02c37072447f1c03b91aac3cae5 |
| SHA1 | 9114e2a8f6fd077de3f89aaa329627dc3b327b27 |
| SHA256 | 2c3ed0a6bc0f96f21afaa4b2400703baa08067146f2d4ad602732ff5c32983e9 |
| SHA512 | f81cdf7db9250d8776813ac25656131e9a5ed928bbc5d509eb2ba2dd0fa77f7be8a5547aa135995a1eb4b2d479aa660c34a68954e2f7d029325267e731d0e810 |
C:\Users\Admin\Desktop\WatchBlock.fon
| MD5 | bfb7c5d329af5f45a6e6fa66b4e7ce71 |
| SHA1 | f1de327eb6c5579f0bbaa423eced3bf98ee5edef |
| SHA256 | de1738bf2021dc1cec65664d5edd3da21ee80c1a5a97688aa19d42e5000cbf19 |
| SHA512 | 1c8ee51fb03240ec0c43c0a026a5b3318252d7d2de630fa446c5110d60e168e519dd6347250c7b05366eac383bf00f2aca9c904eac514ba71a6113e2be030694 |
C:\Users\Admin\Desktop\OpenProtect.sql
| MD5 | f77c3cf4e84759404d50391449842791 |
| SHA1 | 6206245d2ba078663d9e2d48e7edd2a3ac926956 |
| SHA256 | 274ffe9577c37c6dda774251f2d2426d0e99fe59ddee2474cf5be0c5fc334376 |
| SHA512 | 61fbef00d69c88e967515fd2cde3418a389bfad20cd1d7fc2d07b58f79c118d94627e689da5ca55384c282549a439c3758186c1ccf33542a32fabb6a9aecb2fe |
C:\Users\Admin\Desktop\RedoBlock.m3u
| MD5 | 8f14cc4bcfa904fd58f35380c75c49c4 |
| SHA1 | 0ce3ae7070d7740804838e678f9d51baeb27814c |
| SHA256 | 31441f06f94e1d2614f343e147de4fc8630af9455d7b2b5f5a2d33b2c6f5a620 |
| SHA512 | adc58a2d64b67ce29910d99e841b8030847b1e419507f3949d1600a4d61ba873f5fb3141232a91135eb139802d566e995cf77af853c6213bda3efb70e7a7b84a |
C:\Users\Admin\Desktop\UnlockRevoke.bin
| MD5 | 90cd600a2824c2857916d8baf977f4d2 |
| SHA1 | 61a35eb5bf2827e8113ec76213c67e08f603da6e |
| SHA256 | b44fb63b326f134f378fa7eb74e49369758eba32c2ca942f26028be81076c52e |
| SHA512 | 40bc8d6e5b82834b6c857bd543165c102196135d36f5bc66a328a2f5518c13e69fc3a6c274470ef8be5c998f5217d1143d1d3d98dc2b8d7b8c26c0dfdd94a133 |
C:\Users\Admin\Desktop\UndoSelect.dll
| MD5 | 273b2f3caf29a6044d2947834ed25b5f |
| SHA1 | 00869dfc643e9d41f5d771fcf644c4f8ccb0f7e2 |
| SHA256 | c8a1030869e7c628357c5149975a1944f0bd359cc98bd628fb550e4202186a2b |
| SHA512 | a1009ffe3c4777d57cacdd264d2a0c53ca4a09257c1da00953579cac63423480b7f07186cfdfdf579c975fee532610310af8a6e88e8fbe32538286aadc2f45e4 |
C:\Users\Admin\Desktop\DenySplit.edrwx
| MD5 | b8c6a183655f9489596e4eab377518b8 |
| SHA1 | c8cb3201846b7df0dd47ad44a1f363c35f34461a |
| SHA256 | 6442dbb26b994004303e94657e9002fad3f23f789c118b16789854a69df4f9b4 |
| SHA512 | 03dd2d070fb94e44b6ccb96469fa7d694654221fbb8156d5d5d92a79eefe86bfafc6bc2a8b3edf689172d27b7bf6d11b840e491ade0dc6e8421c7cacb5558118 |
C:\Users\Admin\Desktop\SubmitStop.dib
| MD5 | 2c7ff3bbbfbdbfa72ab0e5939f02798e |
| SHA1 | a294982e32df62bce1986904766a9bd4b43305f8 |
| SHA256 | 90c12833b412bd8001784fc7dd7a7ada70f390f16d17e439c5b0d93d45258017 |
