Malware Analysis Report

2025-04-13 12:20

Sample ID 250326-qm7djswsfw
Target Client1.exe
SHA256 fabc467aee7674695a0e55e90f4d7136835d9876fddeac5a9af3e4a071772af5
Tags
xworm gurcu discovery motw persistence phishing rat stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

fabc467aee7674695a0e55e90f4d7136835d9876fddeac5a9af3e4a071772af5

Threat Level: Known bad

The file Client1.exe was found to be: Known bad.

Malicious Activity Summary

xworm gurcu discovery motw persistence phishing rat stealer trojan

Detect Xworm Payload

Xworm family

Gurcu family

Gurcu, WhiteSnake

Xworm

Executes dropped EXE

Checks computer location settings

Drops startup file

Mark of the Web detected: This indicates that the page was originally saved or cloned.

Adds Run key to start application

Looks up external IP address via web service

Unsigned PE

Browser Information Discovery

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Scheduled Task/Job: Scheduled Task

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Modifies registry class

Delays execution with timeout.exe

Modifies data under HKEY_USERS

Suspicious use of SetWindowsHookEx

Uses Task Scheduler COM API

Suspicious use of FindShellTrayWindow

Checks processor information in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-03-26 13:23

Signatures

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A

Xworm family

xworm

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-03-26 13:23

Reported

2025-03-26 13:28

Platform

win10v2004-20250314-de

Max time kernel

272s

Max time network

275s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Client1.exe"

Signatures

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Gurcu family

gurcu

Gurcu, WhiteSnake

stealer gurcu

Xworm

trojan rat xworm

Xworm family

xworm

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Client1.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\test.lnk C:\Users\Admin\AppData\Local\Temp\Client1.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\test.lnk C:\Users\Admin\AppData\Local\Temp\Client1.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\test.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\test = "C:\\Users\\Admin\\AppData\\Roaming\\test.exe" C:\Users\Admin\AppData\Local\Temp\Client1.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A whatismyipaddress.com N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A www.iplocation.net N/A N/A
N/A www.iplocation.net N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A whatismyipaddress.com N/A N/A
N/A www.iplocation.net N/A N/A

Mark of the Web detected: This indicates that the page was originally saved or cloned.

phishing motw
Description Indicator Process Target
N/A https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Delays execution with timeout.exe

defense_evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\timeout.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133874692366207204" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\schtasks.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Client1.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\test.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\test.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2432 wrote to memory of 4604 N/A C:\Users\Admin\AppData\Local\Temp\Client1.exe C:\Windows\System32\schtasks.exe
PID 2432 wrote to memory of 4604 N/A C:\Users\Admin\AppData\Local\Temp\Client1.exe C:\Windows\System32\schtasks.exe
PID 2432 wrote to memory of 5696 N/A C:\Users\Admin\AppData\Local\Temp\Client1.exe C:\Windows\System32\schtasks.exe
PID 2432 wrote to memory of 5696 N/A C:\Users\Admin\AppData\Local\Temp\Client1.exe C:\Windows\System32\schtasks.exe
PID 2432 wrote to memory of 4200 N/A C:\Users\Admin\AppData\Local\Temp\Client1.exe C:\Windows\system32\cmd.exe
PID 2432 wrote to memory of 4200 N/A C:\Users\Admin\AppData\Local\Temp\Client1.exe C:\Windows\system32\cmd.exe
PID 4200 wrote to memory of 4604 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\timeout.exe
PID 4200 wrote to memory of 4604 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\timeout.exe
PID 4936 wrote to memory of 1572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4936 wrote to memory of 1572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4936 wrote to memory of 5600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4936 wrote to memory of 5600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4936 wrote to memory of 5600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4936 wrote to memory of 5600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4936 wrote to memory of 5600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4936 wrote to memory of 5600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4936 wrote to memory of 5600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4936 wrote to memory of 5600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4936 wrote to memory of 5600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4936 wrote to memory of 5600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4936 wrote to memory of 5600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4936 wrote to memory of 5600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4936 wrote to memory of 5600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4936 wrote to memory of 5600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4936 wrote to memory of 5600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4936 wrote to memory of 5600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4936 wrote to memory of 5600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4936 wrote to memory of 5600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4936 wrote to memory of 5600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4936 wrote to memory of 5600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4936 wrote to memory of 5600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4936 wrote to memory of 5600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4936 wrote to memory of 5600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4936 wrote to memory of 5600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4936 wrote to memory of 5600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4936 wrote to memory of 5600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4936 wrote to memory of 5600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4936 wrote to memory of 5600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4936 wrote to memory of 5600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4936 wrote to memory of 5600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4936 wrote to memory of 5884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4936 wrote to memory of 5884 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4936 wrote to memory of 5296 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4936 wrote to memory of 5296 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4936 wrote to memory of 5296 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4936 wrote to memory of 5296 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4936 wrote to memory of 5296 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4936 wrote to memory of 5296 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4936 wrote to memory of 5296 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4936 wrote to memory of 5296 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4936 wrote to memory of 5296 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4936 wrote to memory of 5296 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4936 wrote to memory of 5296 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4936 wrote to memory of 5296 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4936 wrote to memory of 5296 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4936 wrote to memory of 5296 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4936 wrote to memory of 5296 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4936 wrote to memory of 5296 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4936 wrote to memory of 5296 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4936 wrote to memory of 5296 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4936 wrote to memory of 5296 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4936 wrote to memory of 5296 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4936 wrote to memory of 5296 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4936 wrote to memory of 5296 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\Client1.exe

"C:\Users\Admin\AppData\Local\Temp\Client1.exe"

C:\Windows\System32\schtasks.exe

"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "test" /tr "C:\Users\Admin\AppData\Roaming\test.exe"

C:\Users\Admin\AppData\Roaming\test.exe

C:\Users\Admin\AppData\Roaming\test.exe

C:\Users\Admin\AppData\Roaming\test.exe

C:\Users\Admin\AppData\Roaming\test.exe

C:\Windows\System32\schtasks.exe

"C:\Windows\System32\schtasks.exe" /delete /f /tn "test"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp4893.tmp.bat""

C:\Windows\system32\timeout.exe

timeout 3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffc151adcf8,0x7ffc151add04,0x7ffc151add10

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2016,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1944 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=de --service-sandbox-type=none --string-annotations --field-trial-handle=1628,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2196 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=de --service-sandbox-type=service --string-annotations --field-trial-handle=2308,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2408 /prefetch:8

