Analysis Overview
SHA256
fabc467aee7674695a0e55e90f4d7136835d9876fddeac5a9af3e4a071772af5
Threat Level: Known bad
The file Client1.exe was found to be: Known bad.
Malicious Activity Summary
Detect Xworm Payload
Xworm family
Gurcu family
Gurcu, WhiteSnake
Xworm
Executes dropped EXE
Checks computer location settings
Drops startup file
Mark of the Web detected: This indicates that the page was originally saved or cloned.
Adds Run key to start application
Looks up external IP address via web service
Unsigned PE
Browser Information Discovery
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Scheduled Task/Job: Scheduled Task
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Modifies registry class
Delays execution with timeout.exe
Modifies data under HKEY_USERS
Suspicious use of SetWindowsHookEx
Uses Task Scheduler COM API
Suspicious use of FindShellTrayWindow
Checks processor information in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2025-03-26 13:23
Signatures
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Xworm family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-03-26 13:23
Reported
2025-03-26 13:28
Platform
win10v2004-20250314-de
Max time kernel
272s
Max time network
275s
Command Line
Signatures
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Gurcu family
Gurcu, WhiteSnake
Xworm
Xworm family
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Client1.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\test.lnk | C:\Users\Admin\AppData\Local\Temp\Client1.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\test.lnk | C:\Users\Admin\AppData\Local\Temp\Client1.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\test.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\test.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\test = "C:\\Users\\Admin\\AppData\\Roaming\\test.exe" | C:\Users\Admin\AppData\Local\Temp\Client1.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | www.iplocation.net | N/A | N/A |
| N/A | www.iplocation.net | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | whatismyipaddress.com | N/A | N/A |
| N/A | www.iplocation.net | N/A | N/A |
Mark of the Web detected: This indicates that the page was originally saved or cloned.
| Description | Indicator | Process | Target |
| N/A | https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133874692366207204" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\Client1.exe
"C:\Users\Admin\AppData\Local\Temp\Client1.exe"
C:\Windows\System32\schtasks.exe
"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "test" /tr "C:\Users\Admin\AppData\Roaming\test.exe"
C:\Users\Admin\AppData\Roaming\test.exe
C:\Users\Admin\AppData\Roaming\test.exe
C:\Users\Admin\AppData\Roaming\test.exe
C:\Users\Admin\AppData\Roaming\test.exe
C:\Windows\System32\schtasks.exe
"C:\Windows\System32\schtasks.exe" /delete /f /tn "test"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp4893.tmp.bat""
C:\Windows\system32\timeout.exe
timeout 3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffc151adcf8,0x7ffc151add04,0x7ffc151add10
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2016,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1944 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=de --service-sandbox-type=none --string-annotations --field-trial-handle=1628,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2196 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=de --service-sandbox-type=service --string-annotations --field-trial-handle=2308,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2408 /prefetch:8
C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3240,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3260 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3336,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3512 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4364,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4384 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4692,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4784 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=de --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5420,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5360 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5360,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5436 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5504,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3588 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=de --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3556,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3488 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5660,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3540 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5948,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5836 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5976,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6008 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=6136,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6156 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=6376,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6396 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=6508,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6544 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=6660,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6680 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6800,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6824 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=7076,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6948 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5724,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5516 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6540,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6060 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6880,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6928 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=3536,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6656 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6920,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6440 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=de --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3032,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5880 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4a0 0x4f8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=de --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6264,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3640 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=de --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6204,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3588 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=de --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6132,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6268 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=4532,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4412 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=4480,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4524 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=6032,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6236 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=6420,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6964 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=6340,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5820 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=7300,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7312 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=7456,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7468 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=7592,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7612 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=7780,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7744 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=7896,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7920 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=8040,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=8136 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=8536,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=8504 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=8596,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=8544 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=8736,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=8752 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=8896,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=8908 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=9052,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=9084 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=9208,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=9224 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=8916,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=9380 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=9520,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=9536 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=9664,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=9676 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=9836,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=9848 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=9844,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=10004 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=10132,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=10160 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=10428,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=10444 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=10588,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=10600 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --field-trial-handle=10752,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=10620 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --field-trial-handle=10896,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=10912 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --field-trial-handle=10640,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=11208 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --field-trial-handle=10296,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=10364 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --field-trial-handle=10480,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=8272 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --field-trial-handle=11284,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=11316 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --field-trial-handle=11460,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=11472 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --field-trial-handle=11532,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=11648 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --field-trial-handle=11464,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=11676 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --field-trial-handle=11652,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=11944 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --field-trial-handle=12068,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=12164 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --field-trial-handle=9104,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=12104 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --field-trial-handle=12112,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=12192 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --field-trial-handle=7600,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=8528 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --field-trial-handle=9504,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7656 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --field-trial-handle=12792,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=12116 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --field-trial-handle=12860,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=12864 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --field-trial-handle=12904,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=12356 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --field-trial-handle=13036,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=13048 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --field-trial-handle=13112,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=13260 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --field-trial-handle=13092,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=13236 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --field-trial-handle=13132,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=13300 