| SHA512 | 28754671f754e43384569442fc4d2fa26e94f8005354d3260a8e9be6626c19da04e1ed6ef64ac4d76d6090d7e432e08507dc7cfc3b539c73c85c8fe152903169 |
C:\Users\Public\Desktop\Acrobat Reader DC.lnk
| MD5 | a7870e25819dd751c606c0a3211bbf22 |
| SHA1 | 7b0f2c7fbb4c3e531dd7b8be44b559e13a73ea48 |
| SHA256 | da668e636fc958026637d717bb2f072647fac95d7a59061365bb0ddf1610af44 |
| SHA512 | 1fcaeac6081c1d205b0724f967a92766d1450b5165bd061862e8bddb7cba79785a73d31c7a9b2b320f4acc7b321ccac4a0f949f579caa0a489a5e6d840229c47 |
C:\Users\Admin\Desktop\DisconnectReceive.vdw
| MD5 | 8ce385577fe144f9729f10e8d0ab3b91 |
| SHA1 | 1785dac73756ee81d759b791880e65a0496f4ea6 |
| SHA256 | 2aaf7e38c0e70154f528cc3bacf5e812498cbd179254869efdf4f5a436c97876 |
| SHA512 | 1e9c7a7bfbdff2e43c98ec0e7b33cf14149ff5af5babb7b0a8c517ed1e5ca5722e0569bcb63c35f153057a28808f79808858418502eda789b39aad0535c0d9b8 |
C:\Users\Admin\Desktop\TestComplete.ps1
| MD5 | 831e19f4c6bdf3b43f29b755e09ffe63 |
| SHA1 | 2a27f5a3d056ecd57062270a79ba57457bee2611 |
| SHA256 | 8f2689139512fdd1724ecfd5b308cbb5ce04597a00ca0d0f51d38e84a2f82564 |
| SHA512 | 80496767e0fcc61b37899fda88c1fe0fbf7ae9a815f8a5c20c3647d82f3e84fe69e30fcc634221418b2c746ac444e33bd60697c77ab4b76fe8cda91f6cca5c6c |
C:\Users\Admin\Desktop\DismountConvertFrom.mp2
| MD5 | 7d4d02757fc0e7e188147f6c082cf632 |
| SHA1 | ee3846c83fc8c804065c7ae09559bc096830cede |
| SHA256 | a257209babf7f9f56a5bb1394cd08781c1566513c4522c3b48aa7017fb323d8f |
| SHA512 | 831110814304f81681605a27da0e9b3f77b32bccd92273716dcc780e4347c9d118ea29c6708092971f7621e056b59a44f68cf70ed22661324d00c8661c8e184e |
C:\Users\Admin\Desktop\SetPing.ram
| MD5 | ea74c2454d0d84b54f15696c70630edd |
| SHA1 | f9d3d73a042eb336d547c3275216783a66824b20 |
| SHA256 | 96bd90e93dec653689cb49b4a9b6b7b769667d4c5d2ee46d591f1ec6229d061a |
| SHA512 | 9fc315f32be77e3325291eeb9ff159b57cb0e7fa2a81f87dcffacc6b1b49d0a1955f8499068516a2bfb7c2ce57b64c6e8afc4863421c4a3a09a30d48ccacaeb2 |
C:\Users\Admin\Desktop\UndoEnter.3g2
| MD5 | 20df89b59b467d6f7e76c366921c310b |
| SHA1 | 11985c8c1b19dfcd443f6054ca0094ad6c86dc3f |
| SHA256 | 443015670ee0554581c40a1a792684ffa5be359f1239e4b2bf34061a3cbc8075 |
| SHA512 | 28db74d32cdc7719e1e229365c80d50c3268c762925bfd4e1a186a612dedf8c967b81d80ec8fe17627b964e89d33314f00f0d497a00f7c56d83601777d5ad60c |
C:\Users\Admin\Desktop\EditExit.tif
| MD5 | da79accd9123cc87b9e43d4ada74c844 |
| SHA1 | 5b437ce93330a3feaca5d828b4a22a8d30f43d91 |
| SHA256 | 06c6d37d70884eb54931a4025423340f0a6b5d662d17adfea66539ed5c87dc03 |
| SHA512 | 7fae89606435850fa0ef9cf52fc76af42df1855ac85f0764d2195c14d5eac43368cea5d28f8db90eb7eb94fc8c071392903f52e3cdedcb9ee4a6be61eb668357 |
C:\Users\Admin\Desktop\UndoSave.eprtx
| MD5 | 47a5d4a39e1f873607a15fb1a444d15b |