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3240,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3260 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3336,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3512 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4364,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4384 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4692,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4784 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=de --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5420,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5360 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5360,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5436 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5504,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3588 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=de --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3556,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3488 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5660,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3540 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5948,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5836 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5976,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6008 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=6136,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6156 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=6376,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6396 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=6508,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6544 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=6660,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6680 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6800,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6824 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=7076,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6948 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5724,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5516 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6540,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6060 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6880,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6928 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=3536,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6656 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6920,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6440 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=de --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3032,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5880 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4a0 0x4f8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=de --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6264,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3640 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=de --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6204,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3588 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=de --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6132,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6268 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=4532,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4412 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=4480,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4524 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=6032,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6236 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=6420,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6964 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=6340,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5820 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=7300,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7312 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=7456,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7468 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=7592,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7612 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=7780,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7744 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=7896,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7920 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=8040,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=8136 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=8536,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=8504 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=8596,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=8544 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=8736,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=8752 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=8896,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=8908 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=9052,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=9084 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=9208,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=9224 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=8916,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=9380 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=9520,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=9536 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=9664,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=9676 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=9836,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=9848 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=9844,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=10004 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=10132,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=10160 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=10428,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=10444 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=10588,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=10600 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --field-trial-handle=10752,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=10620 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --field-trial-handle=10896,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=10912 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --field-trial-handle=10640,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=11208 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --field-trial-handle=10296,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=10364 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --field-trial-handle=10480,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=8272 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --field-trial-handle=11284,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=11316 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --field-trial-handle=11460,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=11472 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --field-trial-handle=11532,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=11648 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --field-trial-handle=11464,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=11676 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --field-trial-handle=11652,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=11944 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --field-trial-handle=12068,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=12164 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --field-trial-handle=9104,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=12104 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --field-trial-handle=12112,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=12192 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --field-trial-handle=7600,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=8528 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --field-trial-handle=9504,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7656 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --field-trial-handle=12792,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=12116 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --field-trial-handle=12860,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=12864 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --field-trial-handle=12904,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=12356 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --field-trial-handle=13036,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=13048 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --field-trial-handle=13112,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=13260 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --field-trial-handle=13092,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=13236 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --field-trial-handle=13132,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=13300 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --field-trial-handle=12932,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=12788 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --field-trial-handle=13796,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=13808 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --field-trial-handle=13832,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=13956 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --field-trial-handle=14180,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=12896 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --field-trial-handle=14096,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=14108 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --field-trial-handle=14264,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=14328 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --field-trial-handle=14260,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=14560 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --field-trial-handle=14308,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=14700 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --field-trial-handle=14824,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=14924 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --field-trial-handle=15044,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=15080 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --field-trial-handle=11912,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=13816 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --field-trial-handle=15560,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=13792 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --field-trial-handle=10452,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=10564 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --field-trial-handle=10540,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=10568 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --field-trial-handle=13088,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=13760 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --field-trial-handle=13732,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=13748 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --field-trial-handle=15344,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=14884 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --field-trial-handle=13328,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=14612 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --field-trial-handle=12320,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=12340 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.telegram.org udp
NL 149.154.167.220:443 api.telegram.org tcp
US 8.8.8.8:53 park-meetup.gl.at.ply.gg udp
US 147.185.221.18:62592 park-meetup.gl.at.ply.gg tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.180.3:80 c.pki.goog tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com udp
US 8.8.8.8:53 ogads-pa.clients6.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.212.206:443 play.google.com udp
GB 142.250.179.238:443 apis.google.com udp
GB 216.58.212.234:443 ogads-pa.clients6.google.com tcp
GB 216.58.212.206:443 play.google.com tcp
GB 216.58.212.206:443 play.google.com tcp
GB 142.250.179.238:443 apis.google.com tcp
GB 142.250.179.238:443 apis.google.com tcp
GB 216.58.212.234:443 ogads-pa.clients6.google.com udp
US 8.8.8.8:53 clients2.google.com udp
N/A 224.0.0.251:5353 udp
GB 142.250.179.228:443 www.google.com udp
GB 216.58.212.234:443 ogads-pa.clients6.google.com tcp
US 8.8.8.8:53 dns-tunnel-check.googlezip.net udp
US 8.8.8.8:53 tunnel.googlezip.net udp
US 8.8.8.8:53 translate.googleapis.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 216.58.212.234:443 ogads-pa.clients6.google.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 216.58.212.206:443 play.google.com tcp
US 8.8.8.8:53 consent.google.com udp
GB 216.58.204.78:443 consent.google.com tcp
US 8.8.8.8:53 whatismyipaddress.com udp
US 104.19.223.79:443 whatismyipaddress.com tcp
US 104.19.223.79:443 whatismyipaddress.com tcp
US 104.19.223.79:443 whatismyipaddress.com tcp
US 104.19.223.79:443 whatismyipaddress.com tcp
