Analysis Overview
SHA256
285f49233b3fe38b081bae7796417c87144e79443dde0701a157f75135c07bea
Threat Level: Shows suspicious behavior
The file A_Bored_Guys_Adventure.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Legitimate hosting services abused for malware hosting/C2
Unsigned PE
Suspicious use of SetWindowsHookEx
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-25 01:10
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-25 01:10
Reported
2024-05-25 01:13
Platform
win7-20240215-en
Max time kernel
121s
Max time network
122s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\A_Bored_Guys_Adventure.exe
"C:\Users\Admin\AppData\Local\Temp\A_Bored_Guys_Adventure.exe"
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-25 01:10
Reported
2024-05-25 01:13
Platform
win10v2004-20240508-en
Max time kernel
127s
Max time network
135s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{AB01FDC4-1A33-11EF-92F1-E659512317F8} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2136514697" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009e387b9b7780e241bd4d2d5013251a2f000000000200000000001066000000010000200000003707d732f31636ab175e3387fa22a9905541f244504b8341c7b5127b2e51a996000000000e8000000002000020000000e8b0bfba2aca580913223b307c61f856a563b33eb293eb0ab20dcbbeba78aaca200000000f5bd8dda8a4359eeca647876ac59c0678dd3f71d1d12dbda3f7179ad59b928f4000000063a90f8e38cf372d866bf55df591f3ce631d764a805530997e29adacfe48bec6044314d88a2ed22e8abb2592b213d7ed7d06f6e54a192d4d613b17d0c5435dcc | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f074028240aeda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0a0098240aeda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009e387b9b7780e241bd4d2d5013251a2f000000000200000000001066000000010000200000009082c0c9bfbc34a39de7413e89c5f0f05ccf069b2a16d2dd811af54d024a4e12000000000e800000000200002000000081b77d9aa3710f68dacd8166adc5c47b3a2a09c0e2dcaba476874c8c8a3af747200000002aaf0f33914f5330ad66a1fd447393bbc751e0471f3a8dd0711185bb372de665400000006b606cad9975296fd2b937350f771114ff19730bfe95927dd49334ce3656b3e79452df8203d79867a7189eb054566c247aad8ca6830aef388494bf97c6b6f99e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Microsoft\Internet Explorer\MINIE | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31108672" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2136514697" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31108672" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133610730856464489" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3558294865-3673844354-2255444939-1000\{B3A417F7-3124-4BEE-A5D5-999EE1245D1F} | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\A_Bored_Guys_Adventure.exe
"C:\Users\Admin\AppData\Local\Temp\A_Bored_Guys_Adventure.exe"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4312 CREDAT:17410 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcf9d6ab58,0x7ffcf9d6ab68,0x7ffcf9d6ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=1936,i,2797341922136383572,7289672622124345662,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1936,i,2797341922136383572,7289672622124345662,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2224 --field-trial-handle=1936,i,2797341922136383572,7289672622124345662,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3120 --field-trial-handle=1936,i,2797341922136383572,7289672622124345662,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3132 --field-trial-handle=1936,i,2797341922136383572,7289672622124345662,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4344 --field-trial-handle=1936,i,2797341922136383572,7289672622124345662,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4516 --field-trial-handle=1936,i,2797341922136383572,7289672622124345662,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4632 --field-trial-handle=1936,i,2797341922136383572,7289672622124345662,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4688 --field-trial-handle=1936,i,2797341922136383572,7289672622124345662,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4316 --field-trial-handle=1936,i,2797341922136383572,7289672622124345662,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4500 --field-trial-handle=1936,i,2797341922136383572,7289672622124345662,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5008 --field-trial-handle=1936,i,2797341922136383572,7289672622124345662,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4508 --field-trial-handle=1936,i,2797341922136383572,7289672622124345662,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3956 --field-trial-handle=1936,i,2797341922136383572,7289672622124345662,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3240 --field-trial-handle=1936,i,2797341922136383572,7289672622124345662,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2944 --field-trial-handle=1936,i,2797341922136383572,7289672622124345662,131072 /prefetch:1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x484 0x300
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 8.8.8.8:53 | assets-global.website-files.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | global.localizecdn.com | udp |
| US | 162.159.128.233:443 | discord.com | udp |
| FR | 18.161.111.122:443 | assets-global.website-files.com | tcp |
| US | 104.18.4.175:443 | global.localizecdn.com | tcp |
| GB | 172.217.16.234:443 | ajax.googleapis.com | tcp |
| GB | 172.217.16.234:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | d3e54v103j8qbb.cloudfront.net | udp |
| FR | 54.230.104.167:443 | d3e54v103j8qbb.cloudfront.net | tcp |
| US | 8.8.8.8:53 | uploads-ssl.webflow.com | udp |
| FR | 3.160.188.56:443 | uploads-ssl.webflow.com | tcp |
| FR | 3.160.188.56:443 | uploads-ssl.webflow.com | tcp |
| FR | 3.160.188.56:443 | uploads-ssl.webflow.com | tcp |
| FR | 3.160.188.56:443 | uploads-ssl.webflow.com | tcp |
| FR | 3.160.188.56:443 | uploads-ssl.webflow.com | tcp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.128.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.4.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.111.161.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.104.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.188.160.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 104.18.32.137:443 | geolocation.onetrust.com | tcp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.32.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | remote-auth-gateway.discord.gg | udp |
| US | 162.159.130.234:443 | remote-auth-gateway.discord.gg | tcp |
| US | 8.8.8.8:53 | 234.130.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.8.8:53 | 233.130.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | js.hcaptcha.com | udp |
| US | 104.19.230.21:443 | js.hcaptcha.com | tcp |
| US | 8.8.8.8:53 | newassets.hcaptcha.com | udp |
| US | 104.19.229.21:443 | newassets.hcaptcha.com | udp |
| US | 8.8.8.8:53 | api.hcaptcha.com | udp |
| US | 8.8.8.8:53 | 21.229.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.230.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | imgs3.hcaptcha.com | udp |
| US | 104.19.230.21:443 | imgs3.hcaptcha.com | tcp |