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --field-trial-handle=12932,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=12788 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --field-trial-handle=13796,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=13808 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --field-trial-handle=13832,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=13956 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --field-trial-handle=14180,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=12896 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --field-trial-handle=14096,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=14108 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --field-trial-handle=14264,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=14328 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --field-trial-handle=14260,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=14560 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --field-trial-handle=14308,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=14700 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --field-trial-handle=14824,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=14924 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --field-trial-handle=15044,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=15080 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --field-trial-handle=11912,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=13816 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --field-trial-handle=15560,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=13792 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --field-trial-handle=10452,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=10564 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --field-trial-handle=10540,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=10568 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --field-trial-handle=13088,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=13760 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --field-trial-handle=13732,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=13748 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --field-trial-handle=15344,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=14884 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --field-trial-handle=13328,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=14612 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=de --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --field-trial-handle=12320,i,12869368814766986538,8587661241658901877,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=12340 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.telegram.org | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 8.8.8.8:53 | park-meetup.gl.at.ply.gg | udp |
| US | 147.185.221.18:62592 | park-meetup.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | ogads-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 216.58.212.206:443 | play.google.com | udp |
| GB | 142.250.179.238:443 | apis.google.com | udp |
| GB | 216.58.212.234:443 | ogads-pa.clients6.google.com | tcp |
| GB | 216.58.212.206:443 | play.google.com | tcp |
| GB | 216.58.212.206:443 | play.google.com | tcp |
| GB | 142.250.179.238:443 | apis.google.com | tcp |
| GB | 142.250.179.238:443 | apis.google.com | tcp |
| GB | 216.58.212.234:443 | ogads-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.179.228:443 | www.google.com | udp |
| GB | 216.58.212.234:443 | ogads-pa.clients6.google.com | tcp |
| US | 8.8.8.8:53 | dns-tunnel-check.googlezip.net | udp |
| US | 8.8.8.8:53 | tunnel.googlezip.net | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 216.58.212.234:443 | ogads-pa.clients6.google.com | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 216.58.212.206:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 216.58.204.78:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | whatismyipaddress.com | udp |
| US | 104.19.223.79:443 | whatismyipaddress.com | tcp |
| US | 104.19.223.79:443 | whatismyipaddress.com | tcp |
| US | 104.19.223.79:443 | whatismyipaddress.com | tcp |
| US | 104.19.223.79:443 | whatismyipaddress.com | tcp |
| US | 104.19.223.79:443 | whatismyipaddress.com | tcp |
| US | 104.19.223.79:443 | whatismyipaddress.com | tcp |
| US | 104.19.223.79:443 | whatismyipaddress.com | udp |
| US | 8.8.8.8:53 | a.omappapi.com | udp |
| US | 8.8.8.8:53 | cmp.inmobi.com | udp |
| US | 8.8.8.8:53 | a.pub.network | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | zipthelake.com | udp |
| FR | 54.230.112.56:443 | cmp.inmobi.com | tcp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| GB | 143.244.38.136:443 | a.omappapi.com | tcp |
| US | 104.18.20.206:443 | a.pub.network | tcp |
| US | 34.110.146.185:443 | zipthelake.com | tcp |
| US | 8.8.8.8:53 | api.omappapi.com | udp |
| US | 8.8.8.8:53 | optimise.net | udp |
| US | 8.8.8.8:53 | api.floors.dev | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | d.pub.network | udp |
| US | 34.111.152.239:443 | optimise.net | tcp |
| US | 34.160.128.112:443 | api.floors.dev | tcp |
| US | 104.18.3.9:443 | api.omappapi.com | tcp |
| US | 34.160.152.31:443 | d.pub.network | tcp |
| GB | 142.250.200.46:443 | clients2.google.com | udp |
| GB | 172.217.169.10:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 8.8.8.8:53 | static.adsafeprotected.com | udp |
| US | 104.18.20.206:443 | a.pub.network | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| FR | 54.230.112.56:443 | cmp.inmobi.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | td.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | onesignal.com | udp |
| BE | 74.125.133.157:443 | stats.g.doubleclick.net | tcp |
| GB | 142.250.179.226:443 | td.doubleclick.net | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| GB | 172.217.16.227:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | api.cmp.inmobi.com | udp |
| US | 8.8.8.8:53 | o.clarity.ms | udp |
| DE | 52.59.81.144:443 | api.cmp.inmobi.com | tcp |
| US | 52.152.143.207:443 | o.clarity.ms | tcp |
| GB | 52.84.90.27:443 | static.adsafeprotected.com | tcp |
| GB | 142.250.187.194:443 | securepubads.g.doubleclick.net | tcp |
| US | 34.110.146.185:443 | zipthelake.com | udp |
| GB | 142.250.187.194:443 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.187.194:443 | securepubads.g.doubleclick.net | udp |
| US | 34.110.146.185:443 | zipthelake.com | tcp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| IE | 13.74.129.1:443 | c.clarity.ms | tcp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 150.171.28.10:443 | c.bing.com | tcp |
| US | 34.111.152.239:443 | optimise.net | tcp |
| US | 34.111.152.239:443 | optimise.net | udp |
| US | 34.110.146.185:443 | zipthelake.com | udp |
| US | 8.8.8.8:53 | cdn.confiant-integrations.net | udp |
| US | 8.8.8.8:53 | c.pub.network | udp |
| US | 34.160.152.31:443 | c.pub.network | tcp |
| US | 34.160.152.31:443 | c.pub.network | tcp |
| US | 34.160.152.31:443 | c.pub.network | udp |
| US | 104.18.43.90:443 | cdn.confiant-integrations.net | tcp |
| US | 104.18.43.90:443 | cdn.confiant-integrations.net | udp |
| US | 8.8.8.8:53 | freestar-io.videoplayerhub.com | udp |
| US | 8.8.8.8:53 | cdn.hadronid.net | udp |
| US | 8.8.8.8:53 | api.rlcdn.com | udp |
| US | 172.67.74.207:443 | freestar-io.videoplayerhub.com | tcp |
| US | 172.67.36.110:443 | cdn.hadronid.net | tcp |
| US | 8.8.8.8:53 | live.primis.tech | udp |
| US | 172.67.36.110:443 | cdn.hadronid.net | tcp |
| FR | 18.161.97.4:443 | live.primis.tech | tcp |
| GB | 142.250.187.194:443 | securepubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | s2s.t13.io | udp |
| US | 8.8.8.8:53 | bc836451966e76c31748d0baab61454e.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | pa.openx.net | udp |
| US | 34.107.140.113:443 | s2s.t13.io | tcp |
| US | 34.107.140.113:443 | s2s.t13.io | tcp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | ex.ingage.tech | udp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| US | 8.8.8.8:53 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | a.teads.tv | udp |
| US | 8.8.8.8:53 | grid-bidder.criteo.com | udp |
| US | 104.18.26.216:443 | ex.ingage.tech | tcp |
| US | 35.186.253.211:443 | rtb.openx.net | tcp |
| US | 35.186.253.211:443 | rtb.openx.net | tcp |
| US | 172.67.74.207:443 | freestar-io.videoplayerhub.com | tcp |
| GB | 23.192.17.198:443 | a.teads.tv | tcp |
| DE | 3.78.93.150:443 | btlr.sharethrough.com | tcp |
| DE | 3.78.93.150:443 | btlr.sharethrough.com | tcp |
| DE | 3.78.93.150:443 | btlr.sharethrough.com | tcp |
| DE | 3.78.93.150:443 | btlr.sharethrough.com | tcp |
| DE | 3.78.93.150:443 | btlr.sharethrough.com | tcp |
| DE | 3.78.93.150:443 | btlr.sharethrough.com | tcp |
| FR | 18.161.97.4:443 | live.primis.tech | udp |
| NL | 178.250.1.38:443 | grid-bidder.criteo.com | tcp |
| US | 104.18.27.193:443 | htlb.casalemedia.com | tcp |
| US | 104.18.27.193:443 | htlb.casalemedia.com | tcp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 172.67.41.60:443 | btloader.com | tcp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| US | 8.8.8.8:53 | a.ad.gt | udp |
| US | 104.18.26.216:443 | ex.ingage.tech | tcp |
| US | 35.186.253.211:443 | rtb.openx.net | tcp |
| US | 104.22.5.69:443 | a.ad.gt | tcp |
| US | 104.22.4.69:443 | a.ad.gt | tcp |
| US | 172.67.41.60:443 | btloader.com | tcp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | cdn.browsiprod.com | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| US | 34.107.140.113:443 | s2s.t13.io | tcp |
| US | 104.18.27.193:443 | htlb.casalemedia.com | udp |
| US | 104.18.26.216:443 | ex.ingage.tech | tcp |
| US | 8.8.8.8:53 | hbx.media.net | udp |
| GB | 23.192.24.32:443 | hbx.media.net | tcp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 34.120.133.55:443 | api.rlcdn.com | tcp |
| US | 8.8.8.8:53 | secure-assets.rubiconproject.com | udp |
| US | 8.8.8.8:53 | eb2.3lift.com | udp |
| GB | 2.22.134.142:443 | secure-assets.rubiconproject.com | tcp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| US | 8.8.8.8:53 | bh.contextweb.com | udp |
| US | 8.8.8.8:53 | p.ad.gt | udp |
| US | 8.8.8.8:53 | ids4.ad.gt | udp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| US | 8.8.8.8:53 | u.openx.net | udp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | image2.pubmatic.com | udp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| NL | 198.47.127.205:443 | image2.pubmatic.com | tcp |
| US | 3.33.220.150:443 | match.adsrvr.org | tcp |
| GB | 142.250.180.1:443 | bc836451966e76c31748d0baab61454e.safeframe.googlesyndication.com | tcp |
| US | 104.22.5.69:443 | p.ad.gt | tcp |
| GB | 23.192.17.43:443 | ads.pubmatic.com | tcp |
| GB | 23.192.17.43:443 | ads.pubmatic.com | tcp |
| NL | 69.173.156.149:443 | token.rubiconproject.com | tcp |
| US | 54.191.70.79:443 | ids4.ad.gt | tcp |
| IE | 34.252.137.202:443 | ap.lijit.com | tcp |
| IE | 34.252.137.202:443 | ap.lijit.com | tcp |
| US | 34.98.64.218:443 | u.openx.net | tcp |
| DE | 37.252.173.215:443 | secure.adnxs.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 34.36.214.49:443 | pa.openx.net | tcp |
| US | 34.120.133.55:443 | api.rlcdn.com | tcp |
| US | 8.8.8.8:53 | sync.go.sonobi.com | udp |
| US | 8.8.8.8:53 | api-gdpr.intentiq.com | udp |
| GB | 23.192.24.32:443 | hbx.media.net | udp |
| US | 69.166.1.67:443 | sync.go.sonobi.com | tcp |
| US | 8.8.8.8:53 | pubads.g.doubleclick.net | udp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| GB | 23.192.17.43:443 | ads.pubmatic.com | tcp |
| US | 34.98.64.218:443 | u.openx.net | tcp |
| US | 8.8.8.8:53 | cs-server-s2s.yellowblue.io | udp |
| US | 8.8.8.8:53 | ids.ad.gt | udp |
| FR | 3.164.85.68:443 | api-gdpr.intentiq.com | tcp |
| US | 34.107.140.113:443 | s2s.t13.io | udp |
| IE | 34.252.137.202:443 | ap.lijit.com | tcp |
| US | 35.186.253.211:443 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | s.seedtag.com | udp |
| GB | 216.58.201.98:443 | pubads.g.doubleclick.net | tcp |
| US | 52.201.83.10:443 | cs-server-s2s.yellowblue.io | tcp |
| US | 34.149.50.64:443 | s.seedtag.com | tcp |
| US | 104.22.4.69:443 | ids.ad.gt | tcp |
| US | 8.8.8.8:53 | pbs-cs.yellowblue.io | udp |
| US | 8.8.8.8:53 | pxl.iqm.com | udp |
| US | 8.8.8.8:53 | c21lg-d.media.net | udp |
| IE | 34.252.137.202:443 | ap.lijit.com | tcp |
| US | 34.107.140.113:443 | s2s.t13.io | tcp |
| US | 3.33.220.150:443 | match.adsrvr.org | tcp |
| US | 8.8.8.8:53 | dis.criteo.com | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | us-u.openx.net | udp |
| US | 8.8.8.8:53 | creativecdn.com | udp |
| US | 8.8.8.8:53 | match.deepintent.com | udp |
| US | 8.8.8.8:53 | rtb.mfadsrvr.com | udp |
| US | 34.98.64.218:443 | us-u.openx.net | tcp |
| US | 8.8.8.8:53 | ad.360yield.com | udp |
| US | 104.22.5.69:443 | ids.ad.gt | tcp |
| US | 8.8.8.8:53 | seg.ad.gt | udp |
| US | 104.22.4.69:443 | seg.ad.gt | tcp |
| US | 104.22.4.69:443 | seg.ad.gt | tcp |
