Analysis Overview
Threat Level: Known bad
The file http://rb.gy/biwqew was found to be: Known bad.
Malicious Activity Summary
Legitimate hosting services abused for malware hosting/C2
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Modifies registry class
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-09 20:06
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-09 20:05
Reported
2024-06-09 20:25
Platform
win10v2004-20240508-en
Max time kernel
839s
Max time network
822s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133624374473620092" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1337824034-2731376981-3755436523-1000\{07745A75-FDB7-476B-A7F9-367E428E019F} | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://rb.gy/biwqew
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffedb2cab58,0x7ffedb2cab68,0x7ffedb2cab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1940,i,8440492156075437955,13760283355101704633,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1940,i,8440492156075437955,13760283355101704633,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2296 --field-trial-handle=1940,i,8440492156075437955,13760283355101704633,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2984 --field-trial-handle=1940,i,8440492156075437955,13760283355101704633,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3004 --field-trial-handle=1940,i,8440492156075437955,13760283355101704633,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4260 --field-trial-handle=1940,i,8440492156075437955,13760283355101704633,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3324 --field-trial-handle=1940,i,8440492156075437955,13760283355101704633,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4552 --field-trial-handle=1940,i,8440492156075437955,13760283355101704633,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4736 --field-trial-handle=1940,i,8440492156075437955,13760283355101704633,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 --field-trial-handle=1940,i,8440492156075437955,13760283355101704633,131072 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x40c 0x4ec
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5004 --field-trial-handle=1940,i,8440492156075437955,13760283355101704633,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5144 --field-trial-handle=1940,i,8440492156075437955,13760283355101704633,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5764 --field-trial-handle=1940,i,8440492156075437955,13760283355101704633,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5856 --field-trial-handle=1940,i,8440492156075437955,13760283355101704633,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 --field-trial-handle=1940,i,8440492156075437955,13760283355101704633,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5884 --field-trial-handle=1940,i,8440492156075437955,13760283355101704633,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 --field-trial-handle=1940,i,8440492156075437955,13760283355101704633,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5372 --field-trial-handle=1940,i,8440492156075437955,13760283355101704633,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5412 --field-trial-handle=1940,i,8440492156075437955,13760283355101704633,131072 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rb.gy | udp |
| US | 34.239.9.53:80 | rb.gy | tcp |
| US | 34.239.9.53:80 | rb.gy | tcp |