| SHA1 | e676864c580a3f09fb8f66daaaf097c81e352eff |
| SHA256 | 1313248a42052a0ba0e31410b177d3644f92c3d45978061354ad50486ad30742 |
| SHA512 | 228782231dee9ed852e82d2f788b4e0c7426eeedf1ea19c1433e592a7722d1e47ab4e3f0ed66b5710900576d938daa1fb7de7ff301381cc465a047f3eaca572e |
C:\Users\Admin\Desktop\ConfirmMeasure.dib
| MD5 | 6064cc89517d55c7fe4823b1726f631b |
| SHA1 | 375bc818cf2243ae0938f11f171f574262d6cd8d |
| SHA256 | 9047680efa542aa2b9fda8653687cd95ffac470a21d7091e0c6d13874dc27dc9 |
| SHA512 | 3f368af2a218f5edde79d2b551a11e20ac1697dc37b9f332380181b2b880ce794155c7f29f8d0607dff0cdcee98874286e5b4996d3064c2755cf1bb085c60f13 |
C:\Users\Admin\Desktop\InitializeResolve.dll
| MD5 | 5cb099b297abfbdce40aa01578e47772 |
| SHA1 | 85f737da335d94905fcecf66b188f8e022216a8c |
| SHA256 | 9534be9fe1e1447190ade005b13c610f99e3498a47c5c80c10ee7db6858e2215 |
| SHA512 | 98437a495c2dcb021ee4c515ce63e8643a89a1b782436c8a26e73488ef9ac29ad94e4c4ee18bb198d3fafe1be9aeff9f8083695a8aeef013351ce271dc43ac2c |
C:\Users\Admin\Desktop\JoinRead.ps1
| MD5 | d6d706c83b0842ebf9c8f59936de5818 |
| SHA1 | e8dc064858d6d55496c8c507b0c34d2b545686b0 |
| SHA256 | 146619e04306ff71d23f6a94389299400bb42debd9b018df39dee1c5a1c4bdb7 |
| SHA512 | a361c00583c57d6b890039343b469cd4b5d175de1ab5a7b624d7e5643f9d772f3dc452601996c83fdae798f9774657e404bc08bb424d025e1c0cadb079bbf777 |
C:\Users\Admin\Desktop\UninstallCopy.m3u
| MD5 | 453c7f20f6d18a7071dbf86909807bc4 |
| SHA1 | 7f09be6cec49ebf42f1f4b72f052827d473914d9 |
| SHA256 | 49b7cfef0afb5ea3b9012abbcaf2c065258bcb9407ea133e21402783a7796c6f |
| SHA512 | 343bbc4b6c791f97f37a02065a3bc19eb94660967ec104b5d04dbff67f69229cbef5fb92a1afeb9bf5b5444943185cf59a5304d9a7bb4494f83f293de6ffc938 |
C:\Users\Admin\Desktop\MergeDeny.ram
| MD5 | 6b236e0627f6c63f149b8cfa74f57a99 |
| SHA1 | e26cbc772161fd3d884f03acfa2c7e081ecb8bb8 |
| SHA256 | cce8b28ce50e96407118b80e22f1d24b67aec5c2d8ace306b3702fc52bf44ced |
| SHA512 | 5730f980ecf256af6c4c55224e8e41f6b3a628dd480451094236c7a81a28ed4e198dcbff281798f6663b76fdab683f8db1a05a0c7c66e11c65a0fe41ba68f166 |
C:\Users\Admin\Desktop\MountConvertTo.asf
| MD5 | 1787cff2efa5c0e1d07a1a9c92fbde75 |
| SHA1 | 4b82dc733e0a069b07e170a86694108e9f36ae6e |
| SHA256 | e7dca64a347277d19ee4221db5287891764a138fa2b8c0b282558babfb0d279d |
| SHA512 | 304ed61fe54dd7d0d9a9e03a9a1ab17d422ff42165ff4ed3199f7e7f0e0e0bfdb6bc67d4eefa5241fdaf87be225158388e6fec494c85edf883b02add348e6caa |
C:\Users\Admin\Desktop\UseAdd.odp
| MD5 | 6b6c6dfe5bebb42d2608d0950fc6229e |
| SHA1 | 486a169017ea223de55204967534cd47e0fd168f |
| SHA256 | 0668925738e50595a85dc052ed8451106cb80256f47fb25db463a26eac1f9d39 |
