Analysis Overview
Threat Level: Known bad
The file https://ekweroboro-temp-swtest-ru.translate.goog/?_x_tr_sch=http&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=nl&_x_tr_pto=wapp#[email protected] was found to be: Known bad.
Malicious Activity Summary
A potential corporate email address has been identified in the URL: [email protected]
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-11-09 17:37
Signatures
A potential corporate email address has been identified in the URL: [email protected]
Analysis: behavioral1
Detonation Overview
Submitted
2023-11-09 17:37
Reported
2023-11-09 17:38
Platform
win10v2004-20231020-en
Max time kernel
47s
Max time network
54s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133440250591793003" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://ekweroboro-temp-swtest-ru.translate.goog/?_x_tr_sch=http&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=nl&_x_tr_pto=wapp#[email protected]
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa03d19758,0x7ffa03d19768,0x7ffa03d19778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1876,i,14929936864558032084,1679137361703343093,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1876,i,14929936864558032084,1679137361703343093,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1876,i,14929936864558032084,1679137361703343093,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3028 --field-trial-handle=1876,i,14929936864558032084,1679137361703343093,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3020 --field-trial-handle=1876,i,14929936864558032084,1679137361703343093,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4644 --field-trial-handle=1876,i,14929936864558032084,1679137361703343093,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4760 --field-trial-handle=1876,i,14929936864558032084,1679137361703343093,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5380 --field-trial-handle=1876,i,14929936864558032084,1679137361703343093,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3164 --field-trial-handle=1876,i,14929936864558032084,1679137361703343093,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5772 --field-trial-handle=1876,i,14929936864558032084,1679137361703343093,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5588 --field-trial-handle=1876,i,14929936864558032084,1679137361703343093,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4636 --field-trial-handle=1876,i,14929936864558032084,1679137361703343093,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4972 --field-trial-handle=1876,i,14929936864558032084,1679137361703343093,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3176 --field-trial-handle=1876,i,14929936864558032084,1679137361703343093,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5988 --field-trial-handle=1876,i,14929936864558032084,1679137361703343093,131072 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.101.122.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ekweroboro-temp-swtest-ru.translate.goog | udp |
| NL | 142.251.39.97:443 | ekweroboro-temp-swtest-ru.translate.goog | tcp |
| NL | 142.251.39.97:443 | ekweroboro-temp-swtest-ru.translate.goog | tcp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| NL | 142.250.179.206:443 | translate.google.com | tcp |
| US | 8.8.8.8:53 | 198.52.96.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.179.250.142.in-addr.arpa | udp |
| NL | 142.250.179.206:443 | translate.google.com | udp |
| US | 8.8.8.8:53 | pub-ec913e053f97413a981c7250210a95ba.r2.dev | udp |
| US | 104.18.2.35:443 | pub-ec913e053f97413a981c7250210a95ba.r2.dev | tcp |
