Analysis Overview
Threat Level: Shows suspicious behavior
The file http://nppxml.bruderste.in was found to be: Shows suspicious behavior.
Malicious Activity Summary
Looks up external IP address via web service
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Modifies data under HKEY_USERS
Modifies registry class
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-08 09:10
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-08 09:10
Reported
2024-06-08 09:13
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
155s
Command Line
Signatures
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133623114491867426" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{5EDB554D-35F9-438F-9431-D40D48381198} | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://nppxml.bruderste.in
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc5f149758,0x7ffc5f149768,0x7ffc5f149778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 --field-trial-handle=1772,i,12566619624051318818,9221595098200658185,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1772,i,12566619624051318818,9221595098200658185,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1772,i,12566619624051318818,9221595098200658185,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2908 --field-trial-handle=1772,i,12566619624051318818,9221595098200658185,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2912 --field-trial-handle=1772,i,12566619624051318818,9221595098200658185,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3820 --field-trial-handle=1772,i,12566619624051318818,9221595098200658185,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4616 --field-trial-handle=1772,i,12566619624051318818,9221595098200658185,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 --field-trial-handle=1772,i,12566619624051318818,9221595098200658185,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5344 --field-trial-handle=1772,i,12566619624051318818,9221595098200658185,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5656 --field-trial-handle=1772,i,12566619624051318818,9221595098200658185,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5812 --field-trial-handle=1772,i,12566619624051318818,9221595098200658185,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5964 --field-trial-handle=1772,i,12566619624051318818,9221595098200658185,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1840 --field-trial-handle=1772,i,12566619624051318818,9221595098200658185,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5632 --field-trial-handle=1772,i,12566619624051318818,9221595098200658185,131072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3720 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5208 --field-trial-handle=1772,i,12566619624051318818,9221595098200658185,131072 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x458 0x308
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 --field-trial-handle=1772,i,12566619624051318818,9221595098200658185,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=212 --field-trial-handle=1772,i,12566619624051318818,9221595098200658185,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6864 --field-trial-handle=1772,i,12566619624051318818,9221595098200658185,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5196 --field-trial-handle=1772,i,12566619624051318818,9221595098200658185,131072 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nppxml.bruderste.in | udp |
| DE | 185.53.177.51:80 | nppxml.bruderste.in | tcp |
| DE | 185.53.177.51:80 | nppxml.bruderste.in | tcp |
| US | 8.8.8.8:53 | d38psrni17bvxu.cloudfront.net | udp |
