Malware Analysis Report

2024-09-23 10:30

Sample ID 240614-tg9s9sxeme
Target https://buxmessy.com
Tags
bootkit persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://buxmessy.com was found to be: Likely malicious.

Malicious Activity Summary

bootkit persistence

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Writes to the Master Boot Record (MBR)

Checks for any installed AV software in registry

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Checks processor information in registry

Suspicious use of SendNotifyMessage

Modifies registry class

Checks SCSI registry key(s)

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-14 16:02

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 16:02

Reported

2024-06-14 16:07

Platform

win10v2004-20240226-en

Max time kernel

270s

Max time network

277s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://buxmessy.com

Signatures

Downloads MZ/PE file

Checks for any installed AV software in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\Instup_IgnoredDownloadTypes C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\instup.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\CertificateFile C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\Instup_IgnoredDownloadTypes C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\instup.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\CertificateFile C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\instup.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\MovedFolder C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\instup.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\UseRegistry C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\UseRegistry C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\instup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\settings C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\instup.exe N/A
Key opened \REGISTRY\MACHINE\Software\AVAST Software\Avast C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\instup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\UseRegistry = "1" C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\instup.exe N/A
Key opened \REGISTRY\MACHINE\Software\Avira\Antivirus C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\FwDataFolder C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ReportFolder C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\instup.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ChestFolder C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\instup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ProgramFolder C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\instup.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\LogFolder C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\instup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\SetupLog = "C:\\ProgramData\\Avast Software\\Persistent Data\\Avast\\Logs\\Setup.log" C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\instup.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast C:\Windows\Temp\asw.dcbf065b12dba651\avast_free_antivirus_setup_online_x64.exe N/A
Key opened \REGISTRY\MACHINE\Software\AVAST Software\Avast C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\JournalFolder C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\LicenseFile C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\JournalFolder C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\instup.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\LogFolder C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ShepherdDebug C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ShepherdDebug C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\instup.exe N/A
Key opened \REGISTRY\MACHINE\Software\AVAST Software\Avast C:\Windows\Temp\asw.dcbf065b12dba651\avast_free_antivirus_setup_online_x64.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ReportFolder C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ChestFolder C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\DataFolder C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\CrashGuardProcessWatcherExclusions C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\instup.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\burger_client C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\FwDataFolder C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\instup.exe N/A
Key opened \Registry\MACHINE\SOFTWARE\Avast Software\Avast C:\Windows\Temp\asw.dcbf065b12dba651\avast_free_antivirus_setup_online_x64.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\instup.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ProgramFolder C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\settings C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\CrashGuardProcessWatcherExclusions C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\TempFolder C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\SetupLog = "C:\\ProgramData\\Avast Software\\Persistent Data\\Avast\\Logs\\Setup.log" C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\DataFolder C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\instup.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\TempFolder C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\instup.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\LicenseFile C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\instup.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\MovedFolder C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Key opened \REGISTRY\MACHINE\Software\Avira\Antivirus C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\instup.exe N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Windows\Temp\asw.dcbf065b12dba651\avast_free_antivirus_setup_online_x64.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\instup.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Downloads\avast_free_antivirus_setup_online (1).exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\instup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\instup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Windows\Temp\asw.dcbf065b12dba651\avast_free_antivirus_setup_online_x64.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\instup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\instup.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\Temp\asw.dcbf065b12dba651\avast_free_antivirus_setup_online_x64.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Windows\Temp\asw.dcbf065b12dba651\avast_free_antivirus_setup_online_x64.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\instup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\instup.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Checking install conditions" C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\instup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Main = "25" C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Updating package: instcont_x64_ais" C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "98" C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\SfxInstProgress = "35" C:\Windows\Temp\asw.dcbf065b12dba651\avast_free_antivirus_setup_online_x64.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "40" C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "33" C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "8" C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "62" C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "0" C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "14" C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "72" C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "37" C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Main = "100" C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage C:\Windows\Temp\asw.dcbf065b12dba651\avast_free_antivirus_setup_online_x64.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\SfxInstProgress = "50" C:\Windows\Temp\asw.dcbf065b12dba651\avast_free_antivirus_setup_online_x64.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "30" C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "44" C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "60" C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "61" C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Updating package: instup_x64_ais" C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "21" C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\SfxInstProgress = "92" C:\Windows\Temp\asw.dcbf065b12dba651\avast_free_antivirus_setup_online_x64.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "18" C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Updating package: setgui_x64_ais" C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "81" C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Updating package: offertool_x64_ais" C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "24" C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Extracting file: aswOfferTool.exe" C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "95" C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "97" C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Checking install conditions" C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "3" C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "42" C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "90" C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "92" C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Extracting file: HTMLayout.dll" C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\SfxInstProgress = "42" C:\Windows\Temp\asw.dcbf065b12dba651\avast_free_antivirus_setup_online_x64.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\SfxInstProgress = "64" C:\Windows\Temp\asw.dcbf065b12dba651\avast_free_antivirus_setup_online_x64.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "22" C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "4" C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "56" C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\SfxInstProgress = "21" C:\Windows\Temp\asw.dcbf065b12dba651\avast_free_antivirus_setup_online_x64.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Main = "62" C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "46" C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "70" C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "88" C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "File downloaded: avdump_x86_ais-a3d.vpx" C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "File downloaded: offertool_x64_ais-a3d.vpx" C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Extracting file: AvDump.exe" C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "100" C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "File downloaded: prod-pgm.vpx" C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Extracting file: instup.dll" C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "10" C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "17" C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "83" C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "84" C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "89" C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "25" C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\SfxInstProgress = "71" C:\Windows\Temp\asw.dcbf065b12dba651\avast_free_antivirus_setup_online_x64.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "7" C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "27" C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Updating package: avdump_x86_ais" C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "58" C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: 32 N/A C:\Windows\Temp\asw.dcbf065b12dba651\avast_free_antivirus_setup_online_x64.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Token: 32 N/A C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe N/A
Token: 32 N/A C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\instup.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\instup.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\aswOfferTool.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\aswOfferTool.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 652 wrote to memory of 576 N/A C:\Users\Admin\Downloads\avast_free_antivirus_setup_online (1).exe C:\Windows\Temp\asw.dcbf065b12dba651\avast_free_antivirus_setup_online_x64.exe
PID 652 wrote to memory of 576 N/A C:\Users\Admin\Downloads\avast_free_antivirus_setup_online (1).exe C:\Windows\Temp\asw.dcbf065b12dba651\avast_free_antivirus_setup_online_x64.exe
PID 576 wrote to memory of 5880 N/A C:\Windows\Temp\asw.dcbf065b12dba651\avast_free_antivirus_setup_online_x64.exe C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe
PID 576 wrote to memory of 5880 N/A C:\Windows\Temp\asw.dcbf065b12dba651\avast_free_antivirus_setup_online_x64.exe C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe
PID 5880 wrote to memory of 5872 N/A C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\instup.exe
PID 5880 wrote to memory of 5872 N/A C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\instup.exe
PID 5872 wrote to memory of 6448 N/A C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\instup.exe C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\aswOfferTool.exe
PID 5872 wrote to memory of 6448 N/A C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\instup.exe C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\aswOfferTool.exe
PID 5872 wrote to memory of 6448 N/A C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\instup.exe C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\aswOfferTool.exe
PID 5872 wrote to memory of 6504 N/A C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\instup.exe C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\aswOfferTool.exe
PID 5872 wrote to memory of 6504 N/A C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\instup.exe C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\aswOfferTool.exe
PID 5872 wrote to memory of 6504 N/A C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\instup.exe C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\aswOfferTool.exe
PID 5872 wrote to memory of 6528 N/A C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\instup.exe C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\aswOfferTool.exe
PID 5872 wrote to memory of 6528 N/A C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\instup.exe C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\aswOfferTool.exe
PID 5872 wrote to memory of 6528 N/A C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\instup.exe C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\aswOfferTool.exe
PID 5872 wrote to memory of 6568 N/A C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\instup.exe C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\aswOfferTool.exe
PID 5872 wrote to memory of 6568 N/A C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\instup.exe C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\aswOfferTool.exe
PID 5872 wrote to memory of 6568 N/A C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\instup.exe C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\aswOfferTool.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://buxmessy.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3436 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5108 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5340 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=3564 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5308 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=5428 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=6012 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --mojo-platform-channel-handle=5908 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --mojo-platform-channel-handle=6248 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /7

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4020 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5888 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --mojo-platform-channel-handle=4112 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --mojo-platform-channel-handle=6636 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --mojo-platform-channel-handle=6780 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --mojo-platform-channel-handle=6944 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --mojo-platform-channel-handle=7128 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --mojo-platform-channel-handle=7284 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --mojo-platform-channel-handle=7292 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --mojo-platform-channel-handle=7084 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6916 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=38 --mojo-platform-channel-handle=6932 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --mojo-platform-channel-handle=7144 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --no-appcompat-clear --mojo-platform-channel-handle=7904 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=7488 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=42 --mojo-platform-channel-handle=7208 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x2ec 0x304

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=43 --mojo-platform-channel-handle=7880 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=44 --mojo-platform-channel-handle=6464 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --mojo-platform-channel-handle=6580 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=46 --mojo-platform-channel-handle=6508 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=47 --mojo-platform-channel-handle=6792 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=48 --mojo-platform-channel-handle=6736 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=49 --mojo-platform-channel-handle=7676 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=50 --mojo-platform-channel-handle=6804 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=51 --mojo-platform-channel-handle=7104 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=52 --mojo-platform-channel-handle=7340 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=53 --mojo-platform-channel-handle=8316 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=54 --mojo-platform-channel-handle=8464 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=55 --mojo-platform-channel-handle=8488 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=56 --mojo-platform-channel-handle=8604 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=57 --mojo-platform-channel-handle=4580 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=58 --mojo-platform-channel-handle=9276 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=59 --mojo-platform-channel-handle=8720 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=60 --mojo-platform-channel-handle=9560 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=61 --mojo-platform-channel-handle=9692 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=62 --mojo-platform-channel-handle=9900 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=63 --mojo-platform-channel-handle=9868 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=64 --mojo-platform-channel-handle=8504 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=65 --mojo-platform-channel-handle=8004 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=8208 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --mojo-platform-channel-handle=9200 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=68 --mojo-platform-channel-handle=8576 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6868 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --mojo-platform-channel-handle=9308 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8

C:\Users\Admin\Downloads\avast_free_antivirus_setup_online (1).exe

"C:\Users\Admin\Downloads\avast_free_antivirus_setup_online (1).exe"

C:\Users\Admin\Downloads\avast_free_antivirus_setup_online (1).exe

"C:\Users\Admin\Downloads\avast_free_antivirus_setup_online (1).exe"

C:\Windows\Temp\asw.dcbf065b12dba651\avast_free_antivirus_setup_online_x64.exe

"C:\Windows\Temp\asw.dcbf065b12dba651\avast_free_antivirus_setup_online_x64.exe" /cookie:mmm_sft_dlp_000_119_h:dlid_FAV-PPC /ga_clientid:4ca4c408-edb7-4f51-b794-82e8b4a2efae /edat_dir:C:\Windows\Temp\asw.dcbf065b12dba651

C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe

"C:\Windows\Temp\asw.1c39e711436bc4e7\instup.exe" /sfx:lite /sfxstorage:C:\Windows\Temp\asw.1c39e711436bc4e7 /edition:1 /prod:ais /stub_context:e8d173aa-d153-4c3a-9b48-d016a10a4c28:9897680 /guid:b1c45082-ebb0-4a54-987b-7b4d79890247 /ga_clientid:4ca4c408-edb7-4f51-b794-82e8b4a2efae /cookie:mmm_sft_dlp_000_119_h:dlid_FAV-PPC /ga_clientid:4ca4c408-edb7-4f51-b794-82e8b4a2efae /edat_dir:C:\Windows\Temp\asw.dcbf065b12dba651