| US | 34.149.50.64:443 | s.seedtag.com | tcp |
| US | 104.22.4.69:443 | seg.ad.gt | tcp |
| US | 34.107.140.113:443 | s2s.t13.io | tcp |
| US | 3.33.220.150:443 | match.adsrvr.org | tcp |
| US | 8.8.8.8:53 | sync.smartadserver.com | udp |
| NL | 89.149.193.121:443 | sync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | b1sync.zemanta.com | udp |
| US | 64.74.236.31:443 | b1sync.zemanta.com | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 52.152.143.207:443 | o.clarity.ms | tcp |
| US | 52.152.143.207:443 | o.clarity.ms | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 8.8.8.8:53 | www.iplocation.net | udp |
| US | 104.26.7.214:443 | www.iplocation.net | tcp |
| US | 104.26.7.214:443 | www.iplocation.net | tcp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 151.101.2.137:443 | code.jquery.com | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | stackpath.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | www.ezojs.com | udp |
| US | 8.8.8.8:53 | challenges.cloudflare.com | udp |
| US | 8.8.8.8:53 | delivery.adrecover.com | udp |
| US | 151.101.129.229:443 | cdn.jsdelivr.net | tcp |
| US | 104.18.11.207:443 | stackpath.bootstrapcdn.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | udp |
| FR | 54.230.112.41:443 | delivery.adrecover.com | tcp |
| FR | 54.230.112.41:443 | delivery.adrecover.com | tcp |
| US | 104.18.95.41:443 | challenges.cloudflare.com | tcp |
| US | 104.21.63.106:443 | www.ezojs.com | tcp |
| GB | 216.58.212.234:443 | ajax.googleapis.com | tcp |
| US | 151.101.129.229:443 | cdn.jsdelivr.net | tcp |
| FR | 54.230.112.41:443 | delivery.adrecover.com | tcp |
| US | 104.18.95.41:443 | challenges.cloudflare.com | tcp |
| US | 104.21.63.106:443 | www.ezojs.com | tcp |
| GB | 216.58.212.234:443 | ajax.googleapis.com | tcp |
| US | 104.21.63.106:443 | www.ezojs.com | udp |
| US | 104.18.95.41:443 | challenges.cloudflare.com | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 8.8.8.8:53 | cdn.adpushup.com | udp |
| US | 8.8.8.8:53 | cdn.pushmaster-cdn.xyz | udp |
| US | 8.8.8.8:53 | cdn.fuseplatform.net | udp |
| US | 8.8.8.8:53 | cdn4.buysellads.net | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| GB | 159.65.211.77:443 | cdn4.buysellads.net | tcp |
| FR | 52.222.144.82:443 | cdn.adpushup.com | tcp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 104.26.15.80:443 | cdn.pushmaster-cdn.xyz | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| US | 104.22.53.86:443 | cdn.id5-sync.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 104.17.159.237:443 | cdn.fuseplatform.net | tcp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | tcp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | t.fullres.net | udp |
| NL | 152.42.150.143:443 | t.fullres.net | tcp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | udp |
| GB | 172.217.169.10:443 | content-autofill.googleapis.com | tcp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | udp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| DE | 162.19.138.120:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | maps.google.com | udp |
| GB | 172.217.169.10:443 | content-autofill.googleapis.com | tcp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | tcp |
| DE | 162.19.138.120:443 | lb.eu-1-id5-sync.com | tcp |
| US | 104.17.159.237:443 | cdn.fuseplatform.net | tcp |
| FR | 54.230.112.56:443 | cmp.inmobi.com | tcp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| FR | 3.160.182.59:443 | c.amazon-adsystem.com | tcp |
| US | 104.17.159.237:443 | cdn.fuseplatform.net | tcp |
| FR | 54.230.112.56:443 | cmp.inmobi.com | tcp |
| GB | 142.250.187.238:443 | maps.google.com | tcp |
| GB | 142.250.187.238:443 | maps.google.com | tcp |
| GB | 142.250.187.238:443 | maps.google.com | tcp |
| GB | 142.250.187.238:443 | maps.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | cdn.pbxai.com | udp |
| GB | 143.244.38.136:443 | cdn.pbxai.com | tcp |
| GB | 142.250.187.238:443 | maps.google.com | udp |
| US | 8.8.8.8:53 | maps.gstatic.com | udp |
| US | 8.8.8.8:53 | maps.googleapis.com | udp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| GB | 172.217.16.227:443 | maps.gstatic.com | tcp |
| GB | 172.217.169.74:443 | maps.googleapis.com | tcp |
| US | 151.101.129.229:443 | cdn.jsdelivr.net | udp |
| GB | 172.217.169.74:443 | maps.googleapis.com | udp |
| GB | 172.217.169.74:443 | maps.googleapis.com | udp |
| FR | 54.230.112.56:443 | cmp.inmobi.com | tcp |
| FR | 3.160.182.59:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | o.clarity.ms | udp |
| US | 8.8.8.8:53 | www.19706903.xyz | udp |
| FR | 54.230.112.41:443 | delivery.adrecover.com | udp |
| FR | 3.160.196.11:443 | config.aps.amazon-adsystem.com | tcp |
| US | 172.67.73.29:443 | www.19706903.xyz | tcp |
| US | 52.152.143.207:443 | o.clarity.ms | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | udp |
| US | 52.152.143.207:443 | o.clarity.ms | tcp |
| US | 52.152.143.207:443 | o.clarity.ms | tcp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | tcp |
| NL | 178.250.1.39:443 | static.criteo.net | tcp |
| NL | 178.250.1.39:443 | static.criteo.net | tcp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | tcp |
| FR | 52.222.144.82:443 | cdn.adpushup.com | udp |
| FR | 52.222.144.82:443 | cdn.adpushup.com | udp |
| US | 8.8.8.8:53 | http-intake.logs.us5.datadoghq.com | udp |
| US | 8.8.8.8:53 | e3.adpushup.com | udp |
| US | 8.8.8.8:53 | keymap.adpushup.com | udp |
| US | 34.149.66.130:443 | http-intake.logs.us5.datadoghq.com | tcp |
| US | 34.149.66.130:443 | http-intake.logs.us5.datadoghq.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| NL | 144.21.34.64:443 | e3.adpushup.com | tcp |
| NL | 144.21.34.64:443 | e3.adpushup.com | tcp |
| NL | 144.21.34.64:443 | e3.adpushup.com | tcp |
| NL | 144.21.34.64:443 | e3.adpushup.com | tcp |
| NL | 144.21.34.64:443 | e3.adpushup.com | tcp |
| NL | 144.21.34.64:443 | e3.adpushup.com | tcp |
| FR | 3.160.188.52:443 | keymap.adpushup.com | tcp |
| US | 8.8.8.8:53 | campaign.adpushup.com | udp |
| GB | 142.250.187.238:443 | maps.google.com | udp |
| US | 150.136.41.128:443 | campaign.adpushup.com | tcp |
| GB | 142.250.187.225:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| US | 34.149.66.130:443 | http-intake.logs.us5.datadoghq.com | tcp |
| FR | 52.222.144.82:443 | cdn.adpushup.com | tcp |
| US | 172.67.73.29:443 | www.19706903.xyz | tcp |
| US | 104.21.63.106:443 | www.ezojs.com | tcp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | imasdk.googleapis.com | udp |
| US | 8.8.8.8:53 | secure.quantserve.com | udp |
| GB | 142.250.187.202:443 | imasdk.googleapis.com | tcp |
| DE | 91.228.74.159:443 | secure.quantserve.com | tcp |
| US | 8.8.8.8:53 | server.cpmstar.com | udp |
| US | 8.8.8.8:53 | a.teads.tv | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | brightcombid.marphezis.com | udp |
| US | 8.8.8.8:53 | rtb.gamoshi.io | udp |
| US | 8.8.8.8:53 | bidder.criteo.com | udp |
| US | 131.153.171.234:443 | server.cpmstar.com | tcp |
| US | 131.153.171.234:443 | server.cpmstar.com | tcp |
| US | 131.153.171.234:443 | server.cpmstar.com | tcp |
| US | 131.153.171.234:443 | server.cpmstar.com | tcp |
| US | 131.153.171.234:443 | server.cpmstar.com | tcp |
| US | 104.18.27.193:443 | htlb.casalemedia.com | tcp |
| US | 104.18.27.193:443 | htlb.casalemedia.com | tcp |
| US | 104.18.27.193:443 | htlb.casalemedia.com | tcp |
| NL | 178.250.1.56:443 | bidder.criteo.com | tcp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| NL | 188.166.203.175:443 | brightcombid.marphezis.com | tcp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| US | 8.8.8.8:53 | ads.servenobid.com | udp |
| US | 8.8.8.8:53 | prebid-server.rubiconproject.com | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 18.119.2.51:443 | rtb.gamoshi.io | tcp |
| US | 18.119.2.51:443 | rtb.gamoshi.io | tcp |
| US | 18.119.2.51:443 | rtb.gamoshi.io | tcp |
| US | 18.119.2.51:443 | rtb.gamoshi.io | tcp |
| US | 18.119.2.51:443 | rtb.gamoshi.io | tcp |
| NL | 163.5.194.36:443 | prebid.a-mo.net | tcp |
| DE | 51.89.9.253:443 | onetag-sys.com | tcp |
| US | 8.8.8.8:53 | fastlane.rubiconproject.com | udp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| US | 104.18.26.216:443 | ex.ingage.tech | tcp |
| IE | 52.17.239.246:443 | ap.lijit.com | tcp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| GB | 23.192.17.198:443 | a.teads.tv | tcp |
| DE | 3.78.93.150:443 | btlr.sharethrough.com | tcp |
| DE | 3.78.93.150:443 | btlr.sharethrough.com | tcp |
| DE | 3.78.93.150:443 | btlr.sharethrough.com | tcp |
| DE | 3.78.93.150:443 | btlr.sharethrough.com | tcp |
| DE | 3.78.93.150:443 | btlr.sharethrough.com | tcp |
| DE | 3.78.93.150:443 | btlr.sharethrough.com | tcp |
| US | 8.8.8.8:53 | exchange.kueezrtb.com | udp |
| NL | 143.244.197.139:443 | ads.servenobid.com | tcp |
| US | 8.8.8.8:53 | pbs.optidigital.com | udp |
| NL | 69.173.156.150:443 | prebid-server.rubiconproject.com | tcp |
| US | 131.153.171.234:443 | server.cpmstar.com | tcp |
| NL | 178.250.1.56:443 | bidder.criteo.com | tcp |
| US | 18.119.2.51:443 | rtb.gamoshi.io | tcp |
| NL | 163.5.194.36:443 | prebid.a-mo.net | tcp |
| DE | 51.89.9.253:443 | onetag-sys.com | tcp |
| US | 104.18.26.216:443 | ex.ingage.tech | tcp |
| IE | 52.17.239.246:443 | ap.lijit.com | tcp |
| GB | 23.192.17.198:443 | a.teads.tv | tcp |
| NL | 143.244.197.139:443 | ads.servenobid.com | tcp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| NL | 69.173.156.150:443 | prebid-server.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | http-intake.logs.datadoghq.com | udp |
| GB | 142.250.187.193:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.193:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | dsum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | video.adpushup.com | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| US | 3.233.155.176:443 | http-intake.logs.datadoghq.com | tcp |
| US | 3.233.155.176:443 | http-intake.logs.datadoghq.com | tcp |
| GB | 172.217.169.10:443 | maps.googleapis.com | udp |
| GB | 142.250.187.202:443 | imasdk.googleapis.com | tcp |
| FR | 185.93.2.12:443 | video.adpushup.com | tcp |
| GB | 216.58.201.102:443 | s0.2mdn.net | tcp |
| US | 104.18.26.216:443 | ex.ingage.tech | tcp |
| US | 8.8.8.8:53 | rules.quantcount.com | udp |
| FR | 3.164.182.34:443 | rules.quantcount.com | tcp |
| GB | 142.250.187.202:443 | imasdk.googleapis.com | tcp |
| FR | 185.93.2.12:443 | video.adpushup.com | tcp |
| GB | 216.58.201.102:443 | s0.2mdn.net | tcp |
| US | 104.18.26.216:443 | ex.ingage.tech | tcp |
| US | 8.8.8.8:53 | pixel.quantcount.com | udp |
| DE | 91.228.74.244:443 | pixel.quantcount.com | tcp |
| NL | 185.64.189.112:443 | hbopenbid.pubmatic.com | tcp |
| FR | 34.1.1.166:443 | hb-api.omnitagjs.com | tcp |
| US | 34.160.72.119:443 | pbs.optidigital.com | tcp |
| US | 159.203.149.115:443 | exchange.kueezrtb.com | tcp |
| US | 159.203.149.115:443 | exchange.kueezrtb.com | tcp |
| US | 159.203.149.115:443 | exchange.kueezrtb.com | tcp |
| US | 159.203.149.115:443 | exchange.kueezrtb.com | tcp |
| US | 159.203.149.115:443 | exchange.kueezrtb.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| DE | 37.252.173.215:443 | ib.adnxs.com | tcp |
| DE | 91.228.74.244:443 | pixel.quantcount.com | tcp |
| DE | 37.252.173.215:443 | ib.adnxs.com | tcp |
| DE | 37.252.173.215:443 | ib.adnxs.com | tcp |
| US | 34.160.72.119:443 | pbs.optidigital.com | tcp |
| US | 159.203.149.115:443 | exchange.kueezrtb.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| DE | 37.252.173.215:443 | ib.adnxs.com | tcp |
| DE | 37.252.173.215:443 | ib.adnxs.com | tcp |
| GB | 142.250.187.193:443 | tpc.googlesyndication.com | udp |
| GB | 216.58.201.102:443 | s0.2mdn.net | tcp |
| US | 8.8.8.8:53 | cms.quantserve.com | udp |
| US | 8.8.8.8:53 | dclk-match.dotomi.com | udp |
| US | 8.8.8.8:53 | gcm.ctnsnet.com | udp |
| US | 8.8.8.8:53 | tr.blismedia.com | udp |
| US | 8.8.8.8:53 | pr-bh.ybp.yahoo.com | udp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| US | 8.8.8.8:53 | dsp.360yield.com | udp |
| GB | 216.58.201.102:443 | s0.2mdn.net | tcp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | udp |
| US | 52.152.143.207:443 | o.clarity.ms | tcp |
| US | 35.186.193.173:443 | gcm.ctnsnet.com | tcp |
| US | 34.96.105.8:443 | tr.blismedia.com | tcp |
| IE | 54.171.6.32:443 | pr-bh.ybp.yahoo.com | tcp |
| IE | 52.31.185.73:443 | match.prod.bidr.io | tcp |
| NL | 64.158.223.140:443 | dclk-match.dotomi.com | tcp |
| IE | 108.128.100.14:443 | dsp.360yield.com | tcp |
| DE | 91.228.74.244:443 | cms.quantserve.com | tcp |
| US | 35.186.193.173:443 | gcm.ctnsnet.com | tcp |
| US | 34.96.105.8:443 | tr.blismedia.com | tcp |
| IE | 54.171.6.32:443 | pr-bh.ybp.yahoo.com | tcp |
| IE | 52.31.185.73:443 | match.prod.bidr.io | tcp |
| NL | 64.158.223.140:443 | dclk-match.dotomi.com | tcp |
| IE | 108.128.100.14:443 | dsp.360yield.com | tcp |
| DE | 91.228.74.244:443 | cms.quantserve.com | tcp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| US | 8.8.8.8:53 | api.pbxai.com | udp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | udp |
