Analysis Overview
Threat Level: Known bad
The file https://www.mediafire.com/file/gzw1efzjudap9dq/CryptoFinder.zip/file was found to be: Known bad.
Malicious Activity Summary
Rhadamanthys
Suspicious use of SetThreadContext
Browser Information Discovery
Program crash
System Location Discovery: System Language Discovery
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Modifies data under HKEY_USERS
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-09-21 00:08
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-21 00:08
Reported
2024-09-21 00:09
Platform
win10v2004-20240802-en
Max time kernel
50s
Max time network
36s
Command Line
Signatures
Rhadamanthys
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 4048 set thread context of 2396 | N/A | C:\Users\Admin\Desktop\CryptoFinder.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Browser Information Discovery
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\CryptoFinder.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133713509172069593" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.mediafire.com/file/gzw1efzjudap9dq/CryptoFinder.zip/file
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd15f7cc40,0x7ffd15f7cc4c,0x7ffd15f7cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1896,i,17855263841234838568,16624263733824130523,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1892 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2132,i,17855263841234838568,16624263733824130523,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2164 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2264,i,17855263841234838568,16624263733824130523,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2448 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,17855263841234838568,16624263733824130523,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3144 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,17855263841234838568,16624263733824130523,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3176 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4400,i,17855263841234838568,16624263733824130523,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4716 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4728,i,17855263841234838568,16624263733824130523,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4732 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4980,i,17855263841234838568,16624263733824130523,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4804 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5152,i,17855263841234838568,16624263733824130523,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5164 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5352,i,17855263841234838568,16624263733824130523,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5340 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5356,i,17855263841234838568,16624263733824130523,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5496 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5652,i,17855263841234838568,16624263733824130523,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5640 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=6072,i,17855263841234838568,16624263733824130523,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6056 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5844,i,17855263841234838568,16624263733824130523,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6228 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5820,i,17855263841234838568,16624263733824130523,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5836 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Desktop\CryptoFinder.exe
"C:\Users\Admin\Desktop\CryptoFinder.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2396 -ip 2396
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 568
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 104.17.151.117:443 | www.mediafire.com | tcp |
| US | 8.8.8.8:53 | 202.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.151.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 172.67.199.186:443 | the.gatekeeperconsent.com | tcp |
| US | 172.67.199.186:443 | the.gatekeeperconsent.com | tcp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | www.ezojs.com | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 104.22.75.216:443 | btloader.com | tcp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | tcp |
| GB | 216.58.201.110:443 | translate.google.com | tcp |
| US | 104.21.63.106:443 | www.ezojs.com | tcp |
| GB | 18.154.84.60:443 | cdn.amplitude.com | tcp |
| US | 8.8.8.8:53 | cdn.otnolatrnup.com | udp |
| US | 8.8.8.8:53 | www.mediafiredls.com | udp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | 37.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.199.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | udp |
| US | 104.16.52.110:443 | cdn.otnolatrnup.com | tcp |
| US | 104.26.2.173:443 | www.mediafiredls.com | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| GB | 216.58.213.10:443 | translate.googleapis.com | tcp |