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=71 --mojo-platform-channel-handle=6784 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=72 --mojo-platform-channel-handle=10156 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=73 --mojo-platform-channel-handle=10004 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=74 --mojo-platform-channel-handle=10128 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=75 --mojo-platform-channel-handle=10096 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=76 --mojo-platform-channel-handle=9160 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=77 --mojo-platform-channel-handle=9400 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=78 --mojo-platform-channel-handle=9628 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=79 --mojo-platform-channel-handle=9608 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=80 --mojo-platform-channel-handle=10504 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=81 --mojo-platform-channel-handle=10580 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=82 --mojo-platform-channel-handle=8824 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=83 --mojo-platform-channel-handle=9956 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=84 --mojo-platform-channel-handle=8104 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=85 --mojo-platform-channel-handle=10744 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\instup.exe

"C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\instup.exe" /sfx /sfxstorage:C:\Windows\Temp\asw.1c39e711436bc4e7 /edition:1 /prod:ais /stub_context:e8d173aa-d153-4c3a-9b48-d016a10a4c28:9897680 /guid:b1c45082-ebb0-4a54-987b-7b4d79890247 /ga_clientid:4ca4c408-edb7-4f51-b794-82e8b4a2efae /cookie:mmm_sft_dlp_000_119_h:dlid_FAV-PPC /edat_dir:C:\Windows\Temp\asw.dcbf065b12dba651 /online_installer

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=86 --mojo-platform-channel-handle=9464 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=87 --mojo-platform-channel-handle=9280 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=88 --mojo-platform-channel-handle=10212 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\aswOfferTool.exe

"C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\aswOfferTool.exe" -checkGToolbar -elevated

C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\aswOfferTool.exe

"C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\aswOfferTool.exe" /check_secure_browser

C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\aswOfferTool.exe

"C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\aswOfferTool.exe" -checkChrome -elevated

C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\aswOfferTool.exe

"C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\aswOfferTool.exe" -checkChromeReactivation -elevated -bc=AVFC

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=89 --mojo-platform-channel-handle=7692 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=90 --mojo-platform-channel-handle=7240 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=91 --mojo-platform-channel-handle=8356 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Users\Public\Documents\aswOfferTool.exe

