Malware Analysis Report

2024-11-13 18:32

Sample ID 241108-ad953stlak
Target RAT NIGGA.jar
SHA256 1e8d94d04b2d21fe062345f4f2eb5bd6896f420e1a98c17eaf0105236ae52b67
Tags
adwind defense_evasion persistence phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1e8d94d04b2d21fe062345f4f2eb5bd6896f420e1a98c17eaf0105236ae52b67

Threat Level: Known bad

The file RAT NIGGA.jar was found to be: Known bad.

Malicious Activity Summary

adwind defense_evasion persistence phishing

Class file contains resources related to AdWind

Adwind family

Downloads MZ/PE file

A potential corporate email address has been identified in the URL: DC4FCl9EEADTbpTauTauH92EDJA255C6DD4@Tau

Executes dropped EXE

A potential corporate email address has been identified in the URL: 93263704532955710A490D44@AdobeOrg

Looks up external IP address via web service

Adds Run key to start application

Subvert Trust Controls: Mark-of-the-Web Bypass

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Uses Task Scheduler COM API

Suspicious use of SendNotifyMessage

Modifies data under HKEY_USERS

Suspicious use of WriteProcessMemory

Views/modifies file attributes

NTFS ADS

Checks processor information in registry

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-08 00:06

Signatures

Adwind family

adwind

Class file contains resources related to AdWind

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-08 00:06

Reported

2024-11-08 00:12

Platform

win10ltsc2021-20241023-en

Max time kernel

312s

Max time network

313s

Command Line

java -jar "C:\Users\Admin\AppData\Local\Temp\RAT NIGGA.jar"

Signatures

Downloads MZ/PE file

A potential corporate email address has been identified in the URL: 93263704532955710A490D44@AdobeOrg

phishing

A potential corporate email address has been identified in the URL: DC4FCl9EEADTbpTauTauH92EDJA255C6DD4@Tau

phishing

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Home = "C:\\Program Files\\Java\\jre-1.8\\bin\\javaw.exe -jar C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\.tmp\\1731024431504.tmp" C:\Windows\system32\reg.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-lookup.net N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A ip-lookup.net N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A ip-lookup.net N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A ip-lookup.net N/A N/A
N/A ip-lookup.net N/A N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File created C:\Users\Admin\Downloads\jre-8u431-windows-x64.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "120" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History C:\Windows\system32\LogonUI.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\jre-8u431-windows-x64.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3016 wrote to memory of 3760 N/A C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe C:\Windows\SYSTEM32\attrib.exe
PID 3016 wrote to memory of 3760 N/A C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe C:\Windows\SYSTEM32\attrib.exe
PID 3016 wrote to memory of 3196 N/A C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe C:\Windows\SYSTEM32\cmd.exe
PID 3016 wrote to memory of 3196 N/A C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe C:\Windows\SYSTEM32\cmd.exe
PID 3196 wrote to memory of 4348 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\reg.exe
PID 3196 wrote to memory of 4348 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\reg.exe
PID 3168 wrote to memory of 4904 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3168 wrote to memory of 4904 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3168 wrote to memory of 4904 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3168 wrote to memory of 4904 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3168 wrote to memory of 4904 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3168 wrote to memory of 4904 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3168 wrote to memory of 4904 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3168 wrote to memory of 4904 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3168 wrote to memory of 4904 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3168 wrote to memory of 4904 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3168 wrote to memory of 4904 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4904 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4904 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4904 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4904 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4904 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4904 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4904 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4904 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4904 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4904 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4904 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4904 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4904 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4904 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4904 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4904 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4904 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4904 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4904 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4904 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4904 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4904 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4904 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4904 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4904 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4904 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4904 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4904 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4904 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4904 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4904 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4904 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4904 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4904 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4904 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4904 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4904 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4904 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4904 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4904 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4904 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4904 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4904 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4904 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4904 wrote to memory of 3940 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4904 wrote to memory of 2800 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4904 wrote to memory of 2800 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\attrib.exe N/A

Processes

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe

java -jar "C:\Users\Admin\AppData\Local\Temp\RAT NIGGA.jar"

C:\Windows\SYSTEM32\attrib.exe

attrib +H C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1731024431504.tmp

C:\Windows\SYSTEM32\cmd.exe

cmd.exe /c "REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1731024431504.tmp" /f"

C:\Windows\system32\reg.exe

REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1731024431504.tmp" /f

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1972 -parentBuildID 20240401114208 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c3f7f15-702d-4f95-86a5-8b7f033bec23} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2380 -parentBuildID 20240401114208 -prefsHandle 2372 -prefMapHandle 2360 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {79b84fa2-2963-4f49-9caf-9f6e42f63099} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3104 -childID 1 -isForBrowser -prefsHandle 3008 -prefMapHandle 2984 -prefsLen 23858 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9faffcc2-aa22-4aa9-8a74-ef87d03fa1bf} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4308 -childID 2 -isForBrowser -prefsHandle 4300 -prefMapHandle 4296 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {50ff7bb0-31ca-43fb-8361-becc2791b97a} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4620 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4876 -prefMapHandle 4872 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6a59959-a4ac-4669-a01b-25b1950014d6} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5264 -childID 3 -isForBrowser -prefsHandle 5244 -prefMapHandle 5172 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {38c6a7ab-46cf-4477-940f-1cce1510d934} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5408 -childID 4 -isForBrowser -prefsHandle 5484 -prefMapHandle 5480 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0208a147-618c-4dad-a45c-1d4cc2768184} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5380 -childID 5 -isForBrowser -prefsHandle 5388 -prefMapHandle 5392 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b0875c2-0039-4caf-9761-81c02ac009db} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6136 -childID 6 -isForBrowser -prefsHandle 2296 -prefMapHandle 6128 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {30d804b7-cb8d-4f00-9252-a7685ebd63b2} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4624 -childID 7 -isForBrowser -prefsHandle 6092 -prefMapHandle 4692 -prefsLen 27919 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f664c7c0-c548-451a-a4a4-3f62d0516201} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6456 -childID 8 -isForBrowser -prefsHandle 6480 -prefMapHandle 6472 -prefsLen 27919 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ceb350b-17a7-49da-bb37-b401b8f43cc4} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab

C:\Users\Admin\Downloads\jre-8u431-windows-x64.exe

"C:\Users\Admin\Downloads\jre-8u431-windows-x64.exe"

C:\Users\Admin\AppData\Local\Temp\jds240762984.tmp\jre-8u431-windows-x64.exe

"C:\Users\Admin\AppData\Local\Temp\jds240762984.tmp\jre-8u431-windows-x64.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2620 -childID 9 -isForBrowser -prefsHandle 2564 -prefMapHandle 2692 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4ee4dcf-0ee4-4a77-8bca-1cc107197ae2} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7380 -childID 10 -isForBrowser -prefsHandle 7560 -prefMapHandle 7344 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {993b4a9c-b851-4d86-9032-8f58ef251a6b} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8160 -childID 11 -isForBrowser -prefsHandle 8128 -prefMapHandle 8124 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a1def5e-5754-496d-8084-79915953908d} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8380 -childID 12 -isForBrowser -prefsHandle 8292 -prefMapHandle 8464 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e98c5e7-1ae3-4118-8271-d018a0616cf3} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8436 -childID 13 -isForBrowser -prefsHandle 8440 -prefMapHandle 8444 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fab75862-0191-4ca7-a740-2d751f3bc3a7} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8776 -childID 14 -isForBrowser -prefsHandle 8692 -prefMapHandle 8680 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {00a750b0-d448-4520-943b-18eed3bd1f16} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9264 -childID 15 -isForBrowser -prefsHandle 9280 -prefMapHandle 9112 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba1ae4ca-0342-4eb5-81c3-d66bc678c698} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9288 -childID 16 -isForBrowser -prefsHandle 9340 -prefMapHandle 9276 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e7e469c-67dd-4f14-8b1c-8d35acdf3526} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9624 -childID 17 -isForBrowser -prefsHandle 9616 -prefMapHandle 9612 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {391980a9-6069-4c82-b89e-6fad858fa5c9} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9776 -childID 18 -isForBrowser -prefsHandle 9656 -prefMapHandle 9644 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f45507d-0320-4dce-82f2-dd756fe4c80e} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10120 -childID 19 -isForBrowser -prefsHandle 10148 -prefMapHandle 10136 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {28891cbc-a752-4f16-9dad-0aedd39463db} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8336 -childID 20 -isForBrowser -prefsHandle 8352 -prefMapHandle 8412 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9ee10f6-0e80-4f55-bc36-228a1c4d3d0e} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10088 -parentBuildID 20240401114208 -sandboxingKind 3 -prefsHandle 10192 -prefMapHandle 10196 -prefsLen 30573 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3727ca6b-c57d-4f53-8045-17aa6d5d7cd5} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10512 -childID 21 -isForBrowser -prefsHandle 10508 -prefMapHandle 10504 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {366fe8c0-13bf-4821-9ca8-ea76cc81e516} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10484 -childID 22 -isForBrowser -prefsHandle 10176 -prefMapHandle 10500 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4168019c-277d-498c-9639-8b9b95914863} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10472 -childID 23 -isForBrowser -prefsHandle 10064 -prefMapHandle 10068 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6eccb397-0d2f-449a-ba53-dc67e6ef56a7} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10520 -childID 24 -isForBrowser -prefsHandle 8752 -prefMapHandle 10092 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d688c727-1faa-4a14-9ee4-a5149d72b518} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5368 -childID 25 -isForBrowser -prefsHandle 5732 -prefMapHandle 5592 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2e553af-089b-4820-93c1-5b267b894577} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5520 -parentBuildID 20240401114208 -prefsHandle 10092 -prefMapHandle 8752 -prefsLen 30573 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2d928d9-64b7-4710-9a55-591d028eb517} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10252 -childID 26 -isForBrowser -prefsHandle 10260 -prefMapHandle 10264 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d6d33d8-7473-4784-bcea-a620aa6e604b} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10268 -childID 27 -isForBrowser -prefsHandle 10792 -prefMapHandle 10216 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5427b096-fa6b-450b-8ae7-39575dc775d0} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10604 -childID 28 -isForBrowser -prefsHandle 10756 -prefMapHandle 10740 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {05748205-2229-4515-a52e-57c005ea2353} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10268 -childID 29 -isForBrowser -prefsHandle 4812 -prefMapHandle 6376 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {73b1ea80-5367-4ce3-b753-5be34bc7eaa1} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9696 -childID 30 -isForBrowser -prefsHandle 4620 -prefMapHandle 5048 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4a182503-0cea-4940-a167-1d5687556ccf} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9324 -childID 31 -isForBrowser -prefsHandle 6568 -prefMapHandle 6444 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d38db86-ff17-4dfb-870d-f47858526604} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8476 -childID 32 -isForBrowser -prefsHandle 6268 -prefMapHandle 6620 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7fff65c7-2c55-4cdf-ab5f-985b5ace47c4} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11184 -childID 33 -isForBrowser -prefsHandle 6608 -prefMapHandle 11192 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {71db5177-92ca-4d45-8ab6-27f4b9845045} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8476 -childID 34 -isForBrowser -prefsHandle 5352 -prefMapHandle 5296 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c2e2cc8-c153-46b1-a050-3a95f4293103} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10392 -childID 35 -isForBrowser -prefsHandle 7436 -prefMapHandle 8404 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {449176df-aab6-4806-9639-8cea7cc82e21} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8392 -childID 36 -isForBrowser -prefsHandle 10116 -prefMapHandle 10004 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a4d37776-594f-416a-8388-7b618a7161fa} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10736 -childID 37 -isForBrowser -prefsHandle 11340 -prefMapHandle 11344 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c251019-f417-4a36-b7e4-25df06c9dbf4} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8404 -childID 38 -isForBrowser -prefsHandle 6688 -prefMapHandle 9920 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f7adec8-a72b-48b3-a753-3011a9ed8cf2} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11404 -childID 39 -isForBrowser -prefsHandle 10260 -prefMapHandle 10908 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {79c6266e-8797-41ba-839a-ddfab660b725} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11404 -childID 40 -isForBrowser -prefsHandle 11648 -prefMapHandle 11644 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {10623125-ef68-44c4-acde-470f6b966d31} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11796 -childID 41 -isForBrowser -prefsHandle 6564 -prefMapHandle 11816 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {566e374a-b069-4846-a58d-8b875d3d14f9} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11768 -childID 42 -isForBrowser -prefsHandle 11820 -prefMapHandle 6512 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef554e6c-0135-4403-9b5e-85fb251082ec} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2748 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 9332 -prefMapHandle 11996 -prefsLen 30573 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bff98f9f-173f-4be5-abd5-5638e5c4a7b0} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11844 -childID 43 -isForBrowser -prefsHandle 6260 -prefMapHandle 8724 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f90d5727-9502-4de9-b4df-d99f2f4a3f6c} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10152 -childID 44 -isForBrowser -prefsHandle 12196 -prefMapHandle 12192 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc33b510-e250-40e0-aff3-14869008446a} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=12320 -childID 45 -isForBrowser -prefsHandle 12324 -prefMapHandle 12328 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {20c6ad4d-18d8-4794-b640-33ff70b31a5a} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=12404 -childID 46 -isForBrowser -prefsHandle 12296 -prefMapHandle 11212 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1512af97-f2b0-4a69-9a8e-6b311e4cc1a3} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=12684 -childID 47 -isForBrowser -prefsHandle 12520 -prefMapHandle 12724 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {38d4ab56-5e2f-40e2-890b-a0af322b9014} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=12712 -childID 48 -isForBrowser -prefsHandle 12888 -prefMapHandle 12892 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {afee37d7-a266-472e-b96f-f2f00ab365d2} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab

C:\Windows\system32\werfault.exe

werfault.exe /h /shared Global\48b8e4c0754c4ec590f42c7e7dce0693 /t 2000 /p 3508

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=12376 -childID 49 -isForBrowser -prefsHandle 12380 -prefMapHandle 12760 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c64db132-f035-49de-8e9c-0de9f59827cf} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=13220 -childID 50 -isForBrowser -prefsHandle 13228 -prefMapHandle 13232 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {59a66b03-75fe-42d5-b72a-787ed47d1bc0} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11592 -childID 51 -isForBrowser -prefsHandle 10908 -prefMapHandle 2684 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d782dc8-4210-4b43-a0d5-a5ee8d9d581e} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6404 -childID 52 -isForBrowser -prefsHandle 11372 -prefMapHandle 11504 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {720b56d8-9677-4bbd-8957-85318e8a8df1} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11380 -childID 53 -isForBrowser -prefsHandle 11476 -prefMapHandle 10736 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {747c1fbb-250a-40e5-9c3f-51e164447a79} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11524 -childID 54 -isForBrowser -prefsHandle 11780 -prefMapHandle 11488 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f19ad184-f388-40e2-b957-011355876fd3} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4284 -childID 55 -isForBrowser -prefsHandle 6124 -prefMapHandle 6400 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {babd8d12-e72a-4a86-9b39-5121d83bb5b5} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8340 -childID 56 -isForBrowser -prefsHandle 6624 -prefMapHandle 6092 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ddc2966a-9d86-4e1e-9395-950fda3ed62d} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10176 -childID 57 -isForBrowser -prefsHandle 11280 -prefMapHandle 13304 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ced4c69-2d41-4506-88d6-88adb5d2c82b} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10612 -childID 58 -isForBrowser -prefsHandle 12176 -prefMapHandle 11128 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {65b83987-e878-4ba9-8a27-9022d6ebba83} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10768 -childID 59 -isForBrowser -prefsHandle 6696 -prefMapHandle 8340 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a040c87d-f9f6-474e-8649-8b1795ad0256} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" tab

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\jre-8u431-windows-x64.exe

"C:\Users\Admin\Downloads\jre-8u431-windows-x64.exe"

C:\Users\Admin\AppData\Local\Temp\jds240904484.tmp\jre-8u431-windows-x64.exe

"C:\Users\Admin\AppData\Local\Temp\jds240904484.tmp\jre-8u431-windows-x64.exe"

C:\Windows\system32\werfault.exe

werfault.exe /h /shared Global\d8550344a069454796f54346c8cb01ec /t 6012 /p 2040

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x4 /state0:0xa39fa855 /state1:0x41c64e6d