| US | 104.18.2.35:443 | pub-ec913e053f97413a981c7250210a95ba.r2.dev | tcp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| NL | 142.250.179.145:443 | csp.withgoogle.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| NL | 23.72.252.163:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 206.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.2.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 142.251.36.14:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | www.pngitem.com | udp |
| US | 8.8.8.8:53 | stackpath.bootstrapcdn.com | udp |
| US | 154.197.160.69:443 | www.pngitem.com | tcp |
| US | 104.18.10.207:443 | stackpath.bootstrapcdn.com | tcp |
| US | 8.8.8.8:53 | 14.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.10.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 104.18.10.207:443 | stackpath.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | maxcdn.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 104.18.10.207:443 | maxcdn.bootstrapcdn.com | tcp |
| US | 151.101.130.137:443 | code.jquery.com | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| NL | 216.58.214.10:443 | ajax.googleapis.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | 69.160.197.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.1.85.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.130.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.25.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | saic.com | udp |
| US | 52.87.65.167:443 | saic.com | tcp |
| US | 8.8.8.8:53 | t2.gstatic.com | udp |
| NL | 142.251.39.100:443 | t2.gstatic.com | tcp |
| US | 8.8.8.8:53 | www.saic.com | udp |
| US | 52.87.65.167:443 | www.saic.com | tcp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.65.87.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.fastmail.com | udp |
| US | 141.193.213.20:443 | www.fastmail.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 20.213.193.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.telegram.org | udp |
| US | 8.8.8.8:53 | nocodeform.io | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| NL | 142.251.39.100:443 | t2.gstatic.com | udp |
| US | 188.114.97.0:443 | nocodeform.io | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 220.167.154.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.97.114.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 188.114.97.0:443 | nocodeform.io | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.240.110.104.in-addr.arpa | udp |
| US | 52.87.65.167:80 | www.saic.com | tcp |
| US | 52.87.65.167:80 | www.saic.com | tcp |
| US | 52.87.65.167:443 | www.saic.com | tcp |
| US | 8.8.8.8:53 | use.typekit.net | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | labs.ceros.com | udp |
| US | 8.8.8.8:53 | view.ceros.com | udp |
| US | 2.18.121.132:443 | use.typekit.net | tcp |
| US | 172.64.147.4:443 | view.ceros.com | tcp |
| US | 151.101.0.233:443 | labs.ceros.com | tcp |
| US | 8.8.8.8:53 | p.typekit.net | udp |
| US | 8.8.8.8:53 | hello.myfonts.net | udp |
| US | 104.18.192.52:443 | hello.myfonts.net | tcp |
| US | 8.8.8.8:53 | use.fontawesome.com | udp |
| US | 8.8.8.8:53 | snap.licdn.com | udp |
| US | 8.8.8.8:53 | 6303617.fls.doubleclick.net | udp |
| US | 104.21.27.152:443 | use.fontawesome.com | tcp |
| US | 104.21.27.152:443 | use.fontawesome.com | tcp |
| NL | 142.250.179.134:443 | 6303617.fls.doubleclick.net | tcp |
| NL | 92.122.101.8:443 | snap.licdn.com | tcp |
| NL | 142.250.179.134:443 | 6303617.fls.doubleclick.net | udp |
| US | 2.18.121.132:443 | p.typekit.net | tcp |
| NL | 216.58.214.10:443 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | assets-s3-us-east-1.ceros.com | udp |
| US | 8.8.8.8:53 | media-s3-us-east-1.ceros.com | udp |
| US | 8.8.8.8:53 | themes.googleusercontent.com | udp |
| US | 172.64.154.66:443 | assets-s3-us-east-1.ceros.com | tcp |
| US | 172.64.154.66:443 | assets-s3-us-east-1.ceros.com | tcp |