"C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AVFC

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=92 --mojo-platform-channel-handle=11096 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=93 --mojo-platform-channel-handle=5796 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=94 --mojo-platform-channel-handle=11148 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=95 --mojo-platform-channel-handle=11444 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=96 --mojo-platform-channel-handle=11716 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=97 --mojo-platform-channel-handle=12020 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=98 --mojo-platform-channel-handle=12028 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=99 --mojo-platform-channel-handle=11180 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=100 --mojo-platform-channel-handle=12380 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=101 --mojo-platform-channel-handle=12520 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=102 --mojo-platform-channel-handle=10272 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 buxmessy.com udp
US 8.8.8.8:53 buxmessy.com udp
US 8.8.8.8:53 buxmessy.com udp
US 172.67.213.222:443 buxmessy.com udp
US 172.67.213.222:443 buxmessy.com tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
US 13.107.6.158:443 business.bing.com tcp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 222.213.67.172.in-addr.arpa udp
US 8.8.8.8:53 browser.sentry-cdn.com udp
US 8.8.8.8:53 browser.sentry-cdn.com udp
US 8.8.8.8:53 d3qborf6vf5lth.cloudfront.net udp
US 8.8.8.8:53 d3qborf6vf5lth.cloudfront.net udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 151.101.66.217:443 browser.sentry-cdn.com tcp
DE 108.138.24.117:443 d3qborf6vf5lth.cloudfront.net tcp
NL 2.18.121.23:443 bzib.nelreports.net tcp
US 23.200.189.225:443 www.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 o425163.ingest.sentry.io udp
US 8.8.8.8:53 o425163.ingest.sentry.io udp
US 34.120.195.249:443 o425163.ingest.sentry.io tcp
US 34.120.195.249:443 o425163.ingest.sentry.io tcp
US 34.120.195.249:443 o425163.ingest.sentry.io tcp
US 172.67.213.222:443 buxmessy.com tcp
US 8.8.8.8:53 d266key948fg17.cloudfront.net udp
US 8.8.8.8:53 d266key948fg17.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 13.224.194.115:443 d266key948fg17.cloudfront.net tcp
US 13.224.194.115:443 d266key948fg17.cloudfront.net tcp
US 13.224.194.115:443 d266key948fg17.cloudfront.net tcp
US 13.224.194.115:443 d266key948fg17.cloudfront.net tcp
US 13.224.194.115:443 d266key948fg17.cloudfront.net tcp
US 13.224.194.115:443 d266key948fg17.cloudfront.net tcp
US 8.8.8.8:53 158.6.107.13.in-addr.arpa udp
DE 18.245.62.220:443 dst36t2kjn7gi.cloudfront.net tcp
DE 18.245.62.220:443 dst36t2kjn7gi.cloudfront.net tcp
US 8.8.8.8:53 217.66.101.151.in-addr.arpa udp
US 8.8.8.8:53 117.24.138.108.in-addr.arpa udp
US 8.8.8.8:53 23.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 225.189.200.23.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
NL 23.62.61.129:443 www.bing.com tcp
US 8.8.8.8:53 249.195.120.34.in-addr.arpa udp
US 8.8.8.8:53 115.194.224.13.in-addr.arpa udp
US 8.8.8.8:53 220.62.245.18.in-addr.arpa udp
US 8.8.8.8:53 129.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 64.253.107.13.in-addr.arpa udp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 200.131.50.23.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
GB 142.250.200.42:443 tcp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.42.65.92:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 92.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 13.107.246.64:443 tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 98.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
N/A 224.0.0.251:5353 udp
NL 23.62.61.129:443 www.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 th.bing.com udp
NL 23.62.61.72:443 th.bing.com tcp
NL 23.62.61.72:443 th.bing.com tcp
NL 23.62.61.97:443 th.bing.com tcp
NL 23.62.61.97:443 th.bing.com tcp
NL 23.62.61.72:443 th.bing.com udp
US 8.8.8.8:53 72.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
CA 15.235.9.150:80 15.235.9.150 tcp
CA 15.235.9.150:80 15.235.9.150 tcp
CA 15.235.9.150:443 tcp
US 8.8.8.8:53 crt.sectigo.com udp
US 8.8.8.8:53 crt.sectigo.com udp
US 104.18.38.233:80 crt.sectigo.com tcp
NL 23.62.61.72:443 www.bing.com udp
NL 23.62.61.129:443 www.bing.com udp
CA 15.235.9.150:80 15.235.9.150 tcp
CA 15.235.9.150:80 15.235.9.150 tcp
CA 15.235.9.150:80 15.235.9.150 tcp
CA 15.235.9.150:80 15.235.9.150 tcp
CA 15.235.9.150:8443 tcp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 use.fontawesome.com udp
US 8.8.8.8:53 use.fontawesome.com udp
US 8.8.8.8:53 rbx.how udp
US 8.8.8.8:53 rbx.how udp
US 151.101.193.229:443 cdn.jsdelivr.net tcp
US 151.101.193.229:443 cdn.jsdelivr.net tcp
US 104.17.24.14:443 cdnjs.cloudflare.com udp
US 151.101.2.137:443 code.jquery.com tcp
US 172.67.142.245:443 use.fontawesome.com udp
US 172.67.218.34:443 rbx.how udp
US 172.67.142.245:443 use.fontawesome.com tcp
US 8.8.8.8:53 tr.rbxcdn.com udp
US 8.8.8.8:53 tr.rbxcdn.com udp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 14.24.17.104.in-addr.arpa udp
US 8.8.8.8:53 245.142.67.172.in-addr.arpa udp
US 8.8.8.8:53 229.193.101.151.in-addr.arpa udp
US 8.8.8.8:53 34.218.67.172.in-addr.arpa udp
US 8.8.8.8:53 137.2.101.151.in-addr.arpa udp
NL 2.18.121.34:443 tr.rbxcdn.com tcp
US 8.8.8.8:53 c.pubguru.net udp
US 8.8.8.8:53 c.pubguru.net udp
US 13.225.78.77:80 c.pubguru.net tcp
US 172.67.142.245:443 use.fontawesome.com tcp
US 8.8.8.8:53 a3.pubguru.net udp
US 8.8.8.8:53 a3.pubguru.net udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
DE 3.126.156.194:443 a3.pubguru.net tcp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 claimrbx.gg udp
US 8.8.8.8:53 _8443._https.claimrbx.gg udp
US 8.8.8.8:53 34.121.18.2.in-addr.arpa udp
US 104.21.47.203:8443 claimrbx.gg tcp
US 8.8.8.8:53 77.78.225.13.in-addr.arpa udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
GB 142.250.179.238:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.16.246:443 i.ytimg.com tcp
US 8.8.8.8:53 194.156.126.3.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 203.47.21.104.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 246.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
DE 3.126.156.194:443 a3.pubguru.net tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
DE 3.126.156.194:443 a3.pubguru.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.212.194:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 194.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 142.250.200.10:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.200.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.180.1:443 yt3.ggpht.com tcp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 151.101.193.229:443 cdn.jsdelivr.net udp
CA 15.235.9.150:443 tcp
CA 15.235.9.150:8443 tcp
US 8.8.8.8:53 login.microsoftonline.com udp
US 8.8.8.8:53 login.microsoftonline.com udp
US 8.8.8.8:53 login.microsoftonline.com udp
SE 40.126.53.18:443 login.microsoftonline.com tcp
US 8.8.8.8:53 login.microsoftonline.com udp
US 8.8.8.8:53 18.53.126.40.in-addr.arpa udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 services.bingapis.com udp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 nleditor.osi.office.net udp
US 8.8.8.8:53 nleditor.osi.office.net udp
GB 52.109.32.38:443 nleditor.osi.office.net tcp
CA 15.235.9.150:80 15.235.9.150 tcp
US 8.8.8.8:53 38.32.109.52.in-addr.arpa udp
US 8.8.8.8:53 196.131.50.23.in-addr.arpa udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
CA 15.235.9.150:80 15.235.9.150 tcp
CA 15.235.9.150:443 tcp
CA 15.235.9.150:8443 tcp
US 216.239.34.36:443 region1.google-analytics.com udp
US 104.21.47.203:8443 claimrbx.gg udp
US 8.8.8.8:53 wall.adgaterewards.com udp
US 8.8.8.8:53 wall.adgaterewards.com udp
US 8.8.8.8:53 wall.adgaterewards.com udp
US 172.67.139.41:443 wall.adgaterewards.com tcp
CA 15.235.9.150:80 15.235.9.150 tcp
CA 15.235.9.150:80 15.235.9.150 tcp
CA 15.235.9.150:80 15.235.9.150 tcp
CA 15.235.9.150:80 15.235.9.150 tcp
US 104.21.47.203:8443 claimrbx.gg tcp
US 8.8.8.8:53 cdn.discordapp.com udp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.133.233:443 cdn.discordapp.com udp
US 172.67.139.41:443 wall.adgaterewards.com udp
US 8.8.8.8:53 41.139.67.172.in-addr.arpa udp
US 8.8.8.8:53 233.133.159.162.in-addr.arpa udp
US 8.8.8.8:53 malsup.github.io udp
US 8.8.8.8:53 malsup.github.io udp
US 185.199.109.153:80 malsup.github.io tcp
US 8.8.8.8:53 wall.adgaterewards.com udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 172.64.154.167:443 www2.bing.com tcp
US 8.8.8.8:53 167.154.64.172.in-addr.arpa udp
US 8.8.8.8:53 wall.adgaterewards.com udp
US 8.8.8.8:53 wall.adgaterewards.com udp
US 104.21.46.132:443 wall.adgaterewards.com udp
US 8.8.8.8:53 132.46.21.104.in-addr.arpa udp
CA 15.235.9.150:80 15.235.9.150 tcp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
DE 3.126.156.194:443 a3.pubguru.net tcp
CA 15.235.9.150:80 tcp
CA 15.235.9.150:80 tcp
US 151.101.193.229:443 cdn.jsdelivr.net udp
US 104.17.24.14:443 cdnjs.cloudflare.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 104.21.47.203:8443 claimrbx.gg udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
NL 23.62.61.72:443 www.bing.com udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 172.64.154.167:443 www2.bing.com udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 th.bing.com udp
NL 23.62.61.129:443 th.bing.com udp
NL 23.62.61.129:443 th.bing.com udp
US 8.8.8.8:53 bing.com udp
US 8.8.8.8:53 bing.com udp
US 204.79.197.200:443 bing.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 en.softonic.com udp
US 8.8.8.8:53 en.softonic.com udp
US 8.8.8.8:53 en.softonic.com udp
US 151.101.65.91:443 en.softonic.com tcp
US 151.101.65.91:443 en.softonic.com tcp
US 8.8.8.8:53 sc.sftcdn.net udp
US 8.8.8.8:53 sc.sftcdn.net udp
US 8.8.8.8:53 images.sftcdn.net udp
US 8.8.8.8:53 images.sftcdn.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 softonic.com udp
US 8.8.8.8:53 softonic.com udp
US 8.8.8.8:53 sdk.privacy-center.org udp
US 8.8.8.8:53 sdk.privacy-center.org udp
US 151.101.65.91:443 sc.sftcdn.net tcp
US 151.101.65.91:443 sc.sftcdn.net tcp
US 151.101.65.91:443 sc.sftcdn.net tcp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 151.101.65.91:443 sc.sftcdn.net tcp
BE 104.68.82.93:443 images.sftcdn.net tcp
US 3.161.82.43:443 sdk.privacy-center.org tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 199.232.213.91:443 softonic.com tcp
US 199.232.213.91:443 softonic.com tcp
DE 13.224.186.120:443 c.amazon-adsystem.com tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
BE 104.68.82.93:443 images.sftcdn.net tcp
US 151.101.65.91:443 sc.sftcdn.net udp
US 8.8.8.8:53 91.65.101.151.in-addr.arpa udp
US 8.8.8.8:53 93.82.68.104.in-addr.arpa udp
US 8.8.8.8:53 43.82.161.3.in-addr.arpa udp
US 8.8.8.8:53 120.186.224.13.in-addr.arpa udp
US 8.8.8.8:53 91.213.232.199.in-addr.arpa udp
US 151.101.65.91:443 sc.sftcdn.net udp
US 3.161.82.43:443 sdk.privacy-center.org udp
US 8.8.8.8:53 www.datadoghq-browser-agent.com udp
US 8.8.8.8:53 www.datadoghq-browser-agent.com udp
US 13.33.218.24:443 www.datadoghq-browser-agent.com tcp
DE 13.224.186.120:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 btloader.com udp
US 172.67.41.60:443 btloader.com tcp
US 8.8.8.8:53 169.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 24.218.33.13.in-addr.arpa udp
US 8.8.8.8:53 60.41.67.172.in-addr.arpa udp
DE 13.224.186.120:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
DE 18.245.31.123:443 config.aps.amazon-adsystem.com tcp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 api.btloader.com udp
US 172.67.38.106:443 cdn.id5-sync.com tcp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 ad-delivery.net udp
US 130.211.23.194:443 api.btloader.com tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 199.232.213.91:443 softonic.com udp
US 130.211.23.194:443 api.btloader.com udp
US 8.8.8.8:53 notix.io udp
US 8.8.8.8:53 notix.io udp
NL 139.45.197.253:443 notix.io tcp
US 8.8.8.8:53 123.31.245.18.in-addr.arpa udp
US 8.8.8.8:53 106.38.67.172.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 6.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 19.69.67.172.in-addr.arpa udp
US 8.8.8.8:53 34.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 253.197.45.139.in-addr.arpa udp
US 8.8.8.8:53 wct.softonic.com udp
US 8.8.8.8:53 wct.softonic.com udp
US 104.26.3.63:443 wct.softonic.com tcp
US 8.8.8.8:53 13b9a6827e43b2256bfa27312a0df7f7.safeframe.googlesyndication.com udp
US 8.8.8.8:53 13b9a6827e43b2256bfa27312a0df7f7.safeframe.googlesyndication.com udp
US 8.8.8.8:53 13b9a6827e43b2256bfa27312a0df7f7.safeframe.googlesyndication.com udp
US 8.8.8.8:53 en.softonic.com udp
GB 172.217.169.65:443 13b9a6827e43b2256bfa27312a0df7f7.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 api.privacy-center.org udp
US 8.8.8.8:53 api.privacy-center.org udp
GB 172.217.169.65:443 13b9a6827e43b2256bfa27312a0df7f7.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 shb.richaudience.com udp
US 8.8.8.8:53 shb.richaudience.com udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 8.8.8.8:53 ad.360yield.com udp