Network

Country Destination Domain Proto
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
CA 64.39.174.60:23750 tcp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
CA 64.39.174.60:23750 tcp
US 8.8.8.8:53 60.174.39.64.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 checkappexec.microsoft.com udp
GB 51.140.242.104:443 checkappexec.microsoft.com tcp
US 8.8.8.8:53 104.242.140.51.in-addr.arpa udp
US 8.8.8.8:53 203.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 firefox-api-proxy.cdn.mozilla.net udp
US 34.149.97.1:443 firefox-api-proxy.cdn.mozilla.net udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
N/A 127.0.0.1:49810 tcp
US 8.8.8.8:53 140.230.185.54.in-addr.arpa udp
N/A 127.0.0.1:49820 tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 4.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 216.72.190.35.in-addr.arpa udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 142.250.200.14:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
DE 23.55.161.185:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
GB 142.250.200.14:443 redirector.gvt1.com udp
US 8.8.8.8:53 r5---sn-aigzrn7l.gvt1.com udp
GB 173.194.5.234:443 r5---sn-aigzrn7l.gvt1.com tcp
US 8.8.8.8:53 r5.sn-aigzrn7l.gvt1.com udp
US 8.8.8.8:53 r5.sn-aigzrn7l.gvt1.com udp
GB 173.194.5.234:443 r5.sn-aigzrn7l.gvt1.com udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 185.161.55.23.in-addr.arpa udp
US 8.8.8.8:53 234.5.194.173.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 csp.withgoogle.com udp
GB 216.58.204.81:443 csp.withgoogle.com tcp
US 8.8.8.8:53 csp.withgoogle.com udp
US 8.8.8.8:53 csp.withgoogle.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
GB 142.250.180.10:443 ogads-pa.googleapis.com tcp
GB 142.250.180.10:443 ogads-pa.googleapis.com tcp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
GB 216.58.204.81:443 csp.withgoogle.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
GB 142.250.180.10:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 81.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.16.238:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.16.238:443 play.google.com udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 consent.google.com udp
GB 172.217.16.238:443 consent.google.com tcp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 consent.google.com udp
GB 172.217.16.238:443 consent.google.com udp
US 8.8.8.8:53 www.java.com udp
GB 92.123.128.169:443 www.java.com tcp
US 8.8.8.8:53 e91569.dscx.akamaiedge.net udp
US 8.8.8.8:53 e91569.dscx.akamaiedge.net udp
US 8.8.8.8:53 169.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 www.oracle.com udp
US 8.8.8.8:53 c.oracleinfinity.io udp
US 8.8.8.8:53 dc.oracleinfinity.io udp
US 8.8.8.8:53 static.ocecdn.oraclecloud.com udp
GB 2.19.169.119:443 www.oracle.com tcp
GB 92.123.128.150:443 c.oracleinfinity.io tcp
US 8.8.8.8:53 e2581.dscx.akamaiedge.net udp
US 8.8.8.8:53 e212895.x.akamaiedge.net udp
GB 88.221.179.232:443 static.ocecdn.oraclecloud.com tcp
GB 88.221.179.232:443 static.ocecdn.oraclecloud.com tcp
US 8.8.8.8:53 e11445.dscx.akamaiedge.net udp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
US 8.8.8.8:53 dc.oracleinfinity.io.akadns.net udp
US 8.8.8.8:53 e2581.dscx.akamaiedge.net udp
US 8.8.8.8:53 e212895.x.akamaiedge.net udp
US 8.8.8.8:53 dc.oracleinfinity.io.akadns.net udp
US 8.8.8.8:53 e11445.dscx.akamaiedge.net udp
US 8.8.8.8:53 s.go-mpulse.net udp
GB 2.19.168.132:443 s.go-mpulse.net tcp
US 8.8.8.8:53 e4518.dscx.akamaiedge.net udp
US 8.8.8.8:53 e4518.dscx.akamaiedge.net udp
US 8.8.8.8:53 c.go-mpulse.net udp
GB 23.39.224.128:443 c.go-mpulse.net tcp
US 8.8.8.8:53 e4518.dscapi7.akamaiedge.net udp
US 8.8.8.8:53 e4518.dscapi7.akamaiedge.net udp
GB 23.39.224.128:443 e4518.dscapi7.akamaiedge.net udp
US 8.8.8.8:53 119.169.19.2.in-addr.arpa udp
US 8.8.8.8:53 150.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 232.179.221.88.in-addr.arpa udp
US 8.8.8.8:53 206.230.154.147.in-addr.arpa udp
US 8.8.8.8:53 132.168.19.2.in-addr.arpa udp
US 8.8.8.8:53 128.224.39.23.in-addr.arpa udp
GB 92.123.128.150:443 e212895.x.akamaiedge.net tcp
US 8.8.8.8:53 consent.trustarc.com udp
FR 18.164.52.88:443 consent.trustarc.com tcp
US 8.8.8.8:53 consent.trustarc.com udp
GB 147.154.230.206:443 dc.oracleinfinity.io.akadns.net tcp
US 8.8.8.8:53 consent.trustarc.com udp
US 8.8.8.8:53 consent-pref.trustarc.com udp
FR 18.245.199.108:443 consent-pref.trustarc.com tcp
US 8.8.8.8:53 consent-pref.trustarc.com udp
US 8.8.8.8:53 consent-pref.trustarc.com udp
US 8.8.8.8:53 dpm.demdex.net udp
IE 46.137.47.185:443 dpm.demdex.net tcp
US 8.8.8.8:53 dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 consent-st.trustarc.com udp
FR 52.222.201.126:443 consent-st.trustarc.com tcp
US 8.8.8.8:53 consent-st.trustarc.com udp
US 8.8.8.8:53 consent-st.trustarc.com udp
US 8.8.8.8:53 oracle.sc.omtrdc.net udp
IE 66.235.152.221:443 oracle.sc.omtrdc.net tcp
US 8.8.8.8:53 oracle.sc.omtrdc.net udp
US 8.8.8.8:53 oracle.sc.omtrdc.net udp
US 8.8.8.8:53 88.52.164.18.in-addr.arpa udp
US 8.8.8.8:53 185.47.137.46.in-addr.arpa udp
US 8.8.8.8:53 108.199.245.18.in-addr.arpa udp
US 8.8.8.8:53 126.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 221.152.235.66.in-addr.arpa udp
US 8.8.8.8:53 684dd32f.akstat.io udp
GB 2.19.168.132:443 684dd32f.akstat.io tcp
GB 2.19.168.132:443 684dd32f.akstat.io udp
GB 88.221.179.232:443 e11445.dscx.akamaiedge.net tcp
GB 2.19.169.119:443 e2581.dscx.akamaiedge.net tcp
GB 92.123.128.150:443 e212895.x.akamaiedge.net tcp
US 8.8.8.8:53 e212895.x.akamaiedge.net udp
FR 18.164.52.88:443 consent.trustarc.com tcp
GB 147.154.230.206:443 dc.oracleinfinity.io.akadns.net tcp
US 8.8.8.8:53 dc.oracleinfinity.io.akadns.net udp
GB 23.39.224.128:443 e4518.dscapi7.akamaiedge.net udp
GB 147.154.230.206:443 dc.oracleinfinity.io.akadns.net tcp
US 8.8.8.8:53 javadl.oracle.com udp
GB 23.43.74.127:443 javadl.oracle.com tcp
US 8.8.8.8:53 e13073.dscx.akamaiedge.net udp
US 8.8.8.8:53 e13073.dscx.akamaiedge.net udp
US 8.8.8.8:53 sdlc-esd.oracle.com udp
GB 2.23.220.107:443 sdlc-esd.oracle.com tcp
US 8.8.8.8:53 e2875.dscd.akamaiedge.net udp
US 8.8.8.8:53 127.74.43.23.in-addr.arpa udp
US 8.8.8.8:53 e2875.dscd.akamaiedge.net udp
US 8.8.8.8:53 107.220.23.2.in-addr.arpa udp
US 8.8.8.8:53 javadl-esd-secure.oracle.com udp
GB 23.43.74.127:443 javadl-esd-secure.oracle.com tcp
US 8.8.8.8:53 rps-svcs.oracle.com udp
GB 23.43.74.127:443 rps-svcs.oracle.com tcp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 id.google.com udp
MX 192.178.56.99:443 id.google.com tcp
US 8.8.8.8:53 id.google.com udp
GB 216.58.204.81:443 csp.withgoogle.com udp
US 8.8.8.8:53 id.google.com udp
GB 142.250.180.10:443 ogads-pa.googleapis.com udp
MX 192.178.56.99:443 id.google.com udp
US 8.8.8.8:53 99.56.178.192.in-addr.arpa udp
US 8.8.8.8:53 www.speedtest.net udp
GB 172.217.16.238:443 consent.google.com udp
US 104.17.148.22:443 www.speedtest.net tcp
US 8.8.8.8:53 www.speedtest.net.cdn.cloudflare.net udp
US 8.8.8.8:53 www.speedtest.net.cdn.cloudflare.net udp
US 8.8.8.8:53 cdn.ziffstatic.com udp
US 8.8.8.8:53 b.cdnst.net udp
US 8.8.8.8:53 b-code.liadm.com udp
US 151.101.2.219:443 b.cdnst.net tcp
US 151.101.2.219:443 b.cdnst.net tcp
US 151.101.2.219:443 b.cdnst.net tcp
US 151.101.2.219:443 b.cdnst.net tcp
US 8.8.8.8:53 dualstack.zd.map.fastly.net udp
GB 2.19.161.20:443 cdn.ziffstatic.com tcp
US 8.8.8.8:53 e96286.dsci.akamaiedge.net udp
US 8.8.8.8:53 detgh1asa1dg4.cloudfront.net udp
US 8.8.8.8:53 dualstack.zd.map.fastly.net udp
US 8.8.8.8:53 e96286.dsci.akamaiedge.net udp
US 8.8.8.8:53 detgh1asa1dg4.cloudfront.net udp
GB 2.19.161.20:443 e96286.dsci.akamaiedge.net udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 diffuser-cdn.app-us1.com udp
US 8.8.8.8:53 d1ykf07e75w7ss.cloudfront.net udp
US 8.8.8.8:53 diffuser-cdn.app-us1.com udp
US 104.18.128.216:443 diffuser-cdn.app-us1.com tcp
US 8.8.8.8:53 d1ykf07e75w7ss.cloudfront.net udp
US 8.8.8.8:53 diffuser-cdn.app-us1.com udp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 104.18.86.42:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 8.8.8.8:53 22.148.17.104.in-addr.arpa udp
US 8.8.8.8:53 219.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 20.161.19.2.in-addr.arpa udp
US 8.8.8.8:53 200.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 216.128.18.104.in-addr.arpa udp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 8.8.8.8:53 cdn.static.zdbb.net udp
GB 2.22.249.146:443 cdn.static.zdbb.net tcp
US 8.8.8.8:53 e96286.g.akamaiedge.net udp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 8.8.8.8:53 e96286.g.akamaiedge.net udp
US 104.18.32.137:443 geolocation.onetrust.com tcp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 prism.app-us1.com udp
US 8.8.8.8:53 prism.app-us1.com udp
US 104.18.128.216:443 prism.app-us1.com tcp
US 8.8.8.8:53 zdbb.net udp
US 8.8.8.8:53 prism.app-us1.com udp
US 8.8.8.8:53 gurgle.speedtest.net udp
IE 52.211.253.2:443 zdbb.net tcp
US 8.8.8.8:53 zdbb.net udp
US 18.213.136.7:443 gurgle.speedtest.net tcp
US 8.8.8.8:53 gurgle.zdbb.net udp
US 8.8.8.8:53 zdbb.net udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 gurgle.zdbb.net udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 trackcmp.net udp
US 104.18.34.214:443 trackcmp.net tcp
US 8.8.8.8:53 trackcmp.net udp
US 8.8.8.8:53 trackcmp.net udp
US 8.8.8.8:53 gurgle.zdbb.net udp
US 18.213.136.7:443 gurgle.zdbb.net tcp
US 8.8.8.8:53 42.86.18.104.in-addr.arpa udp
US 8.8.8.8:53 146.249.22.2.in-addr.arpa udp
US 8.8.8.8:53 137.32.18.104.in-addr.arpa udp
US 8.8.8.8:53 2.253.211.52.in-addr.arpa udp
US 8.8.8.8:53 7.136.213.18.in-addr.arpa udp
US 8.8.8.8:53 214.34.18.104.in-addr.arpa udp
FR 13.32.145.118:443 detgh1asa1dg4.cloudfront.net tcp
FR 18.245.194.122:443 d1ykf07e75w7ss.cloudfront.net tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 speedtest.boxbroadband.co.uk.prod.hosts.ooklaserver.net udp
US 8.8.8.8:53 speedlon.hyperoptic.com udp
US 8.8.8.8:53 speedtest-1.london.network.youfibre.com.prod.hosts.ooklaserver.net udp
US 8.8.8.8:53 speedtest.swishfibre.com.prod.hosts.ooklaserver.net udp
US 8.8.8.8:53 speedtest02a.web.zen.net.uk.prod.hosts.ooklaserver.net udp
US 8.8.8.8:53 speedtest.london.macarne.com.prod.hosts.ooklaserver.net udp
US 8.8.8.8:53 speedtest-lon.retn.net.prod.hosts.ooklaserver.net udp
US 8.8.8.8:53 st-1.fibrenest.net.prod.hosts.ooklaserver.net udp
US 8.8.8.8:53 londres.speedtest.angolacables.co.ao.prod.hosts.ooklaserver.net udp
US 8.8.8.8:53 speedtestlon.orbital.net.prod.hosts.ooklaserver.net udp
FR 18.245.194.122:443 d1ykf07e75w7ss.cloudfront.net tcp
US 8.8.8.8:53 speedtest.swishfibre.com udp
US 8.8.8.8:53 speedtest02a.web.zen.net.uk udp
GB 31.22.12.17:8080 speedtest.swishfibre.com tcp
GB 51.148.82.21:8080 speedtest02a.web.zen.net.uk tcp
GB 45.92.46.45:8080 speedtest-1.london.network.youfibre.com.prod.hosts.ooklaserver.net tcp
GB 185.241.227.127:8080 st-1.fibrenest.net.prod.hosts.ooklaserver.net tcp
US 8.8.8.8:53 st-1.fibrenest.net udp
US 8.8.8.8:53 speedtest-1.london.network.youfibre.com udp
GB 94.101.144.102:8080 speedtestlon.orbital.net.prod.hosts.ooklaserver.net tcp
US 8.8.8.8:53 speedtestlon.orbital.net udp
GB 152.37.112.6:8080 speedlon.hyperoptic.com tcp
GB 185.148.112.227:8080 londres.speedtest.angolacables.co.ao.prod.hosts.ooklaserver.net tcp
US 8.8.8.8:53 speedlon.hyperoptic.com udp
US 8.8.8.8:53 londres.speedtest.angolacables.co.ao udp
US 8.8.8.8:53 speedtest-lon.retn.net udp
US 8.8.8.8:53 speedtest.boxbroadband.co.uk udp
US 8.8.8.8:53 speedtest02a.web.zen.net.uk udp
US 8.8.8.8:53 speedtest.swishfibre.com udp
US 8.8.8.8:53 speedtest.london.macarne.com udp
GB 185.82.8.1:8080 speedtest-lon.retn.net tcp
GB 45.10.101.252:8080 speedtest.boxbroadband.co.uk tcp
GB 185.225.24.21:8080 speedtest.london.macarne.com tcp
US 8.8.8.8:53 st-1.fibrenest.net udp
US 8.8.8.8:53 speedtest-1.london.network.youfibre.com udp
US 8.8.8.8:53 speedtestlon.orbital.net udp
US 8.8.8.8:53 speedlon.hyperoptic.com udp
US 8.8.8.8:53 speedtest-lon.retn.net udp
US 8.8.8.8:53 londres.speedtest.angolacables.co.ao udp
US 8.8.8.8:53 speedtest.boxbroadband.co.uk udp
US 8.8.8.8:53 speedtest.london.macarne.com udp
US 8.8.8.8:53 i.liadm.com udp
US 34.234.40.84:443 i.liadm.com tcp
US 8.8.8.8:53 idaas-ext.cph.liveintent.com udp
US 8.8.8.8:53 idaas-ext.cph.liveintent.com udp
US 8.8.8.8:53 rtb.openx.net udp
US 8.8.8.8:53 bidder.criteo.com udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 c2shb.pubgw.yahoo.com udp
US 35.186.253.211:443 rtb.openx.net tcp
US 8.8.8.8:53 rtb.openx.net udp
US 8.8.8.8:53 ib.adnxs-simple.com udp
US 8.8.8.8:53 fastlane.rubiconproject.com udp
NL 178.250.1.56:443 bidder.criteo.com tcp
US 8.8.8.8:53 in-ftd-65.nl3.vip.prod.criteo.com udp
DE 18.153.93.230:443 btlr.sharethrough.com tcp
DE 18.153.93.230:443 btlr.sharethrough.com tcp
US 8.8.8.8:53 btlr-eu-central-1.sharethrough.com udp
DE 18.153.93.230:443 btlr.sharethrough.com tcp
DE 18.153.93.230:443 btlr.sharethrough.com tcp
DE 18.153.93.230:443 btlr.sharethrough.com tcp
US 104.18.36.155:443 htlb.casalemedia.com tcp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 rtb.openx.net udp
IE 54.171.49.82:443 c2shb.pubgw.yahoo.com tcp
IE 54.171.49.82:443 c2shb.pubgw.yahoo.com tcp
IE 54.171.49.82:443 c2shb.pubgw.yahoo.com tcp
IE 54.171.49.82:443 c2shb.pubgw.yahoo.com tcp
IE 54.171.49.82:443 c2shb.pubgw.yahoo.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
US 8.8.8.8:53 dtp-gateway-prod-global.dsp-plus-backend.aws.oath.cloud udp
US 8.8.8.8:53 hbopenbid-lhrc.pubmnet.com udp
US 8.8.8.8:53 in-ftd-65.nl3.vip.prod.criteo.com udp
US 8.8.8.8:53 tagged-by.rubiconproject.net.akadns.net udp
US 8.8.8.8:53 ams3-ib.adnxs.com udp
US 8.8.8.8:53 btlr-eu-central-1.sharethrough.com udp
US 8.8.8.8:53 rp.liadm.com udp
US 8.8.8.8:53 hbopenbid-lhrc.pubmnet.com udp
US 8.8.8.8:53 dtp-gateway-prod-global.dsp-plus-backend.aws.oath.cloud udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 ams3-ib.adnxs.com udp
US 8.8.8.8:53 livepixel-production.bln.liveintent.com udp
US 8.8.8.8:53 tagged-by.rubiconproject.net.akadns.net udp
US 52.204.221.209:443 rp.liadm.com tcp
US 8.8.8.8:53 livepixel-production.bln.liveintent.com udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 118.145.32.13.in-addr.arpa udp
US 8.8.8.8:53 122.194.245.18.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 17.12.22.31.in-addr.arpa udp
US 8.8.8.8:53 21.82.148.51.in-addr.arpa udp
US 8.8.8.8:53 45.46.92.45.in-addr.arpa udp
US 8.8.8.8:53 102.144.101.94.in-addr.arpa udp
US 8.8.8.8:53 127.227.241.185.in-addr.arpa udp
US 8.8.8.8:53 6.112.37.152.in-addr.arpa udp
US 8.8.8.8:53 252.101.10.45.in-addr.arpa udp
US 8.8.8.8:53 227.112.148.185.in-addr.arpa udp
US 8.8.8.8:53 1.8.82.185.in-addr.arpa udp
US 8.8.8.8:53 84.40.234.34.in-addr.arpa udp
US 8.8.8.8:53 21.24.225.185.in-addr.arpa udp
US 8.8.8.8:53 211.253.186.35.in-addr.arpa udp
US 8.8.8.8:53 56.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 155.36.18.104.in-addr.arpa udp
US 8.8.8.8:53 230.93.153.18.in-addr.arpa udp
US 35.186.253.211:443 rtb.openx.net udp
US 8.8.8.8:53 live.rezync.com udp
US 8.8.8.8:53 d.turn.com udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 dis.criteo.com udp
US 8.8.8.8:53 b1sync.zemanta.com udp
US 8.8.8.8:53 mid.rkdms.com udp
US 8.8.8.8:53 dpm.demdex.net udp
US 104.18.36.155:443 htlb.casalemedia.com udp
US 35.71.131.137:443 match.adsrvr.org tcp
US 8.8.8.8:53 match.adsrvr.org udp
NL 46.228.164.13:443 d.turn.com tcp
US 8.8.8.8:53 d-ams1.turn.com udp
US 3.165.148.87:443 live.rezync.com tcp
US 8.8.8.8:53 live.rezync.com udp
IE 52.213.0.145:443 dpm.demdex.net tcp
US 8.8.8.8:53 dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 mid.rkdms.com udp
US 50.16.10.142:443 mid.rkdms.com tcp
US 64.202.112.159:443 b1sync.zemanta.com tcp
US 8.8.8.8:53 nydc1.outbrain.org udp
NL 178.250.1.9:443 dis.criteo.com tcp
US 8.8.8.8:53 widget.nl3.vip.prod.criteo.com udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 82.49.171.54.in-addr.arpa udp
US 8.8.8.8:53 209.221.204.52.in-addr.arpa udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 d-ams1.turn.com udp
US 8.8.8.8:53 live.rezync.com udp
US 8.8.8.8:53 dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 nydc1.outbrain.org udp
US 8.8.8.8:53 widget.nl3.vip.prod.criteo.com udp
US 8.8.8.8:53 mid.rkdms.com udp
NL 185.89.210.122:443 ams3-ib.adnxs.com tcp
NL 69.173.156.139:443 tagged-by.rubiconproject.net.akadns.net tcp
NL 69.173.156.139:443 tagged-by.rubiconproject.net.akadns.net tcp
NL 69.173.156.139:443 tagged-by.rubiconproject.net.akadns.net tcp
NL 69.173.156.139:443 tagged-by.rubiconproject.net.akadns.net tcp
NL 69.173.156.139:443 tagged-by.rubiconproject.net.akadns.net tcp
US 8.8.8.8:53 p.rfihub.com udp
NL 193.0.160.131:443 p.rfihub.com tcp
US 8.8.8.8:53 a-emea.rfihub.com.akadns.net udp
US 8.8.8.8:53 a-emea.rfihub.com.akadns.net udp
US 8.8.8.8:53 privacyportal.onetrust.com udp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 static.nl3.vip.prod.criteo.net udp
US 172.64.155.119:443 privacyportal.onetrust.com tcp
US 172.64.155.119:443 privacyportal.onetrust.com tcp
US 8.8.8.8:53 privacyportal.onetrust.com udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 privacyportal.onetrust.com udp
US 8.8.8.8:53 static.nl3.vip.prod.criteo.net udp
US 8.8.8.8:53 secure-us.imrworldwide.com udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
GB 172.217.169.3:443 www.google.co.uk tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 census.eu-west-1.nielsencollections.com udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 216.239.32.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 census.eu-west-1.nielsencollections.com udp
GB 172.217.169.3:443 www.google.co.uk udp
NL 178.250.1.3:443 static.nl3.vip.prod.criteo.net tcp
IE 52.212.221.245:443 census.eu-west-1.nielsencollections.com tcp
US 8.8.8.8:53 cdn-gl.imrworldwide.com udp
FR 99.86.91.7:443 cdn-gl.imrworldwide.com tcp
US 8.8.8.8:53 d2926jmvsihu4k.cloudfront.net udp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 d2926jmvsihu4k.cloudfront.net udp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 gum.nl3.vip.prod.criteo.com udp
US 8.8.8.8:53 gum.nl3.vip.prod.criteo.com udp