| US | 18.245.173.77:80 | d38psrni17bvxu.cloudfront.net | tcp |
| US | 8.8.8.8:53 | www.mydomaincontact.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| FR | 142.250.179.78:443 | www.adsensecustomsearchads.com | tcp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.177.53.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.173.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| FR | 142.250.179.98:443 | partner.googleadservices.com | tcp |
| FR | 142.250.179.78:443 | www.adsensecustomsearchads.com | udp |
| US | 8.8.8.8:53 | afs.googleusercontent.com | udp |
| FR | 142.250.178.129:443 | afs.googleusercontent.com | tcp |
| FR | 142.250.178.129:443 | afs.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 78.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.178.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| GB | 96.16.110.114:80 | tcp | |
| US | 8.8.8.8:53 | trkpc.net | udp |
| DE | 185.53.177.51:80 | nppxml.bruderste.in | tcp |
| DE | 185.53.179.31:443 | trkpc.net | tcp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 31.179.53.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.215.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | search.google | udp |
| FR | 216.58.214.177:80 | search.google | tcp |
| US | 8.8.8.8:53 | 162.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.178.250.142.in-addr.arpa | udp |
| FR | 216.58.214.177:443 | search.google | tcp |
| FR | 216.58.214.177:443 | search.google | udp |
| US | 8.8.8.8:53 | 177.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.214.58.216.in-addr.arpa | udp |
| DE | 185.53.177.51:80 | nppxml.bruderste.in | tcp |
| US | 8.8.8.8:53 | 238.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | business.midco.com | udp |
| US | 24.220.76.37:443 | business.midco.com | tcp |
| US | 24.220.76.37:443 | business.midco.com | tcp |
| US | 8.8.8.8:53 | 37.76.220.24.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.fonts.net | udp |
| US | 24.220.76.37:443 | business.midco.com | tcp |
| US | 104.16.40.28:443 | cdn.fonts.net | tcp |
| US | 24.220.76.37:443 | business.midco.com | tcp |
| US | 24.220.76.37:443 | business.midco.com | tcp |
| US | 24.220.76.37:443 | business.midco.com | tcp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | cdn.datatables.net | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.194.137:443 | code.jquery.com | tcp |
| US | 151.101.194.137:443 | code.jquery.com | tcp |
| US | 172.67.75.33:443 | cdn.datatables.net | tcp |
| US | 8.8.8.8:53 | 28.40.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.194.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.75.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | script.crazyegg.com | udp |
| US | 104.19.147.8:443 | script.crazyegg.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.152:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | pixel-a.basis.net | udp |
| NL | 98.98.135.24:443 | pixel-a.basis.net | tcp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.147.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pixel.sitescout.com | udp |
| NL | 98.98.135.24:443 | pixel.sitescout.com | tcp |
| US | 8.8.8.8:53 | 24.135.98.98.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 104.16.40.28:443 | cdn.fonts.net | tcp |
| FR | 142.250.201.170:443 | content-autofill.googleapis.com | tcp |
| US | 104.19.147.8:443 | script.crazyegg.com | tcp |
| US | 13.107.253.64:443 | tcp | |
| US | 8.8.8.8:53 | www.redditstatic.com | udp |
| US | 8.8.8.8:53 | 170.201.250.142.in-addr.arpa | udp |
| US | 151.101.1.140:443 | www.redditstatic.com | tcp |