US 8.8.8.8:53 ad.360yield.com udp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 brightcombid.marphezis.com udp
US 8.8.8.8:53 brightcombid.marphezis.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
DE 18.245.86.71:443 api.privacy-center.org tcp
IE 54.74.233.226:443 ad.360yield.com tcp
US 172.64.151.101:443 htlb.casalemedia.com tcp
NL 185.89.210.180:443 ib.adnxs.com tcp
US 178.128.135.204:443 brightcombid.marphezis.com tcp
DE 162.19.138.82:443 id5-sync.com tcp
US 34.120.63.153:443 prebid.media.net tcp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
DE 157.90.0.38:443 shb.richaudience.com tcp
DE 157.90.0.38:443 shb.richaudience.com tcp
DE 157.90.0.38:443 shb.richaudience.com tcp
IE 54.72.0.237:443 ap.lijit.com tcp
GB 142.250.187.196:443 www.google.com udp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 id.crwdcntrl.net udp
US 8.8.8.8:53 id.crwdcntrl.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
DE 162.19.138.82:443 id5-sync.com tcp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.187.194:443 googleads.g.doubleclick.net udp
US 18.244.15.236:443 aax.amazon-adsystem.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
IE 52.49.45.15:443 id.crwdcntrl.net tcp
US 8.8.8.8:53 63.3.26.104.in-addr.arpa udp
DE 162.19.138.82:443 lb.eu-1-id5-sync.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
DE 18.245.86.71:443 api.privacy-center.org udp
US 178.128.135.204:443 brightcombid.marphezis.com tcp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 www.google.co.uk udp
GB 142.250.200.3:443 www.google.co.uk udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 216.239.34.36:443 region1.analytics.google.com tcp
BE 108.177.15.156:443 stats.g.doubleclick.net tcp
US 104.26.3.63:443 wct.softonic.com tcp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 en.softonic.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 en.softonic.com udp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 ampcid.google.com udp
US 8.8.8.8:53 ampcid.google.com udp
US 8.8.8.8:53 www.google.com udp
NL 178.250.1.11:443 gum.criteo.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 142.250.187.196:443 www.google.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 216.58.212.206:443 ampcid.google.com tcp
GB 172.217.169.65:443 13b9a6827e43b2256bfa27312a0df7f7.safeframe.googlesyndication.com udp
US 8.8.8.8:53 13b9a6827e43b2256bfa27312a0df7f7.safeframe.googlesyndication.com udp
US 8.8.8.8:53 en.softonic.com udp
US 8.8.8.8:53 65.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 71.86.245.18.in-addr.arpa udp
US 8.8.8.8:53 101.151.64.172.in-addr.arpa udp
US 8.8.8.8:53 226.233.74.54.in-addr.arpa udp
US 8.8.8.8:53 153.63.120.34.in-addr.arpa udp
US 8.8.8.8:53 180.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 237.0.72.54.in-addr.arpa udp
US 8.8.8.8:53 150.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 82.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 38.0.90.157.in-addr.arpa udp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
BE 108.177.15.156:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 ag.gbc.criteo.com udp
US 8.8.8.8:53 ag.gbc.criteo.com udp
US 172.64.151.101:443 htlb.casalemedia.com udp
US 8.8.8.8:53 gem.gbc.criteo.com udp
US 8.8.8.8:53 gem.gbc.criteo.com udp
US 34.120.63.153:443 prebid.media.net udp
NL 178.250.1.11:443 dnacdn.net tcp
FR 185.235.86.64:443 ag.gbc.criteo.com tcp
FR 185.235.86.173:443 gem.gbc.criteo.com tcp
US 8.8.8.8:53 13b9a6827e43b2256bfa27312a0df7f7.safeframe.googlesyndication.com udp
US 8.8.8.8:53 en.softonic.com udp
US 8.8.8.8:53 13b9a6827e43b2256bfa27312a0df7f7.safeframe.googlesyndication.com udp
US 8.8.8.8:53 en.softonic.com udp
US 8.8.8.8:53 13b9a6827e43b2256bfa27312a0df7f7.safeframe.googlesyndication.com udp
US 8.8.8.8:53 en.softonic.com udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 236.15.244.18.in-addr.arpa udp
US 8.8.8.8:53 15.45.49.52.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 8.8.8.8:53 en.softonic.com udp
IE 67.220.226.233:443 aax-eu.amazon-adsystem.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
IE 67.220.226.233:443 aax-eu.amazon-adsystem.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 cdn.ampproject.org udp
US 8.8.8.8:53 cdn.ampproject.org udp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 156.15.177.108.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 push-sdk.com udp
US 8.8.8.8:53 push-sdk.com udp
US 8.8.8.8:53 206.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 204.135.128.178.in-addr.arpa udp
US 8.8.8.8:53 64.86.235.185.in-addr.arpa udp
US 8.8.8.8:53 173.86.235.185.in-addr.arpa udp
DE 23.88.8.123:443 push-sdk.com tcp
US 8.8.8.8:53 233.226.220.67.in-addr.arpa udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 193.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 13b9a6827e43b2256bfa27312a0df7f7.safeframe.googlesyndication.com udp
US 8.8.8.8:53 en.softonic.com udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 js-sec.indexww.com udp
US 8.8.8.8:53 js-sec.indexww.com udp
US 8.8.8.8:53 js-sec.indexww.com udp
US 8.8.8.8:53 en.softonic.com udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 en.softonic.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 en.softonic.com udp
US 8.8.8.8:53 123.8.88.23.in-addr.arpa udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 8.8.8.8:53 en.softonic.com udp
US 8.8.8.8:53 sync.richaudience.com udp
US 8.8.8.8:53 sync.richaudience.com udp
US 8.8.8.8:53 sync.richaudience.com udp
US 8.8.8.8:53 en.softonic.com udp
US 8.8.8.8:53 contextual.media.net udp
US 8.8.8.8:53 contextual.media.net udp
US 8.8.8.8:53 contextual.media.net udp
US 8.8.8.8:53 en.softonic.com udp
US 172.64.149.180:443 js-sec.indexww.com tcp
US 8.8.8.8:53 acdn.adnxs.com udp
US 8.8.8.8:53 acdn.adnxs.com udp
US 8.8.8.8:53 acdn.adnxs.com udp
US 8.8.8.8:53 en.softonic.com udp
US 8.8.8.8:53 js-sec.indexww.com udp
US 8.8.8.8:53 en.softonic.com udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 en.softonic.com udp
IE 3.251.0.235:443 ap.lijit.com tcp
US 23.200.188.27:443 contextual.media.net tcp
IE 3.251.0.235:443 ap.lijit.com tcp
FR 185.255.84.153:443 visitor.omnitagjs.com tcp
US 23.53.112.234:443 ads.pubmatic.com tcp
US 23.200.188.27:443 contextual.media.net tcp
DE 168.119.146.39:443 sync.richaudience.com tcp
US 23.53.112.216:443 acdn.adnxs.com tcp
FR 185.255.84.153:443 visitor.omnitagjs.com tcp
US 23.53.112.234:443 ads.pubmatic.com tcp
DE 23.88.8.123:443 push-sdk.com tcp
DE 168.119.146.39:443 sync.richaudience.com tcp
US 8.8.8.8:53 uidsync.net udp
US 8.8.8.8:53 uidsync.net udp
US 8.8.8.8:53 180.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 235.0.251.3.in-addr.arpa udp
US 8.8.8.8:53 27.188.200.23.in-addr.arpa udp
US 8.8.8.8:53 153.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 234.112.53.23.in-addr.arpa udp
US 8.8.8.8:53 216.112.53.23.in-addr.arpa udp
DE 157.90.33.68:443 uidsync.net tcp
DE 168.119.146.39:443 sync.richaudience.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 ce.lijit.com udp
US 8.8.8.8:53 ce.lijit.com udp
US 8.8.8.8:53 ce.lijit.com udp
IE 52.17.116.73:443 ce.lijit.com tcp
US 8.8.8.8:53 ssc-cms.33across.com udp
US 8.8.8.8:53 ssc-cms.33across.com udp
US 8.8.8.8:53 ssc-cms.33across.com udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 8.8.8.8:53 player.aniview.com udp
US 8.8.8.8:53 player.aniview.com udp
US 8.8.8.8:53 player.aniview.com udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 8.8.8.8:53 secure.adnxs.com udp
US 8.8.8.8:53 secure.adnxs.com udp
US 8.8.8.8:53 dis.criteo.com udp
US 8.8.8.8:53 dis.criteo.com udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 api-2-0.spot.im udp
US 8.8.8.8:53 api-2-0.spot.im udp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 match.prod.bidr.io udp
US 8.8.8.8:53 match.prod.bidr.io udp
NL 2.18.121.10:443 player.aniview.com tcp
US 8.8.8.8:53 image8.pubmatic.com udp
US 8.8.8.8:53 image8.pubmatic.com udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 67.202.105.22:443 ssc-cms.33across.com tcp
DE 157.90.33.68:443 uidsync.net tcp
US 67.202.105.22:443 ssc-cms.33across.com tcp
NL 185.89.210.90:443 secure.adnxs.com tcp
NL 185.89.210.90:443 secure.adnxs.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
DE 18.245.31.16:443 api-2-0.spot.im tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
NL 198.47.127.18:443 image8.pubmatic.com tcp
US 54.159.1.74:443 sync.srv.stackadapt.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
IE 34.246.197.210:443 match.prod.bidr.io tcp
US 35.71.131.137:443 match.adsrvr.org tcp
US 8.8.8.8:53 cacerts.rapidssl.com udp
US 8.8.8.8:53 cacerts.rapidssl.com udp
US 8.8.8.8:53 jadserve.postrelease.com udp
US 8.8.8.8:53 jadserve.postrelease.com udp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
US 100.25.66.254:443 jadserve.postrelease.com tcp
US 8.8.8.8:53 68.33.90.157.in-addr.arpa udp
US 8.8.8.8:53 73.116.17.52.in-addr.arpa udp
US 44.219.8.233:443 cs-server-s2s.yellowblue.io tcp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
DE 51.89.9.252:443 onetag-sys.com tcp
US 8.8.8.8:53 id.rlcdn.com udp
US 8.8.8.8:53 id.rlcdn.com udp
US 35.244.174.68:443 id.rlcdn.com tcp
US 8.8.8.8:53 bttrack.com udp
US 8.8.8.8:53 bttrack.com udp
US 192.132.33.67:443 bttrack.com tcp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
NL 81.17.55.123:443 ssbsync.smartadserver.com tcp
NL 81.17.55.123:443 ssbsync.smartadserver.com tcp
US 8.8.8.8:53 10.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 9.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 90.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 16.31.245.18.in-addr.arpa udp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
US 8.8.8.8:53 39.146.119.168.in-addr.arpa udp
US 8.8.8.8:53 22.105.202.67.in-addr.arpa udp
US 8.8.8.8:53 18.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 137.131.71.35.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 210.197.246.34.in-addr.arpa udp
US 8.8.8.8:53 254.66.25.100.in-addr.arpa udp
US 8.8.8.8:53 74.1.159.54.in-addr.arpa udp
US 8.8.8.8:53 233.8.219.44.in-addr.arpa udp
US 8.8.8.8:53 252.9.89.51.in-addr.arpa udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 js-sec.indexww.com udp
US 104.18.36.155:443 ssum-sec.casalemedia.com tcp
US 104.18.36.155:443 ssum-sec.casalemedia.com tcp
US 104.18.36.155:443 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 ib.adnxs.com udp
DE 37.252.171.21:443 ib.adnxs.com tcp
US 8.8.8.8:53 sync.aniview.com udp
US 8.8.8.8:53 sync.aniview.com udp
US 96.46.186.182:443 sync.aniview.com tcp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 sync-tm.everesttech.net udp
US 8.8.8.8:53 sync-tm.everesttech.net udp
US 8.8.8.8:53 bh.contextweb.com udp
US 8.8.8.8:53 bh.contextweb.com udp
US 151.101.66.49:443 sync-tm.everesttech.net tcp
DE 162.19.138.116:443 id5-sync.com tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
US 8.8.8.8:53 rtb.mfadsrvr.com udp
US 8.8.8.8:53 rtb.mfadsrvr.com udp
US 8.8.8.8:53 sync.mathtag.com udp
US 8.8.8.8:53 sync.mathtag.com udp
US 8.8.8.8:53 pixel-eu.rubiconproject.com udp
US 8.8.8.8:53 pixel-eu.rubiconproject.com udp
US 216.200.232.253:443 sync.mathtag.com tcp
US 8.8.8.8:53 123.55.17.81.in-addr.arpa udp
DE 18.157.153.25:443 rtb.mfadsrvr.com tcp
NL 69.173.156.148:443 pixel-eu.rubiconproject.com tcp
US 8.8.8.8:53 adclick.g.doubleclick.net udp
US 8.8.8.8:53 adclick.g.doubleclick.net udp
GB 142.250.187.226:443 adclick.g.doubleclick.net udp
US 8.8.8.8:53 adclick.g.doubleclick.net udp
US 8.8.8.8:53 67.33.132.192.in-addr.arpa udp
US 8.8.8.8:53 182.186.46.96.in-addr.arpa udp
US 8.8.8.8:53 155.36.18.104.in-addr.arpa udp
US 8.8.8.8:53 131.169.93.208.in-addr.arpa udp
US 8.8.8.8:53 49.66.101.151.in-addr.arpa udp
US 8.8.8.8:53 116.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 21.171.252.37.in-addr.arpa udp
US 8.8.8.8:53 148.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 25.153.157.18.in-addr.arpa udp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 253.232.200.216.in-addr.arpa udp
US 8.8.8.8:53 www.avast.com udp
US 8.8.8.8:53 www.avast.com udp
US 8.8.8.8:53 www.avast.com udp
BE 104.90.25.153:443 www.avast.com tcp
US 8.8.8.8:53 153.25.90.104.in-addr.arpa udp
US 8.8.8.8:53 static3.avast.com udp
US 8.8.8.8:53 static3.avast.com udp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 8.8.8.8:53 cdn.cookielaw.org udp
BE 92.123.52.22:443 static3.avast.com tcp
BE 92.123.52.22:443 static3.avast.com tcp
BE 92.123.52.22:443 static3.avast.com tcp
BE 92.123.52.22:443 static3.avast.com tcp
BE 92.123.52.22:443 static3.avast.com tcp
BE 92.123.52.22:443 static3.avast.com tcp
US 104.19.178.52:443 cdn.cookielaw.org tcp
US 104.19.178.52:443 cdn.cookielaw.org tcp
US 104.19.178.52:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 104.18.32.137:443 geolocation.onetrust.com tcp
US 8.8.8.8:53 s.go-mpulse.net udp
US 8.8.8.8:53 s.go-mpulse.net udp
BE 23.55.96.141:443 s.go-mpulse.net tcp
US 8.8.8.8:53 52.178.19.104.in-addr.arpa udp
US 8.8.8.8:53 22.52.123.92.in-addr.arpa udp
US 8.8.8.8:53 assets.adobedtm.com udp
US 8.8.8.8:53 assets.adobedtm.com udp
BE 92.123.52.22:443 static3.avast.com tcp
US 23.53.113.19:443 assets.adobedtm.com tcp
US 8.8.8.8:53 141.96.55.23.in-addr.arpa udp
US 8.8.8.8:53 dpm.demdex.net udp
US 8.8.8.8:53 dpm.demdex.net udp
US 8.8.8.8:53 mstatic.avast.com udp
US 8.8.8.8:53 mstatic.avast.com udp
NL 20.50.2.44:443 mstatic.avast.com tcp
US 8.8.8.8:53 www.nortonlifelock.com udp