US 104.19.223.79:443 whatismyipaddress.com tcp
US 104.19.223.79:443 whatismyipaddress.com tcp
US 104.19.223.79:443 whatismyipaddress.com udp
US 8.8.8.8:53 a.omappapi.com udp
US 8.8.8.8:53 cmp.inmobi.com udp
US 8.8.8.8:53 a.pub.network udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 zipthelake.com udp
FR 54.230.112.56:443 cmp.inmobi.com tcp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
GB 143.244.38.136:443 a.omappapi.com tcp
US 104.18.20.206:443 a.pub.network tcp
US 34.110.146.185:443 zipthelake.com tcp
US 8.8.8.8:53 api.omappapi.com udp
US 8.8.8.8:53 optimise.net udp
US 8.8.8.8:53 api.floors.dev udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 d.pub.network udp
US 34.111.152.239:443 optimise.net tcp
US 34.160.128.112:443 api.floors.dev tcp
US 104.18.3.9:443 api.omappapi.com tcp
US 34.160.152.31:443 d.pub.network tcp
GB 142.250.200.46:443 clients2.google.com udp
GB 172.217.169.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 www.clarity.ms udp
US 8.8.8.8:53 static.adsafeprotected.com udp
US 104.18.20.206:443 a.pub.network udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 13.107.246.64:443 www.clarity.ms tcp
FR 54.230.112.56:443 cmp.inmobi.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 td.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 onesignal.com udp
BE 74.125.133.157:443 stats.g.doubleclick.net tcp
GB 142.250.179.226:443 td.doubleclick.net tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
GB 172.217.16.227:443 www.google.co.uk tcp
US 8.8.8.8:53 api.cmp.inmobi.com udp
US 8.8.8.8:53 o.clarity.ms udp
DE 52.59.81.144:443 api.cmp.inmobi.com tcp
US 52.152.143.207:443 o.clarity.ms tcp
GB 52.84.90.27:443 static.adsafeprotected.com tcp
GB 142.250.187.194:443 securepubads.g.doubleclick.net tcp
US 34.110.146.185:443 zipthelake.com udp
GB 142.250.187.194:443 securepubads.g.doubleclick.net udp
GB 142.250.187.194:443 securepubads.g.doubleclick.net udp
US 34.110.146.185:443 zipthelake.com tcp
US 8.8.8.8:53 c.clarity.ms udp
IE 13.74.129.1:443 c.clarity.ms tcp
US 8.8.8.8:53 c.bing.com udp
US 150.171.28.10:443 c.bing.com tcp
US 34.111.152.239:443 optimise.net tcp
US 34.111.152.239:443 optimise.net udp
US 34.110.146.185:443 zipthelake.com udp
US 8.8.8.8:53 cdn.confiant-integrations.net udp
US 8.8.8.8:53 c.pub.network udp
US 34.160.152.31:443 c.pub.network tcp
US 34.160.152.31:443 c.pub.network tcp
US 34.160.152.31:443 c.pub.network udp
US 104.18.43.90:443 cdn.confiant-integrations.net tcp
US 104.18.43.90:443 cdn.confiant-integrations.net udp
US 8.8.8.8:53 freestar-io.videoplayerhub.com udp
US 8.8.8.8:53 cdn.hadronid.net udp
US 8.8.8.8:53 api.rlcdn.com udp
US 172.67.74.207:443 freestar-io.videoplayerhub.com tcp
US 172.67.36.110:443 cdn.hadronid.net tcp
US 8.8.8.8:53 live.primis.tech udp
US 172.67.36.110:443 cdn.hadronid.net tcp
FR 18.161.97.4:443 live.primis.tech tcp
GB 142.250.187.194:443 securepubads.g.doubleclick.net tcp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
US 8.8.8.8:53 s2s.t13.io udp
US 8.8.8.8:53 bc836451966e76c31748d0baab61454e.safeframe.googlesyndication.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 pa.openx.net udp
US 34.107.140.113:443 s2s.t13.io tcp
US 34.107.140.113:443 s2s.t13.io tcp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 ex.ingage.tech udp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 8.8.8.8:53 rtb.openx.net udp
US 8.8.8.8:53 a.teads.tv udp
US 8.8.8.8:53 grid-bidder.criteo.com udp
US 104.18.26.216:443 ex.ingage.tech tcp
US 35.186.253.211:443 rtb.openx.net tcp
US 35.186.253.211:443 rtb.openx.net tcp
US 172.67.74.207:443 freestar-io.videoplayerhub.com tcp
GB 23.192.17.198:443 a.teads.tv tcp
DE 3.78.93.150:443 btlr.sharethrough.com tcp
DE 3.78.93.150:443 btlr.sharethrough.com tcp
DE 3.78.93.150:443 btlr.sharethrough.com tcp
DE 3.78.93.150:443 btlr.sharethrough.com tcp
DE 3.78.93.150:443 btlr.sharethrough.com tcp
DE 3.78.93.150:443 btlr.sharethrough.com tcp
FR 18.161.97.4:443 live.primis.tech udp
NL 178.250.1.38:443 grid-bidder.criteo.com tcp
US 104.18.27.193:443 htlb.casalemedia.com tcp
US 104.18.27.193:443 htlb.casalemedia.com tcp
US 8.8.8.8:53 btloader.com udp
US 172.67.41.60:443 btloader.com tcp
US 8.8.8.8:53 id.hadron.ad.gt udp
US 8.8.8.8:53 a.ad.gt udp
US 104.18.26.216:443 ex.ingage.tech tcp
US 35.186.253.211:443 rtb.openx.net tcp
US 104.22.5.69:443 a.ad.gt tcp
US 104.22.4.69:443 a.ad.gt tcp
US 172.67.41.60:443 btloader.com tcp
US 8.8.8.8:53 ad-delivery.net udp
US 172.67.69.19:443 ad-delivery.net tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 8.8.8.8:53 cdn.browsiprod.com udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 34.107.140.113:443 s2s.t13.io tcp
US 104.18.27.193:443 htlb.casalemedia.com udp
US 104.18.26.216:443 ex.ingage.tech tcp
US 8.8.8.8:53 hbx.media.net udp
GB 23.192.24.32:443 hbx.media.net tcp
US 8.8.8.8:53 api.btloader.com udp
US 130.211.23.194:443 api.btloader.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 34.120.133.55:443 api.rlcdn.com tcp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
US 8.8.8.8:53 eb2.3lift.com udp
GB 2.22.134.142:443 secure-assets.rubiconproject.com tcp
US 76.223.111.18:443 eb2.3lift.com tcp
US 8.8.8.8:53 bh.contextweb.com udp
US 8.8.8.8:53 p.ad.gt udp
US 8.8.8.8:53 ids4.ad.gt udp
US 8.8.8.8:53 secure.adnxs.com udp
US 8.8.8.8:53 u.openx.net udp
US 8.8.8.8:53 token.rubiconproject.com udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 image2.pubmatic.com udp
NL 208.93.169.131:443 bh.contextweb.com tcp
NL 198.47.127.205:443 image2.pubmatic.com tcp
US 3.33.220.150:443 match.adsrvr.org tcp
GB 142.250.180.1:443 bc836451966e76c31748d0baab61454e.safeframe.googlesyndication.com tcp
US 104.22.5.69:443 p.ad.gt tcp
GB 23.192.17.43:443 ads.pubmatic.com tcp
GB 23.192.17.43:443 ads.pubmatic.com tcp
NL 69.173.156.149:443 token.rubiconproject.com tcp
US 54.191.70.79:443 ids4.ad.gt tcp
IE 34.252.137.202:443 ap.lijit.com tcp
IE 34.252.137.202:443 ap.lijit.com tcp
US 34.98.64.218:443 u.openx.net tcp
DE 37.252.173.215:443 secure.adnxs.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 34.36.214.49:443 pa.openx.net tcp
US 34.120.133.55:443 api.rlcdn.com tcp
US 8.8.8.8:53 sync.go.sonobi.com udp
US 8.8.8.8:53 api-gdpr.intentiq.com udp
GB 23.192.24.32:443 hbx.media.net udp
US 69.166.1.67:443 sync.go.sonobi.com tcp
US 8.8.8.8:53 pubads.g.doubleclick.net udp
US 76.223.111.18:443 eb2.3lift.com tcp
GB 23.192.17.43:443 ads.pubmatic.com tcp
US 34.98.64.218:443 u.openx.net tcp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
US 8.8.8.8:53 ids.ad.gt udp
FR 3.164.85.68:443 api-gdpr.intentiq.com tcp
US 34.107.140.113:443 s2s.t13.io udp
IE 34.252.137.202:443 ap.lijit.com tcp
US 35.186.253.211:443 rtb.openx.net udp
US 8.8.8.8:53 s.seedtag.com udp
GB 216.58.201.98:443 pubads.g.doubleclick.net tcp
US 52.201.83.10:443 cs-server-s2s.yellowblue.io tcp
US 34.149.50.64:443 s.seedtag.com tcp
US 104.22.4.69:443 ids.ad.gt tcp
US 8.8.8.8:53 pbs-cs.yellowblue.io udp
US 8.8.8.8:53 pxl.iqm.com udp
US 8.8.8.8:53 c21lg-d.media.net udp
IE 34.252.137.202:443 ap.lijit.com tcp
US 34.107.140.113:443 s2s.t13.io tcp
US 3.33.220.150:443 match.adsrvr.org tcp
US 8.8.8.8:53 dis.criteo.com udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 us-u.openx.net udp
US 8.8.8.8:53 creativecdn.com udp
US 8.8.8.8:53 match.deepintent.com udp
US 8.8.8.8:53 rtb.mfadsrvr.com udp
US 34.98.64.218:443 us-u.openx.net tcp
US 8.8.8.8:53 ad.360yield.com udp
US 104.22.5.69:443 ids.ad.gt tcp
US 8.8.8.8:53 seg.ad.gt udp
US 104.22.4.69:443 seg.ad.gt tcp
US 104.22.4.69:443 seg.ad.gt tcp
US 34.149.50.64:443 s.seedtag.com tcp
US 104.22.4.69:443 seg.ad.gt tcp
US 34.107.140.113:443 s2s.t13.io tcp
US 3.33.220.150:443 match.adsrvr.org tcp
US 8.8.8.8:53 sync.smartadserver.com udp
NL 89.149.193.121:443 sync.smartadserver.com tcp
US 8.8.8.8:53 b1sync.zemanta.com udp
US 64.74.236.31:443 b1sync.zemanta.com tcp
US 216.239.32.36:443 region1.analytics.google.com udp
US 52.152.143.207:443 o.clarity.ms tcp
US 52.152.143.207:443 o.clarity.ms tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 8.8.8.8:53 www.iplocation.net udp
US 104.26.7.214:443 www.iplocation.net tcp
US 104.26.7.214:443 www.iplocation.net tcp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 code.jquery.com udp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 151.101.2.137:443 code.jquery.com tcp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 stackpath.bootstrapcdn.com udp
US 8.8.8.8:53 www.ezojs.com udp
US 8.8.8.8:53 challenges.cloudflare.com udp
US 8.8.8.8:53 delivery.adrecover.com udp
US 151.101.129.229:443 cdn.jsdelivr.net tcp
US 104.18.11.207:443 stackpath.bootstrapcdn.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com udp
FR 54.230.112.41:443 delivery.adrecover.com tcp
FR 54.230.112.41:443 delivery.adrecover.com tcp
US 104.18.95.41:443 challenges.cloudflare.com tcp
US 104.21.63.106:443 www.ezojs.com tcp
GB 216.58.212.234:443 ajax.googleapis.com tcp
US 151.101.129.229:443 cdn.jsdelivr.net tcp
FR 54.230.112.41:443 delivery.adrecover.com tcp
US 104.18.95.41:443 challenges.cloudflare.com tcp
US 104.21.63.106:443 www.ezojs.com tcp
GB 216.58.212.234:443 ajax.googleapis.com tcp
US 104.21.63.106:443 www.ezojs.com udp
US 104.18.95.41:443 challenges.cloudflare.com udp
US 8.8.8.8:53 www.clarity.ms udp
US 8.8.8.8:53 cdn.adpushup.com udp
US 8.8.8.8:53 cdn.pushmaster-cdn.xyz udp
US 8.8.8.8:53 cdn.fuseplatform.net udp
US 8.8.8.8:53 cdn4.buysellads.net udp
US 8.8.8.8:53 g.ezoic.net udp
GB 159.65.211.77:443 cdn4.buysellads.net tcp
FR 52.222.144.82:443 cdn.adpushup.com tcp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 104.26.15.80:443 cdn.pushmaster-cdn.xyz tcp
US 13.107.246.64:443 www.clarity.ms tcp
FR 13.37.187.223:443 g.ezoic.net tcp
US 104.22.53.86:443 cdn.id5-sync.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 104.17.159.237:443 cdn.fuseplatform.net tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
GB 172.217.16.238:443 fundingchoicesmessages.google.com tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 t.fullres.net udp
NL 152.42.150.143:443 t.fullres.net tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net udp
GB 172.217.169.10:443 content-autofill.googleapis.com tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net udp
GB 172.217.16.238:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
DE 162.19.138.120:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 maps.google.com udp
GB 172.217.169.10:443 content-autofill.googleapis.com tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
DE 162.19.138.120:443 lb.eu-1-id5-sync.com tcp
US 104.17.159.237:443 cdn.fuseplatform.net tcp
FR 54.230.112.56:443 cmp.inmobi.com tcp
US 8.8.8.8:53 c.amazon-adsystem.com udp
FR 3.160.182.59:443 c.amazon-adsystem.com tcp
US 104.17.159.237:443 cdn.fuseplatform.net tcp
FR 54.230.112.56:443 cmp.inmobi.com tcp
GB 142.250.187.238:443 maps.google.com tcp
GB 142.250.187.238:443 maps.google.com tcp
GB 142.250.187.238:443 maps.google.com tcp
GB 142.250.187.238:443 maps.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 8.8.8.8:53 cdn.pbxai.com udp
GB 143.244.38.136:443 cdn.pbxai.com tcp
GB 142.250.187.238:443 maps.google.com udp
US 8.8.8.8:53 maps.gstatic.com udp
US 8.8.8.8:53 maps.googleapis.com udp
GB 142.250.179.228:443 www.google.com udp
GB 172.217.16.227:443 maps.gstatic.com tcp
GB 172.217.169.74:443 maps.googleapis.com tcp
US 151.101.129.229:443 cdn.jsdelivr.net udp
GB 172.217.169.74:443 maps.googleapis.com udp
GB 172.217.169.74:443 maps.googleapis.com udp
FR 54.230.112.56:443 cmp.inmobi.com tcp
FR 3.160.182.59:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 o.clarity.ms udp
US 8.8.8.8:53 www.19706903.xyz udp
FR 54.230.112.41:443 delivery.adrecover.com udp
FR 3.160.196.11:443 config.aps.amazon-adsystem.com tcp
US 172.67.73.29:443 www.19706903.xyz tcp
US 52.152.143.207:443 o.clarity.ms tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 172.217.16.238:443 fundingchoicesmessages.google.com udp
US 52.152.143.207:443 o.clarity.ms tcp
US 52.152.143.207:443 o.clarity.ms tcp
GB 172.217.16.238:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 static.criteo.net udp
GB 172.217.16.238:443 fundingchoicesmessages.google.com tcp
NL 178.250.1.39:443 static.criteo.net tcp
NL 178.250.1.39:443 static.criteo.net tcp
GB 172.217.16.238:443 fundingchoicesmessages.google.com tcp
FR 52.222.144.82:443 cdn.adpushup.com udp
FR 52.222.144.82:443 cdn.adpushup.com udp
US 8.8.8.8:53 http-intake.logs.us5.datadoghq.com udp
US 8.8.8.8:53 e3.adpushup.com udp
US 8.8.8.8:53 keymap.adpushup.com udp
US 34.149.66.130:443 http-intake.logs.us5.datadoghq.com tcp
US 34.149.66.130:443 http-intake.logs.us5.datadoghq.com tcp
GB 142.250.179.228:443 www.google.com udp
NL 144.21.34.64:443 e3.adpushup.com tcp
NL 144.21.34.64:443 e3.adpushup.com tcp
NL 144.21.34.64:443 e3.adpushup.com tcp
NL 144.21.34.64:443 e3.adpushup.com tcp
NL 144.21.34.64:443 e3.adpushup.com tcp
NL 144.21.34.64:443 e3.adpushup.com tcp
FR 3.160.188.52:443 keymap.adpushup.com tcp
US 8.8.8.8:53 campaign.adpushup.com udp
GB 142.250.187.238:443 maps.google.com udp
US 150.136.41.128:443 campaign.adpushup.com tcp
GB 142.250.187.225:443 lh3.googleusercontent.com tcp
GB 142.250.179.228:443 www.google.com udp
US 34.149.66.130:443 http-intake.logs.us5.datadoghq.com tcp
FR 52.222.144.82:443 cdn.adpushup.com tcp
US 172.67.73.29:443 www.19706903.xyz tcp
US 104.21.63.106:443 www.ezojs.com tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 imasdk.googleapis.com udp
US 8.8.8.8:53 secure.quantserve.com udp
GB 142.250.187.202:443 imasdk.googleapis.com tcp
DE 91.228.74.159:443 secure.quantserve.com tcp
US 8.8.8.8:53 server.cpmstar.com udp
US 8.8.8.8:53 a.teads.tv udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 brightcombid.marphezis.com udp
US 8.8.8.8:53 rtb.gamoshi.io udp