| US | 104.18.32.29:443 | media-s3-us-east-1.ceros.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | 132.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.147.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.0.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.192.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.31.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.27.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.101.122.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.154.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | script.crazyegg.com | udp |
| US | 8.8.8.8:53 | cdn01.basis.net | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| NL | 178.79.208.44:443 | cdn01.basis.net | tcp |
| US | 104.19.147.8:443 | script.crazyegg.com | tcp |
| NL | 157.240.247.35:443 | www.facebook.com | tcp |
| NL | 157.240.247.8:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | sdk.ceros.com | udp |
| US | 172.64.144.155:443 | sdk.ceros.com | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | px.ads.linkedin.com | udp |
| NL | 142.250.102.157:443 | stats.g.doubleclick.net | tcp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| NL | 157.240.247.8:443 | connect.facebook.net | udp |
| NL | 157.240.247.35:443 | www.facebook.com | udp |
| US | 8.8.8.8:53 | 29.32.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.208.79.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.147.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.247.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.247.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.144.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.42.107.13.in-addr.arpa | udp |
| US | 104.19.147.8:443 | script.crazyegg.com | tcp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| NL | 142.250.102.157:443 | stats.g.doubleclick.net | udp |
| NL | 216.58.214.14:443 | analytics.google.com | tcp |
| US | 8.8.8.8:53 | www.linkedin.com | udp |
| US | 8.8.8.8:53 | pixel.sitescout.com | udp |
| NL | 98.98.134.242:443 | pixel.sitescout.com | tcp |
| NL | 98.98.134.242:443 | pixel.sitescout.com | tcp |
| US | 8.8.8.8:53 | pagestates-tracking.crazyegg.com | udp |
| US | 8.8.8.8:53 | assets-tracking.crazyegg.com | udp |
| US | 18.239.94.24:443 | pagestates-tracking.crazyegg.com | tcp |
| US | 8.8.8.8:53 | dpm.demdex.net | udp |
| US | 8.8.8.8:53 | pixel.tapad.com | udp |
| US | 8.8.8.8:53 | loadm.exelator.com | udp |
| US | 8.8.8.8:53 | idsync.rlcdn.com | udp |
| US | 18.239.18.97:443 | assets-tracking.crazyegg.com | tcp |
| US | 8.8.8.8:53 | sync.crwdcntrl.net | udp |
| IE | 52.50.62.11:443 | dpm.demdex.net | tcp |
| US | 34.111.113.62:443 | pixel.tapad.com | tcp |
| IE | 54.78.254.47:443 | loadm.exelator.com | tcp |
| US | 35.244.174.68:443 | idsync.rlcdn.com | tcp |
| IE | 54.228.190.197:443 | sync.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | 14.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.134.98.98.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.94.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.113.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.18.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.174.244.35.in-addr.arpa | udp |
| US | 104.18.32.29:443 | media-s3-us-east-1.ceros.com | tcp |
| US | 8.8.8.8:53 | tracking.crazyegg.com | udp |
| IE | 34.251.152.237:443 | tracking.crazyegg.com | tcp |
| US | 34.111.113.62:443 | pixel.tapad.com | udp |
| US | 8.8.8.8:53 | js-agent.newrelic.com | udp |
| US | 151.101.2.137:443 | js-agent.newrelic.com | tcp |
| US | 8.8.8.8:53 | bam.nr-data.net | udp |
| US | 162.247.241.14:443 | bam.nr-data.net | tcp |
| US | 8.8.8.8:53 | 11.62.50.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.254.78.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.190.228.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.152.251.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | tags.bluekai.com | udp |
| US | 8.8.8.8:53 | image2.pubmatic.com | udp |
