Analysis Overview
SHA256
23ef942b84f0fb42078ef13fa29a9018b91df94be626752f03d8f92dea414172
Threat Level: No (potentially) malicious behavior was detected
The file Egon Bondy.docx was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Checks processor information in registry
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 07:32
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 07:32
Reported
2024-06-03 08:03
Platform
win11-20240508-en
Max time kernel
1799s
Max time network
1705s
Command Line
Signatures
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133618736519239706" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\Egon Bondy.docx" /o ""
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffd9efaab58,0x7ffd9efaab68,0x7ffd9efaab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=1788,i,13572187108151995374,6410592678539355456,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1788,i,13572187108151995374,6410592678539355456,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2188 --field-trial-handle=1788,i,13572187108151995374,6410592678539355456,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2992 --field-trial-handle=1788,i,13572187108151995374,6410592678539355456,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2188 --field-trial-handle=1788,i,13572187108151995374,6410592678539355456,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4232 --field-trial-handle=1788,i,13572187108151995374,6410592678539355456,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4400 --field-trial-handle=1788,i,13572187108151995374,6410592678539355456,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4544 --field-trial-handle=1788,i,13572187108151995374,6410592678539355456,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3868 --field-trial-handle=1788,i,13572187108151995374,6410592678539355456,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4524 --field-trial-handle=1788,i,13572187108151995374,6410592678539355456,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4520 --field-trial-handle=1788,i,13572187108151995374,6410592678539355456,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x25c,0x260,0x264,0x238,0x268,0x7ff74e07ae48,0x7ff74e07ae58,0x7ff74e07ae68
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4584 --field-trial-handle=1788,i,13572187108151995374,6410592678539355456,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3392 --field-trial-handle=1788,i,13572187108151995374,6410592678539355456,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3348 --field-trial-handle=1788,i,13572187108151995374,6410592678539355456,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3268 --field-trial-handle=1788,i,13572187108151995374,6410592678539355456,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4176 --field-trial-handle=1788,i,13572187108151995374,6410592678539355456,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3420 --field-trial-handle=1788,i,13572187108151995374,6410592678539355456,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4124 --field-trial-handle=1788,i,13572187108151995374,6410592678539355456,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4900 --field-trial-handle=1788,i,13572187108151995374,6410592678539355456,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5020 --field-trial-handle=1788,i,13572187108151995374,6410592678539355456,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4596 --field-trial-handle=1788,i,13572187108151995374,6410592678539355456,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1480 --field-trial-handle=1788,i,13572187108151995374,6410592678539355456,131072 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | roaming.officeapps.live.com | udp |
| NL | 52.109.89.19:443 | roaming.officeapps.live.com | tcp |
| US | 8.8.8.8:53 | 97.32.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.89.109.52.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.200.14:443 | img.youtube.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.187.238:443 | img.youtube.com | udp |
| GB | 142.250.187.238:443 | img.youtube.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.179.227:443 | id.google.com | tcp |
| GB | 216.58.212.214:443 | i.ytimg.com | tcp |
| GB | 216.58.212.214:443 | i.ytimg.com | tcp |
| GB | 216.58.212.214:443 | i.ytimg.com | tcp |
| GB | 216.58.212.214:443 | i.ytimg.com | tcp |
| GB | 142.250.179.234:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.187.206:443 | img.youtube.com | tcp |