US 8.8.8.8:53 eb873e618a2d2eb1bdea118a76696691.safeframe.googlesyndication.com udp
US 8.8.8.8:53 bee.imrworldwide.com udp
GB 216.58.213.1:443 eb873e618a2d2eb1bdea118a76696691.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 pagead-googlehosted.l.google.com udp
FR 3.164.163.91:443 bee.imrworldwide.com tcp
US 8.8.8.8:53 d289cm8jitwx96.cloudfront.net udp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 ag.gbc.criteo.com udp
US 8.8.8.8:53 gem.gbc.criteo.com udp
NL 178.250.1.11:443 dnacdn.net tcp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 137.131.71.35.in-addr.arpa udp
US 8.8.8.8:53 13.164.228.46.in-addr.arpa udp
US 8.8.8.8:53 87.148.165.3.in-addr.arpa udp
US 8.8.8.8:53 9.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 145.0.213.52.in-addr.arpa udp
US 8.8.8.8:53 159.112.202.64.in-addr.arpa udp
US 8.8.8.8:53 139.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 122.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 142.10.16.50.in-addr.arpa udp
US 8.8.8.8:53 131.160.0.193.in-addr.arpa udp
US 8.8.8.8:53 119.155.64.172.in-addr.arpa udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 245.221.212.52.in-addr.arpa udp
US 8.8.8.8:53 7.91.86.99.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 d289cm8jitwx96.cloudfront.net udp
US 8.8.8.8:53 gbc5.fr3.eu.criteo.com udp
US 8.8.8.8:53 gbc1.nl3.eu.criteo.com udp
BE 66.102.1.156:443 stats.g.doubleclick.net tcp
GB 216.58.213.1:443 pagead-googlehosted.l.google.com udp
NL 185.235.87.35:443 gbc1.nl3.eu.criteo.com tcp
FR 185.235.86.149:443 gbc5.fr3.eu.criteo.com tcp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 pagead-googlehosted.l.google.com udp
US 8.8.8.8:53 gbc1.nl3.eu.criteo.com udp
US 8.8.8.8:53 gbc5.fr3.eu.criteo.com udp
BE 66.102.1.156:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 jogger.zdbb.net udp
US 8.8.8.8:53 tags.bkrtx.com udp
US 8.8.8.8:53 idsync.rlcdn.com udp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
US 8.8.8.8:53 xtsrkeeuux6s5ofmd8aavl9ghyuam1731024614.nuid.imrworldwide.com udp
US 52.87.93.211:443 jogger.zdbb.net tcp
US 8.8.8.8:53 jogger.zdbb.net udp
US 8.8.8.8:53 idsync.rlcdn.com udp
US 8.8.8.8:53 e5529.g.akamaiedge.net udp
GB 172.217.169.66:443 ep1.adtrafficquality.google tcp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
US 8.8.8.8:53 jogger.zdbb.net udp
FR 3.165.113.12:443 xtsrkeeuux6s5ofmd8aavl9ghyuam1731024614.nuid.imrworldwide.com tcp
US 8.8.8.8:53 d29sshy11yr8a1.cloudfront.net udp
US 8.8.8.8:53 idsync.rlcdn.com udp
US 8.8.8.8:53 e5529.g.akamaiedge.net udp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
US 8.8.8.8:53 d29sshy11yr8a1.cloudfront.net udp
GB 172.217.169.66:443 ep1.adtrafficquality.google udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
GB 142.250.179.225:443 ep2.adtrafficquality.google tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
GB 142.250.179.225:443 ep2.adtrafficquality.google udp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 cdn.ampproject.org udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.180.4:443 www.google.com udp
GB 104.78.165.146:443 e5529.g.akamaiedge.net tcp
US 35.244.174.68:443 idsync.rlcdn.com tcp
GB 142.250.180.1:443 cdn.ampproject.org tcp
GB 142.250.180.1:443 cdn.ampproject.org tcp
GB 142.250.180.1:443 cdn.ampproject.org tcp
GB 142.250.180.1:443 cdn.ampproject.org tcp
US 8.8.8.8:53 cdn-content.ampproject.org udp
GB 142.250.180.1:443 cdn-content.ampproject.org tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 cdn-content.ampproject.org udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 35.244.174.68:443 idsync.rlcdn.com udp
GB 142.250.180.1:443 cdn-content.ampproject.org udp
GB 172.217.169.33:443 tpc.googlesyndication.com tcp
GB 172.217.169.33:443 tpc.googlesyndication.com tcp
GB 172.217.169.33:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 1.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 91.163.164.3.in-addr.arpa udp
US 8.8.8.8:53 156.1.102.66.in-addr.arpa udp
US 8.8.8.8:53 35.87.235.185.in-addr.arpa udp
US 8.8.8.8:53 149.86.235.185.in-addr.arpa udp
GB 172.217.169.33:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 66.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 12.113.165.3.in-addr.arpa udp
US 216.239.32.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 211.93.87.52.in-addr.arpa udp
US 8.8.8.8:53 225.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 146.165.78.104.in-addr.arpa udp
US 8.8.8.8:53 68.174.244.35.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.180.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 33.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 js-sec.indexww.com udp
US 8.8.8.8:53 eus.rubiconproject.com udp
US 8.8.8.8:53 ookla-d.openx.net udp
GB 23.219.196.188:443 ads.pubmatic.com tcp
US 8.8.8.8:53 e6603.g.akamaiedge.net udp
US 104.18.38.76:443 js-sec.indexww.com tcp
US 8.8.8.8:53 js-sec.indexww.com udp
US 34.98.64.218:443 ookla-d.openx.net tcp
US 8.8.8.8:53 ookla-d.openx.net udp
US 8.8.8.8:53 e6603.g.akamaiedge.net udp
US 8.8.8.8:53 e8960.b.akamaiedge.net udp
GB 92.123.242.2:443 e8960.b.akamaiedge.net tcp
US 8.8.8.8:53 ookla-d.openx.net udp
US 8.8.8.8:53 js-sec.indexww.com udp
US 8.8.8.8:53 e8960.b.akamaiedge.net udp
US 34.98.64.218:443 ookla-d.openx.net udp
US 8.8.8.8:53 fw.adsafeprotected.com udp
US 8.8.8.8:53 s0.2mdn.net udp
GB 172.217.16.230:443 s0.2mdn.net tcp
US 8.8.8.8:53 s0.2mdn.net udp
US 8.8.8.8:53 firewall-external-2134955858.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 firewall-external-2134955858.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 s0.2mdn.net udp
GB 172.217.16.230:443 s0.2mdn.net udp
IE 54.77.66.79:443 firewall-external-2134955858.eu-west-1.elb.amazonaws.com tcp
US 8.8.8.8:53 googleads4.g.doubleclick.net udp
GB 216.58.204.66:443 googleads4.g.doubleclick.net tcp
US 8.8.8.8:53 googleads4.g.doubleclick.net udp
US 8.8.8.8:53 googleads4.g.doubleclick.net udp
US 8.8.8.8:53 76.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 218.64.98.34.in-addr.arpa udp
US 8.8.8.8:53 2.242.123.92.in-addr.arpa udp
US 8.8.8.8:53 230.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 79.66.77.54.in-addr.arpa udp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
GB 216.58.204.66:443 googleads4.g.doubleclick.net udp
GB 152.37.112.6:8080 speedlon.hyperoptic.com tcp
US 8.8.8.8:53 static.adsafeprotected.com udp
US 8.8.8.8:53 dt.adsafeprotected.com udp
GB 18.172.89.36:443 static.adsafeprotected.com tcp
US 8.8.8.8:53 d162h6x3rxav67.cloudfront.net udp
US 107.21.214.231:443 dt.adsafeprotected.com tcp
US 8.8.8.8:53 dt-external-217593033.us-east-1.elb.amazonaws.com udp
US 8.8.8.8:53 dt-external-217593033.us-east-1.elb.amazonaws.com udp
US 8.8.8.8:53 d162h6x3rxav67.cloudfront.net udp
GB 18.172.89.36:443 d162h6x3rxav67.cloudfront.net tcp
US 8.8.8.8:53 36.89.172.18.in-addr.arpa udp
US 8.8.8.8:53 231.214.21.107.in-addr.arpa udp
US 8.8.8.8:53 token.rubiconproject.com udp
NL 69.173.156.148:443 token.rubiconproject.com tcp
US 8.8.8.8:53 pixel.rubiconproject.net.akadns.net udp
US 8.8.8.8:53 pixel.rubiconproject.net.akadns.net udp
US 8.8.8.8:53 148.156.173.69.in-addr.arpa udp
GB 152.37.112.6:8080 speedlon.hyperoptic.com tcp
GB 51.148.82.21:8080 speedtest02a.web.zen.net.uk tcp
GB 94.101.144.102:8080 speedtestlon.orbital.net tcp
GB 31.22.12.17:8080 speedtest.swishfibre.com tcp
GB 152.37.112.6:8080 speedlon.hyperoptic.com tcp
GB 152.37.112.6:8080 speedlon.hyperoptic.com tcp
GB 51.148.82.21:8080 speedtest02a.web.zen.net.uk tcp
GB 94.101.144.102:8080 speedtestlon.orbital.net tcp
GB 31.22.12.17:8080 speedtest.swishfibre.com tcp
US 8.8.8.8:53 ade.googlesyndication.com udp
US 8.8.8.8:53 ade.googlesyndication.com udp
US 8.8.8.8:53 ade.googlesyndication.com udp
US 8.8.8.8:53 csm.nl3.eu.criteo.net udp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
US 8.8.8.8:53 csm.nl3.vip.prod.criteo.net udp
US 8.8.8.8:53 csm.nl3.vip.prod.criteo.net udp
US 8.8.8.8:53 25.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 whatismyipaddress.com udp
US 104.19.223.79:443 whatismyipaddress.com tcp
US 8.8.8.8:53 whatismyipaddress.com udp
US 104.19.223.79:443 whatismyipaddress.com tcp
US 8.8.8.8:53 whatismyipaddress.com udp
US 104.19.223.79:443 whatismyipaddress.com udp
US 8.8.8.8:53 ds6.whatismyipaddress.com udp
US 8.8.8.8:53 app.fusebox.fm udp
US 8.8.8.8:53 a.omappapi.com udp
US 172.67.70.40:443 app.fusebox.fm tcp
GB 79.127.237.132:443 a.omappapi.com tcp
US 8.8.8.8:53 app.fusebox.fm udp
US 8.8.8.8:53 omapp.b-cdn.net udp
US 8.8.8.8:53 app.fusebox.fm udp
US 8.8.8.8:53 omapp.b-cdn.net udp
US 172.67.70.40:443 app.fusebox.fm udp
US 8.8.8.8:53 cmp.inmobi.com udp
US 8.8.8.8:53 a.pub.network udp
US 8.8.8.8:53 79.223.19.104.in-addr.arpa udp
US 8.8.8.8:53 223.111.17.104.in-addr.arpa udp
US 8.8.8.8:53 132.237.127.79.in-addr.arpa udp
US 8.8.8.8:53 40.70.67.172.in-addr.arpa udp
US 8.8.8.8:53 maps.whatismyipaddress.info udp
US 104.18.20.206:443 a.pub.network tcp
US 8.8.8.8:53 a.pub.network udp
US 8.8.8.8:53 d23sp3kzv1t6m5.cloudfront.net udp
US 8.8.8.8:53 a.pub.network udp
US 8.8.8.8:53 maps.whatismyipaddress.info udp
US 104.26.4.215:443 maps.whatismyipaddress.info tcp
US 104.26.4.215:443 maps.whatismyipaddress.info tcp
US 104.26.4.215:443 maps.whatismyipaddress.info tcp
US 104.26.4.215:443 maps.whatismyipaddress.info tcp
US 104.26.4.215:443 maps.whatismyipaddress.info tcp
US 104.26.4.215:443 maps.whatismyipaddress.info tcp
US 8.8.8.8:53 d23sp3kzv1t6m5.cloudfront.net udp
US 8.8.8.8:53 maps.whatismyipaddress.info udp
US 104.18.20.206:443 a.pub.network udp
US 8.8.8.8:53 api.omappapi.com udp
US 172.66.41.8:443 api.omappapi.com tcp
US 8.8.8.8:53 api.omappapi.com udp
US 172.67.70.40:443 app.fusebox.fm udp
US 8.8.8.8:53 d.pub.network udp
US 8.8.8.8:53 d.pub.network udp
US 34.160.152.31:443 d.pub.network tcp
US 8.8.8.8:53 api.omappapi.com udp
US 8.8.8.8:53 d.pub.network udp
US 34.160.152.31:443 d.pub.network udp
FR 52.222.149.52:443 d23sp3kzv1t6m5.cloudfront.net tcp
US 8.8.8.8:53 static.libsyn.com udp
FR 99.86.91.41:443 static.libsyn.com tcp
US 8.8.8.8:53 d37nv3hmxce5yg.cloudfront.net udp
US 8.8.8.8:53 onesignal.com udp
US 8.8.8.8:53 onesignal.com udp
US 8.8.8.8:53 onesignal.com udp
US 104.16.160.145:443 onesignal.com tcp
US 8.8.8.8:53 206.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 215.4.26.104.in-addr.arpa udp
US 8.8.8.8:53 8.41.66.172.in-addr.arpa udp
US 8.8.8.8:53 31.152.160.34.in-addr.arpa udp
US 8.8.8.8:53 41.91.86.99.in-addr.arpa udp
US 104.16.160.145:443 onesignal.com udp
US 216.239.32.36:443 region1.analytics.google.com tcp
GB 172.217.169.3:443 www.google.co.uk tcp
GB 172.217.169.3:443 www.google.co.uk udp
US 216.239.32.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 cdn.whatismyipaddress.com udp
US 8.8.8.8:53 api.cmp.inmobi.com udp
US 104.19.222.79:443 cdn.whatismyipaddress.com tcp
US 8.8.8.8:53 cdn.whatismyipaddress.com udp
DE 18.197.18.38:443 api.cmp.inmobi.com tcp
US 8.8.8.8:53 choice-apis-prod-2120274730.eu-central-1.elb.amazonaws.com udp
US 8.8.8.8:53 choice-apis-prod-2120274730.eu-central-1.elb.amazonaws.com udp
US 8.8.8.8:53 cdn.whatismyipaddress.com udp
US 104.19.222.79:443 cdn.whatismyipaddress.com udp
BE 66.102.1.156:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 145.160.16.104.in-addr.arpa udp
US 8.8.8.8:53 79.222.19.104.in-addr.arpa udp
US 8.8.8.8:53 38.18.197.18.in-addr.arpa udp
BE 66.102.1.156:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 8.8.8.8:53 optimise.net udp
US 34.111.152.239:443 optimise.net tcp
US 34.111.152.239:443 optimise.net tcp
US 8.8.8.8:53 optimise.net udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 8.8.8.8:53 optimise.net udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 34.111.152.239:443 optimise.net udp
FR 52.222.169.106:443 sb.scorecardresearch.com tcp
US 8.8.8.8:53 cdn.confiant-integrations.net udp
US 8.8.8.8:53 freestar-io.videoplayerhub.com udp
US 8.8.8.8:53 d1ykf07e75w7ss.cloudfront.net udp
US 8.8.8.8:53 cdn.hadronid.net udp
US 8.8.8.8:53 pb-rtd.ccgateway.net udp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
US 8.8.8.8:53 id.hadron.ad.gt udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 api.rlcdn.com udp
US 104.26.9.50:443 freestar-io.videoplayerhub.com tcp
US 8.8.8.8:53 match.adsrvr.org udp
US 104.18.43.90:443 cdn.confiant-integrations.net tcp
US 8.8.8.8:53 freestar-io.videoplayerhub.com udp
US 8.8.8.8:53 cdn.confiant-integrations.net udp
US 8.8.8.8:53 cdn.hadronid.net udp
US 54.188.94.8:443 pb-rtd.ccgateway.net tcp
US 8.8.8.8:53 prebid-satellite-prod-01-alb-18308999.us-west-2.elb.amazonaws.com udp
US 8.8.8.8:53 api.rlcdn.com udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 id.hadron.ad.gt.cdn.cloudflare.net udp
US 8.8.8.8:53 freestar-io.videoplayerhub.com udp
US 8.8.8.8:53 cdn.confiant-integrations.net udp
US 8.8.8.8:53 dcs-ups.g03.yahoodns.net udp
US 8.8.8.8:53 prebid-satellite-prod-01-alb-18308999.us-west-2.elb.amazonaws.com udp
US 8.8.8.8:53 api.rlcdn.com udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 dcs-ups.g03.yahoodns.net udp
US 8.8.8.8:53 id.hadron.ad.gt.cdn.cloudflare.net udp
US 8.8.8.8:53 cdn.hadronid.net udp
US 8.8.8.8:53 secure.quantserve.com udp
US 8.8.8.8:53 live.primis.tech udp
US 8.8.8.8:53 pb-ing.ccgateway.net udp
US 104.18.43.90:443 cdn.confiant-integrations.net udp
US 8.8.8.8:53 global.px.quantserve.com udp
US 8.8.8.8:53 d2wcz8sc48ztgm.cloudfront.net udp
US 54.188.94.8:443 pb-ing.ccgateway.net tcp
US 54.188.94.8:443 pb-ing.ccgateway.net tcp
US 8.8.8.8:53 global.px.quantserve.com udp
US 8.8.8.8:53 d2wcz8sc48ztgm.cloudfront.net udp
US 8.8.8.8:53 s2s.t13.io udp
US 8.8.8.8:53 ads.yieldmo.com udp
US 8.8.8.8:53 a.teads.tv udp
US 8.8.8.8:53 hb.yellowblue.io udp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 rtb.openx.net udp
US 8.8.8.8:53 ex.ingage.tech udp
US 8.8.8.8:53 g2.gumgum.com udp
US 34.107.140.113:443 s2s.t13.io tcp
US 34.107.140.113:443 s2s.t13.io tcp
US 8.8.8.8:53 grid.bidswitch.net udp
US 8.8.8.8:53 s2s.t13.io udp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 prebid.cootlogix.com udp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 rw-yieldmo-com-tf-362867385.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 btlr-eu-central-1.sharethrough.com udp
US 8.8.8.8:53 hbopenbid-lhrc.pubmnet.com udp
US 8.8.8.8:53 hb.yellowblue.io udp
US 8.8.8.8:53 e9957.b.akamaiedge.net udp
US 104.18.41.106:443 ex.ingage.tech tcp
US 8.8.8.8:53 ex.ingage.tech udp
US 104.18.41.106:443 ex.ingage.tech tcp
US 8.8.8.8:53 g2.gumgum.com udp
US 8.8.8.8:53 s2s.t13.io udp
US 8.8.8.8:53 ib.anycast.adnxs.com udp
US 8.8.8.8:53 hu1n7ullb.puzztake.com udp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 eu-tlx.3lift.com udp
US 8.8.8.8:53 rw-yieldmo-com-tf-362867385.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 hb.yellowblue.io udp
US 8.8.8.8:53 e9957.b.akamaiedge.net udp
US 8.8.8.8:53 ex.ingage.tech udp
US 8.8.8.8:53 ib.anycast.adnxs.com udp
US 8.8.8.8:53 g2.gumgum.com udp
US 8.8.8.8:53 hu1n7ullb.puzztake.com udp
US 8.8.8.8:53 eu-tlx.3lift.com udp
US 34.107.140.113:443 s2s.t13.io udp
US 8.8.8.8:53 239.152.111.34.in-addr.arpa udp
US 8.8.8.8:53 106.169.222.52.in-addr.arpa udp
US 8.8.8.8:53 90.43.18.104.in-addr.arpa udp
US 8.8.8.8:53 8.94.188.54.in-addr.arpa udp
US 8.8.8.8:53 106.41.18.104.in-addr.arpa udp
US 8.8.8.8:53 c.pub.network udp
US 34.160.152.31:443 c.pub.network tcp
US 34.160.152.31:443 c.pub.network tcp
US 8.8.8.8:53 c.pub.network udp
US 8.8.8.8:53 c.pub.network udp
US 34.160.152.31:443 c.pub.network udp
US 8.8.8.8:53 5bb6406ec4aef8a4a9d77d00402108c5.safeframe.googlesyndication.com udp
US 172.67.36.110:443 cdn.hadronid.net tcp
FR 18.245.194.122:443 d1ykf07e75w7ss.cloudfront.net tcp
GB 87.248.114.11:443 dcs-ups.g03.yahoodns.net tcp
NL 178.250.1.11:443 dnacdn.net tcp
US 104.22.5.69:443 id.hadron.ad.gt.cdn.cloudflare.net tcp
DE 162.19.138.118:443 id5-sync.com tcp
US 34.120.133.55:443 api.rlcdn.com tcp
US 35.71.131.137:443 match.adsrvr.org tcp
DE 162.19.138.118:443 id5-sync.com tcp
DE 91.228.74.159:443 global.px.quantserve.com tcp
GB 18.172.89.128:443 d2wcz8sc48ztgm.cloudfront.net tcp
US 104.22.5.69:443 id.hadron.ad.gt.cdn.cloudflare.net tcp
DE 37.252.171.149:443 ib.anycast.adnxs.com tcp
GB 216.58.213.1:443 5bb6406ec4aef8a4a9d77d00402108c5.safeframe.googlesyndication.com tcp
NL 178.250.1.11:443 dnacdn.net tcp
US 8.8.8.8:53 btloader.com udp
NL 178.250.1.56:443 grid.bidswitch.net tcp
US 8.8.8.8:53 btloader.com udp
US 104.22.74.216:443 btloader.com tcp
US 8.8.8.8:53 btloader.com udp
IE 52.51.156.22:443 rw-yieldmo-com-tf-362867385.eu-west-1.elb.amazonaws.com tcp
GB 92.123.241.36:443 e9957.b.akamaiedge.net tcp
FR 52.222.169.72:443 hb.yellowblue.io tcp
US 35.186.253.211:443 rtb.openx.net tcp
US 34.120.63.153:443 prebid.media.net tcp
NL 69.173.156.139:443 tagged-by.rubiconproject.net.akadns.net tcp
US 34.120.133.55:443 api.rlcdn.com udp
GB 216.58.213.1:443 5bb6406ec4aef8a4a9d77d00402108c5.safeframe.googlesyndication.com udp
US 104.18.36.155:443 htlb.casalemedia.com tcp
IE 54.171.11.232:443 g2.gumgum.com tcp
NL 178.250.1.56:443 grid.bidswitch.net tcp
DE 18.153.93.230:443 btlr.sharethrough.com tcp
US 144.202.1.33:443 prebid.cootlogix.com tcp
GB 18.172.89.128:443 d2wcz8sc48ztgm.cloudfront.net udp
DE 3.124.64.248:443 eu-tlx.3lift.com tcp
GB 185.64.190.77:443 hbopenbid-lhrc.pubmnet.com tcp
DE 3.124.64.248:443 eu-tlx.3lift.com tcp
IE 52.51.156.22:443 rw-yieldmo-com-tf-362867385.eu-west-1.elb.amazonaws.com tcp
US 104.18.36.155:443 htlb.casalemedia.com tcp
DE 18.153.93.230:443 btlr.sharethrough.com tcp
DE 18.153.93.230:443 btlr.sharethrough.com tcp
DE 18.153.93.230:443 btlr.sharethrough.com tcp
DE 18.153.93.230:443 btlr.sharethrough.com tcp
IE 54.171.11.232:443 g2.gumgum.com tcp
IE 54.171.11.232:443 g2.gumgum.com tcp
IE 54.171.11.232:443 g2.gumgum.com tcp
IE 54.171.11.232:443 g2.gumgum.com tcp
US 144.202.1.33:443 prebid.cootlogix.com tcp
US 35.186.253.211:443 rtb.openx.net udp
US 34.120.63.153:443 prebid.media.net udp
US 8.8.8.8:53 110.36.67.172.in-addr.arpa udp
US 8.8.8.8:53 11.114.248.87.in-addr.arpa udp
US 8.8.8.8:53 69.5.22.104.in-addr.arpa udp
US 8.8.8.8:53 55.133.120.34.in-addr.arpa udp
US 8.8.8.8:53 128.89.172.18.in-addr.arpa udp