| US | 54.187.137.114:443 | api.amplitude.com | tcp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | go.ezodn.com | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 104.17.151.117:443 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 172.67.142.121:443 | go.ezodn.com | tcp |
| US | 172.67.142.121:443 | go.ezodn.com | tcp |
| US | 172.67.142.121:443 | go.ezodn.com | tcp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| GB | 142.250.180.10:443 | content-autofill.googleapis.com | tcp |
| US | 172.67.142.121:443 | go.ezodn.com | tcp |
| US | 172.67.142.121:443 | go.ezodn.com | tcp |
| US | 172.67.142.121:443 | go.ezodn.com | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| GB | 216.58.201.98:443 | securepubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | g.ezodn.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| GB | 142.250.180.10:443 | content-autofill.googleapis.com | udp |
| US | 172.67.142.121:443 | g.ezodn.com | udp |
| US | 8.8.8.8:53 | bshr.ezodn.com | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 216.75.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.63.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.84.154.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.79.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.52.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.2.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.2.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.187.37.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.137.187.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.142.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| US | 172.67.142.121:443 | bshr.ezodn.com | tcp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | tcp |
| IE | 52.208.141.37:443 | bcp.crwdcntrl.net | tcp |
| GB | 18.245.143.58:443 | tags.crwdcntrl.net | tcp |
| IE | 52.48.24.212:443 | bcp.crwdcntrl.net | tcp |
| GB | 216.58.201.98:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| GB | 216.58.201.110:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.143.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.141.208.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.24.48.52.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.213.10:443 | translate.googleapis.com | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | id.a-mx.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| US | 8.8.8.8:53 | api.rlcdn.com | udp |
| US | 8.8.8.8:53 | id.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| BE | 74.125.71.155:443 | stats.g.doubleclick.net | tcp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| GB | 142.250.178.3:443 | www.google.co.uk | tcp |
| US | 34.120.133.55:443 | api.rlcdn.com | tcp |
| US | 8.8.8.8:53 | cdn.prod.uidapi.com | udp |
| US | 104.22.5.69:443 | id.hadron.ad.gt | tcp |
| US | 3.33.220.150:443 | match.adsrvr.org | tcp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| DE | 79.127.216.47:443 | id.a-mx.com | tcp |
| GB | 87.248.114.11:443 | ups.analytics.yahoo.com | tcp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| DE | 162.19.138.119:443 | id5-sync.com | tcp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | tcp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 172.67.38.106:443 | cdn.id5-sync.com | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| US | 172.64.152.89:443 | cdn-ima.33across.com | tcp |
| GB | 18.245.252.28:443 | cdn.prod.uidapi.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | c3.a-mo.net | udp |
| US | 8.8.8.8:53 | oajs.openx.net | udp |
| GB | 142.250.180.1:443 | tpc.googlesyndication.com | tcp |
| DE | 162.19.138.83:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 162.19.138.119:443 | lb.eu-1-id5-sync.com | tcp |
| NL | 79.127.227.46:443 | c3.a-mo.net | tcp |
| US | 34.120.135.53:443 | oajs.openx.net | tcp |
| US | 8.8.8.8:53 | ads.yieldmo.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| US | 8.8.8.8:53 | fastlane.rubiconproject.com | udp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.1:443 | tpc.googlesyndication.com | tcp |
| FR | 185.255.84.151:443 | hb-api.omnitagjs.com | tcp |
| IE | 54.73.13.70:443 | ads.yieldmo.com | tcp |
| GB | 108.138.217.48:443 | hb.yellowblue.io | tcp |
| IE | 52.19.222.242:443 | ap.lijit.com | tcp |
| DE | 3.124.64.248:443 | tlx.3lift.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| DE | 51.38.120.206:443 | onetag-sys.com | tcp |
| FR | 163.5.194.35:443 | prebid.a-mo.net | tcp |
| DE | 18.159.212.21:443 | btlr.sharethrough.com | tcp |
| DE | 18.159.212.21:443 | btlr.sharethrough.com | tcp |
| DE | 18.159.212.21:443 | btlr.sharethrough.com | tcp |
| DE | 18.159.212.21:443 | btlr.sharethrough.com | tcp |
| DE | 18.159.212.21:443 | btlr.sharethrough.com | tcp |
| GB | 142.250.180.1:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.180.1:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.180.1:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.180.1:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.180.1:443 | tpc.googlesyndication.com | tcp |
| US | 34.120.135.53:443 | oajs.openx.net | udp |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| DE | 51.38.120.206:443 | onetag-sys.com | udp |