| GB | 216.58.212.214:443 | i.ytimg.com | udp |
| GB | 216.58.212.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| GB | 172.217.16.234:443 | jnn-pa.googleapis.com | udp |
| GB | 216.58.212.226:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| FR | 151.106.4.82:443 | bonzi.link | tcp |
| FR | 151.106.4.82:443 | bonzi.link | tcp |
| FR | 151.106.4.82:443 | bonzi.link | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| FR | 151.106.4.82:443 | bonzi.link | tcp |
| GB | 216.58.212.195:80 | www.gstatic.com | tcp |
| FR | 151.106.4.82:443 | bonzi.link | tcp |
| FR | 151.106.4.82:443 | bonzi.link | tcp |
| FR | 151.106.4.82:443 | bonzi.link | tcp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| GB | 142.250.179.227:443 | id.google.com | udp |
| GB | 216.58.212.214:443 | i.ytimg.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn3.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn3.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn3.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn3.gstatic.com | tcp |
| GB | 216.58.212.226:443 | googleads.g.doubleclick.net | udp |
| GB | 172.217.16.234:443 | jnn-pa.googleapis.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 142.250.180.14:443 | encrypted-vtbn0.gstatic.com | tcp |
| GB | 142.250.180.14:443 | encrypted-vtbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn3.gstatic.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | tcp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | tcp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | udp |
| GB | 216.58.212.226:443 | googleads.g.doubleclick.net | udp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.200.14:443 | img.youtube.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
Files
memory/1544-0-0x00007FFD6E130000-0x00007FFD6E140000-memory.dmp
memory/1544-2-0x00007FFD6E130000-0x00007FFD6E140000-memory.dmp
memory/1544-4-0x00007FFDAE143000-0x00007FFDAE144000-memory.dmp
memory/1544-3-0x00007FFD6E130000-0x00007FFD6E140000-memory.dmp
memory/1544-5-0x00007FFD6E130000-0x00007FFD6E140000-memory.dmp
memory/1544-1-0x00007FFD6E130000-0x00007FFD6E140000-memory.dmp
memory/1544-7-0x00007FFDAE0A0000-0x00007FFDAE2A9000-memory.dmp
memory/1544-6-0x00007FFDAE0A0000-0x00007FFDAE2A9000-memory.dmp
memory/1544-8-0x00007FFDAE0A0000-0x00007FFDAE2A9000-memory.dmp
memory/1544-9-0x00007FFDAE0A0000-0x00007FFDAE2A9000-memory.dmp
memory/1544-10-0x00007FFDAE0A0000-0x00007FFDAE2A9000-memory.dmp
memory/1544-11-0x00007FFDAE0A0000-0x00007FFDAE2A9000-memory.dmp
memory/1544-13-0x00007FFDAE0A0000-0x00007FFDAE2A9000-memory.dmp
memory/1544-12-0x00007FFDAE0A0000-0x00007FFDAE2A9000-memory.dmp
memory/1544-14-0x00007FFDAE0A0000-0x00007FFDAE2A9000-memory.dmp
memory/1544-15-0x00007FFD6B890000-0x00007FFD6B8A0000-memory.dmp
memory/1544-16-0x00007FFD6B890000-0x00007FFD6B8A0000-memory.dmp
memory/1544-49-0x00007FFD6E130000-0x00007FFD6E140000-memory.dmp
memory/1544-50-0x00007FFD6E130000-0x00007FFD6E140000-memory.dmp
memory/1544-52-0x00007FFD6E130000-0x00007FFD6E140000-memory.dmp
memory/1544-51-0x00007FFD6E130000-0x00007FFD6E140000-memory.dmp
memory/1544-53-0x00007FFDAE0A0000-0x00007FFDAE2A9000-memory.dmp
\??\pipe\crashpad_3676_NNTHPUMZWPDBZVNT
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | ae1bccd6831ebfe5ad03b482ee266e4f |
| SHA1 | 01f4179f48f1af383b275d7ee338dd160b6f558a |
| SHA256 | 1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649 |
| SHA512 | baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57d179.TMP
| MD5 | 5a420522253ca0d62b0e7c99d34ef4f0 |
| SHA1 | bc4c179d2c59bad21d316e2f4c661fc516633acd |
| SHA256 | ec6c732a42f0bcc10cff60bf3d36917fe7986daf9e44c26d46e5cd508904a3b4 |
| SHA512 | c4ade8ceacd2e89c2e89e9df4160b089cf902541541bb38deb2d3b1c6738d5c79b0a72fba222bef0cd47ee5fe41cc3d5a83847593a981ae67e7124d1cf9abd73 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 935be76b36a3f4b3ede17dc0fa48edeb |
| SHA1 | 2c9f14dcb2c4f958ba6b8ad35178194d09536673 |
| SHA256 | d0a42a6698ec361dd5f4c6b47f6fbd38cba2fec17dd249842db5f0fcdf888474 |
| SHA512 | d89527774c4bb94995cf1591176617fc0ad032bd9a96ce6be64891bb2e1c6ea5229c1dcdfb5ede3b1f8c53e1df913e6135e0e783f56047062d3958d1ebc19a7f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d2dcac921bcbf574bf81be4bb275f124 |
| SHA1 | 0911831fdff24475fa3eeb8563204f0d194d40e2 |
| SHA256 | 518a4307f3e529fc545b62e5890956bfaa62670b25a049346858401a55a92c77 |