US 8.8.8.8:53 118.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 159.74.228.91.in-addr.arpa udp
US 8.8.8.8:53 149.171.252.37.in-addr.arpa udp
US 8.8.8.8:53 216.74.22.104.in-addr.arpa udp
US 8.8.8.8:53 36.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 72.169.222.52.in-addr.arpa udp
US 8.8.8.8:53 22.156.51.52.in-addr.arpa udp
US 8.8.8.8:53 153.63.120.34.in-addr.arpa udp
US 104.18.36.155:443 htlb.casalemedia.com udp
US 8.8.8.8:53 232.11.171.54.in-addr.arpa udp
US 8.8.8.8:53 248.64.124.3.in-addr.arpa udp
US 8.8.8.8:53 33.1.202.144.in-addr.arpa udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
FR 52.84.174.40:443 config.aps.amazon-adsystem.com tcp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
FR 3.162.36.191:443 aax.amazon-adsystem.com tcp
FR 3.162.36.191:443 aax.amazon-adsystem.com tcp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 d2fashanjl7d9f.cloudfront.net udp
US 8.8.8.8:53 d1jvc9b8z3vcjs.cloudfront.net udp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 qsearch-a.akamaihd.net udp
US 34.111.152.239:443 optimise.net udp
US 8.8.8.8:53 d2fashanjl7d9f.cloudfront.net udp
US 8.8.8.8:53 ad-delivery.net udp
GB 2.19.117.27:443 qsearch-a.akamaihd.net tcp
GB 2.19.117.27:443 qsearch-a.akamaihd.net tcp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 a267.g.akamai.net udp
GB 23.219.196.188:443 e6603.g.akamaiedge.net tcp
US 8.8.8.8:53 e6603.g.akamaiedge.net udp
US 8.8.8.8:53 u.openx.net udp
US 8.8.8.8:53 cs.ingage.tech udp
US 8.8.8.8:53 cm.adform.net udp
DE 162.19.138.118:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 sync.cootlogix.com udp
US 8.8.8.8:53 ap.lijit.com udp
US 23.20.78.52:443 cs.ingage.tech tcp
US 23.20.78.52:443 cs.ingage.tech tcp
US 23.20.78.52:443 cs.ingage.tech tcp
US 8.8.8.8:53 3dc8122e-default-sspbacken-ca08-247245088.us-east-1.elb.amazonaws.com udp
US 8.8.8.8:53 u.openx.net udp
US 34.98.64.218:443 u.openx.net tcp
US 34.98.64.218:443 u.openx.net tcp
IE 34.248.60.30:443 ap.lijit.com tcp
DK 37.157.6.243:443 cm.adform.net tcp
US 8.8.8.8:53 track-eu.adformnet.akadns.net udp
US 8.8.8.8:53 blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 track-eu.adformnet.akadns.net udp
US 8.8.8.8:53 3dc8122e-default-sspbacken-ca08-247245088.us-east-1.elb.amazonaws.com udp
US 8.8.8.8:53 u.openx.net udp
US 161.35.55.75:443 sync.cootlogix.com tcp
US 8.8.8.8:53 h7mzk9dlb.puzztake.com udp
US 34.98.64.218:443 u.openx.net udp
FR 3.164.163.94:443 d2fashanjl7d9f.cloudfront.net tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 104.26.2.70:443 ad-delivery.net tcp
NL 178.250.1.3:443 static.nl3.vip.prod.criteo.net tcp
US 104.22.74.216:443 btloader.com tcp
US 8.8.8.8:53 h7mzk9dlb.puzztake.com udp
US 23.20.78.52:443 3dc8122e-default-sspbacken-ca08-247245088.us-east-1.elb.amazonaws.com tcp
US 8.8.8.8:53 40.174.84.52.in-addr.arpa udp
US 8.8.8.8:53 191.36.162.3.in-addr.arpa udp
US 8.8.8.8:53 27.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 243.6.157.37.in-addr.arpa udp
US 8.8.8.8:53 30.60.248.34.in-addr.arpa udp
US 8.8.8.8:53 52.78.20.23.in-addr.arpa udp
US 8.8.8.8:53 70.2.26.104.in-addr.arpa udp
US 8.8.8.8:53 38.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 94.163.164.3.in-addr.arpa udp
US 8.8.8.8:53 75.55.35.161.in-addr.arpa udp
US 8.8.8.8:53 api.intentiq.com udp
US 8.8.8.8:53 sync.intentiq.com udp
US 8.8.8.8:53 pixel.quantserve.com udp
FR 99.86.91.41:443 api.intentiq.com tcp
US 8.8.8.8:53 api.intentiq.com udp
NL 178.250.1.3:443 static.nl3.vip.prod.criteo.net tcp
US 8.8.8.8:53 sync.intentiq.com udp
US 8.8.8.8:53 x.bidswitch.net udp
DE 91.228.74.159:443 pixel.quantserve.com tcp
US 8.8.8.8:53 api.intentiq.com udp
US 8.8.8.8:53 user-data-eu.bidswitch.net udp
FR 13.249.9.120:443 sync.intentiq.com tcp
US 8.8.8.8:53 sync.intentiq.com udp
US 8.8.8.8:53 user-data-eu.bidswitch.net udp
FR 99.86.91.41:443 api.intentiq.com udp
NL 35.214.136.108:443 user-data-eu.bidswitch.net tcp
US 8.8.8.8:53 match.sharethrough.com udp
DE 51.38.120.206:443 onetag-sys.com tcp
US 8.8.8.8:53 onetag-sys.com udp
FR 13.249.9.120:443 sync.intentiq.com udp
DE 18.184.206.66:443 match.sharethrough.com tcp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 match-eu-central-1-ecs.sharethrough.com udp
NL 35.214.136.108:443 user-data-eu.bidswitch.net udp
US 8.8.8.8:53 120.9.249.13.in-addr.arpa udp
US 8.8.8.8:53 108.136.214.35.in-addr.arpa udp
US 8.8.8.8:53 206.120.38.51.in-addr.arpa udp
US 8.8.8.8:53 66.206.184.18.in-addr.arpa udp
DE 51.38.120.206:443 onetag-sys.com udp
US 8.8.8.8:53 cdn.browsiprod.com udp
US 8.8.8.8:53 cdn.browsiprod.com udp
US 8.8.8.8:53 cdn.browsiprod.com udp
US 8.8.8.8:53 secure.cdn.fastclick.net udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 a.ad.gt.cdn.cloudflare.net udp
US 8.8.8.8:53 e4536.g.akamaiedge.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 a.ad.gt.cdn.cloudflare.net udp
GB 3.162.20.69:443 cdn.browsiprod.com tcp
US 172.67.23.234:443 a.ad.gt.cdn.cloudflare.net tcp
GB 104.78.175.230:443 e4536.g.akamaiedge.net tcp
FR 3.165.113.64:443 tags.crwdcntrl.net tcp
US 172.67.38.106:443 cdn.id5-sync.com tcp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 e4536.g.akamaiedge.net udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
IE 67.220.224.144:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
US 8.8.8.8:53 csync.loopme.me udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 3.94.49.35:443 cs-server-s2s.yellowblue.io tcp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 eb2.3lift.com udp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
NL 35.214.133.161:443 csync.loopme.me tcp
US 8.8.8.8:53 envoy-hl.envoy-csync.core-002-ew4.ov1o.com udp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 eu-eb2.3lift.com udp
US 8.8.8.8:53 eu-eb2.3lift.com udp
US 8.8.8.8:53 envoy-hl.envoy-csync.core-002-ew4.ov1o.com udp
US 8.8.8.8:53 pixel.rubiconproject.net.akadns.net udp
US 8.8.8.8:53 mb9eo.publishers.tremorhub.com udp
US 8.8.8.8:53 cs.media.net udp
US 8.8.8.8:53 ads.stickyadstv.com udp
US 8.8.8.8:53 cs.admanmedia.com udp
US 8.8.8.8:53 ssbsync-global.smartadserver.com udp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 sync.kueezrtb.com udp
US 8.8.8.8:53 pubads.g.doubleclick.net udp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 cs.media.net udp
US 8.8.8.8:53 cs.admanmedia.com udp
US 8.8.8.8:53 partners-alb-1113315349.us-east-1.elb.amazonaws.com udp
US 8.8.8.8:53 sync.ingage.tech udp
US 172.64.146.150:443 sync.ingage.tech tcp
US 8.8.8.8:53 hj5ozcalb.puzztake.com udp
US 8.8.8.8:53 sync.1rx.io udp
GB 142.250.180.2:443 pubads.g.doubleclick.net tcp
GB 142.250.180.2:443 pubads.g.doubleclick.net tcp
US 8.8.8.8:53 pubads.g.doubleclick.net udp
US 130.211.23.194:443 api.btloader.com tcp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 ssbsync-euw1.smartadserver.com udp
US 8.8.8.8:53 ids.ad.gt udp
US 8.8.8.8:53 secure.adnxs.com udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 dpm.demdex.net udp
US 8.8.8.8:53 sync.go.sonobi.com udp
US 8.8.8.8:53 sync.smartadserver.com udp
US 8.8.8.8:53 p.ad.gt udp
US 8.8.8.8:53 eu-west-dual.ads.stickyadstv.com.akadns.net udp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 ssbsync-euw1.smartadserver.com udp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 sync.ingage.tech udp
US 8.8.8.8:53 partners-alb-1113315349.us-east-1.elb.amazonaws.com udp
US 8.8.8.8:53 cs.admanmedia.com udp
US 8.8.8.8:53 pubads.g.doubleclick.net udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 sync-gdpr.intentiq.com udp
US 8.8.8.8:53 p.ad.gt.cdn.cloudflare.net udp
US 8.8.8.8:53 events.browsiprod.com udp
US 8.8.8.8:53 yield-manager.browsiprod.com udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 8.8.8.8:53 iad-2-sync.go.sonobi.com udp
US 8.8.8.8:53 rtb-csync-euw1.smartadserver.com udp
US 8.8.8.8:53 euw-ice.360yield.com udp
US 8.8.8.8:53 dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 ids.ad.gt udp
FR 3.165.136.56:443 sync-gdpr.intentiq.com tcp
US 8.8.8.8:53 pug-lhr-bc.pubmnet.com udp
US 8.8.8.8:53 eu-west-dual.ads.stickyadstv.com.akadns.net udp
GB 142.250.180.2:443 pubads.g.doubleclick.net udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
IE 54.74.74.210:443 bcp.crwdcntrl.net tcp
US 8.8.8.8:53 rtb-csync-euw1.smartadserver.com udp
US 54.71.208.98:443 events.browsiprod.com tcp
US 8.8.8.8:53 events.browsiprod.com udp
US 8.8.8.8:53 pug-lhr-bc.pubmnet.com udp
FR 3.162.38.107:443 yield-manager.browsiprod.com tcp
US 8.8.8.8:53 yield-manager.browsiprod.com udp
US 8.8.8.8:53 p.ad.gt.cdn.cloudflare.net udp
US 8.8.8.8:53 euw-ice.360yield.com udp
US 8.8.8.8:53 d3p3gh8eed0xba.cloudfront.net udp
US 8.8.8.8:53 iad-2-sync.go.sonobi.com udp
US 8.8.8.8:53 sync.adprime.com udp
US 8.8.8.8:53 events.browsiprod.com udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 8.8.8.8:53 sync.adprime.com udp
US 8.2.110.13:443 sync.adprime.com tcp
US 172.64.151.101:443 ssum-sec.casalemedia.com tcp
US 13.248.245.213:443 eu-eb2.3lift.com tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
US 52.0.129.244:443 partners-alb-1113315349.us-east-1.elb.amazonaws.com tcp
GB 2.23.220.28:443 cs.media.net tcp
US 80.77.87.163:443 cs.admanmedia.com tcp
NL 81.17.55.108:443 ssbsync-euw1.smartadserver.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
US 137.184.29.95:443 sync.kueezrtb.com tcp
FR 154.54.250.81:443 ads.stickyadstv.com tcp
US 130.211.23.194:443 api.btloader.com udp
US 8.8.8.8:53 sync.adprime.com udp
US 8.8.8.8:53 yield-manager.browsiprod.com udp
US 172.64.151.101:443 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 106.38.67.172.in-addr.arpa udp
US 8.8.8.8:53 234.23.67.172.in-addr.arpa udp
US 8.8.8.8:53 69.20.162.3.in-addr.arpa udp
US 8.8.8.8:53 64.113.165.3.in-addr.arpa udp
US 8.8.8.8:53 144.224.220.67.in-addr.arpa udp
US 8.8.8.8:53 161.133.214.35.in-addr.arpa udp
US 8.8.8.8:53 35.49.94.3.in-addr.arpa udp
US 8.8.8.8:53 150.146.64.172.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 56.136.165.3.in-addr.arpa udp
US 8.8.8.8:53 107.38.162.3.in-addr.arpa udp
US 8.8.8.8:53 210.74.74.54.in-addr.arpa udp
US 8.8.8.8:53 rtb.primis.tech udp
US 8.8.8.8:53 prebid-server.rubiconproject.com udp
US 8.8.8.8:53 direct.adsrvr.org udp
GB 18.172.89.90:443 rtb.primis.tech tcp
US 35.71.170.66:443 direct.adsrvr.org tcp
US 8.8.8.8:53 euwdirect.adsrvr.org udp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
US 8.8.8.8:53 prebid-server-perf-eu.rubiconproject.net.akadns.net udp
NL 69.173.156.150:443 prebid-server-perf-eu.rubiconproject.net.akadns.net tcp
US 8.8.8.8:53 101.151.64.172.in-addr.arpa udp
US 8.8.8.8:53 28.220.23.2.in-addr.arpa udp
US 8.8.8.8:53 149.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 108.55.17.81.in-addr.arpa udp
US 8.8.8.8:53 81.250.54.154.in-addr.arpa udp
US 8.8.8.8:53 213.245.248.13.in-addr.arpa udp
US 8.8.8.8:53 13.110.2.8.in-addr.arpa udp
US 8.8.8.8:53 163.87.77.80.in-addr.arpa udp
US 8.8.8.8:53 244.129.0.52.in-addr.arpa udp
US 8.8.8.8:53 euwdirect.adsrvr.org udp
US 8.8.8.8:53 prebid-server-perf-eu.rubiconproject.net.akadns.net udp
US 44.240.165.64:443 ids.ad.gt tcp
US 44.240.165.64:443 ids.ad.gt tcp
NL 185.89.210.46:443 secure.adnxs.com tcp
GB 185.64.191.210:443 pug-lhr-bc.pubmnet.com tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
GB 216.58.213.2:443 cm.g.doubleclick.net tcp
US 44.240.165.64:443 ids.ad.gt tcp
IE 52.16.55.91:443 dpm.demdex.net tcp
US 69.166.1.67:443 iad-2-sync.go.sonobi.com tcp
IE 54.155.31.240:443 ad.360yield.com tcp
US 104.22.4.69:443 p.ad.gt.cdn.cloudflare.net tcp
NL 89.149.193.105:443 rtb-csync-euw1.smartadserver.com tcp
GB 18.172.89.90:443 rtb.primis.tech udp
GB 216.58.213.2:443 cm.g.doubleclick.net udp
GB 172.217.169.33:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 pixels.ad.gt udp
US 104.22.4.69:443 pixels.ad.gt tcp
US 104.22.4.69:443 pixels.ad.gt tcp
US 8.8.8.8:53 seg.ad.gt udp
US 104.22.4.69:443 seg.ad.gt tcp
US 104.22.4.69:443 seg.ad.gt tcp
US 8.8.8.8:53 pixels.ad.gt.cdn.cloudflare.net udp
US 104.22.4.69:443 pixels.ad.gt.cdn.cloudflare.net tcp
US 8.8.8.8:53 seg.ad.gt.cdn.cloudflare.net udp
GB 172.217.169.33:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 seg.ad.gt.cdn.cloudflare.net udp
US 8.8.8.8:53 sync-tm.everesttech.net udp
US 8.8.8.8:53 h2.shared.global.fastly.net udp
US 8.8.8.8:53 h2.shared.global.fastly.net udp
US 104.22.5.69:443 seg.ad.gt.cdn.cloudflare.net tcp
GB 3.162.20.69:443 cdn.browsiprod.com tcp
US 151.101.66.49:443 h2.shared.global.fastly.net tcp
US 8.8.8.8:53 ai.browsiprod.com udp
US 8.8.8.8:53 90.89.172.18.in-addr.arpa udp
US 8.8.8.8:53 150.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 66.170.71.35.in-addr.arpa udp
US 8.8.8.8:53 210.191.64.185.in-addr.arpa udp
US 8.8.8.8:53 2.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 69.4.22.104.in-addr.arpa udp
US 8.8.8.8:53 46.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 240.31.155.54.in-addr.arpa udp
US 8.8.8.8:53 64.165.240.44.in-addr.arpa udp
US 8.8.8.8:53 91.55.16.52.in-addr.arpa udp
FR 52.222.201.40:443 ai.browsiprod.com tcp
US 8.8.8.8:53 ai.browsiprod.com udp
US 8.8.8.8:53 49.66.101.151.in-addr.arpa udp
US 8.8.8.8:53 105.193.149.89.in-addr.arpa udp
US 8.8.8.8:53 ai.browsiprod.com udp
US 8.8.8.8:53 sync.colossusssp.com udp
US 172.240.155.100:443 sync.colossusssp.com tcp
US 8.8.8.8:53 sync.colossusssp.com udp
US 8.8.8.8:53 sync.colossusssp.com udp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
GB 23.215.239.190:443 secure-assets.rubiconproject.com tcp
US 8.8.8.8:53 e8960.e2.akamaiedge.net udp
US 8.8.8.8:53 e8960.e2.akamaiedge.net udp
US 8.8.8.8:53 eus.rubiconproject.com udp
US 8.8.8.8:53 e8960.b.akamaiedge.net udp
GB 92.123.242.2:443 e8960.b.akamaiedge.net tcp
GB 142.250.180.2:443 pubads.g.doubleclick.net tcp
GB 92.123.242.2:443 e8960.b.akamaiedge.net tcp
US 8.8.8.8:53 e8960.b.akamaiedge.net udp
US 8.8.8.8:53 id.crwdcntrl.net udp
US 8.8.8.8:53 id5-sync.com udp
GB 142.250.180.2:443 pubads.g.doubleclick.net udp
IE 52.31.95.82:443 id.crwdcntrl.net tcp
US 8.8.8.8:53 id.crwdcntrl.net udp
US 8.8.8.8:53 cdn.doubleverify.com udp
US 8.8.8.8:53 pixel.adsafeprotected.com udp
US 8.8.8.8:53 id.crwdcntrl.net udp
GB 2.23.210.97:443 cdn.doubleverify.com tcp
US 8.8.8.8:53 a1241.dsct.akamai.net udp
IE 18.200.180.237:443 pixel.adsafeprotected.com tcp
US 8.8.8.8:53 firewall-external-2134955858.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 a1241.dsct.akamai.net udp
US 8.8.8.8:53 firewall-external-2134955858.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 100.155.240.172.in-addr.arpa udp
US 8.8.8.8:53 190.239.215.23.in-addr.arpa udp
US 8.8.8.8:53 82.95.31.52.in-addr.arpa udp
US 8.8.8.8:53 97.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 237.180.200.18.in-addr.arpa udp
GB 216.58.204.66:443 ade.googlesyndication.com tcp
GB 216.58.204.66:443 ade.googlesyndication.com tcp
US 8.8.8.8:53 googleads4.g.doubleclick.net udp
US 8.8.8.8:53 tps.doubleverify.com udp
US 8.8.8.8:53 tpsc-ew1.doubleverify.com udp
GB 216.58.204.66:443 ade.googlesyndication.com udp
US 8.8.8.8:53 rtb0.doubleverify.com udp
US 130.211.44.5:443 rtb0.doubleverify.com tcp
IE 54.77.66.79:443 firewall-external-2134955858.eu-west-1.elb.amazonaws.com tcp
GB 18.172.89.36:443 d162h6x3rxav67.cloudfront.net tcp
US 8.8.8.8:53 tpsc-ew1.doubleverify.com udp
US 130.211.44.5:443 rtb0.doubleverify.com tcp
US 8.8.8.8:53 rtbc-ew1.doubleverify.com udp
US 8.8.8.8:53 rtbc-ew1.doubleverify.com udp
US 8.8.8.8:53 us.ck-ie.com udp
US 8.8.8.8:53 match.prod.bidr.io udp
US 8.8.8.8:53 s.adtelligent.com udp
US 8.2.110.13:443 sync.adprime.com tcp
US 8.2.110.13:443 sync.adprime.com tcp
US 8.8.8.8:53 sync-service.net udp
US 8.8.8.8:53 s.ad.smaato.net udp
US 8.8.8.8:53 us.shb-sync.com udp
US 8.8.8.8:53 sync.e-planning.net udp
US 8.8.8.8:53 idsync.rlcdn.com udp
US 8.8.8.8:53 inv-nets.admixer.net udp
US 8.8.8.8:53 us.ck-ie.com udp
US 8.8.8.8:53 us.ck-ie.com udp
US 8.8.8.8:53 s.ad.smaato.net udp
US 204.62.12.209:443 sync-service.net tcp
US 8.8.8.8:53 sync-service.net udp
US 8.2.110.33:443 us.shb-sync.com tcp
US 8.8.8.8:53 match.prod.bidr.io udp
US 8.8.8.8:53 us.shb-sync.com udp
US 8.8.8.8:53 inv-nets.admixer.net udp
US 8.8.8.8:53 ads.us.e-planning.net udp
US 8.8.8.8:53 servedby.flashtalking.com udp
US 8.8.8.8:53 sync-service.net udp
US 8.8.8.8:53 match.prod.bidr.io udp
US 8.8.8.8:53 s.ad.smaato.net udp
US 8.8.8.8:53 us.shb-sync.com udp
US 8.8.8.8:53 s-vertamedia-com.geodns.me udp
US 8.8.8.8:53 ads.us.e-planning.net udp
GB 92.123.240.200:443 servedby.flashtalking.com tcp
US 8.8.8.8:53 e4751.b.akamaiedge.net udp
US 8.8.8.8:53 inv-nets.admixer.net udp
GB 142.250.187.226:443 www.googletagservices.com tcp
US 8.8.8.8:53 www.googletagservices.com udp
US 8.8.8.8:53 e4751.b.akamaiedge.net udp
US 8.8.8.8:53 s-vertamedia-com.geodns.me udp
US 8.8.8.8:53 www.googletagservices.com udp
GB 142.250.187.226:443 www.googletagservices.com udp
US 8.8.8.8:53 ajs-assets.ftstatic.com udp
US 204.62.12.209:443 sync-service.net tcp
US 8.8.8.8:53 d3f1y6rso5ozvw.cloudfront.net udp
FR 52.84.174.15:443 d3f1y6rso5ozvw.cloudfront.net tcp
US 8.8.8.8:53 d3f1y6rso5ozvw.cloudfront.net udp
US 204.62.12.209:443 sync-service.net tcp
US 8.8.8.8:53 5.44.211.130.in-addr.arpa udp
US 8.8.8.8:53 200.240.123.92.in-addr.arpa udp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 209.12.62.204.in-addr.arpa udp
US 8.8.8.8:53 33.110.2.8.in-addr.arpa udp
US 8.8.8.8:53 15.174.84.52.in-addr.arpa udp
US 107.21.214.231:443 dt.adsafeprotected.com tcp
US 8.2.110.114:443 us.ck-ie.com tcp
IE 34.246.139.66:443 match.prod.bidr.io tcp
US 8.2.110.114:443 us.ck-ie.com tcp
DE 168.119.32.99:80 s-vertamedia-com.geodns.me tcp
FR 18.164.52.46:443 s.ad.smaato.net tcp
US 8.2.110.114:443 us.ck-ie.com tcp
US 8.2.110.114:443 us.ck-ie.com tcp
US 35.244.174.68:443 idsync.rlcdn.com tcp
NL 193.3.178.4:443 sync.e-planning.net tcp
DE 116.202.167.155:80 inv-nets.admixer.net tcp
US 8.8.8.8:53 tpsc-ew1.doubleverify.com udp
US 35.244.174.68:443 idsync.rlcdn.com udp
DE 116.202.167.155:443 inv-nets.admixer.net tcp
US 8.8.8.8:53 b1h.zemanta.com udp
US 130.211.44.5:443 tpsc-ew1.doubleverify.com tcp
US 50.31.142.223:443 b1h.zemanta.com tcp
US 8.8.8.8:53 chidc2.outbrain.org udp
US 8.8.8.8:53 chidc2.outbrain.org udp
US 8.8.8.8:53 agen-assets.ftstatic.com udp