US 8.8.8.8:53 bidder.criteo.com udp
US 131.153.171.234:443 server.cpmstar.com tcp
US 131.153.171.234:443 server.cpmstar.com tcp
US 131.153.171.234:443 server.cpmstar.com tcp
US 131.153.171.234:443 server.cpmstar.com tcp
US 131.153.171.234:443 server.cpmstar.com tcp
US 104.18.27.193:443 htlb.casalemedia.com tcp
US 104.18.27.193:443 htlb.casalemedia.com tcp
US 104.18.27.193:443 htlb.casalemedia.com tcp
NL 178.250.1.56:443 bidder.criteo.com tcp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
NL 188.166.203.175:443 brightcombid.marphezis.com tcp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 8.8.8.8:53 ads.servenobid.com udp
US 8.8.8.8:53 prebid-server.rubiconproject.com udp
US 8.8.8.8:53 ap.lijit.com udp
US 18.119.2.51:443 rtb.gamoshi.io tcp
US 18.119.2.51:443 rtb.gamoshi.io tcp
US 18.119.2.51:443 rtb.gamoshi.io tcp
US 18.119.2.51:443 rtb.gamoshi.io tcp
US 18.119.2.51:443 rtb.gamoshi.io tcp
NL 163.5.194.36:443 prebid.a-mo.net tcp
DE 51.89.9.253:443 onetag-sys.com tcp
US 8.8.8.8:53 fastlane.rubiconproject.com udp
US 8.8.8.8:53 prebid.media.net udp
US 104.18.26.216:443 ex.ingage.tech tcp
IE 52.17.239.246:443 ap.lijit.com tcp
US 8.8.8.8:53 ib.adnxs.com udp
GB 23.192.17.198:443 a.teads.tv tcp
DE 3.78.93.150:443 btlr.sharethrough.com tcp
DE 3.78.93.150:443 btlr.sharethrough.com tcp
DE 3.78.93.150:443 btlr.sharethrough.com tcp
DE 3.78.93.150:443 btlr.sharethrough.com tcp
DE 3.78.93.150:443 btlr.sharethrough.com tcp
DE 3.78.93.150:443 btlr.sharethrough.com tcp
US 8.8.8.8:53 exchange.kueezrtb.com udp
NL 143.244.197.139:443 ads.servenobid.com tcp
US 8.8.8.8:53 pbs.optidigital.com udp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
US 131.153.171.234:443 server.cpmstar.com tcp
NL 178.250.1.56:443 bidder.criteo.com tcp
US 18.119.2.51:443 rtb.gamoshi.io tcp
NL 163.5.194.36:443 prebid.a-mo.net tcp
DE 51.89.9.253:443 onetag-sys.com tcp
US 104.18.26.216:443 ex.ingage.tech tcp
IE 52.17.239.246:443 ap.lijit.com tcp
GB 23.192.17.198:443 a.teads.tv tcp
NL 143.244.197.139:443 ads.servenobid.com tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
US 8.8.8.8:53 http-intake.logs.datadoghq.com udp
GB 142.250.187.193:443 tpc.googlesyndication.com tcp
GB 142.250.187.193:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 dsum-sec.casalemedia.com udp
US 8.8.8.8:53 video.adpushup.com udp
US 8.8.8.8:53 s0.2mdn.net udp
US 3.233.155.176:443 http-intake.logs.datadoghq.com tcp
US 3.233.155.176:443 http-intake.logs.datadoghq.com tcp
GB 172.217.169.10:443 maps.googleapis.com udp
GB 142.250.187.202:443 imasdk.googleapis.com tcp
FR 185.93.2.12:443 video.adpushup.com tcp
GB 216.58.201.102:443 s0.2mdn.net tcp
US 104.18.26.216:443 ex.ingage.tech tcp
US 8.8.8.8:53 rules.quantcount.com udp
FR 3.164.182.34:443 rules.quantcount.com tcp
GB 142.250.187.202:443 imasdk.googleapis.com tcp
FR 185.93.2.12:443 video.adpushup.com tcp
GB 216.58.201.102:443 s0.2mdn.net tcp
US 104.18.26.216:443 ex.ingage.tech tcp
US 8.8.8.8:53 pixel.quantcount.com udp
DE 91.228.74.244:443 pixel.quantcount.com tcp
NL 185.64.189.112:443 hbopenbid.pubmatic.com tcp
FR 34.1.1.166:443 hb-api.omnitagjs.com tcp
US 34.160.72.119:443 pbs.optidigital.com tcp
US 159.203.149.115:443 exchange.kueezrtb.com tcp
US 159.203.149.115:443 exchange.kueezrtb.com tcp
US 159.203.149.115:443 exchange.kueezrtb.com tcp
US 159.203.149.115:443 exchange.kueezrtb.com tcp
US 159.203.149.115:443 exchange.kueezrtb.com tcp
US 34.120.63.153:443 prebid.media.net tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
DE 37.252.173.215:443 ib.adnxs.com tcp
DE 91.228.74.244:443 pixel.quantcount.com tcp
DE 37.252.173.215:443 ib.adnxs.com tcp
DE 37.252.173.215:443 ib.adnxs.com tcp
US 34.160.72.119:443 pbs.optidigital.com tcp
US 159.203.149.115:443 exchange.kueezrtb.com tcp
US 34.120.63.153:443 prebid.media.net tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
DE 37.252.173.215:443 ib.adnxs.com tcp
DE 37.252.173.215:443 ib.adnxs.com tcp
GB 142.250.187.193:443 tpc.googlesyndication.com udp
GB 216.58.201.102:443 s0.2mdn.net tcp
US 8.8.8.8:53 cms.quantserve.com udp
US 8.8.8.8:53 dclk-match.dotomi.com udp
US 8.8.8.8:53 gcm.ctnsnet.com udp
US 8.8.8.8:53 tr.blismedia.com udp
US 8.8.8.8:53 pr-bh.ybp.yahoo.com udp
US 8.8.8.8:53 match.prod.bidr.io udp
US 8.8.8.8:53 dsp.360yield.com udp
GB 216.58.201.102:443 s0.2mdn.net tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net udp
US 52.152.143.207:443 o.clarity.ms tcp
US 35.186.193.173:443 gcm.ctnsnet.com tcp
US 34.96.105.8:443 tr.blismedia.com tcp
IE 54.171.6.32:443 pr-bh.ybp.yahoo.com tcp
IE 52.31.185.73:443 match.prod.bidr.io tcp
NL 64.158.223.140:443 dclk-match.dotomi.com tcp
IE 108.128.100.14:443 dsp.360yield.com tcp
DE 91.228.74.244:443 cms.quantserve.com tcp
US 35.186.193.173:443 gcm.ctnsnet.com tcp
US 34.96.105.8:443 tr.blismedia.com tcp
IE 54.171.6.32:443 pr-bh.ybp.yahoo.com tcp
IE 52.31.185.73:443 match.prod.bidr.io tcp
NL 64.158.223.140:443 dclk-match.dotomi.com tcp
IE 108.128.100.14:443 dsp.360yield.com tcp
DE 91.228.74.244:443 cms.quantserve.com tcp
US 8.8.8.8:53 www.googletagservices.com udp
US 8.8.8.8:53 api.pbxai.com udp
GB 142.250.187.194:443 googleads.g.doubleclick.net udp
GB 143.244.38.136:443 api.pbxai.com tcp
US 34.160.72.119:443 pbs.optidigital.com udp
US 34.120.63.153:443 prebid.media.net udp
US 104.18.27.193:443 dsum-sec.casalemedia.com udp
DE 162.19.138.82:443 lb.eu-1-id5-sync.com tcp
NL 144.21.34.64:443 e3.adpushup.com tcp
DE 162.19.138.120:443 lb.eu-1-id5-sync.com tcp
US 104.18.26.193:443 dsum-sec.casalemedia.com tcp
US 104.18.26.193:443 dsum-sec.casalemedia.com tcp
US 104.18.26.193:443 dsum-sec.casalemedia.com tcp
US 104.18.26.193:443 dsum-sec.casalemedia.com udp
US 172.67.41.60:443 btloader.com tcp
US 8.8.8.8:53 srv.buysellads.com udp
US 8.8.8.8:53 script.4dex.io udp
US 8.8.8.8:53 rt.marphezis.com udp
US 8.8.8.8:53 apex.go.sonobi.com udp
US 8.8.8.8:53 exchange.cootlogix.com udp
US 8.8.8.8:53 i.connectad.io udp
US 104.26.8.169:443 script.4dex.io tcp
US 8.8.8.8:53 g2.gumgum.com udp
US 8.8.8.8:53 mp.4dex.io udp
US 8.8.8.8:53 prebid.smilewanted.com udp
US 69.166.1.64:443 apex.go.sonobi.com tcp
US 8.8.8.8:53 mweb-hb.presage.io udp
US 35.186.253.211:443 rtb.openx.net tcp
US 45.55.124.119:443 exchange.cootlogix.com tcp
US 45.55.124.119:443 exchange.cootlogix.com tcp
US 45.55.124.119:443 exchange.cootlogix.com tcp
IE 52.214.20.127:443 g2.gumgum.com tcp
IE 52.214.20.127:443 g2.gumgum.com tcp
IE 52.214.20.127:443 g2.gumgum.com tcp
IE 52.214.20.127:443 g2.gumgum.com tcp
IE 52.214.20.127:443 g2.gumgum.com tcp
IE 52.214.20.127:443 g2.gumgum.com tcp
US 172.67.8.174:443 i.connectad.io tcp
IE 46.137.23.186:443 mweb-hb.presage.io tcp
US 151.101.129.229:443 cdn.jsdelivr.net udp
US 104.18.34.178:443 mp.4dex.io tcp
US 8.8.8.8:53 cdn.prod.uidapi.com udp
US 8.8.8.8:53 dmp.im-apps.net udp
US 8.8.8.8:53 connectid.analytics.yahoo.com udp
US 8.8.8.8:53 cdn-ima.33across.com udp
US 8.8.8.8:53 cdn.prod.euid.eu udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
US 8.8.8.8:53 oa.openxcdn.net udp
US 8.8.8.8:53 886c0678fd1b4eb1855270e7789a8d37.safeframe.googlesyndication.com udp
US 8.8.8.8:53 ag.dns-finder.com udp
GB 159.65.211.77:443 srv.buysellads.com tcp
US 104.22.30.209:443 prebid.smilewanted.com tcp
US 104.22.30.209:443 prebid.smilewanted.com tcp
US 104.22.30.209:443 prebid.smilewanted.com tcp
US 8.8.8.8:53 ssp-sync.criteo.com udp
US 172.67.69.19:443 ad-delivery.net tcp
US 34.102.146.192:443 oa.openxcdn.net tcp
US 104.26.8.169:443 script.4dex.io tcp
FR 18.161.97.29:443 connectid.analytics.yahoo.com tcp
FR 54.240.167.226:443 cdn.prod.euid.eu tcp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
GB 95.100.195.133:443 dmp.im-apps.net tcp
DE 162.19.138.82:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 c.4dex.io udp
US 35.241.34.106:443 c.4dex.io tcp
US 35.241.34.106:443 c.4dex.io tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 8.8.8.8:53 esp.rtbhouse.com udp
US 35.190.39.111:443 esp.rtbhouse.com tcp
US 8.8.8.8:53 cdn.ampproject.org udp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
US 104.26.8.169:443 script.4dex.io tcp
IE 46.137.23.186:443 mweb-hb.presage.io tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 159.65.211.77:443 srv.buysellads.com tcp
US 104.22.30.209:443 prebid.smilewanted.com tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 34.102.146.192:443 oa.openxcdn.net tcp
US 130.211.23.194:443 api.btloader.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 8.8.8.8:53 sync6.im-apps.net udp
GB 95.100.195.32:443 sync6.im-apps.net tcp
DE 37.252.173.215:443 ib.adnxs.com tcp
FR 54.230.112.73:443 tags.crwdcntrl.net tcp
FR 52.84.49.83:443 cdn.prod.uidapi.com tcp
GB 172.217.169.65:443 886c0678fd1b4eb1855270e7789a8d37.safeframe.googlesyndication.com tcp
NL 178.250.1.57:443 ssp-sync.criteo.com tcp
US 35.241.34.106:443 c.4dex.io udp
NL 144.21.34.64:443 e3.adpushup.com tcp
US 8.8.8.8:53 gum.criteo.com udp
US 52.152.143.207:443 o.clarity.ms tcp
FR 54.230.112.73:443 tags.crwdcntrl.net tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 3.33.220.150:443 match.adsrvr.org tcp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 8.8.8.8:53 sync.kueezrtb.com udp
US 8.8.8.8:53 scripts.opti-digital.com udp
GB 23.192.17.43:443 ads.pubmatic.com tcp
US 104.18.3.52:443 scripts.opti-digital.com tcp
US 157.245.250.171:443 sync.kueezrtb.com tcp
FR 34.1.1.166:443 visitor.omnitagjs.com tcp
US 8.8.8.8:53 acdn.adnxs.com udp
DE 51.89.9.253:443 onetag-sys.com tcp
US 8.8.8.8:53 eus.rubiconproject.com udp
NL 163.5.194.36:443 prebid.a-mo.net tcp
US 8.8.8.8:53 public.servenobid.com udp
GB 23.192.17.145:443 eus.rubiconproject.com tcp
US 8.8.8.8:53 js-sec.indexww.com udp
US 151.101.193.108:443 acdn.adnxs.com tcp
US 3.233.155.176:443 http-intake.logs.datadoghq.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
GB 216.58.201.102:443 s0.2mdn.net udp
US 34.96.105.8:443 tr.blismedia.com udp
NL 144.21.34.64:443 e3.adpushup.com tcp
NL 144.21.34.64:443 e3.adpushup.com tcp
NL 144.21.34.64:443 e3.adpushup.com tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net udp
GB 142.250.187.193:443 cdn.ampproject.org udp
US 8.8.8.8:53 beacon-ams3.rubiconproject.com udp
GB 142.250.187.194:443 googleads.g.doubleclick.net udp
US 35.186.193.173:443 gcm.ctnsnet.com udp
IE 52.31.185.73:443 match.prod.bidr.io tcp
IE 52.31.185.73:443 match.prod.bidr.io tcp
US 8.8.8.8:53 media.grid.bidswitch.net udp
NL 69.173.156.134:443 beacon-ams3.rubiconproject.com tcp
NL 69.173.156.134:443 beacon-ams3.rubiconproject.com tcp
US 8.8.8.8:53 grid-mercury.criteo.com udp
US 8.8.8.8:53 cat.nl3.eu.criteo.com udp
US 8.8.8.8:53 ads.eu.criteo.com udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 8.8.8.8:53 rtb.fr3.eu.criteo.com udp
US 8.8.8.8:53 cdn.doubleverify.com udp
FR 52.84.45.129:443 public.servenobid.com tcp
US 104.18.25.18:443 js-sec.indexww.com tcp
US 8.8.8.8:53 image6.pubmatic.com udp
US 34.98.64.218:443 us-u.openx.net tcp
US 34.98.64.218:443 us-u.openx.net tcp
US 8.8.8.8:53 sync.teads.tv udp
US 8.8.8.8:53 sync.search.spotxchange.com udp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
GB 2.19.252.89:443 cdn.doubleverify.com tcp
FR 178.250.7.12:443 rtb.fr3.eu.criteo.com tcp
FR 178.250.7.12:443 rtb.fr3.eu.criteo.com tcp
NL 69.173.156.149:443 token.rubiconproject.com tcp
US 3.33.220.150:443 match.adsrvr.org tcp
US 3.33.220.150:443 match.adsrvr.org tcp
FR 52.84.45.129:443 public.servenobid.com tcp
DE 37.252.173.215:443 ib.adnxs.com tcp
NL 178.250.1.17:443 ads.eu.criteo.com tcp
NL 178.250.1.17:443 ads.eu.criteo.com tcp
NL 178.250.1.59:443 grid-mercury.criteo.com tcp
IE 108.128.28.188:443 bcp.crwdcntrl.net tcp
NL 178.250.1.128:443 cat.nl3.eu.criteo.com tcp
NL 35.214.200.194:443 media.grid.bidswitch.net tcp
GB 23.192.21.198:443 sync.teads.tv tcp
GB 23.192.21.198:443 sync.teads.tv tcp
GB 87.248.114.11:443 ups.analytics.yahoo.com tcp
NL 198.47.127.19:443 image6.pubmatic.com tcp
NL 198.47.127.19:443 image6.pubmatic.com tcp
NL 198.47.127.19:443 image6.pubmatic.com tcp
NL 198.47.127.19:443 image6.pubmatic.com tcp
US 76.223.111.18:443 eb2.3lift.com tcp
US 76.223.111.18:443 eb2.3lift.com tcp
US 76.223.111.18:443 eb2.3lift.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
US 35.186.253.211:443 rtb.openx.net tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 um.simpli.fi udp
US 104.18.25.18:443 js-sec.indexww.com tcp
US 8.8.8.8:53 pixel.rubiconproject.com udp
NL 35.214.136.108:443 x.bidswitch.net tcp
NL 178.250.1.9:443 dis.criteo.com tcp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
NL 198.47.127.205:443 image2.pubmatic.com tcp
US 8.8.8.8:53 ad.yieldlab.net udp
US 34.98.64.218:443 us-u.openx.net udp
NL 144.21.34.64:443 e3.adpushup.com tcp
US 8.8.8.8:53 c1.adform.net udp
US 52.152.143.207:443 o.clarity.ms tcp
NL 35.214.136.108:443 x.bidswitch.net udp
NL 178.250.1.17:443 ads.eu.criteo.com tcp
US 35.186.253.211:443 rtb.openx.net udp
US 8.8.8.8:53 p.rfihub.com udp
US 8.8.8.8:53 rtb0.doubleverify.com udp
US 8.8.8.8:53 measurement-api.criteo.com udp
US 8.8.8.8:53 csm.eu.criteo.net udp
US 8.8.8.8:53 secure.insightexpressai.com udp
US 8.8.8.8:53 staticassets-creator-design.criteo.net udp
US 8.8.8.8:53 imageproxy.eu.criteo.net udp
GB 216.58.201.102:443 s0.2mdn.net udp
DK 37.157.5.49:443 c1.adform.net tcp
GB 23.192.16.136:443 ad.yieldlab.net tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
NL 89.149.193.89:443 rtb-csync.smartadserver.com tcp
NL 89.149.193.89:443 rtb-csync.smartadserver.com tcp
NL 89.149.193.89:443 rtb-csync.smartadserver.com tcp
NL 89.149.193.89:443 rtb-csync.smartadserver.com tcp
NL 35.204.158.49:443 um.simpli.fi tcp
NL 178.250.1.39:443 static.criteo.net tcp
NL 178.250.1.39:443 static.criteo.net tcp
NL 178.250.1.39:443 static.criteo.net tcp
NL 178.250.1.39:443 static.criteo.net tcp