| US | 104.19.230.21:443 | imgs3.hcaptcha.com | tcp |
| US | 104.19.230.21:443 | imgs3.hcaptcha.com | udp |
| US | 8.8.8.8:53 | gateway.discord.gg | udp |
| US | 162.159.134.234:443 | gateway.discord.gg | tcp |
| US | 8.8.8.8:53 | 234.134.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.spotify.com | udp |
| US | 8.8.8.8:53 | status.discord.com | udp |
| US | 35.186.224.25:443 | api.spotify.com | tcp |
| US | 162.159.136.232:443 | status.discord.com | tcp |
| US | 35.186.224.25:443 | api.spotify.com | udp |
| US | 162.159.130.233:443 | cdn.discordapp.com | udp |
| US | 8.8.8.8:53 | 25.224.186.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.136.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dealer.spotify.com | udp |
| US | 35.186.224.39:443 | dealer.spotify.com | tcp |
| US | 8.8.8.8:53 | i.scdn.co | udp |
| US | 8.8.8.8:53 | media.discordapp.net | udp |
| US | 162.159.133.232:443 | media.discordapp.net | tcp |
| BE | 104.117.77.210:443 | i.scdn.co | tcp |
| BE | 104.117.77.210:443 | i.scdn.co | tcp |
| BE | 104.117.77.210:443 | i.scdn.co | tcp |
| US | 8.8.8.8:53 | 39.224.186.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.133.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.77.117.104.in-addr.arpa | udp |
| US | 162.159.130.233:443 | cdn.discordapp.com | udp |
| US | 162.159.133.232:443 | media.discordapp.net | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | images-ext-1.discordapp.net | udp |
| US | 162.159.128.232:443 | images-ext-1.discordapp.net | tcp |
| US | 162.159.128.232:443 | images-ext-1.discordapp.net | tcp |
| US | 162.159.128.232:443 | images-ext-1.discordapp.net | udp |
| US | 8.8.8.8:53 | 232.128.159.162.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
Files
\??\pipe\crashpad_1832_HECFEFXWTUIFFIMQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 88099c368b9980cc7d1301b1d771c080 |
| SHA1 | 6397a0ed57b2df9b55c84ed54da9468747ea7717 |
| SHA256 | f803346be062baf86bfb3ae9b246dfddd1dd9852bb94fca80ebcd2bfc7f77a43 |
| SHA512 | e16e0bc8f90f985a262b51bf69fd8f6c34ddd5c14361b0b1a2508b850a08b5a9c210454be2794a7bace165f7a7c9e021c54387c7d20a0ac7983174c7381d169f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9bb57120d92e117d9ebc23b6f34a3a3e |
| SHA1 | 3aec12360355a3b1ed755dd8d49a8b7b1c47d678 |
| SHA256 | d817edf7411662fb49922d4b11b01cd924e71f650ee0f843f395f116a23bfa15 |
| SHA512 | f1d1661b8790bb8ab555219297b50bbc7f85c30b7f0066ee3d8ddd1e07f1a0e09bb4b6c7e0157138866d3b231b82c7bfd95d3559d5a18689651f72a1b82f6d83 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b5dd276dd7afeea110dd12d6b40eeb46 |
| SHA1 | f90aee2d680d4d2294699fb16f572150f0fce34f |
| SHA256 | ddebf07baeb6648f4d2cfe6cfda3b79e030e1a05fe5bcec846fe4f0e52f93bf1 |
| SHA512 | d27169bd7ce9e4b0f89fc86780f7153a1bc57434fa829ce54283ab3c2ae2741d1f94b7c91938914d6fc3502d611275f450fc1aa041765fc2bbbe8ee31025503a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | dc83aff873a02f86824f3c53032b4ca4 |
| SHA1 | 553681e7fbf54af8e7f2f0babab5adb32415a9f7 |
| SHA256 | d78b899b6060b677ec5a5f553e51b2d9d006f96e12ad462f6300e13e1f5502cf |
| SHA512 | 0f3abe63221fe5763d69030417ff9a2393cb0d1911fac103f2fce4c1047fd361c813b5b9622b3f83f8f56a7defe205652594b03907ffd6b085e612535ea18661 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 81d915319085d34e11e17c8e2c065a7d |
| SHA1 | ead7638aaccc75f625bc4de568a54382c4b2ad33 |
| SHA256 | c73ea4811dfcb6e1d08fc695442c4319080ab1311cf27eebc094670d5b9f26a8 |
| SHA512 | bd7df44487b197fea1b4e9bc3163c5b5ec2ca1f9bed314d8846f36e90fac53e521ffa359e535f902b28743771509feb09c6dd4e4219b50ee03d309090d9bd992 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 00c70858b68a63cc02e252a8a5fc585a |