FR 18.155.129.43:443 agen-assets.ftstatic.com tcp
US 8.8.8.8:53 d1dvhck2p605dz.cloudfront.net udp
US 8.8.8.8:53 d1dvhck2p605dz.cloudfront.net udp
US 8.8.8.8:53 tracker.yougov.com udp
US 8.8.8.8:53 cdn.flashtalking.com udp
US 8.8.8.8:53 tracker.yougov.com udp
IE 52.31.249.35:443 tracker.yougov.com tcp
FR 52.222.149.85:443 cdn.flashtalking.com tcp
US 8.8.8.8:53 d3fxn7cse5tdjr.cloudfront.net udp
US 8.8.8.8:53 tracker.yougov.com udp
US 8.8.8.8:53 d3fxn7cse5tdjr.cloudfront.net udp
FR 52.222.149.85:443 d3fxn7cse5tdjr.cloudfront.net tcp
US 8.8.8.8:53 ad-events.flashtalking.com udp
US 8.8.8.8:53 stat.flashtalking.com udp
US 8.8.8.8:53 ad-interactions-prod-lb-1426714899.eu-west-2.elb.amazonaws.com udp
US 8.8.8.8:53 ad-interactions-prod-lb-1426714899.eu-west-2.elb.amazonaws.com udp
GB 18.169.60.99:443 ad-interactions-prod-lb-1426714899.eu-west-2.elb.amazonaws.com tcp
GB 18.170.252.3:443 ad-interactions-prod-lb-1426714899.eu-west-2.elb.amazonaws.com tcp
GB 18.170.252.3:443 ad-interactions-prod-lb-1426714899.eu-west-2.elb.amazonaws.com tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
US 8.8.8.8:53 46.52.164.18.in-addr.arpa udp
US 8.8.8.8:53 4.178.3.193.in-addr.arpa udp
US 8.8.8.8:53 66.139.246.34.in-addr.arpa udp
US 8.8.8.8:53 99.32.119.168.in-addr.arpa udp
US 8.8.8.8:53 155.167.202.116.in-addr.arpa udp
US 8.8.8.8:53 114.110.2.8.in-addr.arpa udp
US 8.8.8.8:53 223.142.31.50.in-addr.arpa udp
US 8.8.8.8:53 43.129.155.18.in-addr.arpa udp
US 8.8.8.8:53 35.249.31.52.in-addr.arpa udp
US 8.8.8.8:53 85.149.222.52.in-addr.arpa udp
US 8.8.8.8:53 99.60.169.18.in-addr.arpa udp
US 8.8.8.8:53 3.252.170.18.in-addr.arpa udp
GB 18.170.252.3:443 ad-interactions-prod-lb-1426714899.eu-west-2.elb.amazonaws.com tcp
US 8.8.8.8:53 rtbc-ew1.doubleverify.com udp
US 130.211.44.5:443 rtbc-ew1.doubleverify.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.179.228:443 www.google.com udp
US 8.8.8.8:53 events.browsiprod.com udp
US 8.8.8.8:53 prebid-server-perf-eu.rubiconproject.net.akadns.net udp
US 8.8.8.8:53 euwdirect.adsrvr.org udp
GB 18.170.252.3:443 ad-interactions-prod-lb-1426714899.eu-west-2.elb.amazonaws.com tcp
GB 142.250.180.2:443 pubads.g.doubleclick.net udp
US 104.19.223.79:443 cdn.whatismyipaddress.com tcp
US 8.8.8.8:53 ds6.whatismyipaddress.com udp
GB 79.127.237.132:443 omapp.b-cdn.net tcp
US 104.18.20.206:443 a.pub.network tcp
GB 104.78.175.230:443 secure.cdn.fastclick.net tcp
FR 3.165.113.64:443 tags.crwdcntrl.net tcp
FR 52.222.149.52:443 cmp.inmobi.com tcp
US 8.8.8.8:53 e4536.g.akamaiedge.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 dcs-ups.g03.yahoodns.net udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 d1ykf07e75w7ss.cloudfront.net udp
US 8.8.8.8:53 ids.ad.gt udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 ib.anycast.adnxs.com udp
US 8.8.8.8:53 a267.g.akamai.net udp
US 8.8.8.8:53 user-data-eu.bidswitch.net udp
US 8.8.8.8:53 dcs-ups.g03.yahoodns.net udp
US 8.8.8.8:53 cdn.browsiprod.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 73.80.16.104.in-addr.arpa udp
DE 162.19.138.118:443 lb.eu-1-id5-sync.com tcp
NL 178.250.1.56:443 grid.bidswitch.net tcp
NL 178.250.1.56:443 grid.bidswitch.net tcp
DE 18.153.93.230:443 btlr.sharethrough.com tcp
US 130.211.44.5:443 rtbc-ew1.doubleverify.com tcp
US 130.211.44.5:443 rtbc-ew1.doubleverify.com tcp
US 8.8.8.8:53 78ed51ff942cbe504b926c45265507ed.safeframe.googlesyndication.com udp
US 8.8.8.8:53 bh.contextweb.com udp
GB 216.58.213.1:443 78ed51ff942cbe504b926c45265507ed.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 am1-direct-bgp.contextweb.com udp
GB 216.58.213.1:443 78ed51ff942cbe504b926c45265507ed.safeframe.googlesyndication.com udp
DE 162.19.138.118:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 am1-direct-bgp.contextweb.com udp
US 104.18.38.76:443 js-sec.indexww.com tcp
US 8.8.8.8:53 js-sec.indexww.com udp
US 8.8.8.8:53 e8960.b.akamaiedge.net udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
US 8.8.8.8:53 e6603.g.akamaiedge.net udp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
NL 69.173.156.139:443 tagged-by.rubiconproject.net.akadns.net tcp
US 172.64.151.101:443 ssum-sec.casalemedia.com udp
NL 208.93.169.131:443 am1-direct-bgp.contextweb.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
NL 178.250.1.3:443 static.nl3.vip.prod.criteo.net tcp
US 8.8.8.8:53 contextual.media.net udp
US 8.8.8.8:53 e6603.g.akamaiedge.net udp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
US 8.8.8.8:53 freestar-d.openx.net udp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
US 34.98.64.218:443 freestar-d.openx.net tcp
US 8.8.8.8:53 freestar-d.openx.net udp
DE 18.184.206.66:443 match.sharethrough.com tcp
GB 92.123.240.21:443 contextual.media.net tcp
US 8.8.8.8:53 contextual.media.net udp
US 34.98.64.218:443 freestar-d.openx.net udp
US 8.8.8.8:53 freestar-d.openx.net udp
US 8.8.8.8:53 contextual.media.net udp
GB 92.123.240.21:443 contextual.media.net udp
US 8.8.8.8:53 150.216.36.34.in-addr.arpa udp
US 8.8.8.8:53 131.169.93.208.in-addr.arpa udp
US 8.8.8.8:53 21.240.123.92.in-addr.arpa udp
US 8.8.8.8:53 hblg.media.net udp
US 8.8.8.8:53 cdn-geuw1-xch.media.net udp
US 8.8.8.8:53 warp.media.net udp
US 8.8.8.8:53 protected-by.clarium.io udp
US 8.8.8.8:53 hblg.media.net udp
GB 142.250.180.1:443 cdn-content.ampproject.org tcp
GB 142.250.180.1:443 cdn-content.ampproject.org tcp
GB 142.250.180.1:443 cdn-content.ampproject.org tcp
GB 142.250.180.1:443 cdn-content.ampproject.org tcp
GB 142.250.180.1:443 cdn-content.ampproject.org tcp
GB 2.23.220.28:443 hblg.media.net tcp
US 8.8.8.8:53 warp.media.net udp
US 8.8.8.8:53 e607.dscd.akamaiedge.net udp
US 8.8.8.8:53 hblg.media.net udp
IE 34.252.173.211:443 protected-by.clarium.io tcp
US 8.8.8.8:53 protected-by.clarium.io udp
US 8.8.8.8:53 protected-by.clarium.io udp
US 8.8.8.8:53 e607.dscd.akamaiedge.net udp
US 8.8.8.8:53 warp.media.net udp
GB 142.250.180.1:443 cdn-content.ampproject.org tcp
GB 142.250.180.1:443 cdn-content.ampproject.org udp
US 8.8.8.8:53 imasdk.googleapis.com udp
GB 142.250.187.202:443 imasdk.googleapis.com tcp
GB 142.250.187.202:443 imasdk.googleapis.com tcp
US 8.8.8.8:53 imasdk.googleapis.com udp
US 8.8.8.8:53 211.173.252.34.in-addr.arpa udp
US 8.8.8.8:53 imasdk.googleapis.com udp
GB 142.250.187.202:443 imasdk.googleapis.com udp
US 130.211.23.194:443 api.btloader.com udp
FR 52.222.169.106:443 sb.scorecardresearch.com tcp
US 104.18.43.90:443 cdn.confiant-integrations.net tcp
FR 18.245.194.122:443 d1ykf07e75w7ss.cloudfront.net tcp
US 8.8.8.8:53 bid.g.doubleclick.net udp
US 8.8.8.8:53 csi.gstatic.com udp
GB 18.172.89.128:443 rtb.primis.tech tcp
BE 142.251.173.157:443 bid.g.doubleclick.net tcp
US 8.8.8.8:53 bid.g.doubleclick.net udp
TW 64.233.188.120:443 csi.gstatic.com tcp
TW 64.233.188.120:443 csi.gstatic.com tcp
US 8.8.8.8:53 csi.gstatic.com udp
US 8.8.8.8:53 csi.gstatic.com udp
US 8.8.8.8:53 bid.g.doubleclick.net udp
NL 35.214.133.161:443 envoy-hl.envoy-csync.core-002-ew4.ov1o.com tcp
BE 142.251.173.157:443 bid.g.doubleclick.net udp
US 8.8.8.8:53 match-eu-central-1-ecs.sharethrough.com udp
US 172.64.146.150:443 sync.ingage.tech tcp
TW 64.233.188.120:443 csi.gstatic.com tcp
US 8.8.8.8:53 vast.doubleverify.com udp
US 8.8.8.8:53 match-eu-central-1-ecs.sharethrough.com udp
TW 64.233.188.120:443 csi.gstatic.com tcp
TW 64.233.188.120:443 csi.gstatic.com tcp
US 8.8.8.8:53 vast.doubleverify.com tcp
US 74.80.226.83:443 vast.doubleverify.com tcp
US 8.8.8.8:53 cf.vast.doubleverify.com.cdn.cloudflare.net udp
US 8.8.8.8:53 euwdirect.adsrvr.org udp
GB 18.172.89.90:443 rtb.primis.tech udp
TW 64.233.188.120:443 csi.gstatic.com tcp
US 8.8.8.8:53 cf.vast.doubleverify.com.cdn.cloudflare.net udp
US 74.80.226.83:443 vast.doubleverify.com udp
GB 142.250.180.2:443 pubads.g.doubleclick.net udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 157.173.251.142.in-addr.arpa udp
US 8.8.8.8:53 120.188.233.64.in-addr.arpa udp
US 8.8.8.8:53 83.226.80.74.in-addr.arpa udp
US 172.64.151.101:443 ssum-sec.casalemedia.com udp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
NL 81.17.55.108:443 ssbsync-euw1.smartadserver.com tcp
TW 64.233.188.120:443 csi.gstatic.com udp
US 104.19.222.79:443 cdn.whatismyipaddress.com udp
DE 18.153.93.230:443 btlr.sharethrough.com tcp
US 8.8.8.8:53 86142a161c4db3e9754365d59469693d.safeframe.googlesyndication.com udp
GB 216.58.213.1:443 86142a161c4db3e9754365d59469693d.safeframe.googlesyndication.com tcp
GB 216.58.213.1:443 86142a161c4db3e9754365d59469693d.safeframe.googlesyndication.com udp
NL 35.214.133.161:443 envoy-hl.envoy-csync.core-002-ew4.ov1o.com tcp
NL 178.250.1.3:443 static.nl3.vip.prod.criteo.net tcp
US 8.8.8.8:53 prebid-server-perf-eu.rubiconproject.net.akadns.net udp
US 8.8.8.8:53 creativecdn.com udp
NL 185.184.8.90:443 creativecdn.com tcp
US 8.8.8.8:53 creativecdn.com udp
US 8.8.8.8:53 c1.adform.net udp
US 34.98.64.218:443 freestar-d.openx.net udp
DE 18.184.206.66:443 match.sharethrough.com tcp
DK 37.157.2.229:443 c1.adform.net tcp
US 8.8.8.8:53 creativecdn.com udp
US 8.8.8.8:53 match.sharethrough.com udp
US 8.8.8.8:53 track.adformnet.akadns.net udp
US 8.8.8.8:53 track.adformnet.akadns.net udp
US 8.8.8.8:53 e4536.g.akamaiedge.net udp
US 8.8.8.8:53 e4536.g.akamaiedge.net udp
US 8.8.8.8:53 qsearch-a.akamaihd.net udp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
US 8.8.8.8:53 229.2.157.37.in-addr.arpa udp
US 8.8.8.8:53 a267.g.akamai.net udp
US 8.8.8.8:53 a267.g.akamai.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 172.64.151.101:443 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 events.browsiprod.com udp
US 8.8.8.8:53 events.browsiprod.com udp
GB 142.250.180.2:443 pubads.g.doubleclick.net udp
GB 172.217.169.33:443 tpc.googlesyndication.com tcp
GB 2.23.220.28:443 e607.dscd.akamaiedge.net tcp
GB 172.217.16.230:443 s0.2mdn.net tcp
GB 172.217.16.230:443 s0.2mdn.net udp
US 8.8.8.8:53 eus.rubiconproject.com udp
US 8.8.8.8:53 e8960.b.akamaiedge.net udp
GB 2.23.220.28:443 e607.dscd.akamaiedge.net tcp
US 8.8.8.8:53 e8960.b.akamaiedge.net udp
GB 172.217.16.230:443 s0.2mdn.net tcp
US 8.8.8.8:53 api.floors.dev udp
US 34.160.128.112:443 api.floors.dev tcp
US 8.8.8.8:53 api.floors.dev udp
US 34.160.128.112:443 api.floors.dev tcp
US 8.8.8.8:53 api.floors.dev udp
US 34.160.128.112:443 api.floors.dev udp
US 8.8.8.8:53 pb-ing.ccgateway.net udp
US 8.8.8.8:53 prebid-satellite-prod-01-alb-18308999.us-west-2.elb.amazonaws.com udp
US 8.8.8.8:53 prebid-satellite-prod-01-alb-18308999.us-west-2.elb.amazonaws.com udp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
US 8.8.8.8:53 e8960.e2.akamaiedge.net udp
US 8.8.8.8:53 e8960.e2.akamaiedge.net udp
US 8.8.8.8:53 112.128.160.34.in-addr.arpa udp
US 172.64.151.101:443 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 cdn.indexww.com udp
US 172.64.149.180:443 cdn.indexww.com tcp
US 8.8.8.8:53 cdn.indexww.com udp
US 8.8.8.8:53 cdn.indexww.com udp
US 8.8.8.8:53 eu-tlx.3lift.com udp
US 8.8.8.8:53 eu-tlx.3lift.com udp
US 8.8.8.8:53 ssp.api.tappx.com udp
NL 34.91.34.195:443 ssp.api.tappx.com tcp
US 8.8.8.8:53 eu-gcp-multilbtcp.ssp.tappx.com udp
US 8.8.8.8:53 eu-gcp-multilbtcp.ssp.tappx.com udp
DE 18.153.93.230:443 btlr.sharethrough.com tcp
US 8.8.8.8:53 180.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 195.34.91.34.in-addr.arpa udp
US 8.8.8.8:53 s0.2mdn.net udp
GB 142.250.180.2:443 pubads.g.doubleclick.net udp
US 8.8.8.8:53 pbs-cs.yellowblue.io udp
IE 54.72.158.238:443 pbs-cs.yellowblue.io tcp
US 8.8.8.8:53 pbs-cs.yellowblue.io udp
US 8.8.8.8:53 us-u.openx.net udp
US 8.8.8.8:53 image8.pubmatic.com udp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
NL 35.214.133.161:443 envoy-hl.envoy-csync.core-002-ew4.ov1o.com tcp
US 8.8.8.8:53 us-u.openx.net udp
US 8.8.8.8:53 imgsync-amsfpairbc.pubmnet.com udp
US 8.8.8.8:53 238.158.72.54.in-addr.arpa udp
US 8.8.8.8:53 cs.yellowblue.io udp
US 8.8.8.8:53 imgsync-amsfpairbc.pubmnet.com udp
US 8.8.8.8:53 us-u.openx.net udp
US 8.8.8.8:53 ssbsync-euw2.smartadserver.com udp
NL 46.228.174.117:443 sync.1rx.io tcp
DE 18.195.234.25:443 match.sharethrough.com tcp
US 35.244.159.8:443 us-u.openx.net tcp
NL 198.47.127.18:443 imgsync-amsfpairbc.pubmnet.com tcp
NL 185.89.210.46:443 secure.adnxs.com tcp
FR 164.132.25.181:443 ssbsync.smartadserver.com tcp
US 8.8.8.8:53 cs.yellowblue.io udp
IE 99.81.54.248:443 cs.yellowblue.io tcp
US 35.244.159.8:443 us-u.openx.net udp
US 8.8.8.8:53 cs.yellowblue.io udp
US 8.8.8.8:53 ssc-cms.33across.com udp
US 67.202.105.22:443 ssc-cms.33across.com tcp
US 8.8.8.8:53 pixel.33across.com udp
US 8.8.8.8:53 pixel.33across.com udp
US 8.8.8.8:53 8.159.244.35.in-addr.arpa udp
US 8.8.8.8:53 18.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 25.234.195.18.in-addr.arpa udp
US 8.8.8.8:53 248.54.81.99.in-addr.arpa udp
US 8.8.8.8:53 181.25.132.164.in-addr.arpa udp
US 8.8.8.8:53 22.105.202.67.in-addr.arpa udp
NL 35.214.133.161:443 envoy-hl.envoy-csync.core-002-ew4.ov1o.com tcp
NL 34.91.34.195:443 eu-gcp-multilbtcp.ssp.tappx.com tcp
NL 34.91.34.195:443 eu-gcp-multilbtcp.ssp.tappx.com tcp
US 143.244.222.249:443 sync.resetdigital.co tcp
US 8.8.8.8:53 sync.resetdigital.co udp
US 8.8.8.8:53 sync.resetdigital.co udp
US 8.8.8.8:53 249.222.244.143.in-addr.arpa udp
US 8.8.8.8:53 events.browsiprod.com udp
US 8.8.8.8:53 events.browsiprod.com udp
US 8.8.8.8:53 euwdirect.adsrvr.org udp
US 8.8.8.8:53 rtb.mfadsrvr.com udp
US 8.8.8.8:53 pixel-eu.rubiconproject.com udp
US 8.8.8.8:53 t.adx.opera.com udp
NL 82.145.213.8:443 t.adx.opera.com tcp
NL 69.173.156.148:443 pixel-eu.rubiconproject.com tcp
US 8.8.8.8:53 outspot2-ams.adx.opera.com udp
US 8.8.8.8:53 pixel-eu.rubiconproject.net.akadns.net udp
NL 35.214.199.88:443 rtb.mfadsrvr.com tcp
US 8.8.8.8:53 dorpat.geo.iponweb.net udp
US 8.8.8.8:53 pixel-eu.rubiconproject.net.akadns.net udp
US 8.8.8.8:53 outspot2-ams.adx.opera.com udp
US 8.8.8.8:53 dorpat.geo.iponweb.net udp
US 8.8.8.8:53 odr.mookie1.com udp
US 98.82.154.76:443 s.amazon-adsystem.com tcp
US 8.8.8.8:53 s.amazon-adsystem.com udp
NL 35.214.199.88:443 dorpat.geo.iponweb.net udp
US 34.160.236.64:443 odr.mookie1.com tcp
US 8.8.8.8:53 tagr-pixel-nginx-odr-euw4.mookie1.com udp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 8.8.8.8:53 tagr-pixel-nginx-odr-euw4.mookie1.com udp
US 34.160.236.64:443 tagr-pixel-nginx-odr-euw4.mookie1.com udp
US 8.8.8.8:53 8.213.145.82.in-addr.arpa udp
US 8.8.8.8:53 88.199.214.35.in-addr.arpa udp
US 8.8.8.8:53 64.236.160.34.in-addr.arpa udp
US 8.8.8.8:53 76.154.82.98.in-addr.arpa udp
US 172.64.151.101:443 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 cms.quantserve.com udp
NL 35.214.133.161:443 envoy-hl.envoy-csync.core-002-ew4.ov1o.com tcp
DE 91.228.74.244:443 cms.quantserve.com tcp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
FR 178.32.197.57:443 rtb-csync.smartadserver.com tcp
US 8.8.8.8:53 rtb-csync-euw2.smartadserver.com udp
FR 178.32.197.57:443 rtb-csync-euw2.smartadserver.com tcp
FR 178.32.197.57:443 rtb-csync-euw2.smartadserver.com tcp
FR 178.32.197.57:443 rtb-csync-euw2.smartadserver.com tcp
FR 178.32.197.57:443 rtb-csync-euw2.smartadserver.com tcp
FR 178.32.197.57:443 rtb-csync-euw2.smartadserver.com tcp
US 104.19.223.79:443 cdn.whatismyipaddress.com tcp
US 8.8.8.8:53 euwdirect.adsrvr.org udp
GB 216.58.212.226:443 ade.googlesyndication.com tcp
US 8.8.8.8:53 ade.googlesyndication.com udp
US 8.8.8.8:53 ade.googlesyndication.com udp
GB 216.58.212.226:443 ade.googlesyndication.com udp
US 8.8.8.8:53 226.212.58.216.in-addr.arpa udp
US 104.16.160.145:443 onesignal.com udp
US 8.8.8.8:53 img.onesignal.com udp
US 8.8.8.8:53 img.onesignal.com udp
US 8.8.8.8:53 img.onesignal.com udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 euwdirect.adsrvr.org udp
US 8.8.8.8:53 htlb.casalemedia.com udp
DE 162.19.138.118:443 lb.eu-1-id5-sync.com tcp
DE 162.19.138.118:443 lb.eu-1-id5-sync.com tcp
GB 142.250.179.228:443 www.google.com udp
US 34.160.128.112:443 api.floors.dev udp
US 8.8.8.8:53 hbopenbid-lhrc.pubmnet.com udp
GB 18.172.89.90:443 rtb.primis.tech udp
GB 216.58.204.81:443 csp.withgoogle.com udp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.16.238:443 play.google.com udp
US 8.8.8.8:53 www.google.com udp
FR 213.186.33.16:443 ip-lookup.net tcp
US 8.8.8.8:53 ip-lookup.net udp
FR 213.186.33.16:443 ip-lookup.net tcp
US 8.8.8.8:53 16.33.186.213.in-addr.arpa udp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 104.17.25.14:443 cdnjs.cloudflare.com udp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.201.110:443 apis.google.com tcp
US 8.8.8.8:53 plus.l.google.com udp
US 8.8.8.8:53 plus.l.google.com udp
US 8.8.8.8:53 ssl.google-analytics.com udp
GB 216.58.201.110:443 plus.l.google.com udp
US 8.8.8.8:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
US 8.8.8.8:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com udp
US 8.8.8.8:53 14.25.17.104.in-addr.arpa udp
US 8.8.8.8:53 232.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 173.194.69.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
GB 142.250.178.14:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 www3.l.google.com udp
NL 173.194.69.84:443 accounts.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 172.217.16.227:443 ssl.gstatic.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 142.250.178.14:443 www3.l.google.com udp
GB 172.217.16.227:443 ssl.gstatic.com udp
US 8.8.8.8:53 84.69.194.173.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
GB 142.250.180.2:443 pubads.g.doubleclick.net tcp
GB 142.250.180.2:443 pubads.g.doubleclick.net tcp
GB 142.250.180.2:443 pubads.g.doubleclick.net tcp
GB 142.250.180.2:443 pubads.g.doubleclick.net tcp
GB 142.250.180.2:443 pubads.g.doubleclick.net tcp
GB 172.217.169.66:443 ep1.adtrafficquality.google tcp
GB 142.250.180.2:443 pubads.g.doubleclick.net udp
GB 172.217.169.66:443 ep1.adtrafficquality.google udp
GB 142.250.179.225:443 ep2.adtrafficquality.google tcp
GB 142.250.179.225:443 ep2.adtrafficquality.google udp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com udp
GB 216.58.201.110:443 plus.l.google.com tcp
GB 142.250.178.14:443 www3.l.google.com tcp
US 8.8.8.8:53 javadl-esd-secure.oracle.com udp
GB 23.43.74.127:443 javadl-esd-secure.oracle.com tcp