| GB | 143.244.38.136:443 | api.pbxai.com | tcp |
| US | 34.160.72.119:443 | pbs.optidigital.com | udp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| US | 104.18.27.193:443 | dsum-sec.casalemedia.com | udp |
| DE | 162.19.138.82:443 | lb.eu-1-id5-sync.com | tcp |
| NL | 144.21.34.64:443 | e3.adpushup.com | tcp |
| DE | 162.19.138.120:443 | lb.eu-1-id5-sync.com | tcp |
| US | 104.18.26.193:443 | dsum-sec.casalemedia.com | tcp |
| US | 104.18.26.193:443 | dsum-sec.casalemedia.com | tcp |
| US | 104.18.26.193:443 | dsum-sec.casalemedia.com | tcp |
| US | 104.18.26.193:443 | dsum-sec.casalemedia.com | udp |
| US | 172.67.41.60:443 | btloader.com | tcp |
| US | 8.8.8.8:53 | srv.buysellads.com | udp |
| US | 8.8.8.8:53 | script.4dex.io | udp |
| US | 8.8.8.8:53 | rt.marphezis.com | udp |
| US | 8.8.8.8:53 | apex.go.sonobi.com | udp |
| US | 8.8.8.8:53 | exchange.cootlogix.com | udp |
| US | 8.8.8.8:53 | i.connectad.io | udp |
| US | 104.26.8.169:443 | script.4dex.io | tcp |
| US | 8.8.8.8:53 | g2.gumgum.com | udp |
| US | 8.8.8.8:53 | mp.4dex.io | udp |
| US | 8.8.8.8:53 | prebid.smilewanted.com | udp |
| US | 69.166.1.64:443 | apex.go.sonobi.com | tcp |
| US | 8.8.8.8:53 | mweb-hb.presage.io | udp |
| US | 35.186.253.211:443 | rtb.openx.net | tcp |
| US | 45.55.124.119:443 | exchange.cootlogix.com | tcp |
| US | 45.55.124.119:443 | exchange.cootlogix.com | tcp |
| US | 45.55.124.119:443 | exchange.cootlogix.com | tcp |
| IE | 52.214.20.127:443 | g2.gumgum.com | tcp |
| IE | 52.214.20.127:443 | g2.gumgum.com | tcp |
| IE | 52.214.20.127:443 | g2.gumgum.com | tcp |
| IE | 52.214.20.127:443 | g2.gumgum.com | tcp |
| IE | 52.214.20.127:443 | g2.gumgum.com | tcp |
| IE | 52.214.20.127:443 | g2.gumgum.com | tcp |
| US | 172.67.8.174:443 | i.connectad.io | tcp |
| IE | 46.137.23.186:443 | mweb-hb.presage.io | tcp |
| US | 151.101.129.229:443 | cdn.jsdelivr.net | udp |
| US | 104.18.34.178:443 | mp.4dex.io | tcp |
| US | 8.8.8.8:53 | cdn.prod.uidapi.com | udp |
| US | 8.8.8.8:53 | dmp.im-apps.net | udp |
| US | 8.8.8.8:53 | connectid.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| US | 8.8.8.8:53 | cdn.prod.euid.eu | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 8.8.8.8:53 | 886c0678fd1b4eb1855270e7789a8d37.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | ag.dns-finder.com | udp |
| GB | 159.65.211.77:443 | srv.buysellads.com | tcp |
| US | 104.22.30.209:443 | prebid.smilewanted.com | tcp |
| US | 104.22.30.209:443 | prebid.smilewanted.com | tcp |
| US | 104.22.30.209:443 | prebid.smilewanted.com | tcp |
| US | 8.8.8.8:53 | ssp-sync.criteo.com | udp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| US | 104.26.8.169:443 | script.4dex.io | tcp |
| FR | 18.161.97.29:443 | connectid.analytics.yahoo.com | tcp |
| FR | 54.240.167.226:443 | cdn.prod.euid.eu | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| GB | 95.100.195.133:443 | dmp.im-apps.net | tcp |
| DE | 162.19.138.82:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | c.4dex.io | udp |
| US | 35.241.34.106:443 | c.4dex.io | tcp |
| US | 35.241.34.106:443 | c.4dex.io | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | esp.rtbhouse.com | udp |
| US | 35.190.39.111:443 | esp.rtbhouse.com | tcp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| US | 104.26.8.169:443 | script.4dex.io | tcp |
| IE | 46.137.23.186:443 | mweb-hb.presage.io | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 159.65.211.77:443 | srv.buysellads.com | tcp |
| US | 104.22.30.209:443 | prebid.smilewanted.com | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 8.8.8.8:53 | sync6.im-apps.net | udp |
| GB | 95.100.195.32:443 | sync6.im-apps.net | tcp |
| DE | 37.252.173.215:443 | ib.adnxs.com | tcp |
| FR | 54.230.112.73:443 | tags.crwdcntrl.net | tcp |
| FR | 52.84.49.83:443 | cdn.prod.uidapi.com | tcp |
| GB | 172.217.169.65:443 | 886c0678fd1b4eb1855270e7789a8d37.safeframe.googlesyndication.com | tcp |
| NL | 178.250.1.57:443 | ssp-sync.criteo.com | tcp |
| US | 35.241.34.106:443 | c.4dex.io | udp |
| NL | 144.21.34.64:443 | e3.adpushup.com | tcp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 52.152.143.207:443 | o.clarity.ms | tcp |
| FR | 54.230.112.73:443 | tags.crwdcntrl.net | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 3.33.220.150:443 | match.adsrvr.org | tcp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 8.8.8.8:53 | sync.kueezrtb.com | udp |
| US | 8.8.8.8:53 | scripts.opti-digital.com | udp |
| GB | 23.192.17.43:443 | ads.pubmatic.com | tcp |
| US | 104.18.3.52:443 | scripts.opti-digital.com | tcp |
| US | 157.245.250.171:443 | sync.kueezrtb.com | tcp |
| FR | 34.1.1.166:443 | visitor.omnitagjs.com | tcp |
| US | 8.8.8.8:53 | acdn.adnxs.com | udp |
| DE | 51.89.9.253:443 | onetag-sys.com | tcp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| NL | 163.5.194.36:443 | prebid.a-mo.net | tcp |
| US | 8.8.8.8:53 | public.servenobid.com | udp |
| GB | 23.192.17.145:443 | eus.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | js-sec.indexww.com | udp |
| US | 151.101.193.108:443 | acdn.adnxs.com | tcp |
| US | 3.233.155.176:443 | http-intake.logs.datadoghq.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| GB | 216.58.201.102:443 | s0.2mdn.net | udp |
| US | 34.96.105.8:443 | tr.blismedia.com | udp |
| NL | 144.21.34.64:443 | e3.adpushup.com | tcp |
| NL | 144.21.34.64:443 | e3.adpushup.com | tcp |
| NL | 144.21.34.64:443 | e3.adpushup.com | tcp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | udp |
| US | 8.8.8.8:53 | beacon-ams3.rubiconproject.com | udp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | udp |
| US | 35.186.193.173:443 | gcm.ctnsnet.com | udp |
| IE | 52.31.185.73:443 | match.prod.bidr.io | tcp |
| IE | 52.31.185.73:443 | match.prod.bidr.io | tcp |
| US | 8.8.8.8:53 | media.grid.bidswitch.net | udp |
| NL | 69.173.156.134:443 | beacon-ams3.rubiconproject.com | tcp |
| NL | 69.173.156.134:443 | beacon-ams3.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | grid-mercury.criteo.com | udp |
| US | 8.8.8.8:53 | cat.nl3.eu.criteo.com | udp |
| US | 8.8.8.8:53 | ads.eu.criteo.com | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | rtb.fr3.eu.criteo.com | udp |
| US | 8.8.8.8:53 | cdn.doubleverify.com | udp |
| FR | 52.84.45.129:443 | public.servenobid.com | tcp |
| US | 104.18.25.18:443 | js-sec.indexww.com | tcp |
| US | 8.8.8.8:53 | image6.pubmatic.com | udp |
| US | 34.98.64.218:443 | us-u.openx.net | tcp |
| US | 34.98.64.218:443 | us-u.openx.net | tcp |
| US | 8.8.8.8:53 | sync.teads.tv | udp |
| US | 8.8.8.8:53 | sync.search.spotxchange.com | udp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| GB | 2.19.252.89:443 | cdn.doubleverify.com | tcp |
| FR | 178.250.7.12:443 | rtb.fr3.eu.criteo.com | tcp |
| FR | 178.250.7.12:443 | rtb.fr3.eu.criteo.com | tcp |
| NL | 69.173.156.149:443 | token.rubiconproject.com | tcp |
| US | 3.33.220.150:443 | match.adsrvr.org | tcp |
| US | 3.33.220.150:443 | match.adsrvr.org | tcp |
| FR | 52.84.45.129:443 | public.servenobid.com | tcp |
| DE | 37.252.173.215:443 | ib.adnxs.com | tcp |
| NL | 178.250.1.17:443 | ads.eu.criteo.com | tcp |
| NL | 178.250.1.17:443 | ads.eu.criteo.com | tcp |
| NL | 178.250.1.59:443 | grid-mercury.criteo.com | tcp |
| IE | 108.128.28.188:443 | bcp.crwdcntrl.net | tcp |
| NL | 178.250.1.128:443 | cat.nl3.eu.criteo.com | tcp |
| NL | 35.214.200.194:443 | media.grid.bidswitch.net | tcp |
| GB | 23.192.21.198:443 | sync.teads.tv | tcp |
| GB | 23.192.21.198:443 | sync.teads.tv | tcp |
| GB | 87.248.114.11:443 | ups.analytics.yahoo.com | tcp |
| NL | 198.47.127.19:443 | image6.pubmatic.com | tcp |
| NL | 198.47.127.19:443 | image6.pubmatic.com | tcp |
| NL | 198.47.127.19:443 | image6.pubmatic.com | tcp |
| NL | 198.47.127.19:443 | image6.pubmatic.com | tcp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| US | 35.186.253.211:443 | rtb.openx.net | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | um.simpli.fi | udp |
| US | 104.18.25.18:443 | js-sec.indexww.com | tcp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| NL | 35.214.136.108:443 | x.bidswitch.net | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| US | 8.8.8.8:53 | rtb-csync.smartadserver.com | udp |
| NL | 198.47.127.205:443 | image2.pubmatic.com | tcp |
| US | 8.8.8.8:53 | ad.yieldlab.net | udp |
| US | 34.98.64.218:443 | us-u.openx.net | udp |
| NL | 144.21.34.64:443 | e3.adpushup.com | tcp |
| US | 8.8.8.8:53 | c1.adform.net | udp |
| US | 52.152.143.207:443 | o.clarity.ms | tcp |
| NL | 35.214.136.108:443 | x.bidswitch.net | udp |
| NL | 178.250.1.17:443 | ads.eu.criteo.com | tcp |
| US | 35.186.253.211:443 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | p.rfihub.com | udp |
| US | 8.8.8.8:53 | rtb0.doubleverify.com | udp |
| US | 8.8.8.8:53 | measurement-api.criteo.com | udp |
| US | 8.8.8.8:53 | csm.eu.criteo.net | udp |
| US | 8.8.8.8:53 | secure.insightexpressai.com | udp |
| US | 8.8.8.8:53 | staticassets-creator-design.criteo.net | udp |
| US | 8.8.8.8:53 | imageproxy.eu.criteo.net | udp |
| GB | 216.58.201.102:443 | s0.2mdn.net | udp |
| DK | 37.157.5.49:443 | c1.adform.net | tcp |
| GB | 23.192.16.136:443 | ad.yieldlab.net | tcp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| NL | 89.149.193.89:443 | rtb-csync.smartadserver.com | tcp |
| NL | 89.149.193.89:443 | rtb-csync.smartadserver.com | tcp |
| NL | 89.149.193.89:443 | rtb-csync.smartadserver.com | tcp |
| NL | 89.149.193.89:443 | rtb-csync.smartadserver.com | tcp |
| NL | 35.204.158.49:443 | um.simpli.fi | tcp |
| NL | 178.250.1.39:443 | static.criteo.net | tcp |
| NL | 178.250.1.39:443 | static.criteo.net | tcp |
| NL | 178.250.1.39:443 | static.criteo.net | tcp |
| NL | 178.250.1.39:443 | static.criteo.net | tcp |
| NL | 178.250.1.39:443 | static.criteo.net | tcp |
| NL | 178.250.1.128:443 | cat.nl3.eu.criteo.com | tcp |
| NL | 178.250.1.128:443 | cat.nl3.eu.criteo.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 130.211.44.5:443 | rtb0.doubleverify.com | tcp |
| US | 130.211.44.5:443 | rtb0.doubleverify.com | tcp |
| GB | 23.192.17.97:443 | secure.insightexpressai.com | tcp |
| NL | 178.250.1.25:443 | csm.eu.criteo.net | tcp |
| NL | 178.250.1.24:443 | measurement-api.criteo.com | tcp |
| NL | 178.250.1.24:443 | measurement-api.criteo.com | tcp |
| NL | 178.250.1.25:443 | csm.eu.criteo.net | tcp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| US | 8.8.8.8:53 | cm.adform.net | udp |
| US | 8.8.8.8:53 | csync.smilewanted.com | udp |
| US | 8.8.8.8:53 | buysellads-d.openx.net | udp |
| US | 8.8.8.8:53 | csync.loopme.me | udp |
| US | 8.8.8.8:53 | sync.cootlogix.com | udp |
| IE | 52.31.185.73:443 | match.prod.bidr.io | tcp |
| US | 8.8.8.8:53 | ms-cookie-sync.presage.io | udp |
| US | 8.8.8.8:53 | cdn.connectad.io | udp |
| US | 8.8.8.8:53 | cs-server-s2s.yellowblue.io | udp |
| US | 8.8.8.8:53 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| US | 8.8.8.8:53 | pixel.33across.com | udp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | ce.lijit.com | udp |
| US | 8.8.8.8:53 | ssp.disqus.com | udp |
| US | 8.8.8.8:53 | match.sharethrough.com | udp |
| US | 8.8.8.8:53 | ads.servedxk.com | udp |
| DE | 51.89.9.253:443 | onetag-sys.com | udp |
| GB | 23.192.17.43:443 | ads.pubmatic.com | tcp |
| DE | 37.252.173.215:443 | ib.adnxs.com | tcp |
| FR | 34.1.1.166:443 | visitor.omnitagjs.com | tcp |
| GB | 23.192.17.145:443 | eus.rubiconproject.com | tcp |
| DE | 51.89.9.253:443 | onetag-sys.com | tcp |
| DE | 162.19.138.82:443 | lb.eu-1-id5-sync.com | tcp |
| NL | 198.47.127.19:443 | image6.pubmatic.com | tcp |
| NL | 178.250.1.15:443 | imageproxy.eu.criteo.net | tcp |
| NL | 178.250.1.15:443 | imageproxy.eu.criteo.net | tcp |
| NL | 178.250.1.15:443 | imageproxy.eu.criteo.net | tcp |
| NL | 193.0.160.131:443 | p.rfihub.com | tcp |
| NL | 193.0.160.131:443 | p.rfihub.com | tcp |
| NL | 163.5.194.36:443 | prebid.a-mo.net | tcp |
| NL | 178.250.1.22:443 | staticassets-creator-design.criteo.net | tcp |
| NL | 178.250.1.15:443 | imageproxy.eu.criteo.net | tcp |
| NL | 178.250.1.15:443 | imageproxy.eu.criteo.net | tcp |
| NL | 178.250.1.15:443 | imageproxy.eu.criteo.net | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | udp |
| GB | 216.58.201.102:443 | s0.2mdn.net | udp |
| IE | 52.17.239.246:443 | ap.lijit.com | tcp |
| IE | 52.17.239.246:443 | ap.lijit.com | tcp |
| GB | 2.22.134.142:443 | secure-assets.rubiconproject.com | tcp |
| GB | 2.22.134.142:443 | secure-assets.rubiconproject.com | tcp |
| US | 104.22.31.209:443 | csync.smilewanted.com | tcp |
| US | 159.223.106.31:443 | sync.cootlogix.com | tcp |
| DK | 37.157.5.141:443 | cm.adform.net | tcp |
| GB | 23.192.16.30:443 | contextual.media.net | tcp |
| NL | 34.1.232.191:443 | csync.loopme.me | tcp |
| US | 35.244.159.8:443 | buysellads-d.openx.net | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| NL | 35.214.136.108:443 | x.bidswitch.net | tcp |
| NL | 193.0.160.131:443 | p.rfihub.com | tcp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | tcp |