| SHA512 | a002feef508e5d186d796dd2d1d59e49ad579d9a1a2aefef25972ee636bfdc4f999c42bdefa6aeeeb8656877c862c8af9045e5c3678453659a9f5349ccd52c32 |
C:\Users\Admin\Desktop\NewMount.search-ms
| MD5 | bcf78d58675791fe258e51efe140885c |
| SHA1 | e46906098c48602a335a00347925b9f77ca2903d |
| SHA256 | b0ed72c2dbb7870af737ab395530f434a01c44fa2d0ebb43915011fdb3c50727 |
| SHA512 | 03d37fc082ec85421f8668273e6cca73d64436323567de44b905296d1ea7e5167177409f9239f0b4d23acc8688e889a499679c55718e4d0178808b93cfcb4167 |
C:\Users\Admin\Desktop\ConfirmProtect.exe
| MD5 | 08131185024a933713427620be31776e |
| SHA1 | 0d548ee2f0b2bf65d708f871b92af0d9bf4019c8 |
| SHA256 | f04793e4eb8dcc1d9fbe9bdd7d02a2ecf341b969c292dc48f9be7055e5c2b6f7 |
| SHA512 | 1cb37add0ff8106fa8bb7c84fa71a6a3bc5e627dce4d68cfd99176f887c5d93b28efbb9a73396d6f5fe19b1c0d05679872e1c2353d63b0740dcf4a077462081a |
C:\Users\Admin\Desktop\ApproveSuspend.aifc
| MD5 | 98ff1e6a3969f25d9c62e1e37e7d12f4 |
| SHA1 | 8c97a17c79332beff9a91e001f5a1b4fdd0c2062 |
| SHA256 | f08ab90bf8663c3cfbb69bfebbea8543a8b57f1e8d0f6bb5b33347410ad38928 |
| SHA512 | 4764514c3889f75f7f5c6bb729a926e220447438ce8b982ec0d5dc0ef7932b057d6e0f216eff5bf30032ee0f2d54c193c04bd020d6483d313f9a0027e1d263d2 |
C:\Users\Admin\Desktop\SaveUnprotect.doc
| MD5 | a12b8cb0dd91873ce35353b4cf06c57f |
| SHA1 | 6f95f2ca1f82713838693a708f94583367ab4fa1 |
| SHA256 | 23a50904c9685e02d53df7fc75c82b072d581a926165eff1a1613eef829ce4d8 |
| SHA512 | 5e5dad664a6087404957316eebf925180db4287f4d04011e5d69dace2ae68ca03c5ca0936e1a03c2863ff267b944ecb0b6cdc45c7af042a522fb124136371817 |
C:\Users\Admin\Desktop\RemoveRepair.htm
| MD5 | 13f9c0843e858c9b95942818b5780560 |
| SHA1 | 1e74531b4f5e7b106c35cd754563f83ff34cc346 |
| SHA256 | a57e8d45a162f0c526df9442977a5f9ff47ed4aaf491944d46fd2743e7319f9d |
| SHA512 | 73178133466f075d0cb605f8c5a78c5bcc3a96db6fb46279d1bdd5f0019b0eaa2bc7de66d2d66fded75dc282bf742b770a34e776ff99156256430f0fd02ee8ad |
C:\Users\Admin\Desktop\DebugResize.wmf
| MD5 | 1dd5b4931d82eff3860c3f582a53d082 |
| SHA1 | a5bbdf6c6573fe089d8983e481185a8b4df4fd02 |
| SHA256 | 65da975aa89d507aa158af5b12e764eb2d063d0d55419bdb7c84efa375a5e137 |
| SHA512 | dc5c5534b0c0feccdd26743f75f3bec67b667d7348ddd12d88fa4c80d503b0daafa03b8a95291eef2ee0463d4b0d2e322d5358cce769b957010200967d8916b4 |
C:\Users\Admin\Desktop\ResolveBackup.asx
| MD5 | 43fd45b38c3b149defed7f935fa9c27a |
| SHA1 | 5977050891c41397138b16373ad1684b0bc3a132 |
| SHA256 | d68ba248481eb5b5b36b7e6fab9fc744d8acc8dc746e77b36f1ec436f49d8d6f |
| SHA512 | b4721d08baf2cdaca99c1e2f48c60f4515a6395d511d63dddec6c4e87d638664cebc39196ea35ba5738cfc20b55356d97f1d479c0505dc4a69707ace5b0e110e |
C:\vcredist2012_x86_0_vcRuntimeMinimum_x86.log
| MD5 | c962f2b52ea14981dd57a4bcc1f471fd |