Files

memory/3016-2-0x00000258ABA50000-0x00000258ABCC0000-memory.dmp

memory/3016-15-0x00000258ABCC0000-0x00000258ABCD0000-memory.dmp

memory/3016-17-0x00000258ABCD0000-0x00000258ABCE0000-memory.dmp

memory/3016-19-0x00000258ABCE0000-0x00000258ABCF0000-memory.dmp

memory/3016-22-0x00000258ABCF0000-0x00000258ABD00000-memory.dmp

memory/3016-23-0x00000258ABD00000-0x00000258ABD10000-memory.dmp

memory/3016-27-0x00000258ABD20000-0x00000258ABD30000-memory.dmp

memory/3016-26-0x00000258ABD10000-0x00000258ABD20000-memory.dmp

memory/3016-30-0x00000258ABD30000-0x00000258ABD40000-memory.dmp

memory/3016-32-0x00000258ABA50000-0x00000258ABCC0000-memory.dmp

memory/3016-31-0x00000258ABD40000-0x00000258ABD50000-memory.dmp

memory/3016-33-0x00000258AA180000-0x00000258AA181000-memory.dmp

memory/3016-37-0x00000258ABD50000-0x00000258ABD60000-memory.dmp

memory/3016-38-0x00000258AA180000-0x00000258AA181000-memory.dmp

memory/3016-39-0x00000258ABCC0000-0x00000258ABCD0000-memory.dmp

memory/3016-40-0x00000258ABCD0000-0x00000258ABCE0000-memory.dmp

memory/3016-41-0x00000258ABCE0000-0x00000258ABCF0000-memory.dmp

memory/3016-43-0x00000258ABCF0000-0x00000258ABD00000-memory.dmp

memory/3016-44-0x00000258ABD00000-0x00000258ABD10000-memory.dmp

memory/3016-45-0x00000258ABD10000-0x00000258ABD20000-memory.dmp

memory/3016-46-0x00000258ABD20000-0x00000258ABD30000-memory.dmp

memory/3016-47-0x00000258ABD30000-0x00000258ABD40000-memory.dmp

memory/3016-48-0x00000258ABD40000-0x00000258ABD50000-memory.dmp

memory/3016-51-0x00000258AA180000-0x00000258AA181000-memory.dmp

memory/3016-54-0x00000258AA180000-0x00000258AA181000-memory.dmp

memory/3016-55-0x00000258ABD60000-0x00000258ABD70000-memory.dmp

memory/3016-56-0x00000258AA180000-0x00000258AA181000-memory.dmp

memory/3016-63-0x00000258ABD60000-0x00000258ABD70000-memory.dmp

memory/3016-65-0x00000258ABD70000-0x00000258ABD80000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\datareporting\glean\pending_pings\1e32b14c-b45a-4422-aa68-ae4a4bbfca63

MD5 28058615e911e2020a11ac89c88b26d2
SHA1 9a54b129c8fe31e11023d2be21e98023ae2d63dc
SHA256 93810383b8fbcd037c82f6585a0617c1322bf55278dcc825627a92c08ea44705
SHA512 bf52a1f0a35a7ed2d5587aeebefce82f3734fa4dda3746802c9c7046f0ee7a8fa0c382a7bfa68647717a078a03b0ba12f83d603adcc0c8e963fbd8d82501b0f6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\datareporting\glean\db\data.safe.tmp

MD5 b0ada659658bc6b2a44becd467e50140
SHA1 e499a27e02364106321ec4322afacca1c2d7b144
SHA256 02a43f4cc062d4b2e1e555e45352629c4c3667ba70981d35e75608afc82c4d1f
SHA512 40046967006a98c6e652ac5aaeb1f9ce05130d37b85670e977e32c26e738f2d20e8c60996ec54f94d70cb986c11aab6145bf79576187dc6b9c16cbb77d2af753