| US | 34.98.64.218:443 | google-bidout-d.openx.net | tcp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.71.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.133.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.114.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.5.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.220.33.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.216.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.146.102.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.193.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.152.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.38.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.70.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.252.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.227.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.135.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.217.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.13.73.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.222.19.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.120.38.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.194.5.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.64.124.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.212.159.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1e2d74341fb51e932f080da77c2e28b0.safeframe.googlesyndication.com | udp |
| GB | 172.217.169.1:443 | 1e2d74341fb51e932f080da77c2e28b0.safeframe.googlesyndication.com | tcp |
| GB | 142.250.180.1:443 | tpc.googlesyndication.com | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| GB | 142.250.180.1:443 | tpc.googlesyndication.com | udp |
| US | 172.67.142.121:443 | bshr.ezodn.com | udp |
| GB | 172.217.169.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | download2288.mediafire.com | udp |
| US | 199.91.155.29:443 | download2288.mediafire.com | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 104.16.53.110:443 | otnolatrnup.com | tcp |
| US | 104.16.53.110:443 | otnolatrnup.com | tcp |
| US | 199.91.155.29:443 | download2288.mediafire.com | tcp |
| US | 8.8.8.8:53 | 1.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.64.98.34.in-addr.arpa | udp |
| US | 199.91.155.29:443 | download2288.mediafire.com | tcp |
| GB | 142.250.200.33:443 | cdn.ampproject.org | tcp |
| GB | 142.250.200.33:443 | cdn.ampproject.org | tcp |
| GB | 142.250.200.33:443 | cdn.ampproject.org | tcp |
| GB | 142.250.200.33:443 | cdn.ampproject.org | tcp |
| GB | 142.250.200.33:443 | cdn.ampproject.org | tcp |
| US | 104.16.53.110:80 | otnolatrnup.com | tcp |
| US | 104.16.53.110:80 | otnolatrnup.com | tcp |
| US | 8.8.8.8:53 | 110.53.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.155.91.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | woreppercomming.com | udp |
| GB | 18.165.227.64:443 | woreppercomming.com | tcp |
| US | 8.8.8.8:53 | check.analytics.rlcdn.com | udp |
| US | 8.8.8.8:53 | www.chancial.com | udp |
| GB | 18.164.68.45:443 | check.analytics.rlcdn.com | tcp |
| US | 172.67.141.135:443 | www.chancial.com | tcp |
| US | 8.8.8.8:53 | www.opera.com | udp |
| DE | 18.158.53.72:443 | www.opera.com | tcp |
| US | 8.8.8.8:53 | 64.227.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.141.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.68.164.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn-production-opera-website.operacdn.com | udp |
| US | 8.8.8.8:53 | www.googleoptimize.com | udp |
| GB | 104.82.139.188:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 104.82.139.188:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 104.82.139.188:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 104.82.139.188:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 104.82.139.188:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 104.82.139.188:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 216.58.201.110:443 | www.googleoptimize.com | tcp |
| GB | 104.82.139.188:443 | cdn-production-opera-website.operacdn.com | tcp |
| US | 8.8.8.8:53 | 72.53.158.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.139.82.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| DE | 18.158.53.72:443 | www.opera.com | tcp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| NL | 157.240.201.15:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | 15.201.240.157.in-addr.arpa | udp |
| NL | 157.240.201.15:443 | connect.facebook.net | udp |
| GB | 216.58.213.10:443 | translate.googleapis.com | udp |
| US | 8.8.8.8:53 | csm.nl3.eu.criteo.net | udp |
| NL | 178.250.1.25:443 | csm.nl3.eu.criteo.net | tcp |
Files
\??\pipe\crashpad_3732_KZSXUCPPTLAAAPHI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | f5b198d5fe540a70b102936f99a99596 |
| SHA1 | 405e6d5a23663b86da8b7fa43f27150aac322dd7 |
| SHA256 | 386d4230eba3df6547f14ffa090c818a2b2256695ba1b75d6aedf916228bc381 |
| SHA512 | ffcd721cd0c42e017583823fa71d04dcea9587f4bd6079feddf9f1e20aef7959f4f67a6dd07c137fe2250d96e9b6f7683c825b871e0bcd27d036cd20850004cf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 754554d2608c60c39215a9ad6f280e41 |
| SHA1 | 71c28e75355a01ad8053dd820a930e7f5f3d8886 |