| IE | 52.214.20.127:443 | g2.gumgum.com | tcp |
| US | 69.166.1.67:443 | sync.go.sonobi.com | tcp |
| DE | 18.184.119.72:443 | match.sharethrough.com | tcp |
| US | 104.22.54.206:443 | cdn.connectad.io | tcp |
| FR | 164.132.25.181:443 | ssbsync.smartadserver.com | tcp |
| US | 34.230.239.205:443 | ssp.disqus.com | tcp |
| IE | 52.211.3.208:443 | ce.lijit.com | tcp |
| US | 67.202.105.24:443 | pixel.33across.com | tcp |
| US | 104.18.26.193:443 | ssum-sec.casalemedia.com | tcp |
| US | 34.230.232.153:443 | sync.srv.stackadapt.com | tcp |
| US | 52.3.57.26:443 | cs-server-s2s.yellowblue.io | tcp |
| US | 52.3.57.26:443 | cs-server-s2s.yellowblue.io | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| US | 130.211.44.5:443 | rtb0.doubleverify.com | tcp |
| GB | 23.192.17.97:443 | secure.insightexpressai.com | tcp |
| NL | 178.250.1.25:443 | csm.eu.criteo.net | tcp |
| US | 45.55.125.114:443 | ads.servedxk.com | tcp |
| US | 45.55.125.114:443 | ads.servedxk.com | tcp |
| GB | 23.192.24.32:443 | c21lg-d.media.net | tcp |
| DE | 91.228.74.244:443 | cms.quantserve.com | tcp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| GB | 23.192.17.145:443 | eus.rubiconproject.com | tcp |
| DE | 51.89.9.253:443 | onetag-sys.com | tcp |
| IE | 52.17.239.246:443 | ap.lijit.com | tcp |
| GB | 2.22.134.142:443 | secure-assets.rubiconproject.com | tcp |
| US | 104.22.31.209:443 | csync.smilewanted.com | tcp |
| US | 159.223.106.31:443 | sync.cootlogix.com | tcp |
| DK | 37.157.5.141:443 | cm.adform.net | tcp |
| GB | 23.192.16.30:443 | contextual.media.net | tcp |
| NL | 34.1.232.191:443 | csync.loopme.me | tcp |
| US | 35.244.159.8:443 | buysellads-d.openx.net | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| NL | 35.214.136.108:443 | x.bidswitch.net | tcp |
| NL | 193.0.160.131:443 | p.rfihub.com | tcp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | tcp |
| IE | 52.214.20.127:443 | g2.gumgum.com | tcp |
| US | 69.166.1.67:443 | sync.go.sonobi.com | tcp |
| NL | 198.47.127.19:443 | image6.pubmatic.com | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 216.58.201.102:443 | s0.2mdn.net | tcp |
| US | 45.55.125.114:443 | ads.servedxk.com | tcp |
| NL | 198.47.127.19:443 | image6.pubmatic.com | tcp |
| NL | 198.47.127.19:443 | image6.pubmatic.com | tcp |
| NL | 198.47.127.19:443 | image6.pubmatic.com | tcp |
| NL | 35.214.136.108:443 | x.bidswitch.net | tcp |
| IE | 108.128.100.14:443 | dsp.360yield.com | tcp |
| NL | 178.250.1.25:443 | csm.eu.criteo.net | tcp |
| NL | 198.47.127.19:443 | image6.pubmatic.com | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 216.58.201.102:443 | s0.2mdn.net | tcp |
| NL | 178.250.1.25:443 | csm.eu.criteo.net | tcp |
| US | 8.8.8.8:53 | cs.ingage.tech | udp |
| IE | 108.128.100.14:443 | dsp.360yield.com | tcp |
| NL | 143.244.197.139:443 | ads.servenobid.com | tcp |
| NL | 143.244.197.139:443 | ads.servenobid.com | tcp |
| US | 104.18.27.216:443 | cs.ingage.tech | tcp |
| NL | 143.244.197.139:443 | ads.servenobid.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | sync.adkernel.com | udp |
| IE | 46.137.23.186:443 | ms-cookie-sync.presage.io | tcp |
| NL | 103.67.200.72:443 | sync.adkernel.com | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | pixel.onaudience.com | udp |
| US | 8.8.8.8:53 | uipglob.semasio.net | udp |
| US | 8.8.8.8:53 | mwzeom.zeotap.com | udp |
| US | 3.33.220.150:443 | match.adsrvr.org | tcp |
| GB | 87.248.114.11:443 | ups.analytics.yahoo.com | tcp |
| IE | 54.171.6.32:443 | pr-bh.ybp.yahoo.com | tcp |
| US | 104.17.159.237:443 | cdn.fuseplatform.net | tcp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | sync.crwdcntrl.net | udp |
| NL | 103.67.200.72:443 | sync.adkernel.com | tcp |
| IE | 52.211.201.45:443 | sync.crwdcntrl.net | tcp |
| NL | 178.250.1.39:443 | static.criteo.net | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| US | 3.33.220.150:443 | match.adsrvr.org | tcp |
| GB | 87.248.114.11:443 | ups.analytics.yahoo.com | tcp |
| IE | 54.171.6.32:443 | pr-bh.ybp.yahoo.com | tcp |
| US | 104.17.159.237:443 | cdn.fuseplatform.net | tcp |
| NL | 198.47.127.205:443 | image2.pubmatic.com | tcp |
| US | 8.8.8.8:53 | simage2.pubmatic.com | udp |
| DE | 103.231.98.80:443 | simage2.pubmatic.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| NL | 35.214.136.108:443 | x.bidswitch.net | udp |
| NL | 69.173.156.149:443 | pixel.rubiconproject.com | tcp |
| NL | 69.173.156.149:443 | pixel.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | eu-west-1-cs-rtb.openwebmp.com | udp |
| US | 8.8.8.8:53 | gum.aidemsrv.com | udp |
| US | 8.8.8.8:53 | player.aniview.com | udp |
| US | 8.8.8.8:53 | audienceexposure.com | udp |
| US | 8.8.8.8:53 | ssc-cms.33across.com | udp |
| US | 8.8.8.8:53 | ittpx.eskimi.com | udp |
| FR | 216.137.52.63:443 | eu-west-1-cs-rtb.openwebmp.com | tcp |
| US | 104.18.7.198:443 | gum.aidemsrv.com | tcp |
| GB | 2.18.190.101:443 | player.aniview.com | tcp |
| DE | 188.40.16.220:443 | ittpx.eskimi.com | tcp |
| US | 199.59.243.228:443 | audienceexposure.com | tcp |
| US | 8.8.8.8:53 | pixel.tapad.com | udp |
| US | 8.8.8.8:53 | sync.richaudience.com | udp |
| US | 67.202.105.22:443 | ssc-cms.33across.com | tcp |
| US | 8.8.8.8:53 | api-ssp.spot.im | udp |
| US | 64.74.236.31:443 | b1sync.zemanta.com | tcp |
| US | 69.166.1.67:443 | sync.go.sonobi.com | tcp |
| US | 69.166.1.67:443 | sync.go.sonobi.com | tcp |
| US | 69.166.1.67:443 | sync.go.sonobi.com | tcp |
| US | 8.8.8.8:53 | pixel-eu.rubiconproject.com | udp |
| US | 8.8.8.8:53 | pixel-us-east.rubiconproject.com | udp |
| DE | 80.82.210.217:443 | dsp-cookie.adfarm1.adition.com | tcp |
| CA | 148.113.153.93:443 | pixel.onaudience.com | tcp |
| IE | 67.220.226.232:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 52.4.165.249:443 | api-ssp.spot.im | tcp |
| DK | 77.243.51.121:443 | uipglob.semasio.net | tcp |
| US | 104.22.50.98:443 | mwzeom.zeotap.com | tcp |
| US | 69.173.146.5:443 | pixel-us-east.rubiconproject.com | tcp |
| US | 69.173.146.5:443 | pixel-us-east.rubiconproject.com | tcp |
| NL | 69.173.156.149:443 | pixel-eu.rubiconproject.com | tcp |
| NL | 69.173.156.149:443 | pixel-eu.rubiconproject.com | tcp |
| US | 34.111.113.62:443 | pixel.tapad.com | tcp |
| DE | 162.55.233.28:443 | sync.richaudience.com | tcp |
| GB | 2.18.190.101:443 | player.aniview.com | tcp |
| DE | 188.40.16.220:443 | ittpx.eskimi.com | tcp |
| US | 199.59.243.228:443 | audienceexposure.com | tcp |
| US | 67.202.105.22:443 | ssc-cms.33across.com | tcp |
| US | 199.59.243.228:443 | audienceexposure.com | tcp |
| IE | 67.220.226.232:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | tps.doubleverify.com | udp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| NL | 69.173.156.149:443 | pixel-eu.rubiconproject.com | tcp |
| NL | 69.173.156.149:443 | pixel-eu.rubiconproject.com | tcp |
| NL | 69.173.156.148:443 | pixel-eu.rubiconproject.com | tcp |
| NL | 69.173.156.149:443 | pixel-eu.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | ad.turn.com | udp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| IE | 67.220.226.232:443 | aax-eu.amazon-adsystem.com | tcp |
| IE | 67.220.226.232:443 | aax-eu.amazon-adsystem.com | tcp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| US | 8.8.8.8:53 | tg.socdm.com | udp |
| US | 34.230.232.153:443 | sync.srv.stackadapt.com | tcp |
| US | 8.8.8.8:53 | sync.ipredictive.com | udp |
| US | 38.91.45.7:443 | match.deepintent.com | tcp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| US | 8.8.8.8:53 | image4.pubmatic.com | udp |
| US | 3.208.184.227:443 | sync.ipredictive.com | tcp |
| US | 8.8.8.8:53 | usersync.gumgum.com | udp |
| US | 199.59.243.228:443 | audienceexposure.com | tcp |
| JP | 124.146.153.169:443 | tg.socdm.com | tcp |
| NL | 185.64.189.114:443 | image4.pubmatic.com | tcp |
| US | 52.152.143.207:443 | o.clarity.ms | tcp |
| US | 3.208.184.227:443 | sync.ipredictive.com | tcp |
| IE | 52.210.15.1:443 | usersync.gumgum.com | tcp |
| IE | 52.210.15.1:443 | usersync.gumgum.com | tcp |
| NL | 69.173.156.149:443 | pixel-eu.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | px.ads.linkedin.com | udp |
| NL | 69.173.156.148:443 | pixel-eu.rubiconproject.com | tcp |
| NL | 69.173.156.148:443 | pixel-eu.rubiconproject.com | tcp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| IE | 52.210.15.1:443 | usersync.gumgum.com | tcp |
| US | 8.8.8.8:53 | sync.targeting.unrulymedia.com | udp |
| NL | 69.173.156.148:443 | pixel-eu.rubiconproject.com | tcp |
| NL | 69.173.156.148:443 | pixel-eu.rubiconproject.com | tcp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| US | 3.208.184.227:443 | sync.ipredictive.com | tcp |
| CA | 148.113.153.93:443 | pixel.onaudience.com | tcp |
| US | 8.8.8.8:53 | simage4.pubmatic.com | udp |
| US | 8.8.8.8:53 | i.liadm.com | udp |
| US | 8.8.8.8:53 | sync.adotmob.com | udp |
| FR | 45.137.176.88:443 | sync.adotmob.com | tcp |
| US | 44.216.226.86:443 | i.liadm.com | tcp |
| DE | 103.231.98.104:443 | simage4.pubmatic.com | tcp |
| DE | 18.184.119.72:443 | match.sharethrough.com | tcp |
| GB | 23.192.24.32:443 | c21lg-d.media.net | udp |
| DE | 103.231.98.104:443 | simage4.pubmatic.com | tcp |
| DE | 18.184.119.72:443 | match.sharethrough.com | tcp |
| IE | 52.210.15.1:443 | usersync.gumgum.com | tcp |
| US | 8.8.8.8:53 | capi.connatix.com | udp |
| US | 104.18.41.104:443 | capi.connatix.com | tcp |
| US | 8.8.8.8:53 | rtbc-ew1.doubleverify.com | udp |
| US | 8.8.8.8:53 | c21lg-d.media.net | udp |
| US | 130.211.44.5:443 | rtbc-ew1.doubleverify.com | tcp |
| US | 8.8.8.8:53 | sync.aniview.com | udp |
| US | 172.240.45.96:443 | sync.aniview.com | tcp |
| US | 8.8.8.8:53 | sync-eu.connectad.io | udp |
| US | 130.211.44.5:443 | rtbc-ew1.doubleverify.com | tcp |
| US | 130.211.44.5:443 | rtbc-ew1.doubleverify.com | tcp |
| US | 64.74.236.31:443 | b1sync.zemanta.com | tcp |
| US | 98.82.157.231:443 | s.amazon-adsystem.com | tcp |
| US | 98.82.157.231:443 | s.amazon-adsystem.com | tcp |
| US | 98.82.157.231:443 | s.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | gw-iad-bid.ymmobi.com | udp |
| IE | 52.210.15.1:443 | usersync.gumgum.com | tcp |
| US | 8.8.8.8:53 | b1sync.outbrain.com | udp |
| IE | 52.210.15.1:443 | usersync.gumgum.com | tcp |
| US | 8.8.8.8:53 | idsync.rlcdn.com | udp |
| US | 50.31.142.191:443 | b1sync.outbrain.com | tcp |
| US | 35.244.174.68:443 | idsync.rlcdn.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| US | 47.253.61.56:443 | gw-iad-bid.ymmobi.com | tcp |
| US | 8.8.8.8:53 | s.company-target.com | udp |
| US | 8.8.8.8:53 | euexchangesync.digitaleast.mobi | udp |
| DE | 85.13.130.89:443 | euexchangesync.digitaleast.mobi | tcp |
| US | 8.8.8.8:53 | bttrack.com | udp |
| US | 34.96.71.22:443 | s.company-target.com | tcp |
| NL | 89.207.16.140:443 | casale-match.dotomi.com | tcp |
| US | 8.8.8.8:53 | visitor.europe-west9.gcp.omnitagjs.com | udp |
| US | 192.132.33.69:443 | bttrack.com | tcp |
| FR | 34.1.1.166:443 | visitor.europe-west9.gcp.omnitagjs.com | tcp |
| N/A | 127.0.0.1:443 | tcp | |
| US | 69.166.1.67:443 | sync.go.sonobi.com | tcp |
| US | 8.8.8.8:53 | ad.mrtnsvr.com | udp |
| US | 8.8.8.8:53 | sync-tm.everesttech.net | udp |
| US | 34.230.232.153:443 | sync.srv.stackadapt.com | tcp |
| US | 34.230.232.153:443 | sync.srv.stackadapt.com | tcp |
| US | 34.102.163.6:443 | ad.mrtnsvr.com | tcp |
| US | 151.101.2.49:443 | sync-tm.everesttech.net | tcp |
| US | 8.8.8.8:53 | sync.bedrockplatform.ninja | udp |
| IE | 52.214.72.247:443 | sync.bedrockplatform.ninja | tcp |
| US | 34.102.163.6:443 | ad.mrtnsvr.com | tcp |
| N/A | 127.0.0.1:443 | tcp | |
| US | 8.8.8.8:53 | ipac.ctnsnet.com | udp |
| US | 8.8.8.8:53 | d5p.de17a.com | udp |
| US | 35.186.193.173:443 | ipac.ctnsnet.com | tcp |
| SE | 13.50.192.155:443 | d5p.de17a.com | tcp |
| US | 34.111.113.62:443 | pixel.tapad.com | tcp |
| NL | 34.1.232.191:443 | csync.loopme.me | tcp |
| US | 34.111.113.62:443 | pixel.tapad.com | tcp |
| US | 8.8.8.8:53 | www.temu.com | udp |
| US | 8.8.8.8:53 | core.iprom.net | udp |
| US | 8.8.8.8:53 | a.tribalfusion.com | udp |
| SI | 195.5.165.20:443 | core.iprom.net | tcp |
| US | 172.64.150.63:443 | a.tribalfusion.com | tcp |
| US | 104.18.43.206:443 | www.temu.com | tcp |
| SI | 195.5.165.20:443 | core.iprom.net | tcp |
| US | 104.18.43.206:443 | www.temu.com | tcp |
| US | 8.8.8.8:53 | cm-supply-web.gammaplatform.com | udp |
| US | 8.8.8.8:53 | cm.adgrx.com | udp |
| SG | 35.186.154.107:443 | cm-supply-web.gammaplatform.com | tcp |
| IE | 52.19.224.221:443 | cm.adgrx.com | tcp |
| US | 34.102.163.6:443 | ad.mrtnsvr.com | tcp |
| SG | 35.186.154.107:443 | cm-supply-web.gammaplatform.com | tcp |
| US | 8.8.8.8:53 | green.erne.co | udp |
| FR | 91.134.71.202:443 | green.erne.co | tcp |
| US | 8.8.8.8:53 | s.tribalfusion.com | udp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| NL | 35.204.158.49:443 | um.simpli.fi | tcp |
| IE | 52.31.185.73:443 | match.prod.bidr.io | tcp |