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\datareporting\glean\pending_pings\55bbbd15-dea5-41c7-ab99-61732c95449a

MD5 74acee26501f85ec264f9b81a2dae997
SHA1 889381a0c1f116617e3075e1cdd53925c502bb92
SHA256 933c7d379875a13eefa7d86c2996b000e6b788da57698d44f2f5bab53d80a99d
SHA512 d7eb97d46d413bdc1e9d74f88a75568a919192ab0270bdf6a39f47977c65fcd132f8307983b4d0f81f4735d17bf03a708ef18761b37657f361d657b992c1ccc3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\activity-stream.discovery_stream.json

MD5 efe7dc1f8f37dc98fb9ee7fdb5341031
SHA1 819a16ae1de5148498f43dac0be7bbf8d0a2dcd1
SHA256 e372e121d9fa67fa10693bc8b12c97ad301db0935ad5a771f776012502a7e341
SHA512 12067ef44560d7ff7230fd5b5cd0a2fedfcf9b9e2f8e0061dec6adaaccecfd65c1cb0eed5a7dde39b494cc9d34866af127f7fdf37d50eba18db0a5a24ae74e24

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\datareporting\glean\db\data.safe.tmp

MD5 a304bd52c608064365d3878a547d7a09
SHA1 4597651218ec8a0a6b7cd6196a6318f49c929b64
SHA256 7494641cf82d5ee83c2d11537d7af068ee28969635a83e61842489dcc042a617
SHA512 e8293c27231cc4aea3a1fd32bf37834376c0962144f73a26ac716876ea52d6bd1c03c5aa1c181ccbed0e082c94583825f4755a982141b6f39f1ad891ba97e2fa

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\datareporting\glean\db\data.safe.tmp

MD5 beea466aeb95f1529740e8de6275b983
SHA1 52d36fb72a681d0f88917328d0cc3bea6f6a8875
SHA256 b845284be6eb237bbcdeb295c9c8b493f2356f72f12f43346250fc8984d1cb0b
SHA512 c171bd7cbf7e63e59323e1f2d069a338e72c2c294fb3f04f3c8a9811ca2eb70dde59712ae918c04938bdb43c99e71b7a3fb4af1edbea84db4a2800eedf9d32da

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\AlternateServices.bin

MD5 417cadfb341206b25751246134029698
SHA1 b5e4a909d985de2cacd8eabcccdc42d5093e025b
SHA256 e4b7e0e54bfe2afd42ea4cbfaa9f08180f39953e3f82cd3aaeddfec657299001
SHA512 47355be3165f261c9b2e020f20ef0412c6044f42c8208566b9e3900cf5bf79c4c7cb21d2f71ba2e0b1c90f5c91415591d7b0cd66565aefd40829e98c8aca65d0

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 09372174e83dbbf696ee732fd2e875bb
SHA1 ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256 c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512 b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

MD5 2a461e9eb87fd1955cea740a3444ee7a
SHA1 b10755914c713f5a4677494dbe8a686ed458c3c5
SHA256 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA512 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

MD5 842039753bf41fa5e11b3a1383061a87
SHA1 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256 d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512 d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\AlternateServices.bin

MD5 9476ee356c23bb1fad292a9d3a8caeab
SHA1 607bc71e17b2af8e03f93d18650b92c46cbc00e7
SHA256 574f9ddf425704822914b0fa6e951bfcb546909131df09b475f1650fd7bc8211
SHA512 1862b57d58ebdc191e433b312b09f6368ea76d83f806376f0ad3fadf7260b4a3348524b505bfa288cfc8826b9ef4fb565584eff566a2b6796cfe08a9a0d427c7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\prefs-1.js

MD5 a57a00d3926b28459ebe6e5138f6befc
SHA1 cb85a90588de8c9af6106345123899bcc1cdcae2
SHA256 ffb2dccd70c77e97a2b85baeb3fd3bcaa0e44bf0d4cdc3bea4ade6bc2dd98748
SHA512 1b60e522b4e70f35bbec82b7792113d800775a4e1333d2530964e79992cc8305ac0415916a5448b7685a80df40076d155c6b9899c1ead1c90ff42fa8c3bba571

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\sessionstore-backups\recovery.baklz4

MD5 9f807635c4b5803a91f87379bacf4aa7
SHA1 7e010696b521d319630131c8181b6b753b98511c
SHA256 4d903872f1b78bc3f580552c5d9ed05ed636b1d50187218504d88ed259ce30a2
SHA512 effa84623dbc76f1100d1f419e1ce3bff2662449d439d7262b07a6608210af868900d664168db1c03af9d3917b60fab39ed6c44bc415214ac9d9488b1324c3c2

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 0a8747a2ac9ac08ae9508f36c6d75692
SHA1 b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA256 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA512 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

MD5 bf957ad58b55f64219ab3f793e374316
SHA1 a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256 bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA512 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

MD5 daf7ef3acccab478aaa7d6dc1c60f865
SHA1 f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256 bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA512 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\entries\45CB607B2BF58F16E6796BCD27E8F70463767730

MD5 188a7be2378ee2f5c45603547a59e7c6
SHA1 b5917698b4a88b70c982aae8d88ac6afc69cc1b8
SHA256 5434f4a27807bf01882477be11ebee464a8d795f90372b60d600a1a005e52e2c
SHA512 a9417f11b2f39ee5df176febba9233d0743cf0451feefce6ff253e1dbf75f1cb3a82d593368ee92c4ca1a950794e89e9c1035f623a7e7c71250eb6e0eb965e53

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\sessionstore-backups\recovery.baklz4

MD5 155d41e50c91891d79965e372bfa6a1c
SHA1 393c4a9a2433d35ffa121b5ddc601095fa73edc8
SHA256 c95b9806595fa214a355c0112731638708291ab46084e62343b3a67b54ccf628
SHA512 7eb5309973b0828b732507d291667fd1e5b79eaa706db19094a2ebca6f73c0ffec425883822af49a92049afcca452aba42ec86c95759f50643cc61e82b73338f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\sessionstore-backups\recovery.baklz4

MD5 cc44803d5e82f57e010921d2fd0d0696
SHA1 428f3a91bbeb19d25199740db3afc2370b367a37
SHA256 b31b6de666a09b4a666e111f02635ae5329cb1f12d7f3a5a69f996ff2b0982e0
SHA512 4e28e4c719d15cf696e9a4f1068d203ba3f9c0fad805d3f4c35ac940b340b78e82e265eb9cfb6679909a33ac3dafa2a9e0bc68fc9d95f249f2a9ea753fbffd91

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\sessionstore-backups\recovery.baklz4

MD5 97c2f92cb04532441d254880481eb9dc
SHA1 42690d3a9ec5a261d56cf006587f7d4dc7412b93
SHA256 fa2462a27cf115d469ca1685b32d743505ee07ee685ba7a66fe59bce51d055e3
SHA512 2e33c026c9eb5fa0c0a1e46143ac6619ce08abff82ae8dcb884cc352fa92dd48ed83486d706a8189d425087973635a84904ae1735a124c74d1c7974d29391233

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 4c6e4b59a46a38070c68cd1b44efa8da
SHA1 1acfaebfa6e708536c1421c037fa24b673f565c0
SHA256 394b392a0c10b794fa35d5b4b5295fd8963531ecd33b5e652fa8c0d315d8e523
SHA512 ec040526e9c3be6c85d19a1851f96f1b1bc5e1db712ad5225af2bcd0f9226e1ac9e1d0c15407a6f0f722275850d0f1ad36466cac135a095fdc599daa11a32d95

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 81d0b22aed6b97c73f157350ac871e13
SHA1 f81234fea1b53d539e05263fc9eafe9cf1503a8a
SHA256 27be26438c807a7e63643dd2c07f30146c735b5b5652f00e443feddb4c458952
SHA512 e8eddcfbe5e96b46c9a3c9c712160c668d4aac8950d51c4bd741bb91fcee9cb96e1fce578a2a0a5e08e0d9080415c17e052c7887d1792c5544eea8ace118fad8

memory/3016-1008-0x00000258ABD80000-0x00000258ABD90000-memory.dmp

memory/3016-1009-0x00000258ABDA0000-0x00000258ABDB0000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\sessionstore-backups\recovery.baklz4

MD5 96a6a828abd8fe33cf33f76464064ccf
SHA1 786aa43dfe4162fa4ccc52024a10df35fa79c419
SHA256 5bb7e0c2ac5e78fc12cf6c16c7cccb111360e3bffcc5488e79f17e6dfe397e84
SHA512 e2ef550a1f8bd16730c54d7893e3e4ce36a48048d8c4188149a03c2f680b4464f775737ad3d67528a0cd32725fa0e480340214634fa9350368e98313d7842142

memory/3016-1039-0x00000258ABDA0000-0x00000258ABDB0000-memory.dmp

memory/3016-1038-0x00000258ABD80000-0x00000258ABD90000-memory.dmp

memory/3508-1037-0x0000018612670000-0x0000018613CE6000-memory.dmp

memory/3508-1042-0x0000018612670000-0x0000018613CE6000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\prefs-1.js

MD5 a9f51e9d4206dfda08fd2c54374e2bff
SHA1 b9d9e5fca4b92f7bf0e8ad9ddb174ffa65984892
SHA256 6a15242176cfb1193169523cd05cd29ca46492d49ff8163a7f64974966a3871d
SHA512 cec9b0227af2395a208e7d121169109ab5a03569c9ee07110c40b34c559c4cd0a9ba205883dcca1a5e945c459c29643cc578b4ddafc4a8afdffb368c9063947d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\sessionstore-backups\recovery.baklz4

MD5 c59f98bfbf441928bfe9153f1ba6cf0a
SHA1 0c6097264637d39e98bb30c6410dd47171da8660
SHA256 26dc3460c236ab42f290ee025830bbe5a848481e0856a4f81bf9fb6e5b73c7d6
SHA512 9c0eb850b739f63f6e9d3de27a22546eaabfac5cbd8050fb7650f22dd6f51ca5eb3970750051b1e84c2e5662b4468a1c1aa6f135684974da02e8e78829638958

memory/3508-1160-0x0000018612670000-0x0000018613CE6000-memory.dmp

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\entries\DCE46386E0518CC247A6C333315C1AB3C6C0AF2D

MD5 93fada625dbc2a8f574f7c5f155699e9
SHA1 19315e887fbfbc23e95a817dd99651b8b06d2151
SHA256 ec24b9a72783d40eb1201b9ff182b6ee26de7cf2e08c2cf61496de3b863fdf43
SHA512 5dd29522c20f9d8102be172b1bb07d72be086aecfa2bcc38ce162ca737a6747b2b8ab80bd5b8ac6c0345355d3f3b193383ec4994797b34872b1a83592eaf24b9

memory/3508-1527-0x0000018612670000-0x0000018613CE6000-memory.dmp

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\entries\677B80A25A006EDCC273545819E7C8B9A97E5201

MD5 97309dce2f43a2ee324e717e443c164e
SHA1 2171b95661e012183456bbff284778856e2f98da
SHA256 4bdcf14b254285f0c527aa4477840b6143db5e39494602be97a804a57f28fd0c
SHA512 45adde96fd82f6c7c4591e2fe379108c626d8cbf336153df532b3439809b2fb06dc3b482e6a05b49002e85fe67dbc3d057cea60c0dda5f045bbd5c7e76f744ba

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\doomed\7588

MD5 11b5d7912b497245266ceb3c02fdbd6c
SHA1 3ad902954d551a35ee9263d955df27723292f236
SHA256 7102ea1c846f43061b1ba2edee718c71c920174a5011b6bfe13bf09ef2cc3cfd
SHA512 35c8c41a27bcaf38e5cbc9836345c9a5bc83155d6210c0c041516004adfcbf141a14fdf54f68deffcb4563153c1b6204167671f2ca31fe4e3f03c0cf34604cad

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\doomed\20041

MD5 4f47052f513b4ef87eaad89b804bb293
SHA1 0c517afd3f85b4d082cc77db450e2bc83ebd45b5
SHA256 24552bfe0bac978277b98d9949dbd251bf473850cc871d1d8e409a362919daaf
SHA512 cb00ecab24b719d9acebbdfab34e88e5ebdce6b9df0f3cac6ecd3bf06fe9d6784e3184a4db6582af75698900df6d78baf14152f1c81b24eba5c1b64cd9323e0c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\sessionstore-backups\recovery.baklz4

MD5 4f01d0678015ab964ed69bd65a78ccc2
SHA1 32f9b3c048f28669f1778d8faf8238eb78c2dcb8
SHA256 8d5913f61a68facd6ef26c1d3dbe6367f7f3f2694de6302b30653cf9330a2e57
SHA512 b2e189b3990544bb89e9ecfadd9a72b1de21c6dd30460df1f4f0f5d41f371921939b098ba20ce2f7d4d696e2caed34b4833564b2560ce22c743bbb35029c8f03

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\entries\5B23235D54208C34AFF88FC6F18585FD8A8F8FAD

MD5 2198256b2e60ecc71d907e408c634f7c
SHA1 33d40febc42dfe985751ea4d84848d86fdabd5bd
SHA256 8f0d1c6165024f01a557ae313481356bf9195bd8ced75d7a626a75285781b2f2
SHA512 f9b7b7c005c5f610e81a019e7e243250a07c4abe435879c5125651abceae9aa34a770e62af82f574f901848b0051fc7dd12a43990531c1c6f0a3b280c8390f27

memory/3508-1803-0x0000018612670000-0x0000018613CE6000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\storage\default\https+++5bb6406ec4aef8a4a9d77d00402108c5.safeframe.googlesyndication.com^partitionKey=%28https%2Cwhatismyipaddress.com%29\idb\12183338011.sqlite

MD5 0de35648520fe276a0425c052ac9b36f
SHA1 65339f20c9a93a5c3bb264427f1b833f82002d56
SHA256 038dbbd1b2ed997e0037cba49fa7c52aa9f4964e222b5210b88909f9c4402e42
SHA512 7c1e2675a8428726ef01e93cdf71ce144826a6c2e62d84e98450ea9065ce2b4744fa7c1e071f650c321ecd38e6fe5ef5d15b3f36deffc040ffd44b4e3ef4d5e2

memory/3508-2306-0x0000018612670000-0x0000018613CE6000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\sessionstore-backups\recovery.baklz4

MD5 cc9b0506c492eb9eba8e92770f87a004
SHA1 78fbefa4c0bc1315bb3dc4dd5a476ca7b891e68e
SHA256 87b2c0223272c6b9cc7d4c22a38e69376217bbcbe31c8eec6221781de9ed6fee
SHA512 2da8a631c3f0c86351c61880a087056d0cdd8bd28a3326eb9bf77012a2453f1ecd6a92f647ff98b9a970a05608ce6a808b22de8b9a6160756254b4f2f8349a14

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\entries\5617C2BB77122AC13DC0FB65336A8386EC872F9E

MD5 51e3551a1a079f9ff4839bca20fb90f9
SHA1 c8e10eedcc75d52d40a9308c069c7943a3ee8f38
SHA256 44094f81dce14a5e3ad8c59b72d72d01de3bb2ef86774e1f07bf8b92e8120f52
SHA512 eb8c8ad658a3d9fb62a99a68597757a6ad48ae72f8b2f6b2aa45ede32d5fa82a765f119139ff93bf00fcad6618da80d6f8ed83cc008a1a1f29cf71155ce1649e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\entries\23FB114B3D9508B13B3FFB93EE562A3C1E2303EB

MD5 320f631b6e9861f39b2db273bfd26ff1
SHA1 99ef7e126abed2f087f24d1b008c9abe7e87846a
SHA256 82759885c3c2a33ef9cf12e1e9b0158cf1f41d056a5b265d8f6015097baa51e6
SHA512 2fb46f8395df113d9e32f33c084c797207b7ba4cc0e37bccc44fc6a1fbd5b60b36c3c7303c48ec4bfdcb25c82327ac593959ee92b4ea1331fdca9615a8af8771

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\doomed\14134

MD5 1a7f25f1da36aa49ee5bc9b441d62375
SHA1 3fa8f7b4bba474d10afe0b713b25780ce25bfb1f
SHA256 5015c3ff3897096106d99409a4f4c4094489a063497f389795592335936654ee
SHA512 cc7f3962ad13669f7e59ab680c1ab4fa5215ff55cbc396bfc85c7a0357299cc648a24af81c9710ceda5583b51417bb06e12da914f961500d18bc0af32a6b28dc

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\entries\C20D6E948C95171754338D15DA702FCB62A52108

MD5 961c11a78777addc624b2286dbe75dc6
SHA1 f4a3bb16f40f40db829002bc329b67f05112149d
SHA256 4c5e150a32683779e805114d57117170774d6ad30a24bec6efae25684fb079e8
SHA512 1561a3c0cb5e78b7008d2e421ec341f59b4290bd3ee85832b205cf76bba9f315dd6c2348e87a272171f82db2c46145911540fa47dff9fb6c9510ed50226e6411

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\entries\38EEC9C054A68E6A6BDF7B3FE4E840C27BD37EB3

MD5 b35269b20c42bdf197628fe7d63621e9
SHA1 15ebd7b144890d7e4246383d37846e9b1044396c
SHA256 105282bcfcca6b4c89ffbeb9287f0c7861d05d127520ac220c7fdaf70f6ec80b
SHA512 ff4a411347338790f315e0878f34529c9a5a9ef8d68c8d5cfcd053b40e76ef60443ca1d7c1aa8dead4d27d181c23b62be21706eb25ae083c313924fcd0019fad

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\entries\659954EB3DA5F4D5683518B98C6DA2C8396E501D

MD5 745165875625fdf0a774d8d47817b14d
SHA1 aec0e0ecb2a805d56acdc0584cfacc9d8115310e
SHA256 29fb4890a0103aaa679fcb1750cc1ac40dd41e1c686b16567e469d4ba465c13d
SHA512 4e9dc4a7370858a4cd35279122f2e8bea9c340d01b28aeffd4633eb5355fb7ba1a03c31c97f13aca5f11969035fdbc576596fd7000156ab80d9389e7b1988136

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\entries\219F18B59CFBAEB224CCC3162FFA1BD08C495212

MD5 b6670e659f136a63f8f0cd927a565c2a
SHA1 2805844c9e2e882c72e777f6b785aad82558a002
SHA256 05df73697dcfcfe255e2c480d748048a6ea557fcdc0302f78b16fa8a0154bbca
SHA512 bcd502917cc57b51ae103c2821c349ec758957e3952d56b611835ad3c1db571cffbd90847a6580b2f540847f9a52dca66e2f4a731b8aad24657a262c27b1c535

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\doomed\18657

MD5 a0b28772b864e0aabba7325883ddd891
SHA1 30800376c065d3b68500f265ce20c8f19b572511
SHA256 eb908c2ea9ebd690c548f7a3c3062eeddf25154624b2f7334dc72b0f20db180d
SHA512 6087d0e7a949894e8c224021e9b360c0435014b27bfcdd829c43454ddafaba6ea8e4c9b3983d391a87317792d540e3ae80e078f8d8b96a1abbc77ecd2f3de942

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\entries\B04A5D391986E5F6CDCE95D245DB557E663ACA1B

MD5 d3e7ffac38457ef92ec74fb734cf8df5
SHA1 20b9f670cac9c8b36394c6cec2c29403bdab6f66
SHA256 a4f35b6592f903a789fad0e67c04554d776223fca05e65232d342af345ab0b32
SHA512 99640eb4fee159b98c25f1989385b4ce618141c43a0dcf7f5383ea52a25a08e2a4b650c21cb9568086e9c3b7ae7de45d189f32066a2c1f27d2cb359b9a196e10