| US | 8.8.8.8:53 | snap.licdn.com | udp |
| US | 2.22.144.39:443 | snap.licdn.com | tcp |
| US | 8.8.8.8:53 | 9086277.fls.doubleclick.net | udp |
| FR | 142.250.75.230:443 | 9086277.fls.doubleclick.net | tcp |
| US | 8.8.8.8:53 | pixel-config.reddit.com | udp |
| US | 151.101.1.140:443 | pixel-config.reddit.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 151.101.1.140:443 | pixel-config.reddit.com | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| FR | 142.250.75.230:443 | 9086277.fls.doubleclick.net | udp |
| US | 8.8.8.8:53 | brand-messenger.app.khoros.com | udp |
| US | 8.8.8.8:53 | px.ads.linkedin.com | udp |
| FR | 3.162.38.113:443 | brand-messenger.app.khoros.com | tcp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| FR | 172.217.20.194:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | alb.reddit.com | udp |
| US | 151.101.1.140:443 | alb.reddit.com | tcp |
| FR | 172.217.20.194:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| US | 8.8.8.8:53 | d.agkn.com | udp |
| GB | 163.70.151.21:443 | connect.facebook.net | udp |
| NL | 185.89.210.46:443 | secure.adnxs.com | tcp |
| IE | 34.242.115.85:443 | d.agkn.com | tcp |
| US | 8.8.8.8:53 | 140.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.38.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.42.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | up.pixel.ad | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| GB | 87.248.204.1:443 | up.pixel.ad | tcp |
| US | 18.245.194.122:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| US | 52.46.155.104:443 | s.amazon-adsystem.com | tcp |
| FR | 3.162.38.113:443 | brand-messenger.app.khoros.com | tcp |
| US | 8.8.8.8:53 | 46.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.115.242.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.194.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pagestates-tracking.crazyegg.com | udp |
| US | 8.8.8.8:53 | assets-tracking.crazyegg.com | udp |
| FR | 18.155.129.19:443 | pagestates-tracking.crazyegg.com | tcp |
| FR | 52.222.169.56:443 | assets-tracking.crazyegg.com | tcp |
| US | 8.8.8.8:53 | tracking.crazyegg.com | udp |
| IE | 54.194.13.237:443 | tracking.crazyegg.com | tcp |
| US | 8.8.8.8:53 | pixel-sync.sitescout.com | udp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | proactive-chat-server-us.prod.aws.lcloud.com | udp |
| US | 8.8.8.8:53 | dpm.demdex.net | udp |
| US | 8.8.8.8:53 | pixel.tapad.com | udp |
| US | 54.187.23.135:443 | proactive-chat-server-us.prod.aws.lcloud.com | tcp |
| IE | 34.247.72.3:443 | dpm.demdex.net | tcp |
| US | 34.111.113.62:443 | pixel.tapad.com | tcp |
| US | 34.111.113.62:443 | pixel.tapad.com | udp |
| US | 8.8.8.8:53 | 56.169.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.155.46.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.129.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.13.194.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.113.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.216.36.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.72.247.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.23.187.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | loadm.exelator.com | udp |
| US | 8.8.8.8:53 | idsync.rlcdn.com | udp |
| IE | 34.254.143.3:443 | loadm.exelator.com | tcp |
| US | 35.244.174.68:443 | idsync.rlcdn.com | tcp |
| US | 8.8.8.8:53 | sync.crwdcntrl.net | udp |
| IE | 52.212.11.218:443 | sync.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | 3.143.254.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.11.212.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.174.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.234.34.23.in-addr.arpa | udp |