| US | 3.33.220.150:443 | match.adsrvr.org | tcp |
| US | 8.8.8.8:53 | pixel-eu.onaudience.com | udp |
| FR | 54.38.113.6:443 | pixel-eu.onaudience.com | tcp |
| NL | 35.204.158.49:443 | um.simpli.fi | tcp |
| IE | 52.31.185.73:443 | match.prod.bidr.io | tcp |
| US | 130.211.44.5:443 | rtbc-ew1.doubleverify.com | tcp |
| US | 130.211.44.5:443 | rtbc-ew1.doubleverify.com | tcp |
| US | 34.102.163.6:443 | ad.mrtnsvr.com | tcp |
| US | 52.152.143.207:443 | o.clarity.ms | tcp |
| US | 64.74.236.31:443 | b1sync.zemanta.com | tcp |
| US | 130.211.44.5:443 | rtbc-ew1.doubleverify.com | tcp |
| DK | 37.157.5.49:443 | c1.adform.net | tcp |
| DE | 80.82.210.217:443 | dsp-cookie.adfarm1.adition.com | tcp |
| US | 34.96.71.22:443 | s.company-target.com | udp |
| US | 8.8.8.8:53 | ads.betweendigital.com | udp |
| IE | 52.210.15.1:443 | usersync.gumgum.com | tcp |
| US | 64.74.236.31:443 | b1sync.zemanta.com | tcp |
| NL | 35.214.136.108:443 | x.bidswitch.net | tcp |
| IE | 52.210.15.1:443 | usersync.gumgum.com | tcp |
| US | 8.8.8.8:53 | rtb.gumgum.com | udp |
| IE | 52.210.15.1:443 | usersync.gumgum.com | tcp |
| IE | 52.210.15.1:443 | usersync.gumgum.com | tcp |
| US | 104.18.37.193:443 | s.tribalfusion.com | tcp |
| NL | 188.42.189.231:443 | ads.betweendigital.com | tcp |
| IE | 34.249.238.185:443 | rtb.gumgum.com | tcp |
| IE | 34.249.238.185:443 | rtb.gumgum.com | tcp |
| IE | 52.211.201.45:443 | sync.crwdcntrl.net | tcp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | match.adsby.bidtheatre.com | udp |
| NL | 198.47.127.19:443 | image6.pubmatic.com | tcp |
| NL | 35.214.136.108:443 | x.bidswitch.net | tcp |
| US | 104.18.37.193:443 | s.tribalfusion.com | tcp |
| NL | 89.207.16.201:443 | pubmatic-match.dotomi.com | tcp |
| NL | 188.42.189.231:443 | ads.betweendigital.com | tcp |
| NL | 89.207.16.201:443 | pubmatic-match.dotomi.com | tcp |
| NL | 198.47.127.19:443 | image6.pubmatic.com | tcp |
| NL | 198.47.127.19:443 | image6.pubmatic.com | tcp |
| NL | 198.47.127.19:443 | image6.pubmatic.com | tcp |
| NL | 89.149.193.89:443 | rtb-csync.smartadserver.com | tcp |
| US | 34.230.232.153:443 | sync.srv.stackadapt.com | tcp |
| NL | 143.244.197.139:443 | ads.servenobid.com | tcp |
| NL | 163.5.194.36:443 | prebid.a-mo.net | tcp |
| US | 35.244.174.68:443 | idsync.rlcdn.com | udp |
| NL | 89.149.193.89:443 | rtb-csync.smartadserver.com | tcp |
| NL | 89.149.193.89:443 | rtb-csync.smartadserver.com | tcp |
| NL | 89.149.193.89:443 | rtb-csync.smartadserver.com | tcp |
| NL | 143.244.197.139:443 | ads.servenobid.com | tcp |
| NL | 163.5.194.36:443 | prebid.a-mo.net | tcp |
| NL | 143.244.197.139:443 | ads.servenobid.com | tcp |
| US | 35.244.174.68:443 | idsync.rlcdn.com | tcp |
| IE | 52.210.15.1:443 | usersync.gumgum.com | tcp |
| NL | 198.47.127.205:443 | image2.pubmatic.com | tcp |
| DE | 103.231.98.80:443 | simage2.pubmatic.com | tcp |
| US | 8.8.8.8:53 | dsum.casalemedia.com | udp |
| NL | 134.122.57.34:443 | match.adsby.bidtheatre.com | tcp |
| US | 104.18.26.193:443 | dsum.casalemedia.com | tcp |
| US | 69.166.1.67:443 | sync.go.sonobi.com | tcp |
| FR | 54.38.113.6:443 | pixel-eu.onaudience.com | tcp |
| NL | 134.122.57.34:443 | match.adsby.bidtheatre.com | tcp |
| US | 69.166.1.67:443 | sync.go.sonobi.com | tcp |
| US | 34.230.239.205:443 | ssp.disqus.com | tcp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| CA | 148.113.153.93:443 | pixel.onaudience.com | tcp |
| US | 8.8.8.8:53 | static.smilewanted.com | udp |
| CA | 148.113.153.93:443 | pixel.onaudience.com | tcp |
| US | 104.18.27.216:443 | cs.ingage.tech | tcp |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| GB | 142.250.180.2:443 | ade.googlesyndication.com | tcp |
| GB | 142.250.180.2:443 | ade.googlesyndication.com | udp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| NL | 34.1.232.191:443 | csync.loopme.me | tcp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| US | 8.8.8.8:53 | hb.trustedstack.com | udp |
| US | 8.8.8.8:53 | rtb.bid.com | udp |
| US | 8.8.8.8:53 | sync.contextualadv.com | udp |
| US | 8.8.8.8:53 | sync-service.net | udp |
| US | 8.8.8.8:53 | jadserve.postrelease.com | udp |
| IE | 52.17.239.246:443 | ap.lijit.com | tcp |
| US | 8.8.8.8:53 | ads.yieldmo.com | udp |
| US | 192.132.33.69:443 | bttrack.com | tcp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| US | 204.62.12.209:443 | sync-service.net | tcp |
| US | 204.62.12.180:443 | sync.contextualadv.com | tcp |
| FR | 34.1.1.166:443 | visitor.europe-west9.gcp.omnitagjs.com | tcp |
| IE | 54.220.14.160:443 | jadserve.postrelease.com | tcp |
| GB | 2.18.66.18:443 | hb.trustedstack.com | tcp |
| IE | 54.76.103.93:443 | ads.yieldmo.com | tcp |
| DE | 103.231.98.106:443 | image8.pubmatic.com | tcp |
| DE | 103.231.98.106:443 | image8.pubmatic.com | tcp |
| US | 35.244.174.68:443 | id.rlcdn.com | tcp |
| US | 8.8.8.8:53 | ps.eyeota.net | udp |
| DE | 3.125.70.222:443 | ps.eyeota.net | tcp |
| IE | 52.17.239.246:443 | ap.lijit.com | tcp |
| DE | 103.231.98.106:443 | image8.pubmatic.com | tcp |
| US | 35.244.174.68:443 | id.rlcdn.com | tcp |
| US | 8.8.8.8:53 | csync.copper6.com | udp |
| FR | 34.1.1.166:443 | visitor.europe-west9.gcp.omnitagjs.com | tcp |
| US | 80.77.84.96:443 | csync.copper6.com | tcp |
| FR | 34.1.1.166:443 | visitor.europe-west9.gcp.omnitagjs.com | tcp |
| FR | 34.1.1.166:443 | visitor.europe-west9.gcp.omnitagjs.com | tcp |
| CA | 148.113.153.93:443 | pixel.onaudience.com | tcp |
| US | 80.77.84.96:443 | csync.copper6.com | tcp |
| NL | 178.250.1.57:443 | ssp-sync.criteo.com | tcp |
| DE | 188.40.16.220:443 | ittpx.eskimi.com | tcp |
| US | 8.8.8.8:53 | tpsc-ew1.doubleverify.com | udp |
| US | 130.211.44.5:443 | tpsc-ew1.doubleverify.com | tcp |
| DE | 37.252.173.215:443 | ib.adnxs.com | tcp |
| NL | 69.173.156.148:443 | pixel-eu.rubiconproject.com | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| GB | 23.192.17.43:443 | ads.pubmatic.com | tcp |
| US | 34.98.64.218:443 | buysellads-d.openx.net | tcp |
| DE | 18.184.119.72:443 | match.sharethrough.com | tcp |
| GB | 23.192.17.43:443 | ads.pubmatic.com | tcp |
| DE | 18.184.119.72:443 | match.sharethrough.com | tcp |
| US | 130.211.44.5:443 | tpsc-ew1.doubleverify.com | tcp |
| NL | 152.42.150.143:443 | srv.buysellads.com | tcp |
| NL | 152.42.150.143:443 | srv.buysellads.com | tcp |
| DE | 3.78.93.150:443 | btlr.sharethrough.com | tcp |
| NL | 143.244.197.139:443 | ads.servenobid.com | tcp |
| FR | 34.1.1.166:443 | visitor.europe-west9.gcp.omnitagjs.com | tcp |
| NL | 188.166.203.175:443 | rt.marphezis.com | tcp |
| NL | 69.173.156.150:443 | prebid-server.rubiconproject.com | tcp |
| DE | 37.252.173.215:443 | ib.adnxs.com | tcp |
| IE | 52.17.239.246:443 | ap.lijit.com | tcp |
| GB | 23.192.17.198:443 | a.teads.tv | tcp |
| US | 131.153.171.234:443 | server.cpmstar.com | tcp |
| US | 131.153.171.234:443 | server.cpmstar.com | tcp |
| US | 131.153.171.234:443 | server.cpmstar.com | tcp |
| NL | 163.5.194.36:443 | prebid.a-mo.net | tcp |
| NL | 185.64.189.112:443 | hbopenbid.pubmatic.com | tcp |
| DE | 51.89.9.253:443 | onetag-sys.com | udp |
| US | 18.119.2.51:443 | rtb.gamoshi.io | tcp |
| NL | 178.250.1.56:443 | bidder.criteo.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 178.250.1.57:443 | ssp-sync.criteo.com | tcp |
| DE | 51.89.9.253:443 | onetag-sys.com | tcp |
| US | 18.119.2.51:443 | rtb.gamoshi.io | tcp |
| US | 18.119.2.51:443 | rtb.gamoshi.io | tcp |
| US | 8.8.8.8:53 | cs.admanmedia.com | udp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| FR | 34.1.1.166:443 | visitor.europe-west9.gcp.omnitagjs.com | tcp |
| US | 80.77.87.162:443 | cs.admanmedia.com | tcp |
| US | 80.77.87.162:443 | cs.admanmedia.com | tcp |
| US | 52.152.143.207:443 | o.clarity.ms | tcp |
| GB | 143.244.38.136:443 | api.pbxai.com | tcp |
| NL | 144.21.34.64:443 | e3.adpushup.com | tcp |
| US | 52.152.143.207:443 | o.clarity.ms | tcp |
| NL | 144.21.34.64:443 | e3.adpushup.com | tcp |
| US | 3.233.155.176:443 | http-intake.logs.datadoghq.com | tcp |
| NL | 144.21.34.64:443 | e3.adpushup.com | tcp |
| US | 8.8.8.8:53 | cdn.topsrvimp.com | udp |
| US | 3.233.155.176:443 | http-intake.logs.datadoghq.com | tcp |
| IE | 52.31.185.73:443 | match.prod.bidr.io | tcp |
| IE | 52.31.185.73:443 | match.prod.bidr.io | tcp |
| US | 8.8.8.8:53 | c.bannerflow.net | udp |
| US | 8.8.8.8:53 | eu-west-1.event.prod.bidr.io | udp |
| US | 8.8.8.8:53 | beacon-fra2.rubiconproject.com | udp |
| US | 8.8.8.8:53 | media.bidr.io | udp |
| US | 8.8.8.8:53 | ssl.connextra.com | udp |
| GB | 23.192.17.145:443 | eus.rubiconproject.com | tcp |
| NL | 144.21.34.64:443 | e3.adpushup.com | tcp |
| NL | 144.21.34.64:443 | e3.adpushup.com | tcp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| US | 8.8.8.8:53 | bid.g.doubleclick.net | udp |
| BE | 64.233.184.155:443 | bid.g.doubleclick.net | tcp |
| US | 199.232.211.52:443 | cdn.topsrvimp.com | tcp |
| US | 8.8.8.8:53 | cs.lkqd.net | udp |
| US | 8.8.8.8:53 | ad.sxp.smartclip.net | udp |
| US | 35.186.194.101:443 | ad.sxp.smartclip.net | tcp |
| US | 104.18.36.54:443 | vast.doubleverify.com | tcp |
| US | 8.8.8.8:53 | vpaid.doubleverify.com | udp |
| GB | 2.19.252.89:443 | cdn.doubleverify.com | tcp |
| US | 8.8.8.8:53 | vtrk.dv.tech | udp |
| US | 8.8.8.8:53 | tpsc-video-eu.doubleverify.com | udp |
| GB | 142.250.187.202:443 | imasdk.googleapis.com | udp |
| GB | 142.250.187.202:443 | imasdk.googleapis.com | udp |
| US | 104.18.32.145:443 | vpaid.doubleverify.com | tcp |
| US | 130.211.44.5:443 | tpsc-video-eu.doubleverify.com | tcp |
| US | 172.64.149.179:443 | vtrk.dv.tech | tcp |
| US | 104.18.32.145:443 | vpaid.doubleverify.com | tcp |
| GB | 2.19.252.89:443 | cdn.doubleverify.com | tcp |
| US | 8.8.8.8:53 | cdn.doubleverify.com | udp |
| US | 34.111.113.62:443 | pixel.tapad.com | tcp |
| US | 8.8.8.8:53 | st.pubmatic.com | udp |
| GB | 2.19.252.89:443 | cdn.doubleverify.com | tcp |
| US | 104.18.32.145:443 | vpaid.doubleverify.com | tcp |
| NL | 185.64.189.221:443 | st.pubmatic.com | tcp |
| US | 8.8.8.8:53 | rtb0.doubleverify.com | udp |
| US | 8.8.8.8:53 | gcdn.2mdn.net | udp |
| US | 172.64.149.179:443 | vtrk.dv.tech | tcp |
| GB | 142.250.200.14:443 | gcdn.2mdn.net | tcp |
| US | 130.211.44.5:443 | rtb0.doubleverify.com | tcp |
| IN | 142.250.192.131:443 | csi.gstatic.com | tcp |
| IN | 142.250.192.131:443 | csi.gstatic.com | tcp |
| IN | 142.250.192.131:443 | csi.gstatic.com | tcp |
| IN | 142.250.192.131:443 | csi.gstatic.com | tcp |
| IN | 142.250.192.131:443 | csi.gstatic.com | tcp |
| IN | 142.250.192.131:443 | csi.gstatic.com | tcp |
| US | 130.211.44.5:443 | rtb0.doubleverify.com | tcp |
| US | 8.8.8.8:53 | r1---sn-aigl6nsr.c.2mdn.net | udp |
| GB | 74.125.105.134:443 | r1---sn-aigl6nsr.c.2mdn.net | tcp |
| GB | 74.125.105.134:443 | r1---sn-aigl6nsr.c.2mdn.net | tcp |
| IN | 142.250.192.131:443 | csi.gstatic.com | tcp |
| GB | 142.250.200.14:443 | gcdn.2mdn.net | udp |
| GB | 74.125.105.134:443 | r1---sn-aigl6nsr.c.2mdn.net | tcp |
| IN | 142.250.192.131:443 | csi.gstatic.com | tcp |
| NL | 69.173.156.149:443 | pixel-eu.rubiconproject.com | tcp |
| NL | 69.173.156.148:443 | pixel-eu.rubiconproject.com | tcp |
| US | 130.211.44.5:443 | rtb0.doubleverify.com | tcp |
| US | 130.211.44.5:443 | rtb0.doubleverify.com | tcp |
| NL | 185.64.189.114:443 | image4.pubmatic.com | tcp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | udp |
| US | 130.211.44.5:443 | rtb0.doubleverify.com | tcp |
| US | 52.152.143.207:443 | o.clarity.ms | tcp |
| US | 172.67.8.174:443 | sync-eu.connectad.io | udp |
| IE | 46.137.23.186:443 | ms-cookie-sync.presage.io | tcp |
| US | 104.22.30.209:443 | static.smilewanted.com | tcp |
| US | 35.186.253.211:443 | rtb.openx.net | udp |
| US | 104.18.26.216:443 | cs.ingage.tech | tcp |
| US | 45.55.124.119:443 | exchange.cootlogix.com | tcp |
| US | 45.55.124.119:443 | exchange.cootlogix.com | tcp |
| US | 104.18.34.178:443 | mp.4dex.io | tcp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| DE | 3.78.93.150:443 | btlr.sharethrough.com | tcp |
| US | 69.166.1.64:443 | apex.go.sonobi.com | tcp |
| IE | 52.214.20.127:443 | g2.gumgum.com | tcp |
| DE | 3.78.93.150:443 | btlr.sharethrough.com | tcp |
| US | 80.77.87.162:443 | cs.admanmedia.com | tcp |
| IE | 46.137.23.186:443 | ms-cookie-sync.presage.io | tcp |
| US | 104.22.30.209:443 | static.smilewanted.com | tcp |
| US | 45.55.124.119:443 | exchange.cootlogix.com | tcp |
| US | 104.22.30.209:443 | static.smilewanted.com | tcp |
| US | 35.241.34.106:443 | c.4dex.io | udp |
| IE | 46.137.23.186:443 | ms-cookie-sync.presage.io | tcp |
| US | 35.241.34.106:443 | c.4dex.io | tcp |
| US | 52.152.143.207:443 | o.clarity.ms | tcp |
| US | 52.152.143.207:443 | o.clarity.ms | tcp |
| IE | 54.76.235.151:443 | match.360yield.com | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| JP | 172.217.174.99:443 | beacons.gcp.gvt2.com | tcp |
| JP | 172.217.174.99:443 | beacons.gcp.gvt2.com | tcp |
| US | 172.64.144.50:443 | www.temu.com | tcp |
| US | 130.211.44.5:443 | rtb0.doubleverify.com | tcp |