| SHA1 | 26eb784317c4e99e351844f70b3f43cb391d70f9 |
| SHA256 | 2c4b074d45c52f96c91b43139a91b6b2154eb161799295ac104b6d607bd5d83a |
| SHA512 | 6a4a7865fe572a3f5b1d664079379537b4eaa56570bf787d488ad347c751967fa18e0e748d8b172b306b2370e6193fe64af029720bc2e6df8b019d09c2efc7b5 |
C:\vcredist2012_x86_1_vcRuntimeAdditional_x86.log
| MD5 | f943667dd8b92c0b037ff4f1de101570 |
| SHA1 | 7f6a3bde8f253cde123e4efc7470755dbb38f26d |
| SHA256 | 5d8b57f5accd7512daa08072968f5bdbda3c964379a52a824ceb6ef871491d56 |
| SHA512 | e5569fa4f0895dffcf0f1306399c3b72c85f767b99ff10fef73619e100eeb45b0e9ad6dc6729ac5f25586c72dccdb0fb25bedb416c3755f194dfc6e6fb8e2536 |
C:\vcredist2013_x64_000_vcRuntimeMinimum_x64.log
| MD5 | a62f3a5f20155865ac7c3923d6920125 |
| SHA1 | f0ec4b449cc16b140c372aadaaa604579376b203 |
| SHA256 | 50078523e83d29a7c34bd5d66eff38d44f3069b6d61f65b5fa7efb87ae19d506 |
| SHA512 | f7cd02c5cf22812eced2782543b41ff74706168dc5f2ff00d3e0221b751c1acab291437ed0d9663ee64514173552a1a74712797b5672e24f5deb6bed2785e1e0 |
C:\vcredist2013_x64_001_vcRuntimeAdditional_x64.log
| MD5 | 76ae2317c8dc734aea6f1e04ee9c1ff1 |
| SHA1 | 685c9b0c8d7b038447a9c97bad9ede592d3eeddd |
| SHA256 | fe4c50588fd4e47900cc737a28acff821a5d19ad79418b9d84e888647cabdafe |
| SHA512 | 7499911ba5e35cbd3c87c3606069899c97b7fb2c83d201e75a6cbf3903c5609d5529f827dd10788a051304c17091ced6276d7c8f9286da21c180bca9393c56bf |
C:\vcredist2013_x86_001_vcRuntimeAdditional_x86.log
| MD5 | f919c2141980731a0190507212261a6a |
| SHA1 | 1b75f1bf0fc5afa6ed9f3267d6989b77b1b56861 |
| SHA256 | f617ff318f42ceff95ec1505076554e0abe231e5bb4f69ac4b862ee2d7b1130e |
| SHA512 | dd1d6d2d080c5884176932d0ce7d43b6ca576f06f8ad6fee066a4c02c863375c600d8eeee145e29f146916ec54fb79d4804ff3320c0f57bee3f856e4973cb1d8 |
C:\vcredist2013_x86_000_vcRuntimeMinimum_x86.log
| MD5 | 977938f3648058f1350b1326b09897a6 |
| SHA1 | e979cf44e459f233d17ffd178cf5e9a0b525dc6b |
| SHA256 | ed7e4c1416e9de0cb5a64ee06dc40bc765173e7e7cfe4198131a28de5fe3e3c1 |
| SHA512 | 892bf582a6b51c81fd4bd4a40c206d4ef6b57dd4976ad203e9619e29f1c6dcd5f4ef12d2deccd70480216230ee54d8840db8df778e7dbfc561608d7bc6bdafdc |
C:\vcredist2022_x64_000_vcRuntimeMinimum_x64.log
| MD5 | 5b71fb002d6765880daa52f1064ee8d4 |
| SHA1 | f04536e26d6174bff7e6bebc9a8695d889631a94 |
| SHA256 | 492ef92a0ee0c9ae927dfb382a82c24fafa9130a2168fb4cbec91ee3703681f9 |
| SHA512 | 1d177a9aa280a3a689bf92f75c024f30dee62d43caac648e6426ba490c25d8a232be616f03f4339f9b3e9336ab705a97295ad31c6e09c0614bafef9c1e0d711e |
C:\vcredist2022_x64_001_vcRuntimeAdditional_x64.log
| MD5 | 35b5f016be3ad0f8f85acd144a08be9c |
| SHA1 | 952c155b9dabae7843e06e58ab8a1e47360f477c |
| SHA256 | fd9ff3941e780eb2378e32afd741ac06187a7a825ec449011d0a40d5e1262113 |
