Analysis Overview
Threat Level: Known bad
The file https://ekweroboro-temp-swtest-ru.translate.goog/?_x_tr_sch=http&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=nl&_x_tr_pto=wapp#[email protected] was found to be: Known bad.
Malicious Activity Summary
A potential corporate email address has been identified in the URL: [email protected]
Modifies data under HKEY_USERS
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-11-09 13:06
Signatures
A potential corporate email address has been identified in the URL: [email protected]
Analysis: behavioral1
Detonation Overview
Submitted
2023-11-09 13:06
Reported
2023-11-09 13:08
Platform
win10v2004-20231023-en
Max time kernel
89s
Max time network
92s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133440088533829344" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8a50e9758,0x7ff8a50e9768,0x7ff8a50e9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://ekweroboro-temp-swtest-ru.translate.goog/?_x_tr_sch=http&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=nl&_x_tr_pto=wapp#[email protected]
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1864,i,4270104234862168890,3270323657451649985,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1864,i,4270104234862168890,3270323657451649985,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1864,i,4270104234862168890,3270323657451649985,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3204 --field-trial-handle=1864,i,4270104234862168890,3270323657451649985,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3192 --field-trial-handle=1864,i,4270104234862168890,3270323657451649985,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4580 --field-trial-handle=1864,i,4270104234862168890,3270323657451649985,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4760 --field-trial-handle=1864,i,4270104234862168890,3270323657451649985,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5020 --field-trial-handle=1864,i,4270104234862168890,3270323657451649985,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 --field-trial-handle=1864,i,4270104234862168890,3270323657451649985,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 --field-trial-handle=1864,i,4270104234862168890,3270323657451649985,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3312 --field-trial-handle=1864,i,4270104234862168890,3270323657451649985,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5640 --field-trial-handle=1864,i,4270104234862168890,3270323657451649985,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5348 --field-trial-handle=1864,i,4270104234862168890,3270323657451649985,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3196 --field-trial-handle=1864,i,4270104234862168890,3270323657451649985,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4664 --field-trial-handle=1864,i,4270104234862168890,3270323657451649985,131072 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ekweroboro-temp-swtest-ru.translate.goog | udp |
| NL | 142.251.39.97:443 | ekweroboro-temp-swtest-ru.translate.goog | tcp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| NL | 142.250.179.206:443 | translate.google.com | tcp |
| NL | 142.250.179.206:443 | translate.google.com | tcp |
| US | 8.8.8.8:53 | pub-ec913e053f97413a981c7250210a95ba.r2.dev | udp |
| US | 104.18.2.35:443 | pub-ec913e053f97413a981c7250210a95ba.r2.dev | tcp |
| US | 104.18.2.35:443 | pub-ec913e053f97413a981c7250210a95ba.r2.dev | tcp |
| US | 8.8.8.8:53 | 97.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.2.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| NL | 172.217.168.234:443 | content-autofill.googleapis.com | tcp |