NL 178.250.1.39:443 static.criteo.net tcp
NL 178.250.1.128:443 cat.nl3.eu.criteo.com tcp
NL 178.250.1.128:443 cat.nl3.eu.criteo.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 130.211.44.5:443 rtb0.doubleverify.com tcp
US 130.211.44.5:443 rtb0.doubleverify.com tcp
GB 23.192.17.97:443 secure.insightexpressai.com tcp
NL 178.250.1.25:443 csm.eu.criteo.net tcp
NL 178.250.1.24:443 measurement-api.criteo.com tcp
NL 178.250.1.24:443 measurement-api.criteo.com tcp
NL 178.250.1.25:443 csm.eu.criteo.net tcp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 contextual.media.net udp
US 8.8.8.8:53 cm.adform.net udp
US 8.8.8.8:53 csync.smilewanted.com udp
US 8.8.8.8:53 buysellads-d.openx.net udp
US 8.8.8.8:53 csync.loopme.me udp
US 8.8.8.8:53 sync.cootlogix.com udp
IE 52.31.185.73:443 match.prod.bidr.io tcp
US 8.8.8.8:53 ms-cookie-sync.presage.io udp
US 8.8.8.8:53 cdn.connectad.io udp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 8.8.8.8:53 pixel.33across.com udp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 ce.lijit.com udp
US 8.8.8.8:53 ssp.disqus.com udp
US 8.8.8.8:53 match.sharethrough.com udp
US 8.8.8.8:53 ads.servedxk.com udp
DE 51.89.9.253:443 onetag-sys.com udp
GB 23.192.17.43:443 ads.pubmatic.com tcp
DE 37.252.173.215:443 ib.adnxs.com tcp
FR 34.1.1.166:443 visitor.omnitagjs.com tcp
GB 23.192.17.145:443 eus.rubiconproject.com tcp
DE 51.89.9.253:443 onetag-sys.com tcp
DE 162.19.138.82:443 lb.eu-1-id5-sync.com tcp
NL 198.47.127.19:443 image6.pubmatic.com tcp
NL 178.250.1.15:443 imageproxy.eu.criteo.net tcp
NL 178.250.1.15:443 imageproxy.eu.criteo.net tcp
NL 178.250.1.15:443 imageproxy.eu.criteo.net tcp
NL 193.0.160.131:443 p.rfihub.com tcp
NL 193.0.160.131:443 p.rfihub.com tcp
NL 163.5.194.36:443 prebid.a-mo.net tcp
NL 178.250.1.22:443 staticassets-creator-design.criteo.net tcp
NL 178.250.1.15:443 imageproxy.eu.criteo.net tcp
NL 178.250.1.15:443 imageproxy.eu.criteo.net tcp
NL 178.250.1.15:443 imageproxy.eu.criteo.net tcp
GB 142.250.187.193:443 cdn.ampproject.org udp
GB 216.58.201.102:443 s0.2mdn.net udp
IE 52.17.239.246:443 ap.lijit.com tcp
IE 52.17.239.246:443 ap.lijit.com tcp
GB 2.22.134.142:443 secure-assets.rubiconproject.com tcp
GB 2.22.134.142:443 secure-assets.rubiconproject.com tcp
US 104.22.31.209:443 csync.smilewanted.com tcp
US 159.223.106.31:443 sync.cootlogix.com tcp
DK 37.157.5.141:443 cm.adform.net tcp
GB 23.192.16.30:443 contextual.media.net tcp
NL 34.1.232.191:443 csync.loopme.me tcp
US 35.244.159.8:443 buysellads-d.openx.net tcp
NL 46.228.174.117:443 sync.1rx.io tcp
NL 46.228.174.117:443 sync.1rx.io tcp
NL 35.214.136.108:443 x.bidswitch.net tcp
NL 193.0.160.131:443 p.rfihub.com tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
IE 52.214.20.127:443 g2.gumgum.com tcp
US 69.166.1.67:443 sync.go.sonobi.com tcp
DE 18.184.119.72:443 match.sharethrough.com tcp
US 104.22.54.206:443 cdn.connectad.io tcp
FR 164.132.25.181:443 ssbsync.smartadserver.com tcp
US 34.230.239.205:443 ssp.disqus.com tcp
IE 52.211.3.208:443 ce.lijit.com tcp
US 67.202.105.24:443 pixel.33across.com tcp
US 104.18.26.193:443 ssum-sec.casalemedia.com tcp
US 34.230.232.153:443 sync.srv.stackadapt.com tcp
US 52.3.57.26:443 cs-server-s2s.yellowblue.io tcp
US 52.3.57.26:443 cs-server-s2s.yellowblue.io tcp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
US 130.211.44.5:443 rtb0.doubleverify.com tcp
GB 23.192.17.97:443 secure.insightexpressai.com tcp
NL 178.250.1.25:443 csm.eu.criteo.net tcp
US 45.55.125.114:443 ads.servedxk.com tcp
US 45.55.125.114:443 ads.servedxk.com tcp
GB 23.192.24.32:443 c21lg-d.media.net tcp
DE 91.228.74.244:443 cms.quantserve.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
US 76.223.111.18:443 eb2.3lift.com tcp
GB 23.192.17.145:443 eus.rubiconproject.com tcp
DE 51.89.9.253:443 onetag-sys.com tcp
IE 52.17.239.246:443 ap.lijit.com tcp
GB 2.22.134.142:443 secure-assets.rubiconproject.com tcp
US 104.22.31.209:443 csync.smilewanted.com tcp
US 159.223.106.31:443 sync.cootlogix.com tcp
DK 37.157.5.141:443 cm.adform.net tcp
GB 23.192.16.30:443 contextual.media.net tcp
NL 34.1.232.191:443 csync.loopme.me tcp
US 35.244.159.8:443 buysellads-d.openx.net tcp
NL 46.228.174.117:443 sync.1rx.io tcp
NL 35.214.136.108:443 x.bidswitch.net tcp
NL 193.0.160.131:443 p.rfihub.com tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
IE 52.214.20.127:443 g2.gumgum.com tcp
US 69.166.1.67:443 sync.go.sonobi.com tcp
NL 198.47.127.19:443 image6.pubmatic.com tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 216.58.201.102:443 s0.2mdn.net tcp
US 45.55.125.114:443 ads.servedxk.com tcp
NL 198.47.127.19:443 image6.pubmatic.com tcp
NL 198.47.127.19:443 image6.pubmatic.com tcp
NL 198.47.127.19:443 image6.pubmatic.com tcp
NL 35.214.136.108:443 x.bidswitch.net tcp
IE 108.128.100.14:443 dsp.360yield.com tcp
NL 178.250.1.25:443 csm.eu.criteo.net tcp
NL 198.47.127.19:443 image6.pubmatic.com tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 216.58.201.102:443 s0.2mdn.net tcp
NL 178.250.1.25:443 csm.eu.criteo.net tcp
US 8.8.8.8:53 cs.ingage.tech udp
IE 108.128.100.14:443 dsp.360yield.com tcp
NL 143.244.197.139:443 ads.servenobid.com tcp
NL 143.244.197.139:443 ads.servenobid.com tcp
US 104.18.27.216:443 cs.ingage.tech tcp
NL 143.244.197.139:443 ads.servenobid.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
US 8.8.8.8:53 sync.adkernel.com udp
IE 46.137.23.186:443 ms-cookie-sync.presage.io tcp
NL 103.67.200.72:443 sync.adkernel.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 8.8.8.8:53 pixel.onaudience.com udp
US 8.8.8.8:53 uipglob.semasio.net udp
US 8.8.8.8:53 mwzeom.zeotap.com udp
US 3.33.220.150:443 match.adsrvr.org tcp
GB 87.248.114.11:443 ups.analytics.yahoo.com tcp
IE 54.171.6.32:443 pr-bh.ybp.yahoo.com tcp
US 104.17.159.237:443 cdn.fuseplatform.net tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 sync.crwdcntrl.net udp
NL 103.67.200.72:443 sync.adkernel.com tcp
IE 52.211.201.45:443 sync.crwdcntrl.net tcp
NL 178.250.1.39:443 static.criteo.net tcp
NL 178.250.1.9:443 dis.criteo.com tcp
US 3.33.220.150:443 match.adsrvr.org tcp
GB 87.248.114.11:443 ups.analytics.yahoo.com tcp
IE 54.171.6.32:443 pr-bh.ybp.yahoo.com tcp
US 104.17.159.237:443 cdn.fuseplatform.net tcp
NL 198.47.127.205:443 image2.pubmatic.com tcp
US 8.8.8.8:53 simage2.pubmatic.com udp
DE 103.231.98.80:443 simage2.pubmatic.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
NL 46.228.174.117:443 sync.1rx.io tcp
NL 35.214.136.108:443 x.bidswitch.net udp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
US 8.8.8.8:53 eu-west-1-cs-rtb.openwebmp.com udp
US 8.8.8.8:53 gum.aidemsrv.com udp
US 8.8.8.8:53 player.aniview.com udp
US 8.8.8.8:53 audienceexposure.com udp
US 8.8.8.8:53 ssc-cms.33across.com udp
US 8.8.8.8:53 ittpx.eskimi.com udp
FR 216.137.52.63:443 eu-west-1-cs-rtb.openwebmp.com tcp
US 104.18.7.198:443 gum.aidemsrv.com tcp
GB 2.18.190.101:443 player.aniview.com tcp
DE 188.40.16.220:443 ittpx.eskimi.com tcp
US 199.59.243.228:443 audienceexposure.com tcp
US 8.8.8.8:53 pixel.tapad.com udp
US 8.8.8.8:53 sync.richaudience.com udp
US 67.202.105.22:443 ssc-cms.33across.com tcp
US 8.8.8.8:53 api-ssp.spot.im udp
US 64.74.236.31:443 b1sync.zemanta.com tcp
US 69.166.1.67:443 sync.go.sonobi.com tcp
US 69.166.1.67:443 sync.go.sonobi.com tcp
US 69.166.1.67:443 sync.go.sonobi.com tcp
US 8.8.8.8:53 pixel-eu.rubiconproject.com udp
US 8.8.8.8:53 pixel-us-east.rubiconproject.com udp
DE 80.82.210.217:443 dsp-cookie.adfarm1.adition.com tcp
CA 148.113.153.93:443 pixel.onaudience.com tcp
IE 67.220.226.232:443 aax-eu.amazon-adsystem.com tcp
US 52.4.165.249:443 api-ssp.spot.im tcp
DK 77.243.51.121:443 uipglob.semasio.net tcp
US 104.22.50.98:443 mwzeom.zeotap.com tcp
US 69.173.146.5:443 pixel-us-east.rubiconproject.com tcp
US 69.173.146.5:443 pixel-us-east.rubiconproject.com tcp
NL 69.173.156.149:443 pixel-eu.rubiconproject.com tcp
NL 69.173.156.149:443 pixel-eu.rubiconproject.com tcp
US 34.111.113.62:443 pixel.tapad.com tcp
DE 162.55.233.28:443 sync.richaudience.com tcp
GB 2.18.190.101:443 player.aniview.com tcp
DE 188.40.16.220:443 ittpx.eskimi.com tcp
US 199.59.243.228:443 audienceexposure.com tcp
US 67.202.105.22:443 ssc-cms.33across.com tcp
US 199.59.243.228:443 audienceexposure.com tcp
IE 67.220.226.232:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 tps.doubleverify.com udp
US 8.8.8.8:53 s.amazon-adsystem.com udp
NL 69.173.156.149:443 pixel-eu.rubiconproject.com tcp
NL 69.173.156.149:443 pixel-eu.rubiconproject.com tcp
NL 69.173.156.148:443 pixel-eu.rubiconproject.com tcp
NL 69.173.156.149:443 pixel-eu.rubiconproject.com tcp
US 8.8.8.8:53 ad.turn.com udp
NL 46.228.164.11:443 ad.turn.com tcp
IE 67.220.226.232:443 aax-eu.amazon-adsystem.com tcp
IE 67.220.226.232:443 aax-eu.amazon-adsystem.com tcp
NL 46.228.164.11:443 ad.turn.com tcp
US 8.8.8.8:53 tg.socdm.com udp
US 34.230.232.153:443 sync.srv.stackadapt.com tcp
US 8.8.8.8:53 sync.ipredictive.com udp
US 38.91.45.7:443 match.deepintent.com tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
US 8.8.8.8:53 image4.pubmatic.com udp
US 3.208.184.227:443 sync.ipredictive.com tcp
US 8.8.8.8:53 usersync.gumgum.com udp
US 199.59.243.228:443 audienceexposure.com tcp
JP 124.146.153.169:443 tg.socdm.com tcp
NL 185.64.189.114:443 image4.pubmatic.com tcp
US 52.152.143.207:443 o.clarity.ms tcp
US 3.208.184.227:443 sync.ipredictive.com tcp
IE 52.210.15.1:443 usersync.gumgum.com tcp
IE 52.210.15.1:443 usersync.gumgum.com tcp
NL 69.173.156.149:443 pixel-eu.rubiconproject.com tcp
US 8.8.8.8:53 px.ads.linkedin.com udp
NL 69.173.156.148:443 pixel-eu.rubiconproject.com tcp
NL 69.173.156.148:443 pixel-eu.rubiconproject.com tcp
US 13.107.42.14:443 px.ads.linkedin.com tcp
IE 52.210.15.1:443 usersync.gumgum.com tcp
US 8.8.8.8:53 sync.targeting.unrulymedia.com udp
NL 69.173.156.148:443 pixel-eu.rubiconproject.com tcp
NL 69.173.156.148:443 pixel-eu.rubiconproject.com tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
US 3.208.184.227:443 sync.ipredictive.com tcp
CA 148.113.153.93:443 pixel.onaudience.com tcp
US 8.8.8.8:53 simage4.pubmatic.com udp
US 8.8.8.8:53 i.liadm.com udp
US 8.8.8.8:53 sync.adotmob.com udp
FR 45.137.176.88:443 sync.adotmob.com tcp
US 44.216.226.86:443 i.liadm.com tcp
DE 103.231.98.104:443 simage4.pubmatic.com tcp
DE 18.184.119.72:443 match.sharethrough.com tcp
GB 23.192.24.32:443 c21lg-d.media.net udp
DE 103.231.98.104:443 simage4.pubmatic.com tcp
DE 18.184.119.72:443 match.sharethrough.com tcp
IE 52.210.15.1:443 usersync.gumgum.com tcp
US 8.8.8.8:53 capi.connatix.com udp
US 104.18.41.104:443 capi.connatix.com tcp
US 8.8.8.8:53 rtbc-ew1.doubleverify.com udp
US 8.8.8.8:53 c21lg-d.media.net udp
US 130.211.44.5:443 rtbc-ew1.doubleverify.com tcp
US 8.8.8.8:53 sync.aniview.com udp
US 172.240.45.96:443 sync.aniview.com tcp
US 8.8.8.8:53 sync-eu.connectad.io udp
US 130.211.44.5:443 rtbc-ew1.doubleverify.com tcp
US 130.211.44.5:443 rtbc-ew1.doubleverify.com tcp
US 64.74.236.31:443 b1sync.zemanta.com tcp
US 98.82.157.231:443 s.amazon-adsystem.com tcp
US 98.82.157.231:443 s.amazon-adsystem.com tcp
US 98.82.157.231:443 s.amazon-adsystem.com tcp
US 8.8.8.8:53 gw-iad-bid.ymmobi.com udp
IE 52.210.15.1:443 usersync.gumgum.com tcp
US 8.8.8.8:53 b1sync.outbrain.com udp
IE 52.210.15.1:443 usersync.gumgum.com tcp
US 8.8.8.8:53 idsync.rlcdn.com udp
US 50.31.142.191:443 b1sync.outbrain.com tcp
US 35.244.174.68:443 idsync.rlcdn.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
US 47.253.61.56:443 gw-iad-bid.ymmobi.com tcp
US 8.8.8.8:53 s.company-target.com udp
US 8.8.8.8:53 euexchangesync.digitaleast.mobi udp
DE 85.13.130.89:443 euexchangesync.digitaleast.mobi tcp
US 8.8.8.8:53 bttrack.com udp
US 34.96.71.22:443 s.company-target.com tcp
NL 89.207.16.140:443 casale-match.dotomi.com tcp
US 8.8.8.8:53 visitor.europe-west9.gcp.omnitagjs.com udp
US 192.132.33.69:443 bttrack.com tcp
FR 34.1.1.166:443 visitor.europe-west9.gcp.omnitagjs.com tcp
N/A 127.0.0.1:443 tcp
US 69.166.1.67:443 sync.go.sonobi.com tcp
US 8.8.8.8:53 ad.mrtnsvr.com udp
US 8.8.8.8:53 sync-tm.everesttech.net udp
US 34.230.232.153:443 sync.srv.stackadapt.com tcp
US 34.230.232.153:443 sync.srv.stackadapt.com tcp
US 34.102.163.6:443 ad.mrtnsvr.com tcp
US 151.101.2.49:443 sync-tm.everesttech.net tcp
US 8.8.8.8:53 sync.bedrockplatform.ninja udp
IE 52.214.72.247:443 sync.bedrockplatform.ninja tcp
US 34.102.163.6:443 ad.mrtnsvr.com tcp
N/A 127.0.0.1:443 tcp
US 8.8.8.8:53 ipac.ctnsnet.com udp
US 8.8.8.8:53 d5p.de17a.com udp
US 35.186.193.173:443 ipac.ctnsnet.com tcp
SE 13.50.192.155:443 d5p.de17a.com tcp
US 34.111.113.62:443 pixel.tapad.com tcp
NL 34.1.232.191:443 csync.loopme.me tcp
US 34.111.113.62:443 pixel.tapad.com tcp
US 8.8.8.8:53 www.temu.com udp
US 8.8.8.8:53 core.iprom.net udp
US 8.8.8.8:53 a.tribalfusion.com udp
SI 195.5.165.20:443 core.iprom.net tcp
US 172.64.150.63:443 a.tribalfusion.com tcp
US 104.18.43.206:443 www.temu.com tcp
SI 195.5.165.20:443 core.iprom.net tcp
US 104.18.43.206:443 www.temu.com tcp
US 8.8.8.8:53 cm-supply-web.gammaplatform.com udp
US 8.8.8.8:53 cm.adgrx.com udp
SG 35.186.154.107:443 cm-supply-web.gammaplatform.com tcp
IE 52.19.224.221:443 cm.adgrx.com tcp
US 34.102.163.6:443 ad.mrtnsvr.com tcp
SG 35.186.154.107:443 cm-supply-web.gammaplatform.com tcp
US 8.8.8.8:53 green.erne.co udp
FR 91.134.71.202:443 green.erne.co tcp
US 8.8.8.8:53 s.tribalfusion.com udp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
NL 35.204.158.49:443 um.simpli.fi tcp
IE 52.31.185.73:443 match.prod.bidr.io tcp
US 3.33.220.150:443 match.adsrvr.org tcp
US 8.8.8.8:53 pixel-eu.onaudience.com udp
FR 54.38.113.6:443 pixel-eu.onaudience.com tcp
NL 35.204.158.49:443 um.simpli.fi tcp
IE 52.31.185.73:443 match.prod.bidr.io tcp
US 130.211.44.5:443 rtbc-ew1.doubleverify.com tcp