| SHA512 | 05aed6ea887afaaaeffc726e46361ae358be5d348b8c597b834748dcb79dfa06cc99583227eee9285ddc9f28257da7a8e5333a377cedc59bccc593ce3f269f80 |
C:\vcredist2022_x86_000_vcRuntimeMinimum_x86.log
| MD5 | 4b141abe31fb19ddf627bace862b2911 |
| SHA1 | bb4f4a02e0c189e5c905f071b87acad8ee4e2ea8 |
| SHA256 | 46803fad96b6f1246821fb78c1b24237e589f0b1dde461ee27b3c1600eaefe16 |
| SHA512 | 97a18c43f38bcbeba2594ba9bc978b8e74e2eb97f4901882d63d4800dff40ac4075810bb4fa7a8258113086bfb8901e694d564edda71709ea1d0b017a4a3cee3 |
C:\vcredist2022_x86_001_vcRuntimeAdditional_x86.log
| MD5 | 4e24ce6fc81bf295fe12659ef53b77eb |
| SHA1 | 9cd59742893bf1b1a1ec8fae97329ab1381fc133 |
| SHA256 | 323e543996861bccfd0aceb6214af0bc693f8719573c025d86c72f8ff856a9c2 |
| SHA512 | 8810cf02a87104f7e719de6b0c88731ffb4f8430a9c70bf1cca45c3dba12b6786590c54714306de6bbc9f7f1bb7a66baf8ed22163d471464e5ed9323f1ecf9e4 |
C:\vcredist2010_x64.log.html
| MD5 | c76cdf290c20a3f45cf799234835819c |
| SHA1 | 517ea058301c0b1cee0c216c577990cebca0194d |
| SHA256 | 2787d906fce04478677f4591eac56a623eebcbb5b785ea09bfe4510d6cc605b4 |
| SHA512 | 15d787ef70781b89ec5cfc25fbbe9171ddd3c1661d4dd8bc74b75be72c4ff0f8acbdae5ecf36081b66e6de9fc17e0df5b3b19b0ced0678412dc1fdbbe374198c |
C:\vcredist2010_x64.log-MSI_vc_red.msi.txt
| MD5 | 51cbf8496abd62d5925b2780c0c179c0 |
| SHA1 | 5d4c36f2fa118c1000b226999bf1f3d441007be1 |
| SHA256 | 329328f09d9402a58473affbec39d9ee21c2d91eeacf43451a7f35b3303b4eb6 |
| SHA512 | ef62abc9bd8b11207d25b50c0e78cc3967a41340d9af4445463334f2aca6fc4fd10287c6116a821e659e9a6b415e9cc2b060094cb7d60f68b82549168ffebe00 |
C:\vcredist2010_x86.log.html
| MD5 | a9016bc44f75919ef3de6f0dbf355d30 |
| SHA1 | be5712d71c50390aba849fdc4c094755100c96e9 |
| SHA256 | d0276ff990b9bdeb4e52075a14b0c14b1ea2471c384c83487de77f12e076cadc |
| SHA512 | 0942222ecae3a0b9c1be4b23e2421df4921d1dcecab89b5ffe84d5abeef73799f11e3513693b9534f86523dd4cd253f1382d35225a3d86f070e45d2f566823c9 |
C:\vcredist2010_x86.log-MSI_vc_red.msi.txt
| MD5 | a7768efd6ac81ef5369fddd538a815df |
| SHA1 | 3cf20dc68be21c130a4429d313184f50d9e63aeb |
| SHA256 | 89c06fb3d065b07d2081db4d40639315b4df8d83fb420ce74df3fa6dbe0472ce |
| SHA512 | 817e8f6f1d140ef48bee6349b5fb958fd8303288974c38725589eb8d2590a80ffbd1e257b79a7eb6b338c056214f6c8ca5c548d2eb4e3ce71c1234c21cd2d513 |
C:\vcredist2012_x64_0_vcRuntimeMinimum_x64.log
| MD5 | e0fa7afbeafa3c5f9e635cb825ce0191 |
| SHA1 | b45e10c88519374abf9406581ad064cfb97a1e98 |
| SHA256 | c9c0d24f5c3945de336399626ae375c646fc17d8db610760966f25942c20783a |
| SHA512 | 457974b6ff3f02ca26c10d203b0d7761fdd47f7715a8620163ffe1736886047c4e371252d432a4856af774e0301b103b00c0a1064e1e6a698ef1db1ce626de74 |
C:\vcredist2012_x64_1_vcRuntimeAdditional_x64.log