US 8.8.8.8:53 www.nortonlifelock.com udp
US 8.8.8.8:53 static.hotjar.com udp
US 8.8.8.8:53 static.hotjar.com udp
US 8.8.8.8:53 c.go-mpulse.net udp
US 8.8.8.8:53 c.go-mpulse.net udp
BE 104.90.25.237:443 www.nortonlifelock.com tcp
BE 104.90.24.133:443 c.go-mpulse.net tcp
DE 18.66.102.51:443 static.hotjar.com tcp
US 8.8.8.8:53 script.hotjar.com udp
US 8.8.8.8:53 script.hotjar.com udp
DE 13.32.27.54:443 script.hotjar.com tcp
US 8.8.8.8:53 44.2.50.20.in-addr.arpa udp
US 8.8.8.8:53 19.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 237.25.90.104.in-addr.arpa udp
US 8.8.8.8:53 133.24.90.104.in-addr.arpa udp
US 8.8.8.8:53 51.102.66.18.in-addr.arpa udp
US 8.8.8.8:53 dpm.demdex.net udp
US 8.8.8.8:53 dpm.demdex.net udp
IE 52.49.219.73:443 dpm.demdex.net tcp
US 8.8.8.8:53 symantec.demdex.net udp
US 8.8.8.8:53 symantec.demdex.net udp
US 8.8.8.8:53 symantec.demdex.net udp
US 8.8.8.8:53 www.avast.com udp
IE 52.49.219.73:443 symantec.demdex.net tcp
IE 52.49.219.73:443 symantec.demdex.net tcp
US 8.8.8.8:53 oms.avast.com udp
US 8.8.8.8:53 oms.avast.com udp
US 8.8.8.8:53 znb3hblkjhhpwrz9k-gendigital.siteintercept.qualtrics.com udp
US 8.8.8.8:53 znb3hblkjhhpwrz9k-gendigital.siteintercept.qualtrics.com udp
US 8.8.8.8:53 cm.everesttech.net udp
US 8.8.8.8:53 cm.everesttech.net udp
US 8.8.8.8:53 trial-eum-clientnsv4-s.akamaihd.net udp
US 8.8.8.8:53 trial-eum-clientnsv4-s.akamaihd.net udp
US 8.8.8.8:53 trial-eum-clienttons-s.akamaihd.net udp
US 8.8.8.8:53 trial-eum-clienttons-s.akamaihd.net udp
IE 66.235.152.225:443 oms.avast.com tcp
IE 34.249.24.243:443 cm.everesttech.net tcp
US 104.17.209.240:443 znb3hblkjhhpwrz9k-gendigital.siteintercept.qualtrics.com tcp
IE 2.18.24.17:443 trial-eum-clienttons-s.akamaihd.net tcp
IE 2.18.24.18:443 trial-eum-clientnsv4-s.akamaihd.net tcp
US 8.8.8.8:53 siteintercept.qualtrics.com udp
US 8.8.8.8:53 siteintercept.qualtrics.com udp
US 8.8.8.8:53 191-101-209-39_s-2-18-24-17_ts-1718381148-clienttons-s.akamaihd.net udp
US 8.8.8.8:53 191-101-209-39_s-2-18-24-17_ts-1718381148-clienttons-s.akamaihd.net udp
US 8.8.8.8:53 x5s5cjyccimbeztmnjoa-phsu56-e5365fdd8-clientnsv4-s.akamaihd.net udp
US 8.8.8.8:53 x5s5cjyccimbeztmnjoa-phsu56-e5365fdd8-clientnsv4-s.akamaihd.net udp
IE 2.18.24.25:443 191-101-209-39_s-2-18-24-17_ts-1718381148-clienttons-s.akamaihd.net tcp
IE 2.18.24.9:443 x5s5cjyccimbeztmnjoa-phsu56-e5365fdd8-clientnsv4-s.akamaihd.net tcp
US 8.8.8.8:53 54.27.32.13.in-addr.arpa udp
US 8.8.8.8:53 73.219.49.52.in-addr.arpa udp
US 8.8.8.8:53 225.152.235.66.in-addr.arpa udp
US 8.8.8.8:53 243.24.249.34.in-addr.arpa udp
US 8.8.8.8:53 240.209.17.104.in-addr.arpa udp
US 8.8.8.8:53 17.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 9.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 analytics.ff.avast.com udp
US 8.8.8.8:53 analytics.ff.avast.com udp
US 8.8.8.8:53 privacyportal-de.onetrust.com udp
US 8.8.8.8:53 privacyportal-de.onetrust.com udp
US 34.117.223.223:443 analytics.ff.avast.com tcp
US 172.64.155.119:443 privacyportal-de.onetrust.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 ampcid.google.com udp
US 8.8.8.8:53 ampcid.google.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
GB 216.58.212.206:443 ampcid.google.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 www.google.co.uk udp
US 216.239.32.36:443 region1.analytics.google.com tcp
BE 108.177.15.156:443 stats.g.doubleclick.net tcp
GB 142.250.200.3:443 www.google.co.uk tcp
BE 108.177.15.156:443 stats.g.doubleclick.net udp
GB 142.250.200.3:443 www.google.co.uk udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 223.223.117.34.in-addr.arpa udp
US 8.8.8.8:53 119.155.64.172.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 684dd313.akstat.io udp
US 8.8.8.8:53 684dd313.akstat.io udp
US 216.239.32.36:443 region1.analytics.google.com udp
US 34.117.223.223:443 analytics.ff.avast.com udp
US 216.239.32.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 www.avast.com udp
US 8.8.8.8:53 www.avast.com udp
US 8.8.8.8:53 bits.avcdn.net udp
US 8.8.8.8:53 bits.avcdn.net udp
US 8.8.8.8:53 bits.avcdn.net udp
NL 23.218.49.95:443 bits.avcdn.net tcp
NL 23.62.61.97:443 www.bing.com udp
US 8.8.8.8:53 95.49.218.23.in-addr.arpa udp
US 8.8.8.8:53 dl-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 dl-edge.smartscreen.microsoft.com udp
GB 13.87.96.169:443 dl-edge.smartscreen.microsoft.com tcp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
US 8.8.8.8:53 app-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 app-edge.smartscreen.microsoft.com udp
GB 51.140.244.186:443 app-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 186.244.140.51.in-addr.arpa udp
US 8.8.8.8:53 www.avast.com udp
US 8.8.8.8:53 www.avast.com udp
US 8.8.8.8:53 bits.avcdn.net udp
US 8.8.8.8:53 iavs9x.u.avcdn.net udp
US 8.8.8.8:53 v7event.stats.avast.com udp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 34.117.223.223:80 v7event.stats.avast.com tcp
NL 2.18.121.29:443 iavs9x.u.avcdn.net tcp
US 34.117.223.223:80 v7event.stats.avast.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 8.8.8.8:53 29.121.18.2.in-addr.arpa udp
NL 2.18.121.29:443 iavs9x.u.avcdn.net tcp
NL 2.18.121.29:443 iavs9x.u.avcdn.net tcp
NL 2.18.121.29:443 iavs9x.u.avcdn.net tcp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
NL 2.18.121.29:443 iavs9x.u.avcdn.net tcp
NL 2.18.121.29:80 iavs9x.u.avcdn.net tcp
US 8.8.8.8:53 analytics.avcdn.net udp
US 34.117.223.223:443 analytics.avcdn.net tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 34.117.223.223:443 analytics.avcdn.net tcp
US 8.8.8.8:53 shepherd.ff.avast.com udp
US 8.8.8.8:53 shepherd.ff.avast.com udp
US 8.8.8.8:53 shepherd.ff.avast.com udp
US 34.160.176.28:443 shepherd.ff.avast.com tcp
US 8.8.8.8:53 28.176.160.34.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com udp
US 8.8.8.8:53 h4305360.iavs9x.u.avast.com udp
US 8.8.8.8:53 h4305360.iavs9x.u.avast.com udp
US 8.8.8.8:53 j0294597.iavs9x.u.avast.com udp
US 8.8.8.8:53 l4691727.iavs9x.u.avast.com udp
US 8.8.8.8:53 n2833777.iavs9x.u.avast.com udp
US 8.8.8.8:53 r9319236.iavs9x.u.avast.com udp
US 8.8.8.8:53 s-iavs9x.avcdn.net udp
US 8.8.4.4:53 n2833777.iavs9x.u.avast.com udp
US 8.8.4.4:53 s-iavs9x.avcdn.net udp
US 8.8.4.4:53 r9319236.iavs9x.u.avast.com udp
US 8.8.8.8:53 h4305360.iavs9x.u.avast.com udp
US 8.8.8.8:53 h4305360.iavs9x.u.avast.com udp
US 8.8.8.8:53 j0294597.iavs9x.u.avast.com udp
US 8.8.8.8:53 l4691727.iavs9x.u.avast.com udp
US 8.8.8.8:53 n2833777.iavs9x.u.avast.com udp
US 8.8.8.8:53 r9319236.iavs9x.u.avast.com udp
US 8.8.8.8:53 s-iavs9x.avcdn.net udp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.4.4:53 r9319236.iavs9x.u.avast.com udp
NL 2.18.121.29:80 l4691727.iavs9x.u.avast.com tcp
NL 2.18.121.9:80 l4691727.iavs9x.u.avast.com tcp
US 8.8.8.8:53 en.softonic.com udp
US 8.8.8.8:53 en.softonic.com udp
US 8.8.8.8:53 en.softonic.com udp
US 8.8.8.8:53 sc.sftcdn.net udp
US 8.8.8.8:53 sc.sftcdn.net udp
US 199.232.213.91:443 softonic.com udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 151.101.129.91:443 sc.sftcdn.net udp
US 151.101.193.91:443 sc.sftcdn.net udp
DE 13.224.186.120:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 images.sftcdn.net udp
US 8.8.8.8:53 images.sftcdn.net udp
US 8.8.8.8:53 sdk.privacy-center.org udp
US 8.8.8.8:53 sdk.privacy-center.org udp
US 3.161.82.117:443 sdk.privacy-center.org udp
US 8.8.8.8:53 91.129.101.151.in-addr.arpa udp
US 8.8.8.8:53 91.193.101.151.in-addr.arpa udp
US 8.8.8.8:53 9.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 117.82.161.3.in-addr.arpa udp
NL 2.18.121.9:80 l4691727.iavs9x.u.avast.com tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 ffc3b310abc75b386f68917b34a21053.safeframe.googlesyndication.com udp
US 8.8.8.8:53 ffc3b310abc75b386f68917b34a21053.safeframe.googlesyndication.com udp
US 8.8.8.8:53 ffc3b310abc75b386f68917b34a21053.safeframe.googlesyndication.com udp
US 8.8.8.8:53 en.softonic.com udp
GB 172.217.169.65:443 ffc3b310abc75b386f68917b34a21053.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 8.8.8.8:53 ad.360yield.com udp
US 8.8.8.8:53 ad.360yield.com udp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 178.128.135.204:443 brightcombid.marphezis.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
NL 2.18.121.9:80 p1043812.vps18tiny.u.avcdn.net tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net udp
US 104.18.36.155:443 htlb.casalemedia.com udp
US 34.120.63.153:443 prebid.media.net udp
IE 52.210.74.222:443 ap.lijit.com tcp
GB 142.250.187.196:443 www.google.com udp
IE 54.154.125.194:443 ad.360yield.com tcp
DE 37.252.173.215:443 ib.adnxs.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
US 178.128.135.204:443 brightcombid.marphezis.com tcp
US 8.8.8.8:53 222.74.210.52.in-addr.arpa udp
US 8.8.8.8:53 151.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 215.173.252.37.in-addr.arpa udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
NL 2.18.121.9:80 p1043812.vps18tiny.u.avcdn.net tcp
GB 172.217.169.65:443 ffc3b310abc75b386f68917b34a21053.safeframe.googlesyndication.com udp
US 8.8.8.8:53 ffc3b310abc75b386f68917b34a21053.safeframe.googlesyndication.com udp
US 8.8.8.8:53 en.softonic.com udp
US 8.8.8.8:53 s.richaudience.com udp
US 8.8.8.8:53 s.richaudience.com udp
US 8.8.8.8:53 qsearch-a.akamaihd.net udp
US 8.8.8.8:53 qsearch-a.akamaihd.net udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 216.239.32.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 8.8.8.8:53 en.softonic.com udp
BE 108.177.15.156:443 stats.g.doubleclick.net udp
GB 142.250.200.3:443 www.google.co.uk udp
IE 52.95.115.196:443 aax-eu.amazon-adsystem.com tcp
US 130.211.23.194:443 api.btloader.com udp
US 8.8.8.8:53 ffc3b310abc75b386f68917b34a21053.safeframe.googlesyndication.com udp
US 8.8.8.8:53 en.softonic.com udp
US 8.8.8.8:53 s.richaudience.com udp
US 8.8.8.8:53 s.richaudience.com udp
US 8.8.8.8:53 qsearch-a.akamaihd.net udp
US 8.8.8.8:53 qsearch-a.akamaihd.net udp
DE 178.63.241.79:443 s.richaudience.com tcp
IE 2.18.24.9:443 qsearch-a.akamaihd.net tcp
US 8.8.8.8:53 ffc3b310abc75b386f68917b34a21053.safeframe.googlesyndication.com udp
US 8.8.8.8:53 en.softonic.com udp
US 8.8.8.8:53 en.softonic.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 79.241.63.178.in-addr.arpa udp
US 8.8.8.8:53 196.115.95.52.in-addr.arpa udp
US 8.8.8.8:53 acdn.adnxs.com udp
US 8.8.8.8:53 acdn.adnxs.com udp
US 8.8.8.8:53 acdn.adnxs.com udp
US 8.8.8.8:53 en.softonic.com udp
US 8.8.8.8:53 sync.richaudience.com udp
US 8.8.8.8:53 en.softonic.com udp
NL 2.18.121.9:80 p1043812.vps18tiny.u.avcdn.net tcp
US 8.8.8.8:53 contextual.media.net udp
US 8.8.8.8:53 contextual.media.net udp
US 8.8.8.8:53 en.softonic.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 en.softonic.com udp
DE 168.119.146.39:443 sync.richaudience.com tcp
US 8.8.8.8:53 js-sec.indexww.com udp
US 8.8.8.8:53 js-sec.indexww.com udp
US 8.8.8.8:53 js-sec.indexww.com udp
US 8.8.8.8:53 en.softonic.com udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 8.8.8.8:53 en.softonic.com udp
DE 168.119.146.39:443 sync.richaudience.com tcp
US 23.53.112.234:443 ads.pubmatic.com tcp
US 23.200.188.27:443 contextual.media.net udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
FR 185.255.84.152:443 visitor.omnitagjs.com tcp
FR 185.255.84.152:443 visitor.omnitagjs.com tcp
DE 168.119.146.39:443 sync.richaudience.com tcp
US 8.8.8.8:53 152.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 push-sdk.com udp
US 8.8.8.8:53 push-sdk.com udp
DE 157.90.33.68:443 push-sdk.com tcp
NL 2.18.121.9:80 p1043812.vps18tiny.u.avcdn.net tcp
DE 157.90.33.122:443 push-sdk.com tcp
US 8.8.8.8:53 telem-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 telem-edge.smartscreen.microsoft.com udp
GB 172.165.61.93:443 telem-edge.smartscreen.microsoft.com tcp
DE 157.90.33.68:443 push-sdk.com tcp
DE 157.90.33.68:443 push-sdk.com tcp
DE 162.19.138.82:443 id5-sync.com tcp
US 8.8.8.8:53 122.33.90.157.in-addr.arpa udp
US 8.8.8.8:53 93.61.165.172.in-addr.arpa udp
US 8.8.8.8:53 secure.adnxs.com udp
US 8.8.8.8:53 secure.adnxs.com udp
US 8.8.8.8:53 ssc-cms.33across.com udp
US 8.8.8.8:53 ssc-cms.33across.com udp
US 8.8.8.8:53 ssc-cms.33across.com udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
DE 37.252.171.21:443 secure.adnxs.com tcp
US 67.202.105.23:443 ssc-cms.33across.com tcp
US 67.202.105.23:443 ssc-cms.33across.com tcp
US 8.8.8.8:53 player.aniview.com udp
US 8.8.8.8:53 player.aniview.com udp
US 8.8.8.8:53 player.aniview.com udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 8.8.8.8:53 23.105.202.67.in-addr.arpa udp
NL 2.18.121.10:443 player.aniview.com udp
NL 178.250.1.9:443 dis.criteo.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 8.8.8.8:53 api-2-0.spot.im udp
US 8.8.8.8:53 api-2-0.spot.im udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 match.prod.bidr.io udp
US 8.8.8.8:53 match.prod.bidr.io udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 52.223.40.198:443 match.adsrvr.org tcp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
IE 34.246.197.210:443 match.prod.bidr.io tcp
US 52.71.174.196:443 sync.srv.stackadapt.com tcp
US 100.25.66.254:443 jadserve.postrelease.com tcp
US 3.228.191.36:443 cs-server-s2s.yellowblue.io tcp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 id.rlcdn.com udp
US 8.8.8.8:53 id.rlcdn.com udp
US 192.132.33.67:443 bttrack.com tcp