| US | 130.211.44.5:443 | rtb0.doubleverify.com | tcp |
| US | 130.211.44.5:443 | rtb0.doubleverify.com | tcp |
| NL | 134.122.57.34:443 | match.adsby.bidtheatre.com | tcp |
| US | 130.211.44.5:443 | rtb0.doubleverify.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| US | 130.211.44.5:443 | rtb0.doubleverify.com | tcp |
| US | 130.211.44.5:443 | rtb0.doubleverify.com | tcp |
| US | 172.64.150.63:443 | s.tribalfusion.com | udp |
| US | 8.8.8.8:53 | ads.travelaudience.com | udp |
| US | 8.8.8.8:53 | s.ad.smaato.net | udp |
| GB | 23.192.21.198:443 | sync.teads.tv | tcp |
| US | 130.211.44.5:443 | rtb0.doubleverify.com | tcp |
| US | 35.190.0.66:443 | ads.travelaudience.com | tcp |
| GB | 23.192.17.97:443 | secure.insightexpressai.com | tcp |
| US | 35.190.0.66:443 | ads.travelaudience.com | tcp |
| FR | 164.132.25.181:443 | ssbsync.smartadserver.com | tcp |
| GB | 23.192.21.198:443 | sync.teads.tv | tcp |
| FR | 164.132.25.181:443 | ssbsync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | tps-dn-ew1.doubleverify.com | udp |
| BE | 35.210.149.152:443 | tps-dn-ew1.doubleverify.com | tcp |
| NL | 34.1.242.226:443 | s.ad.smaato.net | tcp |
| NL | 34.1.242.226:443 | s.ad.smaato.net | tcp |
| BE | 35.210.149.152:443 | tps-dn-ew1.doubleverify.com | tcp |
| US | 130.211.44.5:443 | rtb0.doubleverify.com | tcp |
| US | 130.211.44.5:443 | rtb0.doubleverify.com | tcp |
| US | 130.211.44.5:443 | rtb0.doubleverify.com | tcp |
| US | 130.211.44.5:443 | rtb0.doubleverify.com | tcp |
| US | 130.211.44.5:443 | rtb0.doubleverify.com | tcp |
| US | 80.77.84.96:443 | csync.copper6.com | tcp |
| US | 104.17.159.237:443 | cdn.fuseplatform.net | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 130.211.44.5:443 | rtb0.doubleverify.com | tcp |
| US | 80.77.87.166:443 | cs.admanmedia.com | tcp |
| US | 80.77.87.166:443 | cs.admanmedia.com | tcp |
| FR | 3.160.196.11:443 | config.aps.amazon-adsystem.com | tcp |
| FR | 3.160.182.59:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | ox-rtb-europe-west4.openx.net | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 34.98.84.165:443 | ox-rtb-europe-west4.openx.net | tcp |
| JP | 172.217.174.99:443 | beacons.gcp.gvt2.com | tcp |
| FR | 52.85.111.9:443 | aax.amazon-adsystem.com | tcp |
| US | 34.98.64.218:443 | buysellads-d.openx.net | udp |
| FR | 3.160.196.11:443 | config.aps.amazon-adsystem.com | tcp |
| FR | 3.160.182.59:443 | c.amazon-adsystem.com | tcp |
| US | 34.98.64.218:443 | buysellads-d.openx.net | tcp |
| JP | 172.217.174.99:443 | beacons.gcp.gvt2.com | tcp |
| FR | 52.85.111.9:443 | aax.amazon-adsystem.com | tcp |
| US | 130.211.44.5:443 | rtb0.doubleverify.com | tcp |
| US | 130.211.44.5:443 | rtb0.doubleverify.com | tcp |
| US | 130.211.44.5:443 | rtb0.doubleverify.com | tcp |
| US | 8.8.8.8:53 | secure.cdn.fastclick.net | udp |
| US | 172.64.149.179:443 | vtrk.dv.tech | udp |
| FR | 54.230.112.73:443 | tags.crwdcntrl.net | udp |
| GB | 23.49.163.193:443 | secure.cdn.fastclick.net | tcp |
| US | 130.211.44.5:443 | rtb0.doubleverify.com | tcp |
| US | 130.211.44.5:443 | rtb0.doubleverify.com | tcp |
| IE | 54.171.6.32:443 | pr-bh.ybp.yahoo.com | tcp |
| DE | 37.252.173.215:443 | ib.adnxs.com | tcp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| DE | 91.228.74.244:443 | cms.quantserve.com | tcp |
| US | 8.8.8.8:53 | eu-u.openx.net | udp |
| IN | 142.250.192.131:443 | csi.gstatic.com | udp |
| DE | 37.252.173.215:443 | ib.adnxs.com | tcp |
| DE | 3.78.93.150:443 | btlr.sharethrough.com | tcp |
| NL | 69.173.156.150:443 | prebid-server.rubiconproject.com | tcp |
| NL | 178.250.1.56:443 | bidder.criteo.com | tcp |
| US | 131.153.171.234:443 | server.cpmstar.com | tcp |
| US | 131.153.171.234:443 | server.cpmstar.com | tcp |
| US | 131.153.171.234:443 | server.cpmstar.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
Files
memory/2432-0-0x00007FFC07833000-0x00007FFC07835000-memory.dmp
memory/2432-1-0x0000000000A40000-0x0000000000A54000-memory.dmp
memory/2432-6-0x00007FFC07830000-0x00007FFC082F1000-memory.dmp
memory/2432-7-0x000000001C360000-0x000000001C464000-memory.dmp
memory/2432-8-0x00007FFC07833000-0x00007FFC07835000-memory.dmp
memory/2432-9-0x00007FFC07830000-0x00007FFC082F1000-memory.dmp
C:\Users\Admin\AppData\Roaming\test.exe
| MD5 | 1e0aa64bead9e0338618646b79e4a77b |
| SHA1 | 8c3985be98bbfbbc02a0ec6d2d5801483251cf84 |
| SHA256 | fabc467aee7674695a0e55e90f4d7136835d9876fddeac5a9af3e4a071772af5 |
| SHA512 | eef3fc34edf692ef633080f3fc8ae84c3c60ade77774d994186337a25b9bc26c0a7b0b011d9b03fffbe26c5c3516b3befe4d4fb843d3350d97abdd33b8dcdf83 |
memory/2916-13-0x00007FFC07830000-0x00007FFC082F1000-memory.dmp
memory/2916-15-0x00007FFC07830000-0x00007FFC082F1000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\test.exe.log
| MD5 | 2ff39f6c7249774be85fd60a8f9a245e |
| SHA1 | 684ff36b31aedc1e587c8496c02722c6698c1c4e |
| SHA256 | e1b91642d85d98124a6a31f710e137ab7fd90dec30e74a05ab7fcf3b7887dced |
| SHA512 | 1d7e8b92ef4afd463d62cfa7e8b9d1799db5bf2a263d3cd7840df2e0a1323d24eb595b5f8eb615c6cb15f9e3a7b4fc99f8dd6a3d34479222e966ec708998aed1 |
memory/2432-23-0x00007FFC07830000-0x00007FFC082F1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmp4893.tmp.bat
| MD5 | 028bcedcaf6e8cf6c3a6140890246322 |
| SHA1 | a4d80053c12cba73019761d3104d70d252f61996 |
| SHA256 | a0fc9ac91019304d630d383be283252fb02c6520578c97c1a4834ae0b90d741e |
| SHA512 | a0775374749a14b9b3d5e748c72f7db986eb2e51d580a591add7bd23834748de08c056321f82f737371d7a887d5e09aa28d8d8ec1c8da34ddbaac34fe9e53ea0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 19f8d46520a337f36d7e56ce71d6ea21 |
| SHA1 | 126f8dc52c366a1c6dd64b81d792048e60bd2ec4 |
| SHA256 | b11e398de7d75612171b10ae0a7c7ebc914d38f4a1ba16d891abd94d91c47559 |
| SHA512 | 79205f4bc141474a380829d1521c04284ff7a299a7987fa7f9a745425fc244ec526def1e7b5db46f90906d7781e96250e56e6787c93519950bba386f8113a3e0 |
\??\pipe\crashpad_4936_KLUKRXMCCZZWQYCF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 24375da6a6b73bc41f0a8c5aba46d5f4 |
| SHA1 | 2b1a119f264f97283c40fd1716f93f0bc55b251f |
| SHA256 | 84055fb15a531587c2e604fb5e2e88b7973327d635214a1c980fa97ab5f03198 |
| SHA512 | 4f5d56451eb3ee327e0a342a1b3cc1c4bf458663dfb4787a1f989e3c98175d39a2983f4f682425b6f1b05e34a52e0f5582c35bc784d7f3474d94eee3d36a2c33 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 7f78954dbd31fc1712d11ca0ba9c1d74 |
| SHA1 | 0cfeccb118ec8b485680f390cd33cb2c7816d6c1 |
| SHA256 | f3c417020fa32930008f010318cedc9c363251808bc93d894ca1583d7eae6774 |
| SHA512 | b59b57ff4cb43d974095e5d3b28e0b07784369eca52e15781334255e2aecba8f991afbc043a03300e7a0f1c6ad3fd9c54fdf1e58e3d0a5b4f4b199cdb6c597c9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8c62ba817f76615b832e7dc59c95eef8 |
| SHA1 | a019e23ecb8004635a9616d3fb50129afa7d4eda |
| SHA256 | f2b6d0a0ad969356fee9da9e64beeaf0696b03aad651fb302eabce6b4958e9a1 |
| SHA512 | 02102f742e370e95c1302fde6d5f3805ad46ae189188081cfc1afef456e917f54dd99c7fba12c929cd3dd26c3bdc848c301b9bcd72d4bf4b3482b4dac1660931 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | a167fde00a63a7b857e6ca122fe79f60 |
| SHA1 | 17c511d5149821f0fe82481bf2629c7b551ea3fb |
| SHA256 | f90e2f5f5eabc58e73207f4cbe3dba5d79811b6716f9f13a8807b3813a564509 |
| SHA512 | d7da8d099c805439d09b2f6202243e0b2e6004cdfdb4f4cead20dd7e9610502388fcba480694ee8b1f4f7bf40cb44e666f15ee79d4eb5b57430bcfaad0f67902 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6cc37809168123ece286461d72f16e2b |
| SHA1 | 9a38ccdc40ac848abd82b603df62b26bfd240d19 |
| SHA256 | 7f09835024ff4f446be3911eb894e56cd4cb51d09a61565029241fb9bdae9fca |
| SHA512 | 7ccd4056d581c42d5f3eca3391f6b40309a6d04d210500a2d333665225707bad5feae5f16a7b45ff4ead3cec3c3d9771b90d2eb92c0a4cb948199483830e1d63 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 2c18eecb0c175a6b11dfc8f44877f6d9 |
| SHA1 | f68735ba20693f00c3d74c2691e9f997b23244c7 |
| SHA256 | 0b67daa42522682eecabdf87d0e8095121d4ff4975e22e3a6e63dbf783fde986 |
| SHA512 | daba7d04632b5b73f6d90b26df2f3c34980fe20fc694abf54cf4d38c8c37b8bbc0cc63723836d5286e34b4e75cec2b8707216b56ca216e96726ce7fa70ceb244 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | b21f631c4cbe2998ccc77c62936e1db8 |
| SHA1 | 52c0a101808db0bfa3748a8a95dd7a228c2218d1 |
| SHA256 | 5da17e2266788359dbc3dff13e45ade336e96248fcb5a4c06caa64ecfa7ca21a |
| SHA512 | 03995589226c61be4b1c93d6831be904f2336336139e0c4527ee355c88499f02f28291e5269b19a82c51a318960f5c7c3eb8dd137dc6b03ee68f136c0fab8c1e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5aec74.TMP
| MD5 | 48c4d92213108611900a483b9853b825 |
| SHA1 | 76b7388a3aaefbff09c1f1ab95235ff77366284b |
| SHA256 | 8fe567647b838760ac3f490c692253bf88fe9a7891bc56e287404c4a163a360c |
| SHA512 | 614c601dffc327af234c3dc7a1b16ce564610ebab90a4c4a35867f00f7071bfd928e24e3c81ed8d47e438e19dd9a381c67cc8342714930d556fa62b37d5ceea8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.iplocation.net_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.iplocation.net_0.indexeddb.leveldb\000001.dbtmp
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9c99feb9b39a17ebb5c968a7ebadce47 |
| SHA1 | 776c908fa3a55618754b245ddeb04b012f487c35 |
| SHA256 | dc05ccb7c57600c986a8a8f38c92ed2d72a13802844986cabffe2a8cd80178be |
| SHA512 | dece5aab0a21dc17b592b28b6df137b6af0f02fdbde209370e8aee3e45bf6f44617424d4f87ffbb1125ecfeba3a4c72d2103037905fa6952c57d80499572f42a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00008f
| MD5 | 34db3aa27a7ebc99500c3dad294e0367 |
| SHA1 | 1deedf85cd58d1cbc83ba6dd985c764169ad3d02 |
| SHA256 | c5f1654c076c6c3142872cf17ca98a2e99acbe74f1a96b4722da3190c3e27b7b |
| SHA512 | c7bb3bf68c7105f9ae956fc307f18e391dd683cb9a1798b246990b93046bf3bf40b1e62120fea1ae20fab583acaad5fee9d15d25cfc08ebc122a2cb5f631dd3f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00008e
| MD5 | 6876b9fa77d04a990aed45bf263be0f4 |
| SHA1 | da839f0bd43484ffb41abe8d848f4682c4d72dc9 |
| SHA256 | c2651a1004a46fa6fc26303b06a112a448d169f67ba1a7ae8fa59285b9bd9e50 |
| SHA512 | 7bfba9cc1375e5ee3b58efa777b4ae217eebb8acdc2873f3256903de0d6aaca3f87d6f110d683c9badb40968ed2f59f9046d15628513be6ba9d2965585a3f1e0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\336a68eaaf209f48_0
| MD5 | b85e94c24ca05700d2bd6f6576c2041c |
| SHA1 | c209ceda06bac30675e7d6039d1077d43453a546 |
| SHA256 | 46414f247ffda26009b0d2f6cc49118d860034ef70c35147319fa0340ac374bb |
| SHA512 | 379827d5f13356e9c77d039065fbde42831733126f3bebb41ae4ba90f4b1d9acddfe28653d7b790f4e47137cd7872660e66cfe30f4c761ffed1dc0f06a4a3c5b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\135a9e73b7a29232_0
| MD5 | 2f22745d88e9ae2a1af50b77f5fa0229 |
| SHA1 | 3c81f058ec20bb957ecf24356b2faf3512eb7835 |
| SHA256 | 1a41cae26768cbdb7de926c4abcd6ebf2cfa267c07a0fb3d32ee1c602528604e |
| SHA512 | e63a0c0ef66c53c19a714b8ed06538659f3e4c43df1e27ee986dbbf104e12a02527bed75ecc99bf6000c036fbb34a1726a95fb793689249a92c9c44bcfc2cf05 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 78e8f8ac8f3545dc612f1e55962b96b9 |
| SHA1 | f2658ed2a47638d06d8819e5e41e5168f29cd76f |
| SHA256 | da51d7ecde0b2930d2360939e734dae601d0ca55bc6e3c1bdce8d1c3c1ebe73e |
| SHA512 | f4aeb67268a167f192e6f07ba6d2b2780bbd3a8a7bb469469cc978462e492dc6178a8175e17bf12378785d08236734f37770874dea32714cec5acb43e04bd318 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 053b4a52d0b8d3b053ac280a2c618e65 |
| SHA1 | ae1dd9015248ffe165be5bc70e0b265232994585 |
| SHA256 | ca0b02334f5631da33c56c1f9f66425ec4b048b18f64bea7561736566bdb11c8 |
| SHA512 | dfc26b20bbd8a0894f087d3f4ec8db7ce038e94fa412a67853204b69383b79e7ef9def0875a043fdd32a29114874864c86e3d9d757c61ac4e05491466bafe584 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\index-dir\the-real-index
| MD5 | c832b495b45adb2de9947b6dacc0c072 |
| SHA1 | 89c874024f56fe7129bc2dccc194773c46ccc84f |
| SHA256 | 3939b39a6c547a2c5b8d0958c81d2ba9251c7f807867c3a40163c45eea3a19b3 |
| SHA512 | 68d8d83093fb8a47e13c1e96fef46c2a794db48a7e0461b41afb2b9fd73e162f62b3fb3e2a1cb8402727a638798744114a8d035667b631d1c730f68e2a2ee823 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000074
| MD5 | 83266658f29f5cb762001d5d9f6985a7 |
| SHA1 | 9ff52157193e1e798944e6a3172d938183f5e550 |
| SHA256 | 60072b4eb6fc5f1f1214a34fcd55b3cbd1d05eddf778f85611f9b352c4c6452d |
| SHA512 | 60b2a8749bb597b71c6cb7113c4ea6c430ab90c6f6a5f78a36ab5fbd2676fbc173ade236be939e862569c786fbdc8e0aa984f1ae4263e91de2ba681cc8ce5d66 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006f
| MD5 | 6dc758b73cca60a1a581a33e0cf2e8ae |
| SHA1 | efa96dfe51f74a699b05e441bfd60febc99d9312 |
| SHA256 | 33c350310e8b2af2b7387d60b2be7e2e2cb78dffed422c478632626bbc42386c |
| SHA512 | 9d95d502d06e3c024b5a8c2ab4cd69b264552637ebad5253878c9a626659b92813d028ed87c16611ded3a38aae706ac6beef5484d4391af2d0587ab54715ac9b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\97e99a4140663f1f_0
| MD5 | 4ccf14dae23f9915ccb0606657e02818 |
| SHA1 | 40d419776351059cd46a82ad955b8f8dde4e80ac |
| SHA256 | 5c020b3897c505a5659d39d6e14a76f5b44feaa094b7bb78ce0667426dc52767 |
| SHA512 | 61afffd91d22013fec74b6d4be97b241d432c666bc478a7e06315f42326d69321b43525864cc5171161c8e9d780444b83c1bd461194d36ba7761249efb7c469d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000099