| MD5 | ae0074d8076da6ede020b799a6e153d5 |
| SHA1 | b5af7bf5e4b948787823e4963cbacef777bd9f3b |
| SHA256 | 1e86b6d4a37c5b9a03517242cbb9dfc8140ff61d7eb7c1ed3dcf69f83e5ed1b2 |
| SHA512 | 94e67a560d611d7e40022d572dd284ac4f59b72172607c4494309e570c27a7007944432dec51390428caebb2f0589561fb74df733c7fa26477e700f1955b5504 |
memory/5112-202-0x000002581BFA0000-0x000002581BFB0000-memory.dmp
memory/5112-198-0x000002581BF60000-0x000002581BF70000-memory.dmp
memory/5112-209-0x0000025824270000-0x0000025824271000-memory.dmp
memory/5112-211-0x00000258242F0000-0x00000258242F1000-memory.dmp
memory/5112-213-0x00000258242F0000-0x00000258242F1000-memory.dmp
memory/5112-214-0x0000025824380000-0x0000025824381000-memory.dmp
memory/5112-215-0x0000025824380000-0x0000025824381000-memory.dmp
memory/5112-216-0x0000025824390000-0x0000025824391000-memory.dmp
memory/5112-217-0x0000025824390000-0x0000025824391000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 52b1e6cca315f32fe2a76c4f106e497a |
| SHA1 | 5fc5d29a1fe8bd5867d861e44c46f340f705bc42 |
| SHA256 | d32d7b78c33b0dc7d92d5e4a223700303967ddf628fd7aadc504e14d189131e8 |
| SHA512 | 5ed4cb75eed2e8d26b8e7cc7a9b77df71fcded41d2747fcdc9582a744bd3491974fd78ac3e817f04f21378165bbe4674a33e6e620088cf843a94b34b7ac2e7d5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f062ea9a-5119-4d50-9275-e71f92a258f0.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | daa501bd7730c8edf55cdb5f288768d3 |
| SHA1 | eec6f66c2faa0490c6fa9437ab2a77c6869e99d8 |
| SHA256 | 0526d620fd003f3230651d3b80df9c6d9f2c38715429606a4e6d4d481bdbd8dd |
| SHA512 | f45228bcc82743e9d28e20fc91a2fbce62c9e2d00d08612384c155b5275567050db99111acb112826a9a624c660b27dfd866eb6c132f2d8a38c8a96a4910c390 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
| MD5 | 20d4b8fa017a12a108c87f540836e250 |
| SHA1 | 1ac617fac131262b6d3ce1f52f5907e31d5f6f00 |
| SHA256 | 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d |
| SHA512 | 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856 |
memory/4392-299-0x000001DBA0EF0000-0x000001DBA0F12000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_grznwqkb.1ba.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 16:57
Reported
2024-06-13 17:28
Platform
win7-20240611-en
Max time kernel
1571s
Max time network
1569s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\.html