| US | 8.8.8.8:53 | www.roblox0.com | udp |
| US | 104.21.20.127:443 | www.roblox0.com | tcp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| NL | 18.239.18.116:443 | static.rbxcdn.com | tcp |
| NL | 18.239.18.116:443 | static.rbxcdn.com | tcp |
| US | 2.17.251.82:443 | js.rbxcdn.com | tcp |
| US | 2.17.251.82:443 | js.rbxcdn.com | tcp |
| US | 2.17.251.82:443 | js.rbxcdn.com | tcp |
| US | 2.17.251.82:443 | js.rbxcdn.com | tcp |
| US | 2.17.251.82:443 | js.rbxcdn.com | tcp |
| US | 2.17.251.82:443 | js.rbxcdn.com | tcp |
| NL | 18.239.83.95:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.95:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.95:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.95:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.95:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.95:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 211.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.9.239.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.20.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.18.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.83.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | app.sitess.best | udp |
| US | 104.26.8.192:443 | app.sitess.best | tcp |
| US | 104.26.8.192:443 | app.sitess.best | tcp |
| US | 104.26.8.192:443 | app.sitess.best | tcp |
| US | 104.26.8.192:443 | app.sitess.best | tcp |
| US | 104.26.8.192:443 | app.sitess.best | tcp |
| US | 104.26.8.192:443 | app.sitess.best | tcp |
| US | 8.8.8.8:53 | roblox.com | udp |
| US | 8.8.8.8:53 | roblox-api.arkoselabs.com | udp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| NL | 128.116.21.3:443 | roblox.com | tcp |
| US | 8.8.8.8:53 | 61.20.239.44.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| FR | 172.217.20.174:443 | udp | |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| FR | 172.217.20.174:443 | play.google.com | tcp |
| FR | 172.217.18.214:443 | udp | |
| FR | 172.217.18.214:443 | tcp | |
| GB | 128.116.119.4:443 | udp | |
| US | 44.239.20.61:443 | tcp | |
| NL | 18.239.18.116:443 | static.rbxcdn.com | tcp |
| US | 104.18.33.170:443 | roblox-api.arkoselabs.com | tcp |
| GB | 128.116.119.4:443 | tcp | |
| NL | 18.239.83.95:443 | css.rbxcdn.com | tcp |
| FR | 172.217.20.174:443 | play.google.com | tcp |
| GB | 128.116.119.4:443 | tcp | |
| SE | 184.31.15.65:443 | tcp | |
| FR | 216.58.214.67:443 | tcp | |
| FR | 172.217.20.196:443 | tcp | |
| GB | 74.125.175.102:443 | tcp | |
| GB | 74.125.175.102:443 | tcp | |
| FR | 216.58.214.163:443 | tcp | |
| FR | 172.217.20.193:443 | tcp | |
| NL | 18.239.36.65:443 | tcp | |
| US | 151.101.0.176:443 | tcp | |
| NL | 18.239.94.64:443 | images.rbxcdn.com | tcp |
| NL | 18.239.94.64:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| SE | 184.31.15.65:443 | tcp | |
| US | 104.26.8.192:443 | udp | |
| US | 104.26.8.192:443 | udp | |
| US | 8.8.8.8:53 | 131.178.250.142.in-addr.arpa | udp |
| GB | 128.116.119.4:443 | udp | |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.197.17.2.in-addr.arpa | udp |
| FR | 172.217.18.214:443 | udp | |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| FR | 172.217.20.174:443 | play.google.com | udp |
| GB | 128.116.119.4:443 | udp | |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.162.46.104.in-addr.arpa | udp |
| FR | 172.217.20.174:443 | play.google.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| GB | 128.116.119.4:443 | udp | |