| MD5 | 839c0f19f071a97b420bf573dc1102f5 |
| SHA1 | 9654cad2cc914ec1905d30fcc75b3a7aeb4e4ada |
| SHA256 | 5517b90cb50d0e4de8872772dfd8433fe865d147bb6dfe909fa480b9552c1402 |
| SHA512 | 0ba1bb94d6e6038ea1866d14283a666985ce312f3ad1ce1dd78ad57c04ddc58976e257dfcf393ab06625aab1add6237b523088862536b4a8b91cb1b4504d9677 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6f28bbef3ef4ba52fba640da0795d2d7 |
| SHA1 | 1e22a23fa3835a03bf8032e40037a8d31e315a0b |
| SHA256 | 9ab81dd6da03c7114baedcfae994d3ebd5418a1bc1c5e764fca4de1bf0c90526 |
| SHA512 | 0f1e533851bd7a6fa2a4fd7a27faf1e44c171c1d5b1f1f873cadea180f3c10e11d6cc64e1a2c96a91ab43d858caffa98a0669af305c9e5a3c33a80dc904e3436 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 5a84f5a2637679ffec3bbb3ad1b085dd |
| SHA1 | 4ff3f3e5c7fb7702521ee2df0ba297bcab23f231 |
| SHA256 | e8e66c59a0e4ea9aae4585a3466280555b45fb340cfe48e75572c4b012669c9e |
| SHA512 | 8ce2f5fa5b1864c2bcbcd719d8bc7a8d702b9aec4057edb8b3c007a6749973a5f55ad3d6b5dd8150b886575936432d30960f98f2283c199485207887a890f6ef |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000048
| MD5 | e6ec1df39aa8d07cf330a72f47196abf |
| SHA1 | 801af4548a1108d80264f289a2c4198cb273c2c6 |
| SHA256 | 18117406ad59b6a0d16b1fa1ddeb2d53210aa3fde7a2d3ea00704d3187257ca2 |
| SHA512 | ec806a7550dd0f9f6b0e8a14d9f00277690b771230829ba07f29807412a04b337ed893caed31363ead5cbb2e933cc2561643e1568c22094fd216d4d950bd12e9 |
Analysis: behavioral2
Detonation Overview
Submitted
2025-03-26 13:23
Reported
2025-03-26 13:29
Platform
win10ltsc2021-20250314-de
Max time kernel
174s
Max time network
219s
Command Line
Signatures
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Xworm
Xworm family
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Client1.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\test.lnk | C:\Users\Admin\AppData\Local\Temp\Client1.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\test.lnk | C:\Users\Admin\AppData\Local\Temp\Client1.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\test.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\test.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-73851796-4078923053-1419757224-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\test = "C:\\Users\\Admin\\AppData\\Roaming\\test.exe" | C:\Users\Admin\AppData\Local\Temp\Client1.exe | N/A |
Enumerates physical storage devices
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\schtasks.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Client1.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Roaming\test.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Roaming\test.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4424 wrote to memory of 1632 | N/A | C:\Users\Admin\AppData\Local\Temp\Client1.exe | C:\Windows\System32\schtasks.exe |
| PID 4424 wrote to memory of 1632 | N/A | C:\Users\Admin\AppData\Local\Temp\Client1.exe | C:\Windows\System32\schtasks.exe |
| PID 4424 wrote to memory of 4084 | N/A | C:\Users\Admin\AppData\Local\Temp\Client1.exe | C:\Windows\System32\schtasks.exe |
| PID 4424 wrote to memory of 4084 | N/A | C:\Users\Admin\AppData\Local\Temp\Client1.exe | C:\Windows\System32\schtasks.exe |
| PID 4424 wrote to memory of 8 | N/A | C:\Users\Admin\AppData\Local\Temp\Client1.exe | C:\Windows\system32\cmd.exe |
| PID 4424 wrote to memory of 8 | N/A | C:\Users\Admin\AppData\Local\Temp\Client1.exe | C:\Windows\system32\cmd.exe |
| PID 8 wrote to memory of 3108 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\timeout.exe |
| PID 8 wrote to memory of 3108 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\timeout.exe |
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\Client1.exe
"C:\Users\Admin\AppData\Local\Temp\Client1.exe"
C:\Windows\System32\schtasks.exe
"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "test" /tr "C:\Users\Admin\AppData\Roaming\test.exe"
C:\Users\Admin\AppData\Roaming\test.exe
"C:\Users\Admin\AppData\Roaming\test.exe"
C:\Users\Admin\AppData\Roaming\test.exe
"C:\Users\Admin\AppData\Roaming\test.exe"
C:\Windows\System32\schtasks.exe
"C:\Windows\System32\schtasks.exe" /delete /f /tn "test"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmpED35.tmp.bat""
C:\Windows\system32\timeout.exe
timeout 3
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.telegram.org | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 8.8.8.8:53 | park-meetup.gl.at.ply.gg | udp |
| US | 147.185.221.18:62592 | park-meetup.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
Files
memory/4424-0-0x00007FFC63DB3000-0x00007FFC63DB5000-memory.dmp
memory/4424-1-0x0000000000300000-0x0000000000314000-memory.dmp
memory/4424-6-0x00007FFC63DB0000-0x00007FFC64872000-memory.dmp
memory/4424-7-0x000000001BC40000-0x000000001BD44000-memory.dmp
memory/4424-8-0x00007FFC63DB3000-0x00007FFC63DB5000-memory.dmp
memory/4424-9-0x00007FFC63DB0000-0x00007FFC64872000-memory.dmp
C:\Users\Admin\AppData\Roaming\test.exe
| MD5 | 1e0aa64bead9e0338618646b79e4a77b |
| SHA1 | 8c3985be98bbfbbc02a0ec6d2d5801483251cf84 |
| SHA256 | fabc467aee7674695a0e55e90f4d7136835d9876fddeac5a9af3e4a071772af5 |
| SHA512 | eef3fc34edf692ef633080f3fc8ae84c3c60ade77774d994186337a25b9bc26c0a7b0b011d9b03fffbe26c5c3516b3befe4d4fb843d3350d97abdd33b8dcdf83 |
memory/5796-13-0x00007FFC63DB0000-0x00007FFC64872000-memory.dmp
memory/5796-15-0x00007FFC63DB0000-0x00007FFC64872000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\test.exe.log
| MD5 | 11c6e74f0561678d2cf7fc075a6cc00c |
| SHA1 | 535ee79ba978554abcb98c566235805e7ea18490 |
| SHA256 | d39a78fabca39532fcb85ce908781a75132e1bd01cc50a3b290dd87127837d63 |
| SHA512 | 32c63d67bf512b42e7f57f71287b354200126cb417ef9d869c72e0b9388a7c2f5e3b61f303f1353baa1bf482d0f17e06e23c9f50b2f1babd4d958b6da19c40b0 |
memory/4424-23-0x00007FFC63DB0000-0x00007FFC64872000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmpED35.tmp.bat
| MD5 | f992081faf753219c06631cae1c91449 |
| SHA1 | 61952dadeb5ba8d7a39909750074a938ff2a055b |
| SHA256 | 5272ed2e2792fc651b319da8082eb495fb553edd9f3fb3b6ce9af575815b19b8 |
| SHA512 | fe103b371d7bfbd309d44f4d15466fc2c6738ce82789abaf666df3c995bb6e1edfd5343927eae00bff7ebafaa52f1e6d1eea43ea7172b3ae7bcf1c1b05c16d9b |
Analysis: behavioral3
Detonation Overview
Submitted
2025-03-26 13:23
Reported
2025-03-26 13:28
Platform
win11-20250313-de
Max time kernel
176s
Max time network
283s
Command Line
Signatures
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Xworm
Xworm family
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\test.lnk | C:\Users\Admin\AppData\Local\Temp\Client1.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\test.lnk | C:\Users\Admin\AppData\Local\Temp\Client1.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\test.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\test.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000\Software\Microsoft\Windows\CurrentVersion\Run\test = "C:\\Users\\Admin\\AppData\\Roaming\\test.exe" | C:\Users\Admin\AppData\Local\Temp\Client1.exe | N/A |
Enumerates physical storage devices
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2873637269-1458872900-2373203793-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\schtasks.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Client1.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Roaming\test.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Roaming\test.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Client1.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Client1.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Client1.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Client1.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Client1.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Client1.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Client1.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Client1.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Client1.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Client1.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Client1.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Client1.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Client1.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Client1.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Client1.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Client1.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Client1.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Client1.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 5036 wrote to memory of 5756 | N/A | C:\Users\Admin\AppData\Local\Temp\Client1.exe | C:\Windows\System32\schtasks.exe |
| PID 5036 wrote to memory of 5756 | N/A | C:\Users\Admin\AppData\Local\Temp\Client1.exe | C:\Windows\System32\schtasks.exe |
| PID 5036 wrote to memory of 5644 | N/A | C:\Users\Admin\AppData\Local\Temp\Client1.exe | C:\Windows\System32\schtasks.exe |
| PID 5036 wrote to memory of 5644 | N/A | C:\Users\Admin\AppData\Local\Temp\Client1.exe | C:\Windows\System32\schtasks.exe |
| PID 5036 wrote to memory of 4348 | N/A | C:\Users\Admin\AppData\Local\Temp\Client1.exe | C:\Windows\system32\cmd.exe |
| PID 5036 wrote to memory of 4348 | N/A | C:\Users\Admin\AppData\Local\Temp\Client1.exe | C:\Windows\system32\cmd.exe |
| PID 4348 wrote to memory of 1636 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\timeout.exe |
| PID 4348 wrote to memory of 1636 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\timeout.exe |
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\Client1.exe
"C:\Users\Admin\AppData\Local\Temp\Client1.exe"
C:\Windows\System32\schtasks.exe
"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "test" /tr "C:\Users\Admin\AppData\Roaming\test.exe"
C:\Users\Admin\AppData\Roaming\test.exe
C:\Users\Admin\AppData\Roaming\test.exe
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
C:\Users\Admin\AppData\Roaming\test.exe
C:\Users\Admin\AppData\Roaming\test.exe
C:\Windows\System32\schtasks.exe
"C:\Windows\System32\schtasks.exe" /delete /f /tn "test"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp1D9B.tmp.bat""
C:\Windows\system32\timeout.exe
timeout 3
Network
| Country | Destination | Domain | Proto |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 147.185.221.18:62592 | park-meetup.gl.at.ply.gg | tcp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
| US | 147.185.221.18:62592 | park-meetup.gl.at.ply.gg | tcp |
| US | 147.185.221.18:62592 | park-meetup.gl.at.ply.gg | tcp |
Files
memory/5036-0-0x00007FFB70D03000-0x00007FFB70D05000-memory.dmp
memory/5036-1-0x0000000000880000-0x0000000000894000-memory.dmp
memory/5036-6-0x00007FFB70D00000-0x00007FFB717C2000-memory.dmp
memory/5036-7-0x000000001C340000-0x000000001C444000-memory.dmp
memory/5036-8-0x00007FFB70D03000-0x00007FFB70D05000-memory.dmp
memory/5036-9-0x00007FFB70D00000-0x00007FFB717C2000-memory.dmp
memory/5036-11-0x00000000010E0000-0x00000000010EA000-memory.dmp
C:\Users\Admin\AppData\Roaming\test.exe
| MD5 | 1e0aa64bead9e0338618646b79e4a77b |
| SHA1 | 8c3985be98bbfbbc02a0ec6d2d5801483251cf84 |
| SHA256 | fabc467aee7674695a0e55e90f4d7136835d9876fddeac5a9af3e4a071772af5 |
| SHA512 | eef3fc34edf692ef633080f3fc8ae84c3c60ade77774d994186337a25b9bc26c0a7b0b011d9b03fffbe26c5c3516b3befe4d4fb843d3350d97abdd33b8dcdf83 |
memory/2064-14-0x00007FFB70D00000-0x00007FFB717C2000-memory.dmp
memory/2064-16-0x00007FFB70D00000-0x00007FFB717C2000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
| MD5 | 2ff5abf5c4b9149a19245eb28c0c6613 |
| SHA1 | 7a9fd1ea4ff86b8476d054623d3fba36322c34cc |
| SHA256 | 6c8602dc88149327a96d492ded042038b3a743ef517abb653945f2f1945bb372 |
| SHA512 | c51182916c0f09b989a0b068845a355a108e2ff7ee0254e1690f32902e40e2c9c7be44876f5954c20e48317fef4d9cd93000e9b54678599ca045c1096a547b51 |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
| MD5 | aa5f023c947a39567aa77454805172c5 |
| SHA1 | 2eeb0726882d0f09dc2d63f69ed40aa60ed205bd |
| SHA256 | e8164ec588c417d10454e45cfd179ff2db21b9327c6bf75112e245dc5be4fd4b |
| SHA512 | 249439d8114d1f29b570ee9c5e742b922ac525af26a0ba5054892faaff80ac3af04cb55283e74373bd6b2ff8226584ea3e8c66d7e5ea1da0ff93fcf365cb2155 |
memory/5036-36-0x000000001C330000-0x000000001C33C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\test.exe.log
| MD5 | 2cbbb74b7da1f720b48ed31085cbd5b8 |
| SHA1 | 79caa9a3ea8abe1b9c4326c3633da64a5f724964 |
| SHA256 | e31b18f21621d9983bfdf1ea3e53884a9d58b8ffd79e0e5790da6f3a81a8b9d3 |
| SHA512 | ecf02d5240e0c1c005d3ab393aa7eff62bd498c2db5905157e2bf6d29e1b663228a9583950842629d1a4caef404c8941a0c7799b1a3bd1eb890a09fdb7efcff9 |
C:\Users\Admin\AppData\Local\Temp\tmp1D9B.tmp.bat
| MD5 | dddb96e35043307594dafb09f44efb7a |
| SHA1 | bff323c893c42dec5f612f4e0fe63719e86353b6 |
| SHA256 | 19b2bdbfccf79a27aa7e5e17b99f34656b9d97cb4a15d5dca659e868e971855e |
| SHA512 | cd1c3f25f4e906ec7483159e7254e1cc7b9d28c902bfceb080b582f5e28d74ff4dbb0133b4d564a267ced8df0eecf1c7bea9fb75c7555d6c537d91586fdc7a74 |
memory/5036-45-0x00007FFB70D00000-0x00007FFB717C2000-memory.dmp