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6f89758,0x7fef6f89768,0x7fef6f89778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1324,i,14214261832813935754,18210442605586251979,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1324,i,14214261832813935754,18210442605586251979,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1616 --field-trial-handle=1324,i,14214261832813935754,18210442605586251979,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2264 --field-trial-handle=1324,i,14214261832813935754,18210442605586251979,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2272 --field-trial-handle=1324,i,14214261832813935754,18210442605586251979,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1332 --field-trial-handle=1324,i,14214261832813935754,18210442605586251979,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1152 --field-trial-handle=1324,i,14214261832813935754,18210442605586251979,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2996 --field-trial-handle=1324,i,14214261832813935754,18210442605586251979,131072 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
\??\pipe\crashpad_2996_UUPVWLZIBHTYPIME
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fe57cb54095398cb99a8a74a3403da7b |
| SHA1 | fe9280db58362f3ffbf88e17ead57efa10af3fe1 |
| SHA256 | 17623d48e44c2336c545b16c58f490bea27b609de088bda77f24520f25b1fc4a |
| SHA512 | ba3e11de8181e3dacb6994fd3e93130f20567aeeb00d0916c36673050768bebef62689c40979cc329b3a945a91c5339b856a4e3c27e419ed2b126b737b508028 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 72dac4a0809ddccac211273a64d2a1f8 |
| SHA1 | 0f8d5642b505c8368e444bd40bea903b5bc3dec2 |
| SHA256 | 42cc98dcdea6ab869eb70c7fd30c057eae61202a49cf9c71cb6b6a4108155609 |
| SHA512 | 69ab340a6c02cc39e8fd178a1ce183519290d21c5c4e6b81805a0caf2f955956a96b38a7ecaa3982e9aa83b3165fcb14d327325384ace7d792dadd06dcd8615d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | daa9421b70073c36a4d9a03d5febaea9 |
| SHA1 | 915a6c048be34a6586f59d5568dc4e01f9e502fd |
| SHA256 | bf92b1569ca783feed29ea9c6b5006444d5609cdd6a0fd6f8bda40c5c2c18f52 |
| SHA512 | fccecaba5175d1cacd2b353fedf904b84c2badbc2d5f6f2ce79f14d6d839ad77b9cd982268e134839960e7bd5b369c8ffa5d096533bda594cf1d26138d28435a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\5a00ebfc-1650-44c5-9b2a-bfaa02c15207.tmp
| MD5 | cd10dd96fd475dc7da86dd3d9b2bbd02 |
| SHA1 | 17cc3241cc33e13802982bcb68dcc752552eae1e |
| SHA256 | c99aad55d90133ac673f72abc827f20b1e4d76b3ca53d01ae123b2b83176df04 |
| SHA512 | 593debf04daf21fa9f6d9d367c818f9131c702b709e3d0252af6b58de831a76f32c24555481e08fbb1367149ba510c150fc5df45eb913fa7cc6ea31d176e4f15 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8d17bc36e377df5e6f85801da3cfc151 |
| SHA1 | fe89e68119040206de19da25e116c65778d2c959 |
| SHA256 | 93cba88f0a8bb5dfd0766c0b0a1cd49f20f1d75f1df6042eaa58273fa10d1452 |
| SHA512 | e600b6cc668f1f1727fe8389ba6573c86ad7910d69489e27cc35bad3d69659f84ab9ecfe0477adbe3ee41cf3a35f6bd7cb708f6cbd7864020595257983c333b0 |