| US | 104.21.20.127:443 | www.roblox0.com | udp |
| US | 8.8.8.8:53 | discord.gg | udp |
| US | 162.159.134.234:443 | discord.gg | tcp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 162.159.136.232:443 | discord.com | udp |
| US | 8.8.8.8:53 | 234.134.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.136.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp | |
| US | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.8.8:53 | 233.135.159.162.in-addr.arpa | udp |
| US | 162.159.136.232:443 | discord.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | udp | |
| GB | 128.116.119.4:443 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 104.18.33.170:443 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 104.21.20.127:443 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| FR | 216.58.214.67:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| FR | 216.58.214.170:443 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| GB | 74.125.175.102:443 | udp | |
| FR | 216.58.214.163:443 | udp | |
| FR | 172.217.20.193:443 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 52.167.17.97:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 52.191.219.104:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 52.191.219.104:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 184.31.15.57:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 127.0.0.1:6463 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 127.0.0.1:6464 | tcp | |
| N/A | 127.0.0.1:6465 | tcp | |
| N/A | 127.0.0.1:6466 | tcp | |
| N/A | 127.0.0.1:6467 | tcp | |
| N/A | 127.0.0.1:6468 | tcp | |
| N/A | 127.0.0.1:6469 | tcp | |
| N/A | 127.0.0.1:6470 | tcp | |
| N/A | 127.0.0.1:6471 | tcp | |
| N/A | 127.0.0.1:6472 | tcp | |
| N/A | 127.0.0.1:6463 | tcp | |
| N/A | 127.0.0.1:6464 | tcp | |
| N/A | 127.0.0.1:6465 | tcp | |
| N/A | 127.0.0.1:6466 | tcp | |
| N/A | 127.0.0.1:6467 | tcp | |
| N/A | 127.0.0.1:6468 | tcp | |
| N/A | 127.0.0.1:6469 | tcp | |
| N/A | 127.0.0.1:6470 | tcp | |
| N/A | 127.0.0.1:6471 | tcp | |
| N/A | 127.0.0.1:6472 | tcp |
Files
\??\pipe\crashpad_3324_RHJLHRJBBJPBVFNT
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 09090650221c39561f4c8f1ab953838a |
| SHA1 | 352341fc200e2463a56f3647b21f2e17c3d6529d |
| SHA256 | 8ac42107895116ddd35640636e434cb3a50e3168ec123559d451119b5b6aa87f |
| SHA512 | c6b84281978a5de3dbd6f9e535103cd4e7608a98b4d6241de3c6ce7f1c5b43a56c45ef26dc021fbbe12b81d5eeb63ac3aeef3c0203d2b5af1fd1976c5828d525 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt
| MD5 | 73a465dadf426a1816e6124332dbbe2a |
| SHA1 | 9016ee293d948b12d364e9eeccf7eec06a1aa032 |
| SHA256 | 60ebfbe19e0b00485e81b7fa15d8988ac37bc2cdfd734311d3ee4b24f562a8bd |
| SHA512 | e55d2a34a093562bf8cf9d051dcb7b1bdf459a86cdfde578ece91f76ec18f7fd1007db5c93dcd9864fb97dd7d5d7581ec6bbfb0d0e867e04290bf434935725f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt~RFe5758bf.TMP
| MD5 | 854c24243b336d866addaec69356c425 |
| SHA1 | 34f90c7907e680276f738ac5097b273ada8f51d0 |
| SHA256 | 4068189880cb9a7cd063c4a6fc266b6ebaaa34e5583bd108cda0d1dd61182fd7 |
| SHA512 | cca821118ba44b40ec812ea2c0e41a5d05eafbca0b69d70c78fe0099834fa9576819a10e245687b86d4e274913a95f91b0f8d006d028ee97733facbae7ad1a43 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d148ffc9fc5b5c9dd52eadcf1a1f9637 |
| SHA1 | e44a553fa4c46a0238e1adcc21ee2cac2550694f |
| SHA256 | ef78c72550206c99102c2da58adf55e1ab38ed414ca8c29c41a25620cac2a2d9 |