| NL | 88.221.25.153:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 234.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.25.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 142.251.36.14:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | stackpath.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | www.pngitem.com | udp |
| US | 154.197.160.69:443 | www.pngitem.com | tcp |
| US | 104.18.10.207:443 | stackpath.bootstrapcdn.com | tcp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 151.101.2.137:443 | code.jquery.com | tcp |
| US | 8.8.8.8:53 | maxcdn.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 104.18.10.207:443 | maxcdn.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| NL | 142.251.36.10:443 | ajax.googleapis.com | tcp |
| US | 104.18.11.207:443 | maxcdn.bootstrapcdn.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | 14.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.10.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.11.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.24.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.160.197.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | saic.com | udp |
| US | 52.87.65.167:443 | saic.com | tcp |
| NL | 172.217.168.234:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | t3.gstatic.com | udp |
| NL | 142.250.179.132:443 | t3.gstatic.com | tcp |
| US | 8.8.8.8:53 | www.saic.com | udp |
| US | 52.87.65.167:443 | www.saic.com | tcp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.65.87.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.fastmail.com | udp |
| US | 141.193.213.21:443 | www.fastmail.com | tcp |
| US | 8.8.8.8:53 | 21.213.193.141.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.telegram.org | udp |
| US | 8.8.8.8:53 | nocodeform.io | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 188.114.97.0:443 | nocodeform.io | tcp |
| NL | 142.250.179.132:443 | t3.gstatic.com | udp |
| US | 8.8.8.8:53 | 220.167.154.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.97.114.188.in-addr.arpa | udp |
| US | 188.114.97.0:443 | nocodeform.io | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 52.87.65.167:80 | www.saic.com | tcp |
| US | 52.87.65.167:80 | www.saic.com | tcp |
| US | 52.87.65.167:443 | www.saic.com | tcp |
| US | 8.8.8.8:53 | use.typekit.net | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | udp |
| NL | 84.53.175.8:443 | use.typekit.net | tcp |
| US | 8.8.8.8:53 | labs.ceros.com | udp |
| US | 8.8.8.8:53 | view.ceros.com | udp |
| US | 104.18.40.252:443 | view.ceros.com | tcp |
| US | 151.101.0.233:443 | labs.ceros.com | tcp |
| US | 8.8.8.8:53 | p.typekit.net | udp |
| NL | 95.101.78.176:443 | p.typekit.net | tcp |
| US | 8.8.8.8:53 | hello.myfonts.net | udp |
| US | 104.18.193.52:443 | hello.myfonts.net | tcp |
| US | 8.8.8.8:53 | use.fontawesome.com | udp |
| US | 8.8.8.8:53 | snap.licdn.com | udp |
| US | 104.21.27.152:443 | use.fontawesome.com | tcp |
| US | 104.21.27.152:443 | use.fontawesome.com | tcp |
| US | 8.8.8.8:53 | 8.175.53.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.40.18.104.in-addr.arpa | udp |
| NL | 84.53.175.8:443 | snap.licdn.com | tcp |
| US | 8.8.8.8:53 | 52.193.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.0.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.78.101.95.in-addr.arpa | udp |
| NL | 84.53.175.8:443 | snap.licdn.com | tcp |
| US | 8.8.8.8:53 | 6303617.fls.doubleclick.net | udp |
| NL | 142.250.179.134:443 | 6303617.fls.doubleclick.net | tcp |
| NL | 142.250.179.134:443 | 6303617.fls.doubleclick.net | udp |
| US | 8.8.8.8:53 | 152.27.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.127.177.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.179.250.142.in-addr.arpa | udp |