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\entries\5A96F086BB7A3FF6857DF05C021C96F66BC59837

MD5 7b40a9311a30090349e39dcb914e1e1b
SHA1 5b626a45cfff47c95629ae252440bdb56e8934c6
SHA256 720d84c6bc92a8a8f0b1bd04d9af97b820cfdd99b5a980a641bb8a2cbee0b45f
SHA512 93928a9912d4c1ad82822767b3aebbebeddaa644efa3eee934080b90d0114d4c068cb479256e8b0ebfeb7fff3e129d9fb2bd311eb4f492c8ab0179992f1edc9b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\doomed\29274

MD5 54f0ae6153359a4dd302d0755fc93bb5
SHA1 9f72aded27d132caa17070d13500eca5f831da26
SHA256 f5f30406052c77c2e44f36e0d1bc94c6984b769dbde8079c86a579b4223f05c5
SHA512 d24655b6a4d01ae15a070f05513a13f0caa38190e24038149e70a14a685ad446d37b415ee2125c3f2a3607757c1ef01839d63a3b0d9221a0c444b0635b10285f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\entries\DE26D147DBE5569F31980C868C430E7A30A282CD

MD5 74dbdf4ec70f39a631eecf2c61be8c65
SHA1 fd799f96af462bf0257aebb2b629ac556c664d49
SHA256 90eb66b1e23d8b59828ea07e5f1a5d97b8f282746102b9a2c81b635f1a6bba21
SHA512 68b4ba00abb609d6bbf60e253097dff4d3dc721037997156d131a48646267dec3b89cb67f09a5e440b5d16bf9c8291dbbb302cf1280cb6b9e796530869270d14

memory/3508-2793-0x0000018612670000-0x0000018613CE6000-memory.dmp

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\entries\6675F83157A27275AB7C98B98A4C0E4BD34CF038

MD5 af736d54af6951755156ddf322260d6e
SHA1 48abcc3fb3ea664e421d89e059f77221fb8e315e
SHA256 a9851c0d905e6cbaf62afaf70c15d24a31c4b5e1442322120c05b938a265a2ae
SHA512 49f3692f5e45fb5abce662ed1850a7169d6064603f95dd12748e2f8653a7aca03a13368824c3a5fb630beb46418825fc055b165a4ef9e79274fa58e0618855c5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\entries\48CE8F6EC90BE39DA275FE3BC27882603D848154

MD5 862575018d696fd75d22e5c589c17a5a
SHA1 f821ee5a4c213ecf3d75a99136d52749e7909146
SHA256 4baf1850927d23776365b5445c538efa06fc70da0db9e1f89b09a8e1f129c82a
SHA512 aafb7f3283f0532e54343a6c55d5673cdbb5ae2f306ada3af36c0132454a8116bd6c2f86bdec7c06b3c5dd547b6d76f3d3a3f4b6c7a85d950d057aa4713f6262

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\entries\619FDFDA0FBA4BCA0E20F1CF6F1CB9C9A1DA9A20

MD5 e6c0d7cf279bdfc1f96686e50b4a173a
SHA1 016b6aef1fd713455fca98babcc617b41982c752
SHA256 655fd1a8b6c1e4de156bff45e0469ad3b3f1a04f5e4d5582e029bc08e7f58118
SHA512 777f4ef9d4af028f74e7f8639761e0b388bd20f1790434a272952da6c8be0f3a749c3bcd88671de918325b7b43a008756c55efa58e9e2dfd07d2776c64ba0c03

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\entries\030023B6D00F4B435C7191D915BA30A315E5FF3A

MD5 cc9cab2c9a4aaad501400dd7ab98dedf
SHA1 d5069ecde867f8a80cc867f5733079a02d48745b
SHA256 bb7eec0cc85e2e90ea3f01b2edd9f7c89eb6bcd6002ec2dee615186804fc5390
SHA512 c6b1d330320c64bb52b984c6044d2bf9ec3ff847b73cd5ab726bcbee000d3241dbca8a6870c23ec35e51621e01bb31b61ba9afda3977d0ca46d81edb87d6dcd4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\entries\BC27801247C43DD3A2AE922BC96F2DA551DCD859

MD5 054b95056dccae5e5c8e6ecaca36bcf9
SHA1 3f98e3095b794c4967eaaf5f8e3dcbe5c3103dd6
SHA256 aeacdf8cc13ab6da321153be384307f2fa3dc11cc3544ccdef030608872f7d41
SHA512 6b8332728deea856fe6c9c3d524ac73a6bb1f3dc72d23c1d422706758491adf10ab7357bc6983ed6ba26c39a2b23aeca4e003b6678c5de8240ce19ebdceda9c4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\entries\8888620FCCCF2F0CD3024569BF10FE8A2F51F649

MD5 3339de657038632a3e428d26899da035
SHA1 b0d244f4bfe5b26161ce55e7f29c06d8b6417b24
SHA256 f699d24d85da8a6b91d7bd48abe1c144177e1e85e80623b782703c60ae6c84f7
SHA512 863e95cadc589fd0019515ab63779e2094033d7cf0b7bf69dd9154666dea0b702ba80da62aad86167f9aa459d1ad95e043d35eb1e065e545b2d51b6aed84f483

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\entries\CAA4FFEA60170965F0C665887DF9E787A5D356A1

MD5 4ae0b256815349c732197935828c3373
SHA1 66bc7f7d4bf2a8f79cb3662fda7c60df2439741d
SHA256 eff63aa0961bdf7fb861fc5d20ac3219e47f8209c19c7a2a13059ae4c3360063
SHA512 debf8c14a01621c6f6a76a995b97a2ab52adedbddd57d0ae957ba1ca416f21d91037e1cdd15659bf909bfce413621d75073df416444edcf2a2ee9472f75cb6c8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\sessionstore-backups\recovery.baklz4

MD5 6a1d046b044ce5916e18a6b7e7f12f32
SHA1 710bdb6d3e185e9d98ad8bed98b417ad48bf8a0c
SHA256 a02d9db342b78e7c023de8e2c8ee5504b2d65c440dd549b4e2498d8a6e0f5f26
SHA512 adb784d0319bf9916fb47d81e6c5b940b71af0435d3f2f9e650ea4110c9a01145d8eb817ac6b94627427b76e27496b26e733a7280558f64c6660b30a22098601

memory/3508-3589-0x0000018612670000-0x0000018613CE6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 be71c4f4801029bea5d46de5030fb80b
SHA1 43b48b7724b7acecc2afcdb0fa115276cdb2bce1
SHA256 d07899e7a768f2a7c6e7e737e3dd0623d9ef9c04dd182da7869daf4330419c66
SHA512 bc898aab4fdf70bb32b1743236fd6aa7b891e62379f6b3e006f1f18e3601cbc1ff777f117d8521de082adc233f6fd29869739313b27eb9484e5c7816155bc4eb

memory/3508-3599-0x0000018612670000-0x0000018613CE6000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\sessionstore-backups\recovery.baklz4

MD5 d43e79a9f543fa59f29b9409c636b088
SHA1 237fb6f8bd1ff4e130fd6c1d798771d9451e1e14
SHA256 a5b30aed746ffc539c01cba8f8643b4642f4b988094a1927cdb8e73997928140
SHA512 ebef211b44848514c268e8d390d89adc80f1396e0883817a7bc8469b3c8958bf7d3528705c3d637f003b9013bdeedae51e867a14c7a485bde13253fb6c75eff4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\entries\A84D6F23A3C4FF0EA8705354833EADFF3E319CF7

MD5 c94d8f600e8170f91364e30f9a09f914
SHA1 eb31a171888532725d577dd54530ebfb474886ee
SHA256 4eaaaa53f6bb84f44996c13627b2d4ba29e5387874910ccd2becbfd685249016
SHA512 1768882237015ec6d95b56f9c586e8ce095c1a321c55315d42e966f085935e0473af9411899b0ecece351231b65ec66022993f0317436eec4496e26ef944aabf

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\entries\EA87465A6B977981215042B94E7AB9FECDDEE708

MD5 d4d64966baec84bd122500a492832273
SHA1 96261bbaf681acd7d76d51faef87778a739263df
SHA256 4d17a4ddf45798297ca46b000d0e1211412249344987660f7c778a2671fa9f76
SHA512 a494ec3b11bde18dae72428aac72e15fbc182214955cabe14365466f0702b7c80dd15feeff45831340ec6b4ae6c382d2a3ca6e3913dbf4bfd64f391d46a76e03

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\entries\7D55F73D961C78D9EF6CAC8E40765073A3BDD7CF

MD5 df39f4aa8c38eb58925f5c8f3dbeee27
SHA1 f99c193d706a947c87e5a0525c371b4a8af88ab5
SHA256 6125c5fc4232d16fe685add36c0f08b3479844ad967de473d49461f8dfc4ef58
SHA512 c6df8a19e9132c12e0cc150ff21dd89b39643b7cb30b9b040a1a95d28f14d1cdd3e8a21be49c8e417f14a468a5588f88b9e60d0edafe4ef42068fdd342024b51

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\entries\2FD865645EAAF0607303E4AACF8305F249B13498

MD5 cad98f20c9a8eae30a13e3bcdfc8f34b
SHA1 db0d7aa43afd415646285e26390aaf60099e40e7
SHA256 929d887f6d658398649d4a6cfaa23d46351bbf28cf26317b50715e124f088302
SHA512 5835ed5412635f3ea371bb6267f8df68b7bd5dd432e0851345901433b2ef8f30176e3cbd310279b812f3e3f6d2aa32c4e9a6db324535784db83636e0322f377b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\entries\30416D929506067F3C85BBAD582FD44250A0C721

MD5 de9e3fde7aab243ed33d2eeced400209
SHA1 7b6c046f905cb63a9fd3219bfdccfad0a6c0efe0
SHA256 de4f39f881c2291d62645a9fec17f5805fd8408997d484fd38991a517896dedc
SHA512 27b42e92507a06621b6298b80ecff98bc61e159e845fac817ae2b71ebaf18e6166abca67ea29385b477e7663cd13974db30b0b9e062248dacd0a00438c3b7425

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\sessionstore-backups\recovery.baklz4

MD5 264081507592addc836bc43e0264f898
SHA1 1d1809c2cae2cf01eb45b359d5857745cfcc565a
SHA256 36d450a5359761c0d294bd59662488d9ad685eba67cef4776f48c9781c2455b0
SHA512 afaf3f87ca6c8fa11fd49a29a456c71e125f8ffb210b6e8610035d82b05218ff7bd4480a996d67cef6f91ccc16ed369833a3dea87b8331743dcc345e59d7f2e8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\cache2\entries\6D706F2C648084F3CB3534882828E2B7636CFC1A

MD5 a226eadd09d5a8bcd9fccae719ce3eeb
SHA1 f18fb4f1ae3c73a64254cc93b7e583fde6f15084
SHA256 2f5b007cf6244ad6d3794c9e24ed44dba9a6a05cc3d099199d44c833b6c9e269
SHA512 6ae8300cac611356c6514e94f7d07789631a55ccf4a64bb969f2def6ac2d6803f704a1a6516343393e4760a39b6ad88f8308094a7a54589d40f70123f22680fd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\datareporting\glean\db\data.safe.tmp

MD5 e0a8e0dc7cd8f506b23d6958bcfcc0fc
SHA1 c9d30d229f508c469521ec8fd0db025c1cbc877f
SHA256 9d1aef2c986f0c0889aaa064529a63636f22feecb794f1a1964a009910a623b8
SHA512 2d295ef75a98a281852c90a9fe803300c0689ac1affa24f8aaa1821610762e6120b75ac3c6febf1c157e8d83a7d4e2117b6ffa4e09738b96584b410fba4381b8

memory/3016-4185-0x00000258AA180000-0x00000258AA181000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 ff488cceda3a6b3e2012551eb39f6d60
SHA1 d8f3cc2ee2d7a2c400bc9dfcee09803f7d7f6538
SHA256 56193189fa292a4ae5bc42cd3951e80d6d723e03330873bd83a8c0463a554125
SHA512 74965d4c557d02ccd9bb9a836c25d391e51fe1139eed204f4dd097170959eaf87bf5b52b014407a15a2596fa9866d5620129ef69a8a822dac71ec296a6a2d404

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 bb31aeb7a4d731a876d91c4cde48dcb2
SHA1 3e0af910c1babb4887ece71a3684a7b2ee25ba70
SHA256 9df5571c5bcf11209fb1c9e234f121290c8b9b0995735b77aab9272a52583bc5
SHA512 dd91ef167ddaafbe35e87ac6f2d557c2cba5012e8190830a7abb4304611ac2c09754740459e852fca618c3471fa545b255ac9499c5195e851da71da51b62c36c

C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_431_x64\Java3BillDevices.png

MD5 8e52efc6798ed074072f527309a1ba25
SHA1 347d4c6b4f92e7315d9b199a97dd5cf7d86b2431
SHA256 12491ebc4eb99bf014d3bc44f770114bde013e84cbec2633303559a8c6e5f991
SHA512 0653c6e7f94ac36fe555db3eda8465f99d17cdbab91ea6413c6bd68dbbbb4db5df06e5d62768f6f4dfcef8d207d771e0b6924adfe403b92729bc4c5689e4fca7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

MD5 e41527b6c6edbd1c4640041d4bc653d0
SHA1 40e31a73fb2bad0366f6ebd6ac4eebdf91aa9331
SHA256 22711c82024af0731a80a571ccf6dc812d2dd15253929d49c79e9ac088f6c3ae
SHA512 0bd24f12ee2c27bf13d5b2641121f9d3b5e31f9edd0dfe5168536ac29bf2d5b77f117704d83bac1ad8672d82b74cac72fb78723f94e025bb1581f5e6787ad08e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

MD5 e753ecd76e14cbb65e3080c1f5fab1f4
SHA1 78255014d61ed622af8d0362da00a0989571b3e3
SHA256 1cdacf97e04e901ef5dac189335e829e241d8253c288bf12aae84aa539c2248f
SHA512 6e5d5559965662a9eb4c639da317031297c949af0c33408882156d4a286f0423b37af9166c9a28ecc707dee2d3b2ef1b42f50cffdd59f9151e2187e91eb95557

memory/3016-4318-0x00000258ABD40000-0x00000258ABD50000-memory.dmp

memory/3016-4326-0x00000258ABD30000-0x00000258ABD40000-memory.dmp

memory/3016-4332-0x00000258ABDA0000-0x00000258ABDB0000-memory.dmp

memory/3016-4331-0x00000258ABD80000-0x00000258ABD90000-memory.dmp

memory/3016-4330-0x00000258ABD70000-0x00000258ABD80000-memory.dmp

memory/3016-4329-0x00000258ABD60000-0x00000258ABD70000-memory.dmp

memory/3016-4328-0x00000258ABD50000-0x00000258ABD60000-memory.dmp

memory/3016-4327-0x00000258ABA50000-0x00000258ABCC0000-memory.dmp

memory/3016-4325-0x00000258ABD20000-0x00000258ABD30000-memory.dmp

memory/3016-4324-0x00000258ABD10000-0x00000258ABD20000-memory.dmp

memory/3016-4323-0x00000258ABD00000-0x00000258ABD10000-memory.dmp

memory/3016-4322-0x00000258ABCF0000-0x00000258ABD00000-memory.dmp

memory/3016-4321-0x00000258ABCE0000-0x00000258ABCF0000-memory.dmp

memory/3016-4320-0x00000258ABCD0000-0x00000258ABCE0000-memory.dmp

memory/3016-4319-0x00000258ABCC0000-0x00000258ABCD0000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-08 00:06

Reported

2024-11-08 00:09

Platform

win11-20241007-en

Max time kernel

149s

Max time network

151s

Command Line

java -jar "C:\Users\Admin\AppData\Local\Temp\RAT NIGGA.jar"

Signatures

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000\Software\Microsoft\Windows\CurrentVersion\Run\Home = "C:\\Program Files\\Java\\jre-1.8\\bin\\javaw.exe -jar C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\.tmp\\1731024431191.tmp" C:\Windows\system32\reg.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe N/A

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\attrib.exe N/A

Processes

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe

java -jar "C:\Users\Admin\AppData\Local\Temp\RAT NIGGA.jar"

C:\Windows\SYSTEM32\attrib.exe

attrib +H C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1731024431191.tmp

C:\Windows\SYSTEM32\cmd.exe

cmd.exe /c "REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1731024431191.tmp" /f"

C:\Windows\system32\reg.exe

REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1731024431191.tmp" /f

Network

Country Destination Domain Proto
CA 64.39.174.60:23750 tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
CA 64.39.174.60:23750 tcp

Files

memory/4744-2-0x0000020380000000-0x0000020380270000-memory.dmp

memory/4744-15-0x0000020380270000-0x0000020380280000-memory.dmp

memory/4744-17-0x0000020380280000-0x0000020380290000-memory.dmp

memory/4744-19-0x0000020380290000-0x00000203802A0000-memory.dmp

memory/4744-21-0x00000203802A0000-0x00000203802B0000-memory.dmp

memory/4744-23-0x00000203802B0000-0x00000203802C0000-memory.dmp

memory/4744-25-0x00000203802C0000-0x00000203802D0000-memory.dmp

memory/4744-27-0x00000203802D0000-0x00000203802E0000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1731024431191.tmp

MD5 eaf4f869a0be0418568b88301e8318e5
SHA1 0f5efc7f8fea65eaa0bca6746ff72eeb4d65bd9e
SHA256 1e8d94d04b2d21fe062345f4f2eb5bd6896f420e1a98c17eaf0105236ae52b67
SHA512 2c746db76c9f9987d85809d7598b9a24558d8a1b1c98e77e0398725258b1611e7227dacd7efa094a8f0bdf9cb16b2aae794c5ddcea3a02f6bb153c4403a99c9a

memory/4744-31-0x00000203802E0000-0x00000203802F0000-memory.dmp

memory/4744-33-0x00000203802F0000-0x0000020380300000-memory.dmp

memory/4744-36-0x00000203F9FE0000-0x00000203F9FE1000-memory.dmp

memory/4744-37-0x0000020380000000-0x0000020380270000-memory.dmp

memory/4744-38-0x0000020380270000-0x0000020380280000-memory.dmp

memory/4744-39-0x0000020380280000-0x0000020380290000-memory.dmp

memory/4744-40-0x00000203F9FE0000-0x00000203F9FE1000-memory.dmp

memory/4744-41-0x0000020380290000-0x00000203802A0000-memory.dmp

memory/4744-42-0x00000203802A0000-0x00000203802B0000-memory.dmp

memory/4744-43-0x00000203802B0000-0x00000203802C0000-memory.dmp

memory/4744-44-0x00000203802C0000-0x00000203802D0000-memory.dmp

memory/4744-45-0x00000203802D0000-0x00000203802E0000-memory.dmp

memory/4744-46-0x00000203802E0000-0x00000203802F0000-memory.dmp

memory/4744-47-0x00000203802F0000-0x0000020380300000-memory.dmp

memory/4744-53-0x00000203F9FE0000-0x00000203F9FE1000-memory.dmp

memory/4744-54-0x0000020380300000-0x0000020380310000-memory.dmp

memory/4744-55-0x00000203F9FE0000-0x00000203F9FE1000-memory.dmp

memory/4744-56-0x0000020380300000-0x0000020380310000-memory.dmp

memory/4744-58-0x0000020380310000-0x0000020380320000-memory.dmp

memory/4744-60-0x0000020380310000-0x0000020380320000-memory.dmp