| SHA1 | 985e00233471c2a12924396ffb74e201179b3693 |
| SHA256 | c1fcebbdb1f1d4413fdbb8bac2eba4dc3f6fb2a0476cbc06ed9ecff3185003e4 |
| SHA512 | 09d8f60aa6ca5f2cc1384bb451d08c45c2d6af692c818a545b665b6bd06dc4ff45453d0600957218d0564ae1880caf709c82a316ccf27eb4462a1c31a658c8a0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a75e18dab92df16602b0cef3fbf040cd |
| SHA1 | beccd921f4532e1be3b38e262cba44687ef09506 |
| SHA256 | e15818b2538668a6b27ecfcb4b9abbde89c295cc4b11c42374a6e3ab97b3eb02 |
| SHA512 | 4881c34712ba33efc406a66daabf978ffcc3c4f1a31196f24f7f484a157f4ea1b8edbec3347b5636bdbb91dc32f33458d3af73abaf358466e8acf3c2d6cc85f2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a8ecef6d2b90287d8b7cc5036342e8f9 |
| SHA1 | 27fd3f2dc6674a8ac087f8c5e276659e15f93486 |
| SHA256 | 75b652aea049488c6fc3b66e1d652d74d9377bb2f4c255dde2e80551afcee254 |
| SHA512 | c15ba657442a7768134945042aade7739df48ff153dae9c570f0f7a64c32904948221c9757d67526d17013b300bd88408a8cb6a113c55639355e2de8980c9441 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 164be9506fe608a99d132b4a9dd33bc1 |
| SHA1 | 074ac4c767be45363cea779e39dd3724fb75ac83 |
| SHA256 | 5550e700bab3cd2313b381829d96b8d581fe9066a673a5ddb4e43de4f7074616 |
| SHA512 | 6e6257a84e9f8bff107d085fc91bcf07c6e1ef4bf495e7c19e4eb6ae0b7eebc2d527bec02ec090000d617c9747150cb55cd369d9f5f8576589145f85dd4b0bdd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 749504cc570e6e9d8c137fc27a2650ae |
| SHA1 | c52f9f7e4a94b873115d021b5aeaa202f469e81c |
| SHA256 | 39e9fbbd2c9c5bd8b3fea91c7318177606d48233b1ab9edb3f0d621fad1503c4 |
| SHA512 | fc146aac821d6083160acf122cd0c26bd09b13c785104dd8485fdd83dd7c8367d4d30d5507f643f5c534aad55fa5c6b99a012ec89a914bf89eeaac73b99e8e72 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | eb5480f28414d96142749b179cc2fb79 |
| SHA1 | 894840312b94ae2bb2c4264a29472ab13e0a8578 |
| SHA256 | 7856230815886dd3287d1f46fa41213c7fac0b53c2f22e65a10bfd07e130b1f5 |
| SHA512 | ef3860f116ec0711c02bb990b353d643ddc396d1b14d71e003fda15c9fa66c428fac06046f0bb3ae0b9c0c59277388e6aa08f59665cdd25458d2094a136a5382 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2397920f033aad59a961df57cd20f430 |
| SHA1 | 269734e81e8dfc0b8a07a198115b19f62f0ac090 |
| SHA256 | a859db109b25721115d02555319708372fc71693552eed18c9bfafacf0f91c52 |
| SHA512 | cd8408b80296e3d8435ab95bd0ec73296730b2f033245f77cb2558425a0d35b1a98457e46d581e93e2f3c48838a168a2dd4cf6321e2bc23d342254a9100f35e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a0079a74343b3f9bcf8d8f9ea80d78af |
| SHA1 | 3153b70d21b54bc9f4c48ef48160dd06bd934713 |
| SHA256 | 063cf05d1fcc1a704577f0e36a008386c8fd4e1b1a07eee7eb8ebdebdec8551a |
| SHA512 | 6adde41e1661aa272d360433bdfe181c81174217613772d5fdddc49f883240020d11d01fdcdff657642882718d5e5cfd70f4ce5e807ffb5046e55f3a04121a8f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ab2614b82e2efc2f37ffab152e7f2539 |
| SHA1 | 90b837c0735321b6a304a55a69a9751c98a1430b |
| SHA256 | 55be82be9a1ac355049c88b6a75ad213e7a7b818a92c84b4fb2e4173174af299 |
| SHA512 | 2a4bda2d70d9136d40bef17f74dd3a44b98659f7b89f2b6c197e9d8d377ac5e316edaa5a861a9b7dbfa22b0eca3aaf4fbab6f66f4d944ef690627c7a1eaf03cd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 72093c4d0373b0f60989800ce06ef544 |
| SHA1 | 0480d35320f5fe48ce17fd4518f4ded2a608c588 |
| SHA256 | 278f1dde4b1f96ab611dfc440c5c15451cc2d91da3448d3abd18804c4329393d |
| SHA512 | 236e5058e0a5d937b097fd4f8c519c84665b3570ace85ef3803e66605e18164f9d486e227e89c125396c67d86c478319479e686a6ca1bd15f1b1070e60dc989d |