| DE | 185.53.177.51:80 | nppxml.bruderste.in | tcp |
| DE | 185.53.177.51:80 | nppxml.bruderste.in | tcp |
| US | 8.8.8.8:53 | w3-reporting-nel.reddit.com | udp |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | www.mydomaincontact.com | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| DE | 185.53.179.31:443 | trkpc.net | tcp |
| US | 8.8.8.8:53 | clear.ml | udp |
| US | 162.159.136.54:443 | clear.ml | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | tcp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 54.136.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.49.178.192.in-addr.arpa | udp |
| US | 162.159.136.54:443 | clear.ml | udp |
| US | 8.8.8.8:53 | js.hsforms.net | udp |
| US | 104.18.141.119:443 | js.hsforms.net | tcp |
| US | 8.8.8.8:53 | 119.141.18.104.in-addr.arpa | udp |
| US | 104.18.141.119:443 | js.hsforms.net | udp |
| US | 8.8.8.8:53 | forms.hsforms.com | udp |
| US | 104.18.80.204:443 | forms.hsforms.com | tcp |
| US | 8.8.8.8:53 | js.hs-scripts.com | udp |
| US | 8.8.8.8:53 | 204.80.18.104.in-addr.arpa | udp |
| US | 104.16.138.209:443 | js.hs-scripts.com | tcp |
| US | 8.8.8.8:53 | 209.138.16.104.in-addr.arpa | udp |
| FR | 142.250.179.78:443 | www.adsensecustomsearchads.com | udp |
| US | 8.8.8.8:53 | forms-na1.hsforms.com | udp |
| US | 104.18.80.204:443 | forms-na1.hsforms.com | tcp |
| US | 8.8.8.8:53 | api.ipify.org | udp |
| US | 8.8.8.8:53 | clearout.io | udp |
| US | 104.26.12.205:443 | api.ipify.org | tcp |
| US | 172.67.169.89:443 | clearout.io | tcp |
| US | 104.18.80.204:443 | forms-na1.hsforms.com | udp |
| FR | 142.250.201.170:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| FR | 172.217.20.170:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | js.hsadspixel.net | udp |
| US | 8.8.8.8:53 | js.hs-banner.com | udp |
| US | 8.8.8.8:53 | js.hs-analytics.net | udp |
| US | 104.17.223.152:443 | js.hsadspixel.net | tcp |
| US | 104.18.34.229:443 | js.hs-banner.com | tcp |
| US | 104.17.175.201:443 | js.hs-analytics.net | tcp |
| US | 8.8.8.8:53 | 205.12.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.169.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.20.217.172.in-addr.arpa | udp |
| DE | 185.53.177.51:80 | nppxml.bruderste.in | tcp |
| US | 8.8.8.8:53 | 229.34.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.223.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.175.17.104.in-addr.arpa | udp |
| DE | 185.53.179.31:443 | trkpc.net | tcp |
| DE | 185.53.177.51:80 | nppxml.bruderste.in | tcp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | static.ads-twitter.com | udp |
| US | 8.8.8.8:53 | www.redditstatic.com | udp |
| US | 8.8.8.8:53 | snap.licdn.com | udp |
| US | 8.8.8.8:53 | opps-widget.getwarmly.com | udp |
| GB | 199.232.56.157:443 | static.ads-twitter.com | tcp |
| US | 104.21.81.104:443 | opps-widget.getwarmly.com | tcp |
| US | 172.67.169.89:443 | clearout.io | udp |
| US | 8.8.8.8:53 | api.hubapi.com | udp |
| US | 104.18.243.108:443 | api.hubapi.com | tcp |
| US | 8.8.8.8:53 | js-na1.hs-scripts.com | udp |
| US | 8.8.8.8:53 | track.hubspot.com | udp |
| US | 104.16.117.116:443 | track.hubspot.com | tcp |
| US | 104.16.117.116:443 | track.hubspot.com | tcp |
| US | 8.8.8.8:53 | 157.56.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.81.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.243.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | cdn.heapanalytics.com | udp |
| GB | 163.70.151.21:443 | connect.facebook.net | udp |
| FR | 13.32.145.43:443 | cdn.heapanalytics.com | tcp |