| SHA512 | 41f3cf21dc9c04cf7fdcf14c3bdc5e4b7d2eba273d491fcfff8a68de30f1d371030d6708fd93ad152660a409715bbc511dabe1adf766870fa9d9bdb1b0440f73 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c3b1124a9d283751d697a9cca89e4080 |
| SHA1 | 2297aa29535f0edcc54e2598bd2b712578c0bf40 |
| SHA256 | 66ab00ab7230b9b49f962072a482d6a068f412464590da000a8f30a21d774247 |
| SHA512 | 71d92742ff3bd27f9aca86fcf1e6a98a91dbee085371e292952c027fac648ddbd975cb87e1f744be1825efd1d4fc06de5a86b981a3d6e6ad9175da08eb951a16 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3e2dfc9a3f4385b28a8d27f28d088c50 |
| SHA1 | c40df0c46dd20308368f8afa21f7f1dd251b4d89 |
| SHA256 | 0e92ad5e46f9ee6d2c0cd7c12ca767416e02f195901247dbef457758a304369c |
| SHA512 | f383548fded9edfdc037e111df49a820b934255fba30c095e38df2b7c7b32491bc488f2608c53e5a8b71cea7a5e94e89b760abb8e2802812af39379d1020e1eb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d60b2ed28226e8fdb91bc6c3b872c738 |
| SHA1 | 1e6912d809db5156b1953e6c4e9d1382369c5a4e |
| SHA256 | 78e779a5520177c9f41440a225012fcb5c8b56350c85b39dcd787072ab78725d |
| SHA512 | 2e5915626a19294c6d1a8f24cf9710ecb6b9271b738a73c013fdc52509bb2c4518fa7928a6ea740e626982fabada0112fbb5d015c27d8d69138d735511f1e1cf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1b6a972bbd4699c699b9cf54cb6253e6 |
| SHA1 | f754dd785e566caf4ef9397e92ab9d918848d34e |
| SHA256 | 2c6fc18459321b8b3610e7d4387b88c9144f5d9fa2980bee03f8783fc2327a17 |
| SHA512 | 7dd71d65f582d686da9ee2adb3c3bf3c83988430e3c915e6b63c6ac91d0b33b1dee50633204479c438472896e067db07cd4556acb0d673336c03ee8dfeb52b2c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4074f43811d9153346a794805ad80831 |
| SHA1 | 61bd94f63ed91a547ff7056952a0182bf5c7444f |
| SHA256 | 9a7b78d7312fdd2af30f346c198c11c4e3dee2c1ac4b4a9cb0728844d5026302 |
| SHA512 | 9e23b6c429e5e5ee976dbcce83cd0a16c8cebf18a0c8364a73a83e88868b4530f599e6fb00fc4149612ac4c7919e5dc504e5c849d5d9986a9a23d72c9d238de8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | dc435e51e904ed8c82edc12cd71b6f7d |
| SHA1 | 36e78bb736b5acee2d7e1d460ec03c471141d755 |
| SHA256 | 37d619e18ca9ed10222936ea82dee0051dad16c14cb4ed2cf53b4bd81c1b70a2 |
| SHA512 | 3405d6e010e165f4dfd2947e5ae6903c9474b67f7b9d10f1595a1da3a5abbae2578a2cf5afcd9af1c8e691ab40870d225ba5d9825283ebc3a1adb4998bdbb672 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57e6a7.TMP
| MD5 | 59a377b29cb2dcc6233e14535c6186e5 |
| SHA1 | 586408c33c7c3578ddff87bfba90e741caf5a495 |
| SHA256 | 591a22a5827561fb476f3ee2fb76aa80c80514e92d8c828f134cf6411a471302 |
| SHA512 | 664086b12e6717a158225489f1bd378950abe8ad83baf2e16e9e24a5fa1668e609494741a65fff8c12866bef9573caf6055b02dbe17ba70f6dfb4f22f840775e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 827b3e2d799559abfb8445047cd6f79d |
| SHA1 | f901657336e04f28bde76f4da5c10101cb40d95d |
| SHA256 | 720bc9fc4d11ec0548f3f210e2adca39a173082ab53a9719fcd685f688c30320 |
| SHA512 | 910c90d5b2a0df4e52b419554676b4a777950291258c64095f86c2cbbdd540533fef143e188e7617bd9c3c383a265449c08e3d2c9c8d9871940bc5355646e116 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 6829b05e11e03f880bbc5f853e23e409 |
| SHA1 | 8e397a08098417fea9e0d64f8d12bf4fc44111e1 |
| SHA256 | 7f478e2244b24c3ec9c4347d20827fc4bf73ec71e87da5ecbb54c7e9d7f65236 |
| SHA512 | 4bd47d7303c193e9dd18fe125c60180d546c99b05eecbe7f74d311af78d7ceea758db48d7bc7f36f669fef23c7b2e4bf1990fc7abfb1e31763b1e50aa0b18ea8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a7f32e89ef68f333cd383bbdd0ba971a |