IE 52.49.49.56:443 ap.lijit.com tcp
US 35.244.174.68:443 id.rlcdn.com udp
NL 46.228.174.117:443 sync.1rx.io tcp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
DE 51.75.86.98:443 onetag-sys.com udp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
NL 81.17.55.171:443 ssbsync.smartadserver.com tcp
NL 81.17.55.171:443 ssbsync.smartadserver.com tcp
DE 51.75.86.98:443 onetag-sys.com tcp
US 8.8.8.8:53 196.174.71.52.in-addr.arpa udp
US 8.8.8.8:53 36.191.228.3.in-addr.arpa udp
US 8.8.8.8:53 98.86.75.51.in-addr.arpa udp
US 8.8.8.8:53 171.55.17.81.in-addr.arpa udp
NL 2.18.121.9:80 p1043812.vps18tiny.u.avcdn.net tcp
US 104.18.36.155:443 htlb.casalemedia.com udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 js-sec.indexww.com udp
US 104.18.36.155:443 ssum-sec.casalemedia.com udp
NL 2.18.121.9:80 p1043812.vps18tiny.u.avcdn.net tcp
NL 2.18.121.9:80 p1043812.vps18tiny.u.avcdn.net tcp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
US 8.8.8.8:53 s.ad.smaato.net udp
US 8.8.8.8:53 s.ad.smaato.net udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 ib.adnxs.com udp
NL 89.149.193.89:443 rtb-csync.smartadserver.com tcp
NL 89.149.193.89:443 rtb-csync.smartadserver.com tcp
US 8.8.8.8:53 cdn.indexww.com udp
US 8.8.8.8:53 cdn.indexww.com udp
DE 13.32.27.65:443 s.ad.smaato.net tcp
NL 185.89.210.20:443 ib.adnxs.com tcp
US 8.8.8.8:53 rtb.mfadsrvr.com udp
US 8.8.8.8:53 rtb.mfadsrvr.com udp
US 8.8.8.8:53 sync.mathtag.com udp
NL 69.173.156.148:443 pixel-eu.rubiconproject.com tcp
US 8.8.8.8:53 ads.stickyadstv.com udp
US 8.8.8.8:53 ads.stickyadstv.com udp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 8.8.8.8:53 pixel.rubiconproject.com udp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
FR 154.54.250.81:443 ads.stickyadstv.com tcp
DE 35.156.10.230:443 rtb.mfadsrvr.com tcp
US 8.8.8.8:53 cs.admanmedia.com udp
US 8.8.8.8:53 cs.admanmedia.com udp
US 8.8.8.8:53 t.adx.opera.com udp
US 8.8.8.8:53 t.adx.opera.com udp
US 8.8.8.8:53 ssbsync-global.smartadserver.com udp
US 8.8.8.8:53 ssbsync-global.smartadserver.com udp
US 8.8.8.8:53 spl.zeotap.com udp
US 8.8.8.8:53 spl.zeotap.com udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
FR 149.202.238.100:443 ssbsync-global.smartadserver.com tcp
NL 89.149.193.89:443 rtb-csync.smartadserver.com tcp
GB 142.250.187.226:443 cm.g.doubleclick.net tcp
US 104.22.50.98:443 spl.zeotap.com tcp
US 8.8.8.8:53 roblox.en.softonic.com udp
US 8.8.8.8:53 roblox.en.softonic.com udp
US 151.101.129.91:443 roblox.en.softonic.com tcp
FR 154.54.250.81:443 ads.stickyadstv.com tcp
DE 35.156.10.230:443 rtb.mfadsrvr.com tcp
US 8.8.8.8:53 roblox.en.softonic.com udp
US 8.8.8.8:53 en.softonic.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 csi.gstatic.com udp
US 8.8.8.8:53 csi.gstatic.com udp
IT 142.250.180.131:443 csi.gstatic.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.187.206:443 redirector.gvt1.com tcp
US 8.8.8.8:53 cs.admanmedia.com udp
US 8.8.8.8:53 cs.admanmedia.com udp
US 8.8.8.8:53 t.adx.opera.com udp
US 8.8.8.8:53 t.adx.opera.com udp
US 80.77.87.161:443 cs.admanmedia.com tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
US 8.8.8.8:53 89.193.149.89.in-addr.arpa udp
US 8.8.8.8:53 65.27.32.13.in-addr.arpa udp
US 8.8.8.8:53 20.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 149.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 100.238.202.149.in-addr.arpa udp
US 8.8.8.8:53 98.50.22.104.in-addr.arpa udp
US 8.8.8.8:53 81.250.54.154.in-addr.arpa udp
US 8.8.8.8:53 230.10.156.35.in-addr.arpa udp
US 8.8.8.8:53 r4---sn-aigl6nl7.gvt1.com udp
US 8.8.8.8:53 r4---sn-aigl6nl7.gvt1.com udp
GB 173.194.183.201:443 r4---sn-aigl6nl7.gvt1.com udp
IT 142.250.180.131:443 csi.gstatic.com udp
US 8.8.8.8:53 131.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 8.213.145.82.in-addr.arpa udp
US 8.8.8.8:53 161.87.77.80.in-addr.arpa udp
US 8.8.8.8:53 201.183.194.173.in-addr.arpa udp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 8.8.8.8:53 match.sharethrough.com udp
US 8.8.8.8:53 match.sharethrough.com udp
GB 142.250.187.226:443 cm.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 8.8.8.8:53 match.sharethrough.com udp
US 8.8.8.8:53 match.sharethrough.com udp
GB 142.250.187.226:443 cm.g.doubleclick.net udp
US 8.8.8.8:53 marcnorgaard.com udp
US 8.8.8.8:53 marcnorgaard.com udp
US 8.8.8.8:53 marcnorgaard.com udp
US 8.8.8.8:53 ffc3b310abc75b386f68917b34a21053.safeframe.googlesyndication.com udp
US 172.67.207.108:443 marcnorgaard.com udp
GB 142.250.187.194:443 googleads.g.doubleclick.net udp
DE 18.159.181.185:443 match.sharethrough.com tcp
US 52.46.143.56:443 s.amazon-adsystem.com tcp
US 52.46.143.56:443 s.amazon-adsystem.com tcp
US 8.8.8.8:53 adclick.g.doubleclick.net udp
US 8.8.8.8:53 adclick.g.doubleclick.net udp
GB 142.250.187.226:443 adclick.g.doubleclick.net udp
NL 139.45.197.253:443 notix.io tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 en.softonic.com udp
US 8.8.8.8:53 108.207.67.172.in-addr.arpa udp
US 8.8.8.8:53 185.181.159.18.in-addr.arpa udp
US 8.8.8.8:53 56.143.46.52.in-addr.arpa udp
US 8.8.8.8:53 f3461309.iavs9x.u.avast.com udp
US 8.8.8.8:53 n2833777.iavs9x.u.avast.com udp
US 8.8.8.8:53 r9319236.iavs9x.u.avast.com udp
US 8.8.8.8:53 s-iavs9x.avcdn.net udp
US 8.8.8.8:53 t1024579.iavs9x.u.avast.com udp
US 8.8.8.8:53 f3461309.iavs9x.u.avast.com udp
US 8.8.8.8:53 f3461309.iavs9x.u.avast.com udp
US 8.8.8.8:53 l2983942.iavs9x.u.avast.com udp
US 8.8.8.8:53 n2833777.iavs9x.u.avast.com udp
US 8.8.8.8:53 r9319236.iavs9x.u.avast.com udp
US 8.8.8.8:53 t1024579.iavs9x.u.avast.com udp
US 8.8.8.8:53 lib.wtg-ads.com udp
US 104.26.15.10:443 lib.wtg-ads.com tcp
US 104.26.15.10:443 lib.wtg-ads.com tcp
US 8.8.8.8:53 10.15.26.104.in-addr.arpa udp
NL 2.18.121.9:80 t1024579.iavs9x.u.avast.com tcp
US 8.8.8.8:53 b8003600.vps18tiny.u.avcdn.net udp
US 8.8.8.8:53 l2983942.vps18tiny.u.avcdn.net udp
US 8.8.8.8:53 l7814800.vps18tiny.u.avcdn.net udp
US 8.8.8.8:53 p1043812.vps18tiny.u.avcdn.net udp
US 8.8.8.8:53 s-vps18tiny.avcdn.net udp
US 8.8.8.8:53 s1843811.vps18tiny.u.avcdn.net udp
US 8.8.8.8:53 b8003600.vps18tiny.u.avcdn.net udp
US 8.8.8.8:53 b8003600.vps18tiny.u.avcdn.net udp
US 8.8.8.8:53 l2983942.vps18tiny.u.avcdn.net udp
US 8.8.8.8:53 l7814800.vps18tiny.u.avcdn.net udp
US 8.8.8.8:53 p1043812.vps18tiny.u.avcdn.net udp
US 8.8.8.8:53 s-vps18tiny.avcdn.net udp
US 8.8.8.8:53 s1843811.vps18tiny.u.avcdn.net udp
US 8.8.8.8:53 consent.cookiebot.com udp
US 8.8.8.8:53 consent.cookiebot.com udp
NL 23.62.61.136:443 consent.cookiebot.com tcp
NL 2.18.121.9:80 s1843811.vps18tiny.u.avcdn.net tcp
NL 2.18.121.9:80 s1843811.vps18tiny.u.avcdn.net tcp
NL 2.18.121.9:80 s1843811.vps18tiny.u.avcdn.net tcp
US 8.8.8.8:53 shepherd.ff.avast.com udp
US 8.8.8.8:53 136.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 consentcdn.cookiebot.com udp
US 8.8.8.8:53 consentcdn.cookiebot.com udp
US 8.8.8.8:53 consentcdn.cookiebot.com udp
US 8.8.8.8:53 marcnorgaard.com udp
BE 104.68.64.217:443 consentcdn.cookiebot.com tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 151.101.129.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 id5-sync.com udp
DE 162.19.138.116:443 id5-sync.com tcp
US 34.160.176.28:443 shepherd.ff.avast.com tcp
NL 23.62.61.129:443 www.bing.com udp
US 8.8.8.8:53 consentcdn.cookiebot.com udp
US 18.244.15.236:443 aax.amazon-adsystem.com tcp
US 8.8.8.8:53 217.64.68.104.in-addr.arpa udp
US 8.8.8.8:53 229.129.101.151.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
DE 162.19.138.117:443 lb.eu-1-id5-sync.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 117.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
DE 162.19.138.116:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 roblox.en.softonic.com udp
US 8.8.8.8:53 en.softonic.com udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 bat.bing.com udp
US 204.79.197.237:443 bat.bing.com tcp
GB 163.70.147.23:443 connect.facebook.net tcp
US 8.8.8.8:53 v7event.stats.avast.com udp
US 8.8.8.8:53 v7event.stats.avast.com udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 v7event.stats.avast.com udp
US 8.8.8.8:53 v7event.stats.avast.com udp
US 8.8.8.8:53 v7event.stats.avast.com udp
US 34.117.223.223:443 v7event.stats.avast.com tcp
US 34.117.223.223:443 v7event.stats.avast.com tcp
GB 163.70.147.23:443 connect.facebook.net udp
DE 162.19.138.82:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 b-code.liadm.com udp
US 8.8.8.8:53 b-code.liadm.com udp
US 18.244.18.104:443 b-code.liadm.com tcp
US 8.8.8.8:53 b94320fb02a35c6c8441654c98428a4d.safeframe.googlesyndication.com udp
US 8.8.8.8:53 b94320fb02a35c6c8441654c98428a4d.safeframe.googlesyndication.com udp
US 8.8.8.8:53 roblox.en.softonic.com udp
GB 172.217.169.65:443 b94320fb02a35c6c8441654c98428a4d.safeframe.googlesyndication.com tcp
DE 157.90.0.38:443 shb.richaudience.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
DE 37.252.173.215:443 secure.adnxs.com tcp
US 34.120.63.153:443 prebid.media.net udp
US 104.18.36.155:443 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 104.18.244.18.in-addr.arpa udp
GB 163.70.147.35:443 www.facebook.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 8876029.fls.doubleclick.net udp
US 8.8.8.8:53 8876029.fls.doubleclick.net udp
US 8.8.8.8:53 8876029.fls.doubleclick.net udp
US 8.8.8.8:53 roblox.en.softonic.com udp
GB 216.58.204.70:443 8876029.fls.doubleclick.net tcp
GB 216.58.204.70:443 8876029.fls.doubleclick.net tcp
DE 162.19.138.82:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 storage.googleapis.com udp
US 8.8.8.8:53 storage.googleapis.com udp
GB 172.217.169.59:443 storage.googleapis.com tcp
GB 216.58.204.70:443 8876029.fls.doubleclick.net udp
US 8.8.8.8:53 b94320fb02a35c6c8441654c98428a4d.safeframe.googlesyndication.com udp
US 8.8.8.8:53 roblox.en.softonic.com udp
GB 172.217.169.65:443 b94320fb02a35c6c8441654c98428a4d.safeframe.googlesyndication.com udp
US 8.8.8.8:53 b94320fb02a35c6c8441654c98428a4d.safeframe.googlesyndication.com udp
IE 52.95.115.196:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 roblox.en.softonic.com udp
NL 178.250.1.11:443 dnacdn.net tcp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 roblox.en.softonic.com udp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 70.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 59.169.217.172.in-addr.arpa udp
DE 162.19.138.82:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 roblox.en.softonic.com udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 8.8.8.8:53 roblox.en.softonic.com udp
US 8.8.8.8:53 roblox.en.softonic.com udp
FR 185.255.84.152:443 visitor.omnitagjs.com tcp
US 8.8.8.8:53 acdn.adnxs.com udp
US 8.8.8.8:53 roblox.en.softonic.com udp
US 8.8.8.8:53 js-sec.indexww.com udp
US 8.8.8.8:53 roblox.en.softonic.com udp
FR 185.255.84.152:443 visitor.omnitagjs.com tcp
FR 185.255.84.152:443 visitor.omnitagjs.com tcp
US 8.8.8.8:53 en.softonic.com udp
US 8.8.8.8:53 en.softonic.com udp
US 151.101.65.91:443 en.softonic.com tcp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
US 151.101.65.91:443 en.softonic.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
DE 37.252.171.21:443 secure.adnxs.com tcp
US 8.8.8.8:53 8.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 dnacdn.net udp
FR 178.250.7.13:443 dnacdn.net tcp
FR 185.235.86.64:443 ag.gbc.criteo.com tcp
US 8.8.8.8:53 gem.gbc.criteo.com udp
US 8.8.8.8:53 gem.gbc.criteo.com udp
NL 185.89.210.20:443 ib.adnxs.com tcp
NL 185.235.87.110:443 gem.gbc.criteo.com tcp
NL 2.18.121.10:443 player.aniview.com udp
US 8.8.8.8:53 player.aniview.com udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 8.8.8.8:53 13.7.250.178.in-addr.arpa udp
US 8.8.8.8:53 110.87.235.185.in-addr.arpa udp
US 8.8.8.8:53 dis.criteo.com udp
US 8.8.8.8:53 dis.criteo.com udp
NL 46.228.174.117:443 sync.1rx.io tcp
IE 34.246.197.210:443 match.prod.bidr.io tcp
NL 178.250.1.9:443 dis.criteo.com tcp
US 52.71.174.196:443 sync.srv.stackadapt.com tcp
US 35.244.174.68:443 id.rlcdn.com udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 js-sec.indexww.com udp
US 67.202.105.23:443 ssc-cms.33across.com tcp
US 8.8.8.8:53 ssc-cms.33across.com udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 67.202.105.23:443 ssc-cms.33across.com tcp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
NL 81.17.55.171:443 ssbsync.smartadserver.com tcp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
NL 81.17.55.171:443 ssbsync.smartadserver.com tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
NL 89.149.193.89:443 rtb-csync.smartadserver.com tcp
DE 35.156.10.230:443 rtb.mfadsrvr.com tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
NL 89.149.193.89:443 rtb-csync.smartadserver.com tcp
NL 89.149.193.89:443 rtb-csync.smartadserver.com tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
NL 139.45.197.253:443 notix.io tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 roblox.en.softonic.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 roblox.en.softonic.com udp
US 199.232.213.91:443 softonic.com udp
DE 37.252.173.215:443 secure.adnxs.com tcp
US 8.8.8.8:53 imgsct.cookiebot.com udp
US 8.8.8.8:53 imgsct.cookiebot.com udp
BE 104.68.64.217:443 imgsct.cookiebot.com tcp
US 172.67.207.108:443 marcnorgaard.com udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
US 8.8.8.8:53 dst36t2kjn7gi.cloudfront.net udp
GB 163.70.147.35:443 www.facebook.com udp