| US | 8.8.8.8:53 | 43.145.32.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.117.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s3-us-west-2.amazonaws.com | udp |
| US | 52.92.162.8:443 | s3-us-west-2.amazonaws.com | tcp |
| US | 8.8.8.8:53 | 8.162.92.52.in-addr.arpa | udp |
| US | 104.21.81.104:443 | opps-widget.getwarmly.com | udp |
| US | 104.21.81.104:443 | opps-widget.getwarmly.com | udp |
| US | 8.8.8.8:53 | pro.ip-api.com | udp |
| US | 208.95.112.2:443 | pro.ip-api.com | tcp |
| US | 8.8.8.8:53 | 2.112.95.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | heapanalytics.com | udp |
| US | 107.22.30.209:443 | heapanalytics.com | tcp |
| US | 8.8.8.8:53 | 209.30.22.107.in-addr.arpa | udp |
| FR | 172.217.20.194:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| FR | 216.58.213.78:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 78.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| BE | 64.233.166.154:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 154.166.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| BE | 64.233.166.154:443 | stats.g.doubleclick.net | udp |
| US | 216.239.34.181:443 | analytics.google.com | tcp |
| US | 8.8.8.8:53 | 181.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 216.239.34.181:443 | analytics.google.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | udp |
| US | 8.8.8.8:53 | opps-api.getwarmly.com | udp |
| US | 34.110.157.101:443 | opps-api.getwarmly.com | tcp |
| US | 34.110.157.101:443 | opps-api.getwarmly.com | udp |
| US | 8.8.8.8:53 | a.usbrowserspeed.com | udp |
| US | 35.155.127.214:443 | a.usbrowserspeed.com | tcp |
| US | 8.8.8.8:53 | 214.127.155.35.in-addr.arpa | udp |
| US | 34.110.157.101:443 | opps-api.getwarmly.com | udp |
| US | 8.8.8.8:53 | a.remarketstats.com | udp |
| US | 104.26.2.122:443 | a.remarketstats.com | tcp |
| US | 8.8.8.8:53 | i.liadm.com | udp |
| US | 44.218.164.203:443 | i.liadm.com | tcp |
| US | 8.8.8.8:53 | 203.164.218.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.2.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.193.132.51.in-addr.arpa | udp |
Files
\??\pipe\crashpad_5080_RETTASXBCPMDDDDM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b06841d23634855ce46ea910ccdb031f |
| SHA1 | 896db8beb3cbae5c4b47cc1df835be49b7cbff98 |
| SHA256 | 8e66ee95eda12edd7ce956b2a980b268c1b4742b3e4873ede3f99f79f431b26a |
| SHA512 | 95974bd4c90196ac13cf2a88eeab7ff801fbe648b58a2ff91ffa599e1c67728fd0b7d1ae6e84ad235381520bf46cd0ddeff2875b5923c5a61ac3a35f2e53e0f2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 644dbcc86e1e05a8292e1724eaa24088 |
| SHA1 | f35c7929861721d46a7232472ca60efd9ce67f60 |
| SHA256 | f81dc06744da316148098f403cbcb9c8cdce8db123b5cc408c2fe79e9eced89b |
| SHA512 | fa76b3669d7894dcb86d306d5dbaa44a57864465059979bb0374b7ce253dacb17214c4941c731f473aca8f01b52a9e909be9191f7ece2a1e150fcf7be610b3e5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
| MD5 | a8d94654043fed3e3644c495725e5bdc |
| SHA1 | 1ffb30bb0c6a0dc36186ede37651ee9776c84098 |
| SHA256 | baa8036205ed783317d463f0537795bc66d519617701486316ccc84a2441458a |
| SHA512 | af3a7117b9731b90ac10dfe04d2739a8936d7a2780de8e4daba9ba987e2da3b6162ad624c2ca2966a6c71108e0116c90e4b7cf1bd50d27f847843b529055e0da |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7ff38c5d3a1414778631ecd431a4186b |
| SHA1 | 5d2e261a95742907fad0a16478419eacc151bc88 |
| SHA256 | 36d9c6816e7c2c5148bcf21c6398633fb25f8c396815cb335c84d4a6e0eaea9d |
| SHA512 | 81ef98c65abd6f13686c16957e50fd538a5c23f6258ea000f37ad976a41115b80ed89ddb707b67b35ddf79ffec0afeb4c46d5a291011883e5ae8945ea204a1f0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0a292635e25f7bccf947423ef67a855c |