| NL | 142.251.36.10:443 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | assets-s3-us-east-1.ceros.com | udp |
| US | 172.64.154.66:443 | assets-s3-us-east-1.ceros.com | tcp |
| US | 172.64.154.66:443 | assets-s3-us-east-1.ceros.com | tcp |
| US | 8.8.8.8:53 | themes.googleusercontent.com | udp |
| US | 8.8.8.8:53 | media-s3-us-east-1.ceros.com | udp |
| NL | 142.250.102.155:443 | tcp | |
| US | 8.8.8.8:53 | px.ads.linkedin.com | udp |
| US | 13.107.43.14:443 | px.ads.linkedin.com | tcp |
| US | 8.8.8.8:53 | 8.148.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.247.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.208.79.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.linkedin.com | udp |
| US | 13.107.42.14:443 | www.linkedin.com | tcp |
| US | 8.8.8.8:53 | 101.43.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.43.107.13.in-addr.arpa | udp |
| IE | 163.70.151.21:443 | udp | |
| US | 172.64.155.227:443 | media-s3-us-east-1.ceros.com | tcp |
| US | 172.64.155.227:443 | media-s3-us-east-1.ceros.com | tcp |
| NL | 157.240.247.35:443 | udp | |
| US | 8.8.8.8:53 | js-agent.newrelic.com | udp |
| US | 151.101.2.137:443 | js-agent.newrelic.com | tcp |
| US | 8.8.8.8:53 | bam.nr-data.net | udp |
| US | 162.247.243.29:443 | bam.nr-data.net | tcp |
| US | 8.8.8.8:53 | 14.42.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pixel.sitescout.com | udp |
| NL | 98.98.134.241:443 | pixel.sitescout.com | tcp |
| NL | 98.98.134.241:443 | pixel.sitescout.com | tcp |
| IE | 99.80.94.141:443 | tcp | |
| IE | 54.78.254.47:443 | tcp | |
| US | 8.8.8.8:53 | 29.243.247.162.in-addr.arpa | udp |
| IE | 52.208.5.106:443 | tcp | |
| US | 8.8.8.8:53 | 241.134.98.98.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.113.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.174.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.94.80.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.254.78.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.5.208.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.ceros.com | udp |
| US | 18.239.50.4:443 | api.ceros.com | tcp |
| US | 18.239.50.4:443 | api.ceros.com | tcp |
| US | 18.239.50.4:443 | api.ceros.com | tcp |
| US | 8.8.8.8:53 | 4.50.239.18.in-addr.arpa | udp |
| US | 104.17.24.14:443 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 142.250.179.200:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 142.250.179.200:443 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 104.19.148.8:443 | tcp | |
| NL | 157.240.247.35:443 | tcp | |
| IE | 163.70.151.21:443 | tcp | |
| N/A | 178.79.208.44:443 | tcp | |
| N/A | 104.19.148.8:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 104.18.43.101:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 34.111.113.62:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 35.244.174.68:443 | tcp | |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 108.177.122.94:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 94.122.177.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp | |
| N/A | 18.239.69.101:80 | tcp |
Files
\??\pipe\crashpad_3848_KIGDJSVEJXXFIZSV
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 3e18a3b12f8e6c6d6c0ea6aad5fee688 |
| SHA1 | 48a9a9ce23bb0863b902a016da41aa3c620c7949 |
| SHA256 | 39b61f71be45088feb33d94efac1e1af78f9dbac1897dfb2d80f547f0e91e432 |
| SHA512 | 6a05b77cc37b98a9ac111f65ca3b6e3e29bffe90f7052bb7d9665d628082a4d64f24c081203e876c62b5ebe9409098835ff87219f545f190a63c2b6f191d58e0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 29394fd1c6f87e7460c6c529d1d63041 |
| SHA1 | 8b4b2b60dad1b321d870ae24e7c2fb2b1d52520d |
| SHA256 | b7e4a8bd15108437432254efeeda73da203e281958d38edde07760b4355eff0e |