US 130.211.44.5:443 rtbc-ew1.doubleverify.com tcp
US 34.102.163.6:443 ad.mrtnsvr.com tcp
US 52.152.143.207:443 o.clarity.ms tcp
US 64.74.236.31:443 b1sync.zemanta.com tcp
US 130.211.44.5:443 rtbc-ew1.doubleverify.com tcp
DK 37.157.5.49:443 c1.adform.net tcp
DE 80.82.210.217:443 dsp-cookie.adfarm1.adition.com tcp
US 34.96.71.22:443 s.company-target.com udp
US 8.8.8.8:53 ads.betweendigital.com udp
IE 52.210.15.1:443 usersync.gumgum.com tcp
US 64.74.236.31:443 b1sync.zemanta.com tcp
NL 35.214.136.108:443 x.bidswitch.net tcp
IE 52.210.15.1:443 usersync.gumgum.com tcp
US 8.8.8.8:53 rtb.gumgum.com udp
IE 52.210.15.1:443 usersync.gumgum.com tcp
IE 52.210.15.1:443 usersync.gumgum.com tcp
US 104.18.37.193:443 s.tribalfusion.com tcp
NL 188.42.189.231:443 ads.betweendigital.com tcp
IE 34.249.238.185:443 rtb.gumgum.com tcp
IE 34.249.238.185:443 rtb.gumgum.com tcp
IE 52.211.201.45:443 sync.crwdcntrl.net tcp
NL 46.228.164.11:443 ad.turn.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
US 8.8.8.8:53 match.adsby.bidtheatre.com udp
NL 198.47.127.19:443 image6.pubmatic.com tcp
NL 35.214.136.108:443 x.bidswitch.net tcp
US 104.18.37.193:443 s.tribalfusion.com tcp
NL 89.207.16.201:443 pubmatic-match.dotomi.com tcp
NL 188.42.189.231:443 ads.betweendigital.com tcp
NL 89.207.16.201:443 pubmatic-match.dotomi.com tcp
NL 198.47.127.19:443 image6.pubmatic.com tcp
NL 198.47.127.19:443 image6.pubmatic.com tcp
NL 198.47.127.19:443 image6.pubmatic.com tcp
NL 89.149.193.89:443 rtb-csync.smartadserver.com tcp
US 34.230.232.153:443 sync.srv.stackadapt.com tcp
NL 143.244.197.139:443 ads.servenobid.com tcp
NL 163.5.194.36:443 prebid.a-mo.net tcp
US 35.244.174.68:443 idsync.rlcdn.com udp
NL 89.149.193.89:443 rtb-csync.smartadserver.com tcp
NL 89.149.193.89:443 rtb-csync.smartadserver.com tcp
NL 89.149.193.89:443 rtb-csync.smartadserver.com tcp
NL 143.244.197.139:443 ads.servenobid.com tcp
NL 163.5.194.36:443 prebid.a-mo.net tcp
NL 143.244.197.139:443 ads.servenobid.com tcp
US 35.244.174.68:443 idsync.rlcdn.com tcp
IE 52.210.15.1:443 usersync.gumgum.com tcp
NL 198.47.127.205:443 image2.pubmatic.com tcp
DE 103.231.98.80:443 simage2.pubmatic.com tcp
US 8.8.8.8:53 dsum.casalemedia.com udp
NL 134.122.57.34:443 match.adsby.bidtheatre.com tcp
US 104.18.26.193:443 dsum.casalemedia.com tcp
US 69.166.1.67:443 sync.go.sonobi.com tcp
FR 54.38.113.6:443 pixel-eu.onaudience.com tcp
NL 134.122.57.34:443 match.adsby.bidtheatre.com tcp
US 69.166.1.67:443 sync.go.sonobi.com tcp
US 34.230.239.205:443 ssp.disqus.com tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
CA 148.113.153.93:443 pixel.onaudience.com tcp
US 8.8.8.8:53 static.smilewanted.com udp
CA 148.113.153.93:443 pixel.onaudience.com tcp
US 104.18.27.216:443 cs.ingage.tech tcp
US 8.8.8.8:53 ade.googlesyndication.com udp
GB 142.250.180.2:443 ade.googlesyndication.com tcp
GB 142.250.180.2:443 ade.googlesyndication.com udp
US 8.8.8.8:53 image8.pubmatic.com udp
NL 34.1.232.191:443 csync.loopme.me tcp
US 76.223.111.18:443 eb2.3lift.com tcp
US 8.8.8.8:53 hb.trustedstack.com udp
US 8.8.8.8:53 rtb.bid.com udp
US 8.8.8.8:53 sync.contextualadv.com udp
US 8.8.8.8:53 sync-service.net udp
US 8.8.8.8:53 jadserve.postrelease.com udp
IE 52.17.239.246:443 ap.lijit.com tcp
US 8.8.8.8:53 ads.yieldmo.com udp
US 192.132.33.69:443 bttrack.com tcp
US 8.8.8.8:53 id.rlcdn.com udp
US 204.62.12.209:443 sync-service.net tcp
US 204.62.12.180:443 sync.contextualadv.com tcp
FR 34.1.1.166:443 visitor.europe-west9.gcp.omnitagjs.com tcp
IE 54.220.14.160:443 jadserve.postrelease.com tcp
GB 2.18.66.18:443 hb.trustedstack.com tcp
IE 54.76.103.93:443 ads.yieldmo.com tcp
DE 103.231.98.106:443 image8.pubmatic.com tcp
DE 103.231.98.106:443 image8.pubmatic.com tcp
US 35.244.174.68:443 id.rlcdn.com tcp
US 8.8.8.8:53 ps.eyeota.net udp
DE 3.125.70.222:443 ps.eyeota.net tcp
IE 52.17.239.246:443 ap.lijit.com tcp
DE 103.231.98.106:443 image8.pubmatic.com tcp
US 35.244.174.68:443 id.rlcdn.com tcp
US 8.8.8.8:53 csync.copper6.com udp
FR 34.1.1.166:443 visitor.europe-west9.gcp.omnitagjs.com tcp
US 80.77.84.96:443 csync.copper6.com tcp
FR 34.1.1.166:443 visitor.europe-west9.gcp.omnitagjs.com tcp
FR 34.1.1.166:443 visitor.europe-west9.gcp.omnitagjs.com tcp
CA 148.113.153.93:443 pixel.onaudience.com tcp
US 80.77.84.96:443 csync.copper6.com tcp
NL 178.250.1.57:443 ssp-sync.criteo.com tcp
DE 188.40.16.220:443 ittpx.eskimi.com tcp
US 8.8.8.8:53 tpsc-ew1.doubleverify.com udp
US 130.211.44.5:443 tpsc-ew1.doubleverify.com tcp
DE 37.252.173.215:443 ib.adnxs.com tcp
NL 69.173.156.148:443 pixel-eu.rubiconproject.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
GB 23.192.17.43:443 ads.pubmatic.com tcp
US 34.98.64.218:443 buysellads-d.openx.net tcp
DE 18.184.119.72:443 match.sharethrough.com tcp
GB 23.192.17.43:443 ads.pubmatic.com tcp
DE 18.184.119.72:443 match.sharethrough.com tcp
US 130.211.44.5:443 tpsc-ew1.doubleverify.com tcp
NL 152.42.150.143:443 srv.buysellads.com tcp
NL 152.42.150.143:443 srv.buysellads.com tcp
DE 3.78.93.150:443 btlr.sharethrough.com tcp
NL 143.244.197.139:443 ads.servenobid.com tcp
FR 34.1.1.166:443 visitor.europe-west9.gcp.omnitagjs.com tcp
NL 188.166.203.175:443 rt.marphezis.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
DE 37.252.173.215:443 ib.adnxs.com tcp
IE 52.17.239.246:443 ap.lijit.com tcp
GB 23.192.17.198:443 a.teads.tv tcp
US 131.153.171.234:443 server.cpmstar.com tcp
US 131.153.171.234:443 server.cpmstar.com tcp
US 131.153.171.234:443 server.cpmstar.com tcp
NL 163.5.194.36:443 prebid.a-mo.net tcp
NL 185.64.189.112:443 hbopenbid.pubmatic.com tcp
DE 51.89.9.253:443 onetag-sys.com udp
US 18.119.2.51:443 rtb.gamoshi.io tcp
NL 178.250.1.56:443 bidder.criteo.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 178.250.1.57:443 ssp-sync.criteo.com tcp
DE 51.89.9.253:443 onetag-sys.com tcp
US 18.119.2.51:443 rtb.gamoshi.io tcp
US 18.119.2.51:443 rtb.gamoshi.io tcp
US 8.8.8.8:53 cs.admanmedia.com udp
NL 46.228.164.11:443 ad.turn.com tcp
FR 34.1.1.166:443 visitor.europe-west9.gcp.omnitagjs.com tcp
US 80.77.87.162:443 cs.admanmedia.com tcp
US 80.77.87.162:443 cs.admanmedia.com tcp
US 52.152.143.207:443 o.clarity.ms tcp
GB 143.244.38.136:443 api.pbxai.com tcp
NL 144.21.34.64:443 e3.adpushup.com tcp
US 52.152.143.207:443 o.clarity.ms tcp
NL 144.21.34.64:443 e3.adpushup.com tcp
US 3.233.155.176:443 http-intake.logs.datadoghq.com tcp
NL 144.21.34.64:443 e3.adpushup.com tcp
US 8.8.8.8:53 cdn.topsrvimp.com udp
US 3.233.155.176:443 http-intake.logs.datadoghq.com tcp
IE 52.31.185.73:443 match.prod.bidr.io tcp
IE 52.31.185.73:443 match.prod.bidr.io tcp
US 8.8.8.8:53 c.bannerflow.net udp
US 8.8.8.8:53 eu-west-1.event.prod.bidr.io udp
US 8.8.8.8:53 beacon-fra2.rubiconproject.com udp
US 8.8.8.8:53 media.bidr.io udp
US 8.8.8.8:53 ssl.connextra.com udp
GB 23.192.17.145:443 eus.rubiconproject.com tcp
NL 144.21.34.64:443 e3.adpushup.com tcp
NL 144.21.34.64:443 e3.adpushup.com tcp
US 8.8.8.8:53 csi.gstatic.com udp
US 8.8.8.8:53 bid.g.doubleclick.net udp
BE 64.233.184.155:443 bid.g.doubleclick.net tcp
US 199.232.211.52:443 cdn.topsrvimp.com tcp
US 8.8.8.8:53 cs.lkqd.net udp
US 8.8.8.8:53 ad.sxp.smartclip.net udp
US 35.186.194.101:443 ad.sxp.smartclip.net tcp
US 104.18.36.54:443 vast.doubleverify.com tcp
US 8.8.8.8:53 vpaid.doubleverify.com udp
GB 2.19.252.89:443 cdn.doubleverify.com tcp
US 8.8.8.8:53 vtrk.dv.tech udp
US 8.8.8.8:53 tpsc-video-eu.doubleverify.com udp
GB 142.250.187.202:443 imasdk.googleapis.com udp
GB 142.250.187.202:443 imasdk.googleapis.com udp
US 104.18.32.145:443 vpaid.doubleverify.com tcp
US 130.211.44.5:443 tpsc-video-eu.doubleverify.com tcp
US 172.64.149.179:443 vtrk.dv.tech tcp
US 104.18.32.145:443 vpaid.doubleverify.com tcp
GB 2.19.252.89:443 cdn.doubleverify.com tcp
US 8.8.8.8:53 cdn.doubleverify.com udp
US 34.111.113.62:443 pixel.tapad.com tcp
US 8.8.8.8:53 st.pubmatic.com udp
GB 2.19.252.89:443 cdn.doubleverify.com tcp
US 104.18.32.145:443 vpaid.doubleverify.com tcp
NL 185.64.189.221:443 st.pubmatic.com tcp
US 8.8.8.8:53 rtb0.doubleverify.com udp
US 8.8.8.8:53 gcdn.2mdn.net udp
US 172.64.149.179:443 vtrk.dv.tech tcp
GB 142.250.200.14:443 gcdn.2mdn.net tcp
US 130.211.44.5:443 rtb0.doubleverify.com tcp
IN 142.250.192.131:443 csi.gstatic.com tcp
IN 142.250.192.131:443 csi.gstatic.com tcp
IN 142.250.192.131:443 csi.gstatic.com tcp
IN 142.250.192.131:443 csi.gstatic.com tcp
IN 142.250.192.131:443 csi.gstatic.com tcp
IN 142.250.192.131:443 csi.gstatic.com tcp
US 130.211.44.5:443 rtb0.doubleverify.com tcp
US 8.8.8.8:53 r1---sn-aigl6nsr.c.2mdn.net udp
GB 74.125.105.134:443 r1---sn-aigl6nsr.c.2mdn.net tcp
GB 74.125.105.134:443 r1---sn-aigl6nsr.c.2mdn.net tcp
IN 142.250.192.131:443 csi.gstatic.com tcp
GB 142.250.200.14:443 gcdn.2mdn.net udp
GB 74.125.105.134:443 r1---sn-aigl6nsr.c.2mdn.net tcp
IN 142.250.192.131:443 csi.gstatic.com tcp
NL 69.173.156.149:443 pixel-eu.rubiconproject.com tcp
NL 69.173.156.148:443 pixel-eu.rubiconproject.com tcp
US 130.211.44.5:443 rtb0.doubleverify.com tcp
US 130.211.44.5:443 rtb0.doubleverify.com tcp
NL 185.64.189.114:443 image4.pubmatic.com tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net udp
GB 142.250.187.193:443 cdn.ampproject.org udp
US 130.211.44.5:443 rtb0.doubleverify.com tcp
US 52.152.143.207:443 o.clarity.ms tcp
US 172.67.8.174:443 sync-eu.connectad.io udp
IE 46.137.23.186:443 ms-cookie-sync.presage.io tcp
US 104.22.30.209:443 static.smilewanted.com tcp
US 35.186.253.211:443 rtb.openx.net udp
US 104.18.26.216:443 cs.ingage.tech tcp
US 45.55.124.119:443 exchange.cootlogix.com tcp
US 45.55.124.119:443 exchange.cootlogix.com tcp
US 104.18.34.178:443 mp.4dex.io tcp
US 34.120.63.153:443 prebid.media.net udp
DE 3.78.93.150:443 btlr.sharethrough.com tcp
US 69.166.1.64:443 apex.go.sonobi.com tcp
IE 52.214.20.127:443 g2.gumgum.com tcp
DE 3.78.93.150:443 btlr.sharethrough.com tcp
US 80.77.87.162:443 cs.admanmedia.com tcp
IE 46.137.23.186:443 ms-cookie-sync.presage.io tcp
US 104.22.30.209:443 static.smilewanted.com tcp
US 45.55.124.119:443 exchange.cootlogix.com tcp
US 104.22.30.209:443 static.smilewanted.com tcp
US 35.241.34.106:443 c.4dex.io udp
IE 46.137.23.186:443 ms-cookie-sync.presage.io tcp
US 35.241.34.106:443 c.4dex.io tcp
US 52.152.143.207:443 o.clarity.ms tcp
US 52.152.143.207:443 o.clarity.ms tcp
IE 54.76.235.151:443 match.360yield.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
JP 172.217.174.99:443 beacons.gcp.gvt2.com tcp
JP 172.217.174.99:443 beacons.gcp.gvt2.com tcp
US 172.64.144.50:443 www.temu.com tcp
US 130.211.44.5:443 rtb0.doubleverify.com tcp
US 130.211.44.5:443 rtb0.doubleverify.com tcp
US 130.211.44.5:443 rtb0.doubleverify.com tcp
NL 134.122.57.34:443 match.adsby.bidtheatre.com tcp
US 130.211.44.5:443 rtb0.doubleverify.com tcp
GB 142.250.179.228:443 www.google.com udp
US 130.211.44.5:443 rtb0.doubleverify.com tcp
US 130.211.44.5:443 rtb0.doubleverify.com tcp
US 172.64.150.63:443 s.tribalfusion.com udp
US 8.8.8.8:53 ads.travelaudience.com udp
US 8.8.8.8:53 s.ad.smaato.net udp
GB 23.192.21.198:443 sync.teads.tv tcp
US 130.211.44.5:443 rtb0.doubleverify.com tcp
US 35.190.0.66:443 ads.travelaudience.com tcp
GB 23.192.17.97:443 secure.insightexpressai.com tcp
US 35.190.0.66:443 ads.travelaudience.com tcp
FR 164.132.25.181:443 ssbsync.smartadserver.com tcp
GB 23.192.21.198:443 sync.teads.tv tcp
FR 164.132.25.181:443 ssbsync.smartadserver.com tcp
US 8.8.8.8:53 tps-dn-ew1.doubleverify.com udp
BE 35.210.149.152:443 tps-dn-ew1.doubleverify.com tcp
NL 34.1.242.226:443 s.ad.smaato.net tcp
NL 34.1.242.226:443 s.ad.smaato.net tcp
BE 35.210.149.152:443 tps-dn-ew1.doubleverify.com tcp
US 130.211.44.5:443 rtb0.doubleverify.com tcp
US 130.211.44.5:443 rtb0.doubleverify.com tcp
US 130.211.44.5:443 rtb0.doubleverify.com tcp
US 130.211.44.5:443 rtb0.doubleverify.com tcp
US 130.211.44.5:443 rtb0.doubleverify.com tcp
US 80.77.84.96:443 csync.copper6.com tcp
US 104.17.159.237:443 cdn.fuseplatform.net tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 130.211.44.5:443 rtb0.doubleverify.com tcp
US 80.77.87.166:443 cs.admanmedia.com tcp
US 80.77.87.166:443 cs.admanmedia.com tcp
FR 3.160.196.11:443 config.aps.amazon-adsystem.com tcp
FR 3.160.182.59:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 ox-rtb-europe-west4.openx.net udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 34.98.84.165:443 ox-rtb-europe-west4.openx.net tcp
JP 172.217.174.99:443 beacons.gcp.gvt2.com tcp
FR 52.85.111.9:443 aax.amazon-adsystem.com tcp
US 34.98.64.218:443 buysellads-d.openx.net udp
FR 3.160.196.11:443 config.aps.amazon-adsystem.com tcp
FR 3.160.182.59:443 c.amazon-adsystem.com tcp
US 34.98.64.218:443 buysellads-d.openx.net tcp
JP 172.217.174.99:443 beacons.gcp.gvt2.com tcp
FR 52.85.111.9:443 aax.amazon-adsystem.com tcp
US 130.211.44.5:443 rtb0.doubleverify.com tcp
US 130.211.44.5:443 rtb0.doubleverify.com tcp
US 130.211.44.5:443 rtb0.doubleverify.com tcp
US 8.8.8.8:53 secure.cdn.fastclick.net udp
US 172.64.149.179:443 vtrk.dv.tech udp
FR 54.230.112.73:443 tags.crwdcntrl.net udp
GB 23.49.163.193:443 secure.cdn.fastclick.net tcp
US 130.211.44.5:443 rtb0.doubleverify.com tcp
US 130.211.44.5:443 rtb0.doubleverify.com tcp
IE 54.171.6.32:443 pr-bh.ybp.yahoo.com tcp
DE 37.252.173.215:443 ib.adnxs.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
DE 91.228.74.244:443 cms.quantserve.com tcp
US 8.8.8.8:53 eu-u.openx.net udp
IN 142.250.192.131:443 csi.gstatic.com udp
DE 37.252.173.215:443 ib.adnxs.com tcp
DE 3.78.93.150:443 btlr.sharethrough.com tcp
NL 69.173.156.150:443 prebid-server.rubiconproject.com tcp
NL 178.250.1.56:443 bidder.criteo.com tcp
US 131.153.171.234:443 server.cpmstar.com tcp
US 131.153.171.234:443 server.cpmstar.com tcp
US 131.153.171.234:443 server.cpmstar.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp

Files

memory/2432-0-0x00007FFC07833000-0x00007FFC07835000-memory.dmp

memory/2432-1-0x0000000000A40000-0x0000000000A54000-memory.dmp

memory/2432-6-0x00007FFC07830000-0x00007FFC082F1000-memory.dmp

memory/2432-7-0x000000001C360000-0x000000001C464000-memory.dmp

memory/2432-8-0x00007FFC07833000-0x00007FFC07835000-memory.dmp

memory/2432-9-0x00007FFC07830000-0x00007FFC082F1000-memory.dmp

C:\Users\Admin\AppData\Roaming\test.exe

MD5 1e0aa64bead9e0338618646b79e4a77b
SHA1 8c3985be98bbfbbc02a0ec6d2d5801483251cf84
SHA256 fabc467aee7674695a0e55e90f4d7136835d9876fddeac5a9af3e4a071772af5
SHA512 eef3fc34edf692ef633080f3fc8ae84c3c60ade77774d994186337a25b9bc26c0a7b0b011d9b03fffbe26c5c3516b3befe4d4fb843d3350d97abdd33b8dcdf83

memory/2916-13-0x00007FFC07830000-0x00007FFC082F1000-memory.dmp

memory/2916-15-0x00007FFC07830000-0x00007FFC082F1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\test.exe.log

MD5 2ff39f6c7249774be85fd60a8f9a245e
SHA1 684ff36b31aedc1e587c8496c02722c6698c1c4e
SHA256 e1b91642d85d98124a6a31f710e137ab7fd90dec30e74a05ab7fcf3b7887dced
SHA512 1d7e8b92ef4afd463d62cfa7e8b9d1799db5bf2a263d3cd7840df2e0a1323d24eb595b5f8eb615c6cb15f9e3a7b4fc99f8dd6a3d34479222e966ec708998aed1

memory/2432-23-0x00007FFC07830000-0x00007FFC082F1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmp4893.tmp.bat

MD5 028bcedcaf6e8cf6c3a6140890246322
SHA1 a4d80053c12cba73019761d3104d70d252f61996
SHA256 a0fc9ac91019304d630d383be283252fb02c6520578c97c1a4834ae0b90d741e
SHA512 a0775374749a14b9b3d5e748c72f7db986eb2e51d580a591add7bd23834748de08c056321f82f737371d7a887d5e09aa28d8d8ec1c8da34ddbaac34fe9e53ea0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 19f8d46520a337f36d7e56ce71d6ea21
SHA1 126f8dc52c366a1c6dd64b81d792048e60bd2ec4
SHA256 b11e398de7d75612171b10ae0a7c7ebc914d38f4a1ba16d891abd94d91c47559
SHA512 79205f4bc141474a380829d1521c04284ff7a299a7987fa7f9a745425fc244ec526def1e7b5db46f90906d7781e96250e56e6787c93519950bba386f8113a3e0

\??\pipe\crashpad_4936_KLUKRXMCCZZWQYCF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 24375da6a6b73bc41f0a8c5aba46d5f4
SHA1 2b1a119f264f97283c40fd1716f93f0bc55b251f
SHA256 84055fb15a531587c2e604fb5e2e88b7973327d635214a1c980fa97ab5f03198
SHA512 4f5d56451eb3ee327e0a342a1b3cc1c4bf458663dfb4787a1f989e3c98175d39a2983f4f682425b6f1b05e34a52e0f5582c35bc784d7f3474d94eee3d36a2c33

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7f78954dbd31fc1712d11ca0ba9c1d74
SHA1 0cfeccb118ec8b485680f390cd33cb2c7816d6c1
SHA256 f3c417020fa32930008f010318cedc9c363251808bc93d894ca1583d7eae6774
SHA512 b59b57ff4cb43d974095e5d3b28e0b07784369eca52e15781334255e2aecba8f991afbc043a03300e7a0f1c6ad3fd9c54fdf1e58e3d0a5b4f4b199cdb6c597c9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8c62ba817f76615b832e7dc59c95eef8
SHA1 a019e23ecb8004635a9616d3fb50129afa7d4eda
SHA256 f2b6d0a0ad969356fee9da9e64beeaf0696b03aad651fb302eabce6b4958e9a1
SHA512 02102f742e370e95c1302fde6d5f3805ad46ae189188081cfc1afef456e917f54dd99c7fba12c929cd3dd26c3bdc848c301b9bcd72d4bf4b3482b4dac1660931

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 a167fde00a63a7b857e6ca122fe79f60
SHA1 17c511d5149821f0fe82481bf2629c7b551ea3fb
SHA256 f90e2f5f5eabc58e73207f4cbe3dba5d79811b6716f9f13a8807b3813a564509
SHA512 d7da8d099c805439d09b2f6202243e0b2e6004cdfdb4f4cead20dd7e9610502388fcba480694ee8b1f4f7bf40cb44e666f15ee79d4eb5b57430bcfaad0f67902

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6cc37809168123ece286461d72f16e2b
SHA1 9a38ccdc40ac848abd82b603df62b26bfd240d19
SHA256 7f09835024ff4f446be3911eb894e56cd4cb51d09a61565029241fb9bdae9fca
SHA512 7ccd4056d581c42d5f3eca3391f6b40309a6d04d210500a2d333665225707bad5feae5f16a7b45ff4ead3cec3c3d9771b90d2eb92c0a4cb948199483830e1d63

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 2c18eecb0c175a6b11dfc8f44877f6d9
SHA1 f68735ba20693f00c3d74c2691e9f997b23244c7
SHA256 0b67daa42522682eecabdf87d0e8095121d4ff4975e22e3a6e63dbf783fde986
SHA512 daba7d04632b5b73f6d90b26df2f3c34980fe20fc694abf54cf4d38c8c37b8bbc0cc63723836d5286e34b4e75cec2b8707216b56ca216e96726ce7fa70ceb244

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 b21f631c4cbe2998ccc77c62936e1db8
SHA1 52c0a101808db0bfa3748a8a95dd7a228c2218d1
SHA256 5da17e2266788359dbc3dff13e45ade336e96248fcb5a4c06caa64ecfa7ca21a
SHA512 03995589226c61be4b1c93d6831be904f2336336139e0c4527ee355c88499f02f28291e5269b19a82c51a318960f5c7c3eb8dd137dc6b03ee68f136c0fab8c1e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5aec74.TMP

MD5 48c4d92213108611900a483b9853b825
SHA1 76b7388a3aaefbff09c1f1ab95235ff77366284b
SHA256 8fe567647b838760ac3f490c692253bf88fe9a7891bc56e287404c4a163a360c
SHA512 614c601dffc327af234c3dc7a1b16ce564610ebab90a4c4a35867f00f7071bfd928e24e3c81ed8d47e438e19dd9a381c67cc8342714930d556fa62b37d5ceea8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.iplocation.net_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.iplocation.net_0.indexeddb.leveldb\000001.dbtmp

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9c99feb9b39a17ebb5c968a7ebadce47
SHA1 776c908fa3a55618754b245ddeb04b012f487c35
SHA256 dc05ccb7c57600c986a8a8f38c92ed2d72a13802844986cabffe2a8cd80178be
SHA512 dece5aab0a21dc17b592b28b6df137b6af0f02fdbde209370e8aee3e45bf6f44617424d4f87ffbb1125ecfeba3a4c72d2103037905fa6952c57d80499572f42a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00008f

MD5 34db3aa27a7ebc99500c3dad294e0367
SHA1 1deedf85cd58d1cbc83ba6dd985c764169ad3d02
SHA256 c5f1654c076c6c3142872cf17ca98a2e99acbe74f1a96b4722da3190c3e27b7b
SHA512 c7bb3bf68c7105f9ae956fc307f18e391dd683cb9a1798b246990b93046bf3bf40b1e62120fea1ae20fab583acaad5fee9d15d25cfc08ebc122a2cb5f631dd3f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00008e

MD5 6876b9fa77d04a990aed45bf263be0f4
SHA1 da839f0bd43484ffb41abe8d848f4682c4d72dc9
SHA256 c2651a1004a46fa6fc26303b06a112a448d169f67ba1a7ae8fa59285b9bd9e50
SHA512 7bfba9cc1375e5ee3b58efa777b4ae217eebb8acdc2873f3256903de0d6aaca3f87d6f110d683c9badb40968ed2f59f9046d15628513be6ba9d2965585a3f1e0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\336a68eaaf209f48_0

MD5 b85e94c24ca05700d2bd6f6576c2041c
SHA1 c209ceda06bac30675e7d6039d1077d43453a546
SHA256 46414f247ffda26009b0d2f6cc49118d860034ef70c35147319fa0340ac374bb
SHA512 379827d5f13356e9c77d039065fbde42831733126f3bebb41ae4ba90f4b1d9acddfe28653d7b790f4e47137cd7872660e66cfe30f4c761ffed1dc0f06a4a3c5b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\135a9e73b7a29232_0

MD5 2f22745d88e9ae2a1af50b77f5fa0229
SHA1 3c81f058ec20bb957ecf24356b2faf3512eb7835
SHA256 1a41cae26768cbdb7de926c4abcd6ebf2cfa267c07a0fb3d32ee1c602528604e
SHA512 e63a0c0ef66c53c19a714b8ed06538659f3e4c43df1e27ee986dbbf104e12a02527bed75ecc99bf6000c036fbb34a1726a95fb793689249a92c9c44bcfc2cf05

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 78e8f8ac8f3545dc612f1e55962b96b9
SHA1 f2658ed2a47638d06d8819e5e41e5168f29cd76f
SHA256 da51d7ecde0b2930d2360939e734dae601d0ca55bc6e3c1bdce8d1c3c1ebe73e
SHA512 f4aeb67268a167f192e6f07ba6d2b2780bbd3a8a7bb469469cc978462e492dc6178a8175e17bf12378785d08236734f37770874dea32714cec5acb43e04bd318