| SHA512 | 8ae834b10b3d16a966d169bc425d2b46ceaa24f180be4a83b36c14d96ece86cbf2cbfdbb1343efa0c7e5521b081db9d54cd59298bd1575488990dd446e446640 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 00a1004558405f88004cf97fa299eea7 |
| SHA1 | a4ed43764304b30f6ab321c177dd202cf96ef983 |
| SHA256 | 27ff46d6cfaa15c24c9332c2550105184a740a372b599ba1b16f717209e3136c |
| SHA512 | a403f288487aa721799bc2c4764a92714ba3bbad8a4191b172f3b565c313cf9ca38c8693a93b791cb8c4e0a092a7a93482fbe28b28c615cba2e8914045ea08b3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 29d50fd4e84c3e7c099c0fb13b2dab22 |
| SHA1 | 3f44c412e56c4951d87412751e527d9b48c5fabf |
| SHA256 | d0b7f725186d1c0c9b45ee6096d7912866136388e4520e48cae8123f8aaa3b7b |
| SHA512 | f7c37f6dc5ca0226f66fd5ec52e1a4e85de08118c273db710f20019e1d92b37e6589fbd9d8ab194d889c423f3e1c99931c83122af2347758f22b4fa5f5066885 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 798e3809a7b70c2ff979e5b2042b6872 |
| SHA1 | ade5715e0df4b8ae9b9405400ede33a673aa9ef8 |
| SHA256 | 43b87eefd9c1b9dda13384da88e9455a21582836a747ffb34f308346f8e18eba |
| SHA512 | 62e0819b2f8e8834747041930cc432b652e002235be7038378f30f80a934009b7fb3aeefc32fafc7faffceca3543c2b5fc93564517b00d2312fa4bb58a89333b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2c7c215e22ec1086977ce72d99874c47 |
| SHA1 | dc773a2432ec3766116ddb2592d892b50117286c |
| SHA256 | 4798ea9deeb0c7eb018c515cebf64b8590ed0a7173bdf1785adfcfad384c1e7d |
| SHA512 | dbad465d1e6b47ceb2fdc3da5f7286a153a69ebf1b593203da2561bdccedbd24771b13c029810b9a59de56d6ea943912bbff00c78d9974954c14ad5d109f3acd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | e29fd1efd0c49efbc2f17c4fda17657f |
| SHA1 | 05be1b46ab8cf1dc237fc08312cb5071047391a2 |
| SHA256 | 39e3c9314a41ddc7caef36449acf8215327e91c9feee95af2bb68f4ab58e0c45 |
| SHA512 | 07998e05ada23d0edb150c46587d84802ab48ddb1ebd72a960162d6854fb0ae94fd90c4cff5b70ac318b9a918fd99dd13a1b500f431b7545458edf3b19ce1774 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0d0d054407c33e82b410da8b99aeb6f5 |
| SHA1 | 46b4c82526c49c55865891a6e1e4b595c93029bd |
| SHA256 | 9e671c9448db61240b437e760ff671186968c0ed704e8e27e6c4afbf790c5bed |
| SHA512 | e4e37886666cb0aeec28c1917a77752c79dbe9c076aeed44ce473e0de7907aad5589a2c6005395437b960b3d81f98fe10ac054355bc8eb24311c21c87a836f9a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 781c422f747deb2baf51af2b5c69c7c0 |
| SHA1 | 900e77010020668d7996da1f0f6ff58273e84f4e |
| SHA256 | 1a80d5a188d0b6a8508dac35084077d87bbcf834ec625d74b04d52a9ced41c90 |
| SHA512 | c50291598a3abbe0e4c7ec44b45dbfee2d3d2b750a2fbe5205326a2dacc69f6f25ba65d5bf12299c131786a86b54eabe4a7a670abaa03e44079ee0a25f44a46e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\227bea68-1abb-40dd-87c5-1b2d33c60058.tmp
| MD5 | 9cbf62f4218f6d30cdc2cd95d943f966 |
| SHA1 | a5cd4dbf3a0235b2f8c68121fa417c548a4787c0 |
| SHA256 | 2e5aeebe66cd004449f49e88be8ba0ddd74dc955d2b3a288a3c3f45098f05913 |
| SHA512 | 329cba8224affa91d2e503d97d2c2094d447b6c84b0e816eec474b3c399e6b63fb2c4bc0bf489610e46ead7e599d7613af45e615706095f4dbac713ac1410b62 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e93eacc3c0dbeb55d475612fe8219b91 |
| SHA1 | b9ccced09981c32ce4910ca7d1df2ec331a939cf |
| SHA256 | d46f5610c980ea847a90166b1093f86e33ccf71618654730c8922abe74a945fa |
| SHA512 | 70af0a8508b437b3c34b9ea6208f8cd01568307ffc35ea472621c46aa808e6d6788f742a5d61b1fc16a72ec5fff95a29ddace4da7bdbe562c0ca139b78b389b0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 30bd0f4bc0a9338d0249172195a25d58 |
| SHA1 | 89dcfcd284bfd4298560d6830bc666a5e6a5f39d |
| SHA256 | 1ef25f6b2f8a2657b33e92d5523f1463c098bfab95c77955e90bc4eaed1f755a |
| SHA512 | f8ba5613a2fba950be45726a4f0908a74d9d4f554e8a5597cd20adf8d88d7a5af84ce86109feabc441c1ef50b623bcb27de7bacc7eca2738edab3ec7d6351730 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 9e9a1fe3078bd8b4296cce27e9301790 |
| SHA1 | 11b9b9dbf9728cdeaecec1937151e74018d5e550 |
| SHA256 | a823fbc8bf9163feb8b8668eb2f694e6617a292995ef2419a632870c38119d43 |
| SHA512 | eb35af78b774ec8ef583b9e5cb8409aa39056640e3d12afd35b797ca5bb3addfb4ae157541ea598994ddb6567869d756c7ee9e3085f2e698582ab2d429dfb595 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 98572d9f2b799e608b5e64fb31bf952c |
| SHA1 | 0f2a3749fcf0162fcf6aa3950dfd61f93084cb93 |
| SHA256 | 0efb3328ef61b7c0b6a29a46593a672edde0ca07b88760efb81cd9b593878e15 |
| SHA512 | 3ca271bb20c7b993f7bef07d3128dce63a5af3fe67b143bb91f23678307cc2f60260c856241099b00ac4cfaeab514e6feae772476d4073a3896b1e862a95f152 |