| SHA1 | 14202ce7a892eecefdafc6e94d4fcd1f7c9fb31e |
| SHA256 | 6bbc6ed25399ff3685c08aed1226eb9b407cab67a0d41a4870a6faa80e947922 |
| SHA512 | 8ce74faa647f635e518615184f15ebf1fd93bd5bd0adb599fed18d7556ecc31d9be0195cbe56eb5c84b8743559f1d3c8580395a5453f359b9a17feadb279006a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d557bbc4c6fb2d1ef52635feddaeb7b9 |
| SHA1 | 362c86a30aaba03cb94cd861c4ccf543118e90f5 |
| SHA256 | 03e97af4977cf5b6cb14a6453ca2d9e988117cf7185bc8c748b7241d699ffe2f |
| SHA512 | 0c60617435124db84feb926db072039b7ce447e38f7232462be18a9e094b26d0647b1d2aee4dbde503f6e1a5f41b6227b1933fc5f7d744994687bb25b68bb789 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 06a57948ffbbe616d475a558a451eeb0 |
| SHA1 | 8dfdc0bd7b0c89c2139d23d6b67cbdf1ed85d348 |
| SHA256 | 2437d83f468d2e1dcd18013c8e54df4ffde39bb0e86a606bcb8df4643000c01e |
| SHA512 | f398ca812ed92911f9aec4ab847af4dc01d8dfad7a4795d3b263aca1f2b59e3cbfe0c1b84b6d256fdc4602b9203950abbd8841fcdd22887eff2fcb8095002887 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe587625.TMP
| MD5 | 0e15078fc51251c320f1c75b0b06d158 |
| SHA1 | fc31376efb6bcfdb26b8a9b49b02d7ea78ae28ac |
| SHA256 | b7db9896f88938f2fbda00d3d753609b1ba137394ae470d6434ef6d873ea4315 |
| SHA512 | a09a4e7b809292825179a2441e49325d9d79ffe42bc7513ae743755cbad3c2f4335d1f6aedc0e0bf8ee994411196f93a9cdb5977ccc23ca10f3643a53668e564 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ff8894ed-cd67-4e12-8a4e-65db2ddfa5e5.tmp
| MD5 | a7ced48c9f823a40e3287a5fe7e3f037 |
| SHA1 | 1829f61cee51f472a927b87a7e4d2c47d72d2755 |
| SHA256 | 11479d2ad3c5b61fafe7e36b315fe3eb18f1649962f3876704f93f3fa699cc15 |
| SHA512 | 623321cea2431c7bcb861e4e223500e6f0197fc616072b7ad71e264c434fb03b392067e304ec19de8b3710809633a258a85a9b91c14f85bc17b58eb4b4e521b3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 98ea47a47be94a515e29b4bbbb37c0ce |
| SHA1 | 2fa725dad1a2e3dec0d5dc9c78b25a2390ddd4f4 |
| SHA256 | 8114dceb06140b6fb8eb341e53ca1f0d05c2e6921a13e4b33936c230793da60e |
| SHA512 | d6ebf2a9496d35450e4c3867ad3e81bb88f134f50bbcf8faa075b2918ef3c5d9c52bb8011bf244a1e69b4f8936cb2d666c9b05938e0df981469158648f4e556e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a898dc5a166393aa0ee28d3e8ef261b8 |
| SHA1 | 197bce710732a38b30ef6ca88ba8552257824d5c |
| SHA256 | 3a3447d97faec4ec2a49a4b29d0cb95f45456d89878b3cb0c69835e8192cfe69 |
| SHA512 | cde73ac738cdca3b416f8d4dd89a5f8804a92ebaeab600167edbef5193ce3830d6137b8c83e4d8e858c8b5e864efca15c92db310ff5078a9e9861a7a87372d5a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 903f2460f2a31dc984706a6ba673a60b |
| SHA1 | 2956bc2ca3429a7a7c4b39499974bd0eaf6aa6e7 |
| SHA256 | 322785c739944d3d2c3ec3e49961fbe90bb57f6540dc50311bf85e0bc6d1f76c |
| SHA512 | 302c4a360aeb046c8de5af325e54dd86f5cbcbfec8471e90034a22f33b5d47b625726be529ab54a9a44c31d36313e2edefb73feaff20918a432655331c9537f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b99e23249cb971a47ece57ee80986a1e |
| SHA1 | 2dc02f39f4dfad4f40d77b848b8fa2d33fb9ee09 |
| SHA256 | b7a672969c73957df4dd1e5207b833a2dbd4845bde4ba61fa0dd6966c6561251 |
| SHA512 | 73b2c7048cc67bfd61a3225266522f235437a383e7144387735e7d218fa4596dc221b35abcad541075c289a2d46ef69577000d28e08895812a231b08b238f3e3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e6d9241123b2075d8ea514cc3fcc5203 |
| SHA1 | 6fecb27f82c5bdb86ec085896d098ee7f1c0b6da |
| SHA256 | 985b39e2bd8ce9e3b5118b9877ddd44c800a5ffbc4b50b253d17dc23135be139 |