Files

memory/4772-0-0x000002DB53DF0000-0x000002DB53DF1000-memory.dmp

memory/4772-2-0x000002DB53DF0000-0x000002DB53DF1000-memory.dmp

memory/4772-1-0x000002DB53DF0000-0x000002DB53DF1000-memory.dmp

memory/4772-6-0x000002DB53DF0000-0x000002DB53DF1000-memory.dmp

memory/4772-12-0x000002DB53DF0000-0x000002DB53DF1000-memory.dmp

memory/4772-11-0x000002DB53DF0000-0x000002DB53DF1000-memory.dmp

memory/4772-10-0x000002DB53DF0000-0x000002DB53DF1000-memory.dmp

memory/4772-9-0x000002DB53DF0000-0x000002DB53DF1000-memory.dmp

memory/4772-8-0x000002DB53DF0000-0x000002DB53DF1000-memory.dmp

memory/4772-7-0x000002DB53DF0000-0x000002DB53DF1000-memory.dmp

C:\Windows\Temp\asw.dcbf065b12dba651\avast_free_antivirus_setup_online_x64.exe

MD5 54aaadc43b9a0a026a86db8d350a2cd3
SHA1 d1b767200495717f9abbd808c3b38079c64be877
SHA256 de1fa4badf89ecf4beedfd8f00f79e145e3f492be540e0964ef7468213a20844
SHA512 1d75da2ad226d1a6e744854a49b05416db10d4ef68ddf0d7d2d93f01b30a28cb84ae2b1a9c9ddc1817781a98409ed9556c02822f57965ab6f8865e3c55c36f3a

C:\Windows\Temp\asw.dcbf065b12dba651\eref.edat

MD5 173a83381bdc749f82a66ce267b6112d
SHA1 078038d3cc7f5b2880a0a5e43edb0d392f188361
SHA256 bd4833cb4b2f182a92f452ac7a54210c9526c96aa183f723c6f64da322f55d60
SHA512 d2cf7c81d2ce6b69010b1f42f99c30428b2a421952020312df04f60e028b77012c257d07fbcbfa04b175811deecd58479458aaf3853f07fecb9600977252b351

C:\Windows\Temp\asw.dcbf065b12dba651\ecoo.edat

MD5 061e3b7364dc315748e7ede27c93ce7a
SHA1 e29e80f407e292a1199a78de8745bb3368ae9341
SHA256 55921d5a85a9e36bc7b47829bd5303108b90b6ab3192db13fd88a8c6dbece928
SHA512 2d78594da33f75f82cfad0157e6316676822246557489d83908fc30fe0c999c04c1a5ca2f5fb716c89d35feb5ab8c2a0fe6ebf16fbf13f22f4665af0f28e4ae1

C:\Windows\Temp\asw.1c39e711436bc4e7\servers.def

MD5 e76e81467cf59e07920fa8350f262269
SHA1 e0ab1867d50c7d6cf2f35ca00aa94564cde1ef94
SHA256 cd4ca129df4cda34752225d61dc5b810e768bdeb60b0b8fb3fba3826820761c8
SHA512 5b29f1f97e6ef1acc567beb1340d13a07c52d94cc6ae6284650c3e717f137af3db43b84a2904f26e772e524dc8e69cdb86eb8e98e9ec65323769171e0ee35070

C:\Windows\Temp\asw.1c39e711436bc4e7\Instup.exe

MD5 4aed041ad383def5407e438fd5597675
SHA1 6a5d6ddeb83b4e6425cc77190b0539b6e5dffbc4
SHA256 1cb887579ece5a1d11832d0543f0b02c338ac8581d54909bc641abe13e294abf
SHA512 4b2c07668565f4a01f4e7f124e1050bd12228dc2547a00add12921b2300a71588387d8c2d3c0de4303222c5ea2e65bfafe2ab342417d2c5ab8ac300c40d5c171

C:\Windows\Temp\asw.1c39e711436bc4e7\Instup.dll

MD5 3b6abc970f7227284d87acd2d95c7c5a
SHA1 02b1248aa23cb8aee91b06a9b8b044fa93b469b1
SHA256 ecf706e38e489c6840b68db5b6fdb4687a175ec6c325c8673f27f7cbf01234fa
SHA512 bd06e9599fee8ac872ad6cb5e539a78137daf8b831eb7be3df8bc773d91f9eb4883d01404b7c6724997e6ec1526af213ed1988780c9e40ba98227649ee91a2b1

C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log

MD5 bdf6eb5f97a6cfce1b74818c47a07545
SHA1 af484c0fa11448a2d1def0d129566fa62fd9ef96
SHA256 670464335832d49e196442851160dd5fc345e13ab0e8f8a24ee99ffe6ca50bad
SHA512 467c3593fdb1036b8ab76544d88656d80acb7b070a658a227e99f59a8ad20bc1cfc4dc32d4925d6ec5ef2a6027bf41dd047bcf6b8a0367237f7c87d092a6cc64

C:\Windows\Temp\asw.1c39e711436bc4e7\config.def

MD5 da59c9092a31f572c882d563c600a34f
SHA1 0ec1cb7f7c16252d637d71e08e9363bfe96a5842
SHA256 563c4f5827c6f7a2a52d4dfe22f03e296751b1667566fe9a5ec4a7981c0f1766
SHA512 ee9ad7259df259dd6d444b6b8b933f2c6d928a3ed1f0de42598d09fdcdb0af2ae3f64dab888d3d5f4443a8b918e596f0ee28ee874fc9dfeeac422c3a9e107924

C:\Windows\Temp\asw.1c39e711436bc4e7\config.def

MD5 66f10981310c8f0043137a908e8f5c9f
SHA1 d5b9a23cdacec2d9646c5ed2889d1dfbd612eac4
SHA256 3ab100774a3470250589c4966ec81c8dc8bf9a09082abf5c3098cac40828a86f
SHA512 ae543d759363d01ec1046de591b073649775b25e7f9ee0ff59163c2a2050d4a0bfcb046f0f046c0d56f14959a28a57678ebc8abde04b4a5b2bc3efe79f0cc380

C:\Windows\Temp\asw.1c39e711436bc4e7\config.ini

MD5 7e4a723b596de509250e2468f02c56f3
SHA1 64ee2d83c9eee0efb52da1de35d7c77784913bb8
SHA256 a7b2f9481419a04090a28e7e386781cb908efe8853c78a2cae09dd5dc1374cac
SHA512 856daa3069b0f1763e7218635664b99f1186d67be45f1bb11498ff1346b36ee65e9f4a847948c4b5088046a0716439a6106687a2df61ccb034d33e1a666de7cb

C:\Windows\Temp\asw.1c39e711436bc4e7\HTMLayout.dll

MD5 39a20f9d67d6d4bac0ff081c62b13996
SHA1 b5b6b70e943a96a8697f07759245702e026be7e7
SHA256 825288012e4c15035b3d7fdfda396912b83992bf0683f9d2a5d55dfa1306b5a1
SHA512 798f6616b4f07bc75c5833a906735c1cc44d2ac044ceed4119005601e6f0266327ffb4819a44bac49bc0cde8b2ac7a021d098a12da586689de1119914e2032b0