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 053b4a52d0b8d3b053ac280a2c618e65
SHA1 ae1dd9015248ffe165be5bc70e0b265232994585
SHA256 ca0b02334f5631da33c56c1f9f66425ec4b048b18f64bea7561736566bdb11c8
SHA512 dfc26b20bbd8a0894f087d3f4ec8db7ce038e94fa412a67853204b69383b79e7ef9def0875a043fdd32a29114874864c86e3d9d757c61ac4e05491466bafe584

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\index-dir\the-real-index

MD5 c832b495b45adb2de9947b6dacc0c072
SHA1 89c874024f56fe7129bc2dccc194773c46ccc84f
SHA256 3939b39a6c547a2c5b8d0958c81d2ba9251c7f807867c3a40163c45eea3a19b3
SHA512 68d8d83093fb8a47e13c1e96fef46c2a794db48a7e0461b41afb2b9fd73e162f62b3fb3e2a1cb8402727a638798744114a8d035667b631d1c730f68e2a2ee823

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000074

MD5 83266658f29f5cb762001d5d9f6985a7
SHA1 9ff52157193e1e798944e6a3172d938183f5e550
SHA256 60072b4eb6fc5f1f1214a34fcd55b3cbd1d05eddf778f85611f9b352c4c6452d
SHA512 60b2a8749bb597b71c6cb7113c4ea6c430ab90c6f6a5f78a36ab5fbd2676fbc173ade236be939e862569c786fbdc8e0aa984f1ae4263e91de2ba681cc8ce5d66

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006f

MD5 6dc758b73cca60a1a581a33e0cf2e8ae
SHA1 efa96dfe51f74a699b05e441bfd60febc99d9312
SHA256 33c350310e8b2af2b7387d60b2be7e2e2cb78dffed422c478632626bbc42386c
SHA512 9d95d502d06e3c024b5a8c2ab4cd69b264552637ebad5253878c9a626659b92813d028ed87c16611ded3a38aae706ac6beef5484d4391af2d0587ab54715ac9b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\97e99a4140663f1f_0

MD5 4ccf14dae23f9915ccb0606657e02818
SHA1 40d419776351059cd46a82ad955b8f8dde4e80ac
SHA256 5c020b3897c505a5659d39d6e14a76f5b44feaa094b7bb78ce0667426dc52767
SHA512 61afffd91d22013fec74b6d4be97b241d432c666bc478a7e06315f42326d69321b43525864cc5171161c8e9d780444b83c1bd461194d36ba7761249efb7c469d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000099

MD5 839c0f19f071a97b420bf573dc1102f5
SHA1 9654cad2cc914ec1905d30fcc75b3a7aeb4e4ada
SHA256 5517b90cb50d0e4de8872772dfd8433fe865d147bb6dfe909fa480b9552c1402
SHA512 0ba1bb94d6e6038ea1866d14283a666985ce312f3ad1ce1dd78ad57c04ddc58976e257dfcf393ab06625aab1add6237b523088862536b4a8b91cb1b4504d9677

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6f28bbef3ef4ba52fba640da0795d2d7
SHA1 1e22a23fa3835a03bf8032e40037a8d31e315a0b
SHA256 9ab81dd6da03c7114baedcfae994d3ebd5418a1bc1c5e764fca4de1bf0c90526
SHA512 0f1e533851bd7a6fa2a4fd7a27faf1e44c171c1d5b1f1f873cadea180f3c10e11d6cc64e1a2c96a91ab43d858caffa98a0669af305c9e5a3c33a80dc904e3436

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 5a84f5a2637679ffec3bbb3ad1b085dd
SHA1 4ff3f3e5c7fb7702521ee2df0ba297bcab23f231
SHA256 e8e66c59a0e4ea9aae4585a3466280555b45fb340cfe48e75572c4b012669c9e
SHA512 8ce2f5fa5b1864c2bcbcd719d8bc7a8d702b9aec4057edb8b3c007a6749973a5f55ad3d6b5dd8150b886575936432d30960f98f2283c199485207887a890f6ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000048

MD5 e6ec1df39aa8d07cf330a72f47196abf
SHA1 801af4548a1108d80264f289a2c4198cb273c2c6
SHA256 18117406ad59b6a0d16b1fa1ddeb2d53210aa3fde7a2d3ea00704d3187257ca2
SHA512 ec806a7550dd0f9f6b0e8a14d9f00277690b771230829ba07f29807412a04b337ed893caed31363ead5cbb2e933cc2561643e1568c22094fd216d4d950bd12e9

Analysis: behavioral2

Detonation Overview

Submitted

2025-03-26 13:23

Reported

2025-03-26 13:29

Platform

win10ltsc2021-20250314-de

Max time kernel

174s

Max time network

219s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Client1.exe"

Signatures

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Xworm

trojan rat xworm

Xworm family

xworm

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Client1.exe N/A

Drops startup file

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\test.lnk C:\Users\Admin\AppData\Local\Temp\Client1.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\test.lnk C:\Users\Admin\AppData\Local\Temp\Client1.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\test.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\test = "C:\\Users\\Admin\\AppData\\Roaming\\test.exe" C:\Users\Admin\AppData\Local\Temp\Client1.exe N/A

Enumerates physical storage devices

Delays execution with timeout.exe

defense_evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\timeout.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\schtasks.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Client1.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\test.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\test.exe N/A

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\Client1.exe

"C:\Users\Admin\AppData\Local\Temp\Client1.exe"

C:\Windows\System32\schtasks.exe

"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "test" /tr "C:\Users\Admin\AppData\Roaming\test.exe"

C:\Users\Admin\AppData\Roaming\test.exe

"C:\Users\Admin\AppData\Roaming\test.exe"

C:\Users\Admin\AppData\Roaming\test.exe

"C:\Users\Admin\AppData\Roaming\test.exe"

C:\Windows\System32\schtasks.exe

"C:\Windows\System32\schtasks.exe" /delete /f /tn "test"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmpED35.tmp.bat""

C:\Windows\system32\timeout.exe

timeout 3

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.telegram.org udp
NL 149.154.167.220:443 api.telegram.org tcp
US 8.8.8.8:53 park-meetup.gl.at.ply.gg udp
US 147.185.221.18:62592 park-meetup.gl.at.ply.gg tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.180.3:80 c.pki.goog tcp

Files

memory/4424-0-0x00007FFC63DB3000-0x00007FFC63DB5000-memory.dmp

memory/4424-1-0x0000000000300000-0x0000000000314000-memory.dmp

memory/4424-6-0x00007FFC63DB0000-0x00007FFC64872000-memory.dmp

memory/4424-7-0x000000001BC40000-0x000000001BD44000-memory.dmp

memory/4424-8-0x00007FFC63DB3000-0x00007FFC63DB5000-memory.dmp

memory/4424-9-0x00007FFC63DB0000-0x00007FFC64872000-memory.dmp

C:\Users\Admin\AppData\Roaming\test.exe

MD5 1e0aa64bead9e0338618646b79e4a77b
SHA1 8c3985be98bbfbbc02a0ec6d2d5801483251cf84
SHA256 fabc467aee7674695a0e55e90f4d7136835d9876fddeac5a9af3e4a071772af5
SHA512 eef3fc34edf692ef633080f3fc8ae84c3c60ade77774d994186337a25b9bc26c0a7b0b011d9b03fffbe26c5c3516b3befe4d4fb843d3350d97abdd33b8dcdf83

memory/5796-13-0x00007FFC63DB0000-0x00007FFC64872000-memory.dmp

memory/5796-15-0x00007FFC63DB0000-0x00007FFC64872000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\test.exe.log

MD5 11c6e74f0561678d2cf7fc075a6cc00c
SHA1 535ee79ba978554abcb98c566235805e7ea18490
SHA256 d39a78fabca39532fcb85ce908781a75132e1bd01cc50a3b290dd87127837d63
SHA512 32c63d67bf512b42e7f57f71287b354200126cb417ef9d869c72e0b9388a7c2f5e3b61f303f1353baa1bf482d0f17e06e23c9f50b2f1babd4d958b6da19c40b0

memory/4424-23-0x00007FFC63DB0000-0x00007FFC64872000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmpED35.tmp.bat

MD5 f992081faf753219c06631cae1c91449
SHA1 61952dadeb5ba8d7a39909750074a938ff2a055b
SHA256 5272ed2e2792fc651b319da8082eb495fb553edd9f3fb3b6ce9af575815b19b8
SHA512 fe103b371d7bfbd309d44f4d15466fc2c6738ce82789abaf666df3c995bb6e1edfd5343927eae00bff7ebafaa52f1e6d1eea43ea7172b3ae7bcf1c1b05c16d9b

Analysis: behavioral3

Detonation Overview

Submitted

2025-03-26 13:23

Reported

2025-03-26 13:28

Platform

win11-20250313-de

Max time kernel

176s

Max time network

283s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Client1.exe"

Signatures

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Xworm

trojan rat xworm

Xworm family

xworm

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\test.lnk C:\Users\Admin\AppData\Local\Temp\Client1.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\test.lnk C:\Users\Admin\AppData\Local\Temp\Client1.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\test.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000\Software\Microsoft\Windows\CurrentVersion\Run\test = "C:\\Users\\Admin\\AppData\\Roaming\\test.exe" C:\Users\Admin\AppData\Local\Temp\Client1.exe N/A

Enumerates physical storage devices

Delays execution with timeout.exe

defense_evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\timeout.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\schtasks.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Client1.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\test.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\test.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\Client1.exe

"C:\Users\Admin\AppData\Local\Temp\Client1.exe"

C:\Windows\System32\schtasks.exe

"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "test" /tr "C:\Users\Admin\AppData\Roaming\test.exe"

C:\Users\Admin\AppData\Roaming\test.exe

C:\Users\Admin\AppData\Roaming\test.exe

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

C:\Users\Admin\AppData\Roaming\test.exe

C:\Users\Admin\AppData\Roaming\test.exe

C:\Windows\System32\schtasks.exe

"C:\Windows\System32\schtasks.exe" /delete /f /tn "test"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp1D9B.tmp.bat""

C:\Windows\system32\timeout.exe

timeout 3

Network

Country Destination Domain Proto
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
NL 149.154.167.220:443 api.telegram.org tcp
US 147.185.221.18:62592 park-meetup.gl.at.ply.gg tcp
GB 142.250.180.3:80 c.pki.goog tcp
US 147.185.221.18:62592 park-meetup.gl.at.ply.gg tcp
US 147.185.221.18:62592 park-meetup.gl.at.ply.gg tcp

Files

memory/5036-0-0x00007FFB70D03000-0x00007FFB70D05000-memory.dmp

memory/5036-1-0x0000000000880000-0x0000000000894000-memory.dmp

memory/5036-6-0x00007FFB70D00000-0x00007FFB717C2000-memory.dmp

memory/5036-7-0x000000001C340000-0x000000001C444000-memory.dmp

memory/5036-8-0x00007FFB70D03000-0x00007FFB70D05000-memory.dmp

memory/5036-9-0x00007FFB70D00000-0x00007FFB717C2000-memory.dmp

memory/5036-11-0x00000000010E0000-0x00000000010EA000-memory.dmp

C:\Users\Admin\AppData\Roaming\test.exe

MD5 1e0aa64bead9e0338618646b79e4a77b
SHA1 8c3985be98bbfbbc02a0ec6d2d5801483251cf84
SHA256 fabc467aee7674695a0e55e90f4d7136835d9876fddeac5a9af3e4a071772af5
SHA512 eef3fc34edf692ef633080f3fc8ae84c3c60ade77774d994186337a25b9bc26c0a7b0b011d9b03fffbe26c5c3516b3befe4d4fb843d3350d97abdd33b8dcdf83

memory/2064-14-0x00007FFB70D00000-0x00007FFB717C2000-memory.dmp

memory/2064-16-0x00007FFB70D00000-0x00007FFB717C2000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 2ff5abf5c4b9149a19245eb28c0c6613
SHA1 7a9fd1ea4ff86b8476d054623d3fba36322c34cc
SHA256 6c8602dc88149327a96d492ded042038b3a743ef517abb653945f2f1945bb372
SHA512 c51182916c0f09b989a0b068845a355a108e2ff7ee0254e1690f32902e40e2c9c7be44876f5954c20e48317fef4d9cd93000e9b54678599ca045c1096a547b51

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 aa5f023c947a39567aa77454805172c5
SHA1 2eeb0726882d0f09dc2d63f69ed40aa60ed205bd
SHA256 e8164ec588c417d10454e45cfd179ff2db21b9327c6bf75112e245dc5be4fd4b
SHA512 249439d8114d1f29b570ee9c5e742b922ac525af26a0ba5054892faaff80ac3af04cb55283e74373bd6b2ff8226584ea3e8c66d7e5ea1da0ff93fcf365cb2155

memory/5036-36-0x000000001C330000-0x000000001C33C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\test.exe.log

MD5 2cbbb74b7da1f720b48ed31085cbd5b8
SHA1 79caa9a3ea8abe1b9c4326c3633da64a5f724964
SHA256 e31b18f21621d9983bfdf1ea3e53884a9d58b8ffd79e0e5790da6f3a81a8b9d3
SHA512 ecf02d5240e0c1c005d3ab393aa7eff62bd498c2db5905157e2bf6d29e1b663228a9583950842629d1a4caef404c8941a0c7799b1a3bd1eb890a09fdb7efcff9

C:\Users\Admin\AppData\Local\Temp\tmp1D9B.tmp.bat

MD5 dddb96e35043307594dafb09f44efb7a
SHA1 bff323c893c42dec5f612f4e0fe63719e86353b6
SHA256 19b2bdbfccf79a27aa7e5e17b99f34656b9d97cb4a15d5dca659e868e971855e
SHA512 cd1c3f25f4e906ec7483159e7254e1cc7b9d28c902bfceb080b582f5e28d74ff4dbb0133b4d564a267ced8df0eecf1c7bea9fb75c7555d6c537d91586fdc7a74

memory/5036-45-0x00007FFB70D00000-0x00007FFB717C2000-memory.dmp