| SHA256 | a5a1cd018a8f61108db0f31504f29b866d846ba45c1f1b15ce03bfd99865360a |
| SHA512 | 6baac108d2c2968b8d9102767fbe0c34858e15aa236cbf7359ac8379c1dc2b4ffe8c4ae2d51bfde452954ed452e9c79e6af36a4d6609e3b59bd973f2123a7800 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b8ab42855aec19c40e8699f7f05ada08 |
| SHA1 | e33a2f2015425a194c67171cc000e4b970fd0eaa |
| SHA256 | b9e6576bb49c8570042b0f5a742d48183f98bcf35b36f10833d367659ae73d5b |
| SHA512 | 5786b5765517d9e4002dc032a9f9fe007bfccbf949e716442d2f29d420760fa8735f2bf105551961d49f087f692d59199ea64aa0bcc6acd585644b24de94129a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9d7407f6e8d2fda040a6414b4a1ba7e5 |
| SHA1 | 53b21b65cb924c152598817ab0086a36a1c29a95 |
| SHA256 | aebd5d23c508454c4c67f542e7c343e08e4d9b82c2dd4de555f180d70039b438 |
| SHA512 | 2e22d4c07ec66ed7adc82a2b87cde548fc8fd2c50c93fa205a899a30069d6d0ce15ab9821370e8521ff80285e17ac58699f7e0486cb0f607d30d1a428c325bbb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d0137605-1341-4136-a359-096c80acf7a7.tmp
| MD5 | feee55eb94e77931464432b9e249f2a7 |
| SHA1 | 51d3cc71cf0942991143cac8f34aec491e3e451c |
| SHA256 | 701c47884ae139834257af62af05541617572c3d436ba1e11ee18a1d732447f5 |
| SHA512 | 4da6ae9ccb94c5c12ec3d5076f7f12c1379f5c7c5c664d25610a20ee1d3ea3229b29c1200a6fcfa564c9644997adb0fd6e71c76becb006ba282717d6e25bb140 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1742cf0814ef6dc6450a9569f009ad1b |
| SHA1 | f18f105f8616f088baa65cef159a23769c78cfcf |
| SHA256 | ce1089548ad12975dbed8b4468fd2a9b80733d2f40092dc0d0c4e1b11ad3cdf8 |
| SHA512 | 85a293c5df3d8450c38176b17fdb9494edf1b92e46e114da6047ba821b794d4e271541b1c6c505bde885773a5f0ac8a50ece9f3152d575f8614595ca1c0a3b8a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 89f10307a4e87f78ad0b6081cd8e23f6 |
| SHA1 | a26e92f89231b60cbd742d0a259d63eebe2388d0 |
| SHA256 | dcf169dc4a6449c4cc490dbdb448505ec91dd219619f32496100649c259388b9 |
| SHA512 | 5845e6b34d0effafa10ba9c5eded904c13af64128ce3a152a3c2cad9c6fa38b7358916a0948eb6288c9c9ead23bd5195e16c77c49971fb53d6ceabc1e276f0f5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 4bb733e6236fc95cc6ed465bc23bc83f |
| SHA1 | 46e09ed2d2384828a00a8c6cfa00dba36f10b0b0 |
| SHA256 | 9d19c83c204ff36eaeef5bbc5ca1ebaae0bedb89c5a2d08a6db614a92c41aa34 |
| SHA512 | 8fba51f26d06cc8e1e1c1f89a0467aa89be36fb779437fbffd373dde4f08346a53b28a3e185ceb30d8750df15e0b54b464586776f02cbb87a7210952e5c95dbc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d167ad758515e832860705f9419afe10 |
| SHA1 | 761f783760084ec5ecae3b47bcdbced9057aba00 |
| SHA256 | 3b8ce5e921029ed309f4b0d62b687b256092d71fc7bccb41f8ee9a42b6398238 |
| SHA512 | 1d960027f53c42daf3238950e0a44aa9f22822a92a5cf35f598a8b2c2615f88923626044c42d122843f658f8f1953b3d13ffc6dac7dc122d19a2f652fbba2c00 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6131c7c4700ed0b57605bd7573f75cb8 |
| SHA1 | 51bbaf0edd6bb30dbc88e8c8f3cc4c512b637c7d |
| SHA256 | 1014afd9a03a66d8a855d0f97d688fc7d2297214502994cca089e36bad96595d |
| SHA512 | 2e55243cdebea5617307edc159e41444ea1de884697311075f8ca5316881d9fe7891b43925864fe08b5b88fe368dae372b2230cd73e3042feed82206b3a3d6d0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c2932f0ae852d849d400a26c6a9a7d40 |
| SHA1 | c2633be4fb510e8695421f0dfcb943eba2b77a44 |
| SHA256 | 7091d4d4be9611877565c3b10212089007467579f040c6126eac9d8c489e4442 |
| SHA512 | ff0d2dfe8e670b707179f371df93832d37d580a017dbba6c9485c5a3d8a5e9996b96928135667570882d548447da45795703d163c40d964ced6c5093f9da6007 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 35a20313a53d6b515405dda4cb5a0db4 |
| SHA1 | ee1c9a0001442eff94e74286f7318b40273693a4 |
| SHA256 | f53db0950e5ce04ceef9f364246377528656348973ea91c58c088b49a98f1f05 |
| SHA512 | 981467092dc32e699a5a3e04e310228459e226e048f92a644f83a47af7524b123e07d44eab030807e1d75e35796625869274ba1fdbd4538bf0fed8b6e697192d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 3ac5c61c93d5daf61a28e30863b9feb8 |
| SHA1 | c8806bc9399d2fce00b813fbd6328f78c5ae015c |
| SHA256 | a73e3b07a15461c45a20931cd358df2ffec33678c2bf895ab1c713a7281bbc14 |
| SHA512 | 4363c4935f167f522d3d43839068449a883b50c6fe7004f4ad7ecfdb2abbc7f068a91a8cf30f34e2a06314df0d791bb2eae716228d8da4211a836e4c7afb2659 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
| MD5 | 2271e12548546405671f8eae5e6ab10e |
| SHA1 | 97b10b7b8cb16a24d81d9c464145d039b96813fe |
| SHA256 | feb13fc09382aacf8396dc197eb4da1530ae02e60b7e8eb580ea7fb8bf843bde |
| SHA512 | e92533e7b50a30759c32674e596c62c83247195c7ca98df3129512cfc9d58648a1291e1a3879d768571464104b7c43f4e27326664f71166601915e3908c44b89 |
memory/4048-423-0x000000007487E000-0x000000007487F000-memory.dmp
memory/4048-424-0x0000000000410000-0x0000000000482000-memory.dmp
memory/4048-425-0x0000000074870000-0x0000000075020000-memory.dmp
memory/2396-427-0x0000000000400000-0x000000000047E000-memory.dmp
memory/4048-429-0x0000000074870000-0x0000000075020000-memory.dmp
memory/2396-433-0x0000000000400000-0x000000000047E000-memory.dmp
memory/2396-430-0x0000000000400000-0x000000000047E000-memory.dmp
memory/4048-434-0x0000000074870000-0x0000000075020000-memory.dmp
memory/2396-431-0x0000000000400000-0x000000000047E000-memory.dmp