| SHA512 | 4b4d827d1ebf4f8ad42eb9b928a7a14981edb88d4bcb40952fbc25b1de8f05e84b3101b8d7fde5c45a5dbccc6d61a02f25be555ab38bb471d192008d64e0baff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c7f65447be7ce77db196b74a931cf153 |
| SHA1 | a82a1024b75ba2217ed2ed3cbf35633ed31e8aa2 |
| SHA256 | 657ebb030d392980bfb8cc268bfbd0f0db42a488716f3e128393885a2d81d1ae |
| SHA512 | f8bfcae10e7153a7b8410bc21ab11c3bab8e432e212b6c989e7bbe7744a5bde73b45f3ee0a230941693355f705f66784354310b5cfffd6b09dc55ea33ecb3993 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a16fbfd3efb31ac13d53fa9c9dea4302 |
| SHA1 | 1d753bf2c7d697f06c46f025642c52735089cdd3 |
| SHA256 | 2bc9e81de817af539c28a4e6f80d66addd171f5fa4030e5df59d15f0ab1e7f9f |
| SHA512 | 422f0f62eec9e61f03dd28902c8875849d8f205a9dc7e579e0b5e0da11154a9269a9787dc20584455f2b63e09fbae9a3cc316ab3adb0bedf6c316074f14b5add |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 77e157c87b6891035c6e5a13bd58c48d |
| SHA1 | faf45d33c5a6a85555c89323c06e6145b1e3dc53 |
| SHA256 | d01e7e437fc77572d882d6796af90ceba502c6ed380f92a084d1970e5c366751 |
| SHA512 | 5960155440d5c3abd9c81826723c0a8f82a18472a11fd1cbdafa50656d873c2c39d583d67c29fb31fb2c9d07faa8cfec30a286b0c396c2833ce4b804bf8a282f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a6ce25212778198a7b19b057e8f19b05 |
| SHA1 | b86073a1257a463bf154b88187983b5eddf89aa1 |
| SHA256 | caa21d33bc324c1fab62d8ef94880af1ca0095b185a183b8b94a4253cead6a80 |
| SHA512 | 38294b90c00a2d0360acb9dda53cf255567c5492e1d3aa4dc9f5f00d0cbe09a0a004cea433c171a32ebf89961c108beb137c20b607f315b646f454192e183cb3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7ca6b1e92dbbf54a3614ee7b959561ba |
| SHA1 | 92cf09c8da483fc4e248185463717c0c7c16dba9 |
| SHA256 | 328be7f20cf553444cf4970f097a33ea0a8a0b87fa8663b2c7039b6edbdd6df8 |
| SHA512 | 67c86a975a9ee8eaadcdda4a516362f1ed1fefbaedb1b2e45f470f0aae0a74a3a03cfe4fea84c373d7fb5f1fd50b4a9d0673131d413a7ddae1e2f908dcc62f29 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014
| MD5 | 33a8df85d9056f81770e58ee3a013a93 |
| SHA1 | c0b66c45d39dd0d5611bff522c38d0ecd2f888e8 |
| SHA256 | b27747eee7107eb916aa1772b61bd1356376b636e5de2ed9d88a109dc6c4672d |
| SHA512 | 8f2688b31ad1a2c91856ae625de32c308b856530395f5f02fef5437f3e6f52e84638e9d23dcc5fc0b7278f3ab37e4c315ebf89e040110c7000fe3ba4a89436aa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f97c852542ce8f28c6de60c9b1e26256 |
| SHA1 | 495637c0db0b4cf100bed203d9c8dd7eaeed415e |
| SHA256 | 5853bcc7ae3238265d1d51e39f63a91cd3f4b98093bbb65572b196f4f62ed460 |
| SHA512 | 60ac87d6fa99960255a7520935d73da4a73ba37ad01f7e9b54d1ae2d2c580079c3dc178c28a36bb45d1576a328081592f6f3cdd1aba5ad2ccf6c59eba7616bf4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 71e329e6ee60298644c2c47874542594 |
| SHA1 | aa2d239014c06ebeb29ad76f8aacb410bca2ed41 |
| SHA256 | 151d00fe6cb7d71746c37e82351857fb4208daafae59697c50159b6fcb5f7060 |
| SHA512 | 9264c653e7743bd45bd190bb87c21b2648238a1017d7be2b458cc33d9777e336494691789693587fc9ae195f3e7fc7cd78a74539ee70da984069ec3d5c3b21e5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 194d7d12534b28009ce178b41230c795 |
| SHA1 | 20c586c020b3d573b7facd30c3bfa5bdca5248df |
| SHA256 | b16db3944e826c734e39a828f9a1c3ab2f9d261db11397dc8ed366eaed9129f2 |
| SHA512 | a5d1525dd07f81fb6d326b5296b3e6552089f5e1cc02734403ce7290ee1929291ae20fef86abf9286df3923989f1a82cdde9bb6dbb862bf4bd4111b11a78c70f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | 0106af3230c09f4426893ef716c212f6 |
| SHA1 | 36dd7708edd8d164200eb4ac97ad2fae9a1144ea |
| SHA256 | 583460cbf1ffc1cfefb83347876c2b43743f212b9458fbfa45a9b46f8f8f9f78 |
| SHA512 | 6e647b65cc6f727cdcedf3a934588868d88bce6dff210ef6b85483d88c0a8c6ff47ea803527c3e4deab92288a0b1ed136793e280d39b2d486688c68d92c746b5 |