| SHA512 | 94d4b7ce170174c7b75118e5947d899215f52c7943e54cc4e044de0e0922f7964b32692c920977d5a0fecbb54ca9d0d66b29bd785a6224ff89ca5c929cd8e56c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 1ba303e91224cf514050de61861e6a2f |
| SHA1 | 76dc4a24cfc32c2135e71abc625badbe2d1b9df2 |
| SHA256 | 523f6d6dbc8d5d86ea054ea344649f3c0f1f2166fa0b8eaa635c32705ea2d223 |
| SHA512 | 24be1170decaf2a8a3567cfa340bd5657dad51e19667517e44e997cb5d2bff3aaaf425c6938cc756c07bc23a58bc7348c87aa5b39456424ceed4588939ce1512 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | ed48dbd0b54085b8252366801558e0d8 |
| SHA1 | a42ca39225681edc8d64f88e28a67bc624a49607 |
| SHA256 | 27d573e17b0e7c5c3f8c81be703d965ca8ed5e04004d52fff1ddc5bf63c4e815 |
| SHA512 | 4b4a3c479c6769a9d6f6e74f7253fbe110c7c02daa1415bba27c0ea6a9f6631fd15c47516ac4a0768f1e9c9916c2f4dfdde5c416d0be33eb96fdd843f779fbb7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 8c0e6c1fbad440961e069842777de384 |
| SHA1 | 542b51f5c243db81428b062bd8821c2ecae14025 |
| SHA256 | 7f560f651408e89f33db6cf61c731fd7fd8b57e6605de0cfa416dfa087ae5158 |
| SHA512 | 55af3efff9f24c92134c5375a9257fa45eddca53140f3059b937b68f8c9d00ccc2f193e7eb4cbac333243123c5e2c2a77173ea962844d0372dfc0fb0c9018625 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a09782338fc8dc6e2b327ae4db03853f |
| SHA1 | 1385d725ab43575b34aca38ca1971d97e7431f03 |
| SHA256 | 4f7f5d652147a13d2012ac74ace81c4aba3655790544e5f740f5749f75565766 |
| SHA512 | 336fe03bb5ae14fc5a43cbff20c435ce7f00e6b01fd6c2a549521d9ef7f4faa18c634fed71da7faaf3648f2f01d908cde591f0911ef14f3959fea03d45d13662 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d5a77d05308da6065f93a5b0fd5bee87 |
| SHA1 | b129b1f6b84079c3df9663c09834592a7b30f82a |
| SHA256 | 36338163629378dc82bd749e829c05147a33e68ed0b750340b0b0fe4c4e97e0e |
| SHA512 | 97924d2802f28f6db73d4bdbb6f730d71147d659821b98e4949696aafb88d6b57179f5cd13066b5c5ac17dbe608f7f8ed874d9a15075c99b9a8427956ce663fb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a668fe868a28057b7d3080511f0b24ec |
| SHA1 | 43e46cbe37aa0c744a366659e75707f2cd455027 |
| SHA256 | 36269cd205001ab1d84e25de7cdbb165edb6de5ea3eb1021ea145d7d15970e7e |
| SHA512 | 1c8ba85012737ba93b5f2d7fc6613afb427694083b9d59d604d095942889410a6edaff512e0864fc70c22d3aa999d68083319ccc5317005fd4709b30ecfca418 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2b91ee372d266dd77825907800deafe4 |
| SHA1 | 82ecea232e74299bfe0266b7bb32ea7e62cbd9b1 |
| SHA256 | d275fdacebaf620c401aabae8d4388ca8dacbf47c00ecfe1fa928e58e86d0a8b |
| SHA512 | 52181ebc835245e47cf04e0695dcc71133d9d2d63251f8bfe5f168e23dc9a137bd13be257d989bf9304f2e26af039066a3b4361aad8bd27da0d4d86e78b0af5b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 1a15a707510efc1b8b4f858c280f8524 |
| SHA1 | 7931e1ac8c6a6534cf0ee7b505eceee315d9b090 |
| SHA256 | a900aaebe8195470f20f6b468127b3cac222993a2817e6921a9bae840108e00e |
| SHA512 | aabc19389472fc389c20f7dde1a570adb21878d08360c805b62120011a5eea4ffb00c8a8677da01b12e40f3c011f9ef928fd93cd5ae306bf9a881de210dc339b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3932701e86829de78dd57f0fae93f964 |
| SHA1 | 6e31d6e8af15180856e415e94559387924570c80 |
| SHA256 | b26b472671eaf2b9e5e60ef13b0e8ef7cb4b6557d328b1422958b676d923e0ba |
| SHA512 | 5baa77419895d0ba452df49c8857b64fc3b77cbd61f3513129489db3935afaa2dee6841e2163338a8616a00215ef737227ef6b1c768d23057a8c510c293b5369 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9a2c6c3d223bf577bbbd6a7c87442f05 |
| SHA1 | 567e6f659f5140706ccabf7e4ad0c07e3337a664 |
| SHA256 | abae53fd88915c9e91431aaaaeaaca0ed9a70820c73aef29f250e212dc1d504e |
| SHA512 | 2203e87cc040dd61456d322f3a2487c3d5990a164b026c6503bfae63c6442451a616e5e47c2a9442fdcc9ea7e6c37bf49cfcda5845b50ec97a5d9cf38402098e |