C:\Windows\Temp\asw.1c39e711436bc4e7\servers.def.vpx

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Windows\Temp\asw.1c39e711436bc4e7\servers.def.vpx

MD5 dc5709c442df025a33cb2ca0d22133af
SHA1 5007da1e31f4705932c1f272dd4975b14bef268d
SHA256 6530f71b39a09fec9fdf8f258a488640a2094dba5e4a32cf4aa4670fce805744
SHA512 c6938f9569e943bbc04fe39acdf8e7302b77124b7f1e2ccbb20ec01242238e81b6ab83730393fe61ce716cb1c4e7df064c65bc5ce84540371fcf6a50a615cb6b

C:\Windows\Temp\asw.1c39e711436bc4e7\uat64.dll

MD5 c0719ef096798494a616f84f587282d7
SHA1 ee38158f887bc2189234330c4891f12f9d902d7a
SHA256 ba4d8d0ba809d934004da646ec31a72650dc16e4288404badd761e4bed6a982a
SHA512 7b22ac9c0c2c881674333d325363aa1d378d3b3c75700a7713a7f33b6ee144c43cd209d9fe9ff31a93b329881dc14c873cb2338af4695d44724afd5ddda5d298

C:\Windows\Temp\asw.1c39e711436bc4e7\uat64.vpx

MD5 11bb373887fe44e1edea08b70c638095
SHA1 e887149cb489a3aec8092636379ac4c64e389089
SHA256 a2f66db4a802a3aeb977d40a22e399382d8b82da216645defa5b5009602fa358
SHA512 d9933cb1b8258f13b21d3bf6a648ed81de1608663e1166a8eaf1baea60f4bc5017ac218f277beb4e65e6719ca57d2910cd6c268ee8a5f8766c13680e86fba879

C:\Windows\Temp\asw.1c39e711436bc4e7\part-setup_ais-180517e4.vpx

MD5 67a540fcde81f108f7568628590ee342
SHA1 bd454d4203eb18115264fed792b4d5e41a2e2fb5
SHA256 328f4780c3389e61ea00604b5d5085e734adee7f162796f1130d5f36d0cf2924
SHA512 20586f6f537b18f7e3d0945e0dbf69e6bd62457a06c739268c9867b407e9071c0b82ba8adf166ac19c78e9f36f4d8ccceb85ce1dddc1d5c6b5b49c11fb602199

C:\Windows\Temp\asw.1c39e711436bc4e7\prod-pgm.vpx

MD5 d4f72d1329501105ec7111178ac7c98f
SHA1 17bfc1e8299b43c46b18442b7e74f84953dc6193
SHA256 e2919168247b931b6f7c3274c10e4b68ea9b3a67eeab74347b2ac49bea9b0aa7
SHA512 570ee9fb319cb6a291e57abe5cde166d74b82090f818d145d763ec05810184f4548275f2cc294c4bcf395da1cbe1d138b190292b71ea1ae836004eb391353329

C:\Windows\Temp\asw.1c39e711436bc4e7\prod-vps.vpx

MD5 0066d9b938e4d92eed90d515c0da993f
SHA1 60f4f31c64671349b100505428a618c9a9033820
SHA256 bc659320e0681b00d3b5700251822db8e60e17daeeaae4b6cad83421aaf14209
SHA512 d28022752f3fe222d24eb30beb89dbecd25db7100dc362f79463afc45ace1166074ebca1a4c0931b457e1f5643a9644e268c1f0a65109a291ba3eb003f464e62

C:\Windows\Temp\asw.1c39e711436bc4e7\avbugreport_x64_ais-a3d.vpx

MD5 dd9112cf8378dd2dcd7da7652ab7ef4f
SHA1 edba0ad6afe5f7d5fef1a68fe6e298285302a205
SHA256 01a5da7bd76821e598dd0c145e402f01968a486ec0289304ecbc01e8e3e3545f
SHA512 a792118766c8aefdda2f3158e3f20235b3d45e2504a8aa131189034a4c1dce36ef304253794bd73eefa9de1b58666422cba7311e93588b6b05340c23c9b24502

C:\Windows\Temp\asw.1c39e711436bc4e7\avdump_x64_ais-a3d.vpx

MD5 4dae0714e69b6d570b458d2d464ace66
SHA1 7b87175b6810ba49fff360affcd27b0b1c163899
SHA256 009a8b3c599329995ec197d1c9e5a13ad8bcf0888d6ef434d295b4a7e76ca3e7
SHA512 9c5cb5a9893276cc5bfb5baddcfe6584b78bd0387fc731f0e21f963d8515a42fc77b3b8a25291ab0b09910d72193a191cd3f72a2b0dd92f27c89f5a62251a02e

C:\Windows\Temp\asw.1c39e711436bc4e7\sbr_x64_ais-a3d.vpx

MD5 c137e649a83c0d6e99b40b7244015812
SHA1 6aaa485bec43f485b3863d525a8653d19949e005
SHA256 d54383d72f4ef21f157867ea9164ccdc3d6dd9c8de32a691a86c1f0c5a008f8f
SHA512 c38621980bb82a5fdf509d92167027c67db56c3b3d17c621ef732a98595d50788a4ea934fd19a93787f7d7defadb537036eb0e1464aec8ec1cf8dc6073cae88f

C:\Windows\Temp\asw.1c39e711436bc4e7\offertool_x64_ais-a3d.vpx

MD5 83a59fb227b8146aec13b3e5183da115
SHA1 c0edcf17207414387cbd193503dec8fc3d88bf4c
SHA256 240f009ab1ce95fb23cb1c76f0c944e3acc8567b4198dd6d4de7d8bbf2979919
SHA512 317ac6ea8ea54f32614a3623bff1c0193c072c6ee8d845ab1b23575170fe1e1048f71847a23f4a6ef42e33466bd4c4d8a1fe10a2c7c48410c032287de3992560

C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log

MD5 1ccde7558e1c11e74b04427abacd5d18
SHA1 8bf56f854f6f610512df327177215c5c682bb1d7
SHA256 2b147413afbbbb75aacc2bddaa126cd3cfcfbca622bc9a91a055bb23edf0b985
SHA512 c3ce1184a2a8c64cdfe1e2c2da3c26d02f1c165c2412263e0fb36a8d41e51a65aaff9184a59e06b8826ad670ffdb639b3535780b9612dfa21b0927570cfba905

C:\Windows\Temp\asw.1c39e711436bc4e7\part-prg_ais-180517e4.vpx

MD5 2c670a43751b0f2adb2bbb0f5dd646bb
SHA1 74ad4b2eeb00c337bb4902def41353c44aef6e3a
SHA256 876f56bdbd1314c4f97757bbb341c908bc1de6acb5fbe8fdbbfdd2e3b1c55bdf
SHA512 bd5b7b4996f1c70adb77fb3b590a96cbe673253e05a10c94c2d38ee12d63995fc385c541eaacfd653ffd7e3629673fc539830943d9202ed2c9a04f2c42f8b4d7

C:\Windows\Temp\asw.1c39e711436bc4e7\setup.def

MD5 98592e07fab8330e4b367ee1c2ee1a23
SHA1 aaaeddbb740f3fb46362ff6055b909e7215e7c22
SHA256 046d8d52a8da3a1e288aa24452ce97ed72f47c0f327177ac76373d1eacfc9b40
SHA512 1f734e991340156de357b638b562b6f95e762f1913953fab3b449ea6fa3fb081db02dfc3339a4dd1d5c82a0fe169d7a4d4699ce239900bd7e51372a561cc7511

C:\Windows\Temp\asw.1c39e711436bc4e7\prod-vps.vpx

MD5 febd30cf901c8fe640b98cfaadd1a633
SHA1 aa419a6d759ef6b133d67109047728b98cb31270
SHA256 485c2d46a6b2f6d3401307455f64b30cb8758749dbf5d5fe836b6a738b68a3ef
SHA512 350a675fcfc0f3a6ead858c5feae0b7a81494bf4a6f7181405627b2c580b5ecefb8f926778a65423a76165f0a2677a5535fccaf5374e0beafb9669d66af0f138

C:\Windows\Temp\asw.1c39e711436bc4e7\part-jrog2-93.vpx

MD5 12d90335062c671ad47ea706deac815c
SHA1 23eb16bc513813f0cd2ae023863d27d813afded2
SHA256 1f3f4b1e26ab968c05bcb51ecfe48b4b501a32e33301a36ecef26fe2daf0ea8a
SHA512 368ac634f6310ee1f3fdcc3170bd34ac6330219e8c3231ecf09102da0dd4a60add7f9e283874336c49435c2746145ace92503faa75cfdfe89ad3db1202c5040f

C:\Windows\Temp\asw.1c39e711436bc4e7\part-vps_windows-24061317.vpx

MD5 c0e5dfce82300127835aba8db5feeba1
SHA1 1fd558a4e3055aadfbc0b871661b4821e7e11659
SHA256 97eb2d0d06f82ac4414549ad2dbc01789fdeb624f773a57d1cf20cd94131bc05
SHA512 3ea70565ea6c6932a2b694cc61ed7da75f40e798075cab4b077573c098bab842f55b2a3b6b9b3972c7bd36eb6dff7a935fe0b48efc52e33f14d057d8eb97323f

C:\Windows\Temp\asw.1c39e711436bc4e7\asw25c5ebe5b31fada4.ini

MD5 ddcf51ae2588d2cf4b23f96b4b425107
SHA1 4de1a4f9b825d07e9e5cd78d77c397414830ac93
SHA256 fc1885ef1407ec75dc81e7768ac854ec0f8232f9dfdb8d1bfe238173a8f0317b
SHA512 1ecfb8b8e077474c3758470c68e5e9e95cebebc7fa51481c8bc720dc65ef9a3bd39bbb7b66589d451c6762f9db1c6ce0e79a4b81413e3cdac1af2a608db4dd40

C:\Windows\Temp\asw.1c39e711436bc4e7\asw25c5ebe5b31fada4.ini

MD5 4c43757b3ac31125e2a84d1e8a63da31
SHA1 df7aa2b082259a693f414a27459f08de60f9f19e
SHA256 845002f91990a6f799d8be28db0dc5252742bf281e5b90efbb7f637f65128006
SHA512 47d67f15297461a34bf01a97af80910b4c7c87d1132bf89d24c976d23614d3355f451c314baa8c7e8a3041fd2f730ace7958850eb88dee5daa3b3562341caee9

C:\Windows\Temp\asw.1c39e711436bc4e7\config.def

MD5 ec1b7cd39f0f05386c58ce4eee0a7773
SHA1 be4716359d77420a9cc50f7848653537f3727578
SHA256 a61f24139b866cf0f1d80f7e1b1efe479cb24273e6957f1d47af1b932dd32111
SHA512 f4886d684a2d9984d0c6f9d712fe9f21597acf9f6e06b5f073f581bf7765bf630c80bc33f518f2e8cfe7e912043869b9df3568af4c940915b75b9066935829db

C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log

MD5 1af6b4e038d1ac1839f3b37ff5153ca1
SHA1 22012c84c6abdcefb30fa3a193a4fda82f7e8360
SHA256 4469ba2bc7f133ec4e6f858828e3c6691752443798920ab0a7c10a6659183f3d
SHA512 dd7dbcbfa1e3976792c930af692ec14153fb7451375f58a4054cecd4da890f4896d69d3f9b9f53d7f8af752471abca7c8ff5e59a93f94f0739462447f802520a

C:\Windows\Temp\asw.1c39e711436bc4e7\New_180517e4\gcapi.dll

MD5 3ead47f44293e18d66fb32259904197a
SHA1 e61e88bd81c05d4678aeb2d62c75dee35a25d16b
SHA256 e0d08b9da7e502ad8c75f8be52e9a08a6bcd0c5f98d360704173be33777e4905
SHA512 927a134bdaec1c7c13d11e4044b30f7c45bbb23d5caf1756c2beada6507a69df0a2e6252ec28a913861e4924d1c766704f1036d7fc39c6ddb22e5eb81f3007f0