| US | 8.8.8.8:53 | us-u.openx.net | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| NL | 142.251.39.98:443 | cm.g.doubleclick.net | tcp |
| NL | 185.89.211.84:443 | ib.adnxs.com | tcp |
| NL | 198.47.127.205:443 | image2.pubmatic.com | tcp |
| NL | 104.85.4.244:443 | tags.bluekai.com | tcp |
| US | 35.244.159.8:443 | us-u.openx.net | tcp |
| US | 35.244.159.8:443 | us-u.openx.net | udp |
| US | 8.8.8.8:53 | 14.241.247.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.211.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.4.85.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.159.244.35.in-addr.arpa | udp |
Files
\??\pipe\crashpad_4060_XGNCHAPFOCDCGBHM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 2619ba4b5d6390c9b29ff6942e424cb5 |
| SHA1 | 2529bdcb8b1445a76d2755762047e7118ca00a68 |
| SHA256 | 074fda6976827474f034abfa1c200245f039137df29da5a81dfd67a756f7359e |
| SHA512 | e454a4f94df2d60e1ff39d1d67c433400c5ae3602987035fd285d5d2ad8f3fe0ade5813c3d24d23d75d817995ba8ac690d23b5443d6c16972e10d0397c59b788 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 176a5fe5f200cb7a8c94463259891a3b |
| SHA1 | 290787796261a6d549111cec6e1fb639f2f7187e |
| SHA256 | 43aff68f639cd2f441d4a172cd91f05612f499a3db0b0e5de3b12905529d884f |
| SHA512 | dc1b88ea47a43aa34d9e5fa65522815a8e6927bf0e389646c7dcd965b7540ab8aa91678141be2942abfa2fec9f038184a46a1f7ad6d2d05ba875f925fd696bbc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 84245c6b4ce79ac4d57823f3d2f1b94e |
| SHA1 | d0791974c697ec5367359c381c3fd7bfe84d88c8 |
| SHA256 | 0c7c4efc3f0ee7b5784d67a21a3f0f787d5cd7ad0e446d77f4e34d25ce42f281 |
| SHA512 | 6766370f1560f397ae858ed2b84f97dcd0cf22cd07dccec7086f20fc277822e12566acc944fb9888a2d6630f2190224a93128a68a3992f00d28805e9f7b1c312 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a7d7c649cc0d57a1ca6e7dbd824ed2a6 |
| SHA1 | ac1abb03507ec23a23511f4acdd8580db8fe3954 |
| SHA256 | 68b4b114da1c43391d4b31c5697d7388f32a44e025e5c686881a82bc093810f9 |
| SHA512 | 81d941d621435c479975c1da899be489819104917a09eba18ccd447e3ff2c44eae8ebd75f7c4f94b1d4399ef1f5d842f2019a363bea3869e2b414ff9960e5c20 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4ea35c9fade34b4883cf7561261c7c64 |
| SHA1 | 1b797bba5bf0976d6c2c18c11be26635a2e86957 |
| SHA256 | 3256e47af25ebf0305d898a49041d6288fff8414974fb920f9d9c3961685acb1 |
| SHA512 | 7dd8074ea548c1c6b353cf26ada15fb4f9f307b3a5d847f812a39e743889683e911137accabd1e152503b1ba6b3180f1de153c5f4901c48701b5aaf1fdb87880 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | cde2de023f2c9719e1b825479cde6278 |
| SHA1 | 316ee0b63e518bac9dbdcb7d40e9b355eccf0cc5 |
| SHA256 | b79a65016cc18ead22d59c6bc4e72a6b297ec7074ee04b63a85cc2ed2cd57395 |
| SHA512 | 11d50407bb158c477f8e23f103e8d5ce567c757567a50dde800b63200d2ef52dc787448d2ba784097704b6195f5befe83adba738385b25d82dcc3657176d1c80 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015
| MD5 | ef083563e0d22bbc0c76d35fd9c46757 |
| SHA1 | 91df869a7f2e727a76fc25675462d058d1027ab8 |
| SHA256 | e4a6e982140d490a94f50b2685d5b9e9a17588f94bc4e81f3d36a77d93e26de9 |
| SHA512 | cee3e33425b47139defbfb35265d9404def8049b2663f82be433c52bf813eb3f0b3c01d383410ca2530b70d82c690f57b806ff679969cb1a6f5f7b16b5e3eba4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | 2eb47dd71ab3e56786d51f7b66f4786c |
| SHA1 | cca43a05a7c8dd4d84277a41b34d3679a7e0fe07 |
| SHA256 | a0b9f991797e0dc1131f29958ed4c79d7330645d98cca12768ebb085ca31e847 |
| SHA512 | aeda739751a0534ab3d963f97277725126f8eb24f220e409ffff71073170b98343e54f98b50ec59016f0540f65d8eaac28c48fe067930d08ba338d558331cd24 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a1a44020e0d5003027491f83abdaf72d |
| SHA1 | 57ab90ff7ecc854baa87819250d81a9f7fee0657 |
| SHA256 | 9f2cd183bfbb745511b3c5b7dbe4580649bbf34f0b95f9c3285e0290463840fc |
| SHA512 | 1f2e9053539170b7a2ed8ea1cd2805f37753672332e3e9e61149eff22cfb3f56973711c2d05690598f7a612d8590c08847588312a7098eba8a6b18fdbe3798c6 |