| SHA1 | c7ecf8b6a89c48c227e94246b6edec8b91f05334 |
| SHA256 | 6d294fbd9079dde11fe9c93cd32d155f5cf3c9edc522b05bfcfdac00ac8aea21 |
| SHA512 | e569cf8cb4ab160bbff4165285d3633a46f887b6f6d1cc7e9e8df80cad45934c3b03fa13c5b578c5b231b4da8e502d8166b8a20d2ba75738c873abbf46996d64 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | f0b09852b43d910eb3d22a73d35228f6 |
| SHA1 | 112b92124351bfe285f4399d0c3be33cf25134a9 |
| SHA256 | 68e76cf130fd157fbba88568c496dbae96b9d14ef6a372f3b7c859d68378eb44 |
| SHA512 | 18694d32c4c24fbc05703da85ea1c3fcfd11564262c33194acaa3538e5b613561d1352ad5d07feadb4ce7e522f1a16002c6c6961d30a4ba9f10b0f84dd3e9fdc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 1c1168a16ee1a070f09105b4893c4c92 |
| SHA1 | 19bdf98f11c335c0749ffa5772e5a5914fefd910 |
| SHA256 | af5abdfdba32115d0b62d5fa4daa4d143ac0c0c1aa2839ea68ff52d0ae6ef870 |
| SHA512 | 9cdabebcb4a8b2ddc867cf2dd85ba0b670978466a3e29a843ed9cdeb4498df7de3afd966be586712273ac4335a44a1c8bea02f667444d6b10a2196222b1abb30 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0f34e09f73906367785b8f3a53d869cc |
| SHA1 | 395103043a3e338868ece8212082ae002ce38618 |
| SHA256 | 8de828055cea12267c4787f139706d6c36b22be5168be716219f6f1acebfc47f |
| SHA512 | 101d25fcd82be2b581d1c815d36138916ddf0bda60a6530ad8d4494adbae2e0effa5aeb65fd2946cf7a2d832056bd286f554228ac8d2e9405d803b4be0be347e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | e0913f490d5df1b0ebcb62db5ca50f49 |
| SHA1 | 5fc6ef1579b975c5dc9e78648d45ec2df9e919ab |
| SHA256 | 8c80abd1bc055ad5d37fdb67cf1b915771910df4656a91c6f404bcfd9d35b997 |
| SHA512 | cf00e49641e424b9365af69e83c9cc9cf5fc8f82dc83240c78a33f21ab07eb0aab8eaf065832b74fe3f4905da28438f887daf7a85215ea0a6a3156e9a75135a8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f4c2beaca42d82d0d5a12d395a5c80d4 |
| SHA1 | bc1e9e40122cc953da283977fc24a9fe1bdaad87 |
| SHA256 | 5c0a81dfba2f1c51ef206aa9be26ea197d47d24c14929f27c52859ef9b721c1e |
| SHA512 | f3d49306a33691db78f099fd2eaa67a49bb0f6af85b894aedb3cae71363c801857c55e315ae677d31c2bcbfa529a5b3b2a93b636f6805788c97842151b0be5c6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 165f211a2b6b638bc12d8520a3995189 |
| SHA1 | 07631faaae018761716981349dfe6e35eb055cff |
| SHA256 | 424e39ef56e492895e7724ad816b9cdd9ac98afa8b5686b6afdd6b4d0905d52b |
| SHA512 | 2bf1edc122f966636d97e350b2309cf3bc22cdf4db657b64cf4193568654374bf951889b47608d20f6b3f9cdccad738ac91481d4c614baf0c115b51868cc0d6d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 442919a51fe219ef906ce03bfdb8754e |
| SHA1 | 9b81a8a8edaa56556a3715de9619fc2f217568f7 |
| SHA256 | 61f97fde82bfb41d2184c5262a8144248ec5cd15beae860f50998f3cdde09122 |
| SHA512 | 9343b060f7824ff77dbfe3dc596055ef10c02befd73de07f3b08ca8bcec14e395353cf78b5735715fbc917291ac447da419e13ae6e3d706a7517f133e47ad19c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 5688dfbd7d27eadd7e73d659803e56e3 |
| SHA1 | 474b2d37f5766e0f4bf95d1a4ee3c4005f1a75ed |
| SHA256 | fe743ee811ce66d7bf5dad2322496f397ed87e5829969c52bd7d55fcf5b0fed3 |
| SHA512 | 2ea25456ee8cfa33e5bdb9fc9fe8c0f1dd86134c3244a77c42d06295870eeaa429b6ad7b3e417213fe41a356a8f36303974b67962ae3d7f3451a95e00884eef9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f34a49178b71212f2d6376ad5903f2b3 |
| SHA1 | 36208a86fa9b84bbc7fa9f0a7ea23626634d1b56 |
| SHA256 | 73b13c5e37614af6976d23bc5fcc1c798b700aa5eb2a487168ebe89375e57030 |
| SHA512 | c908da86e2afaf863bbfd83cb5d4f0d2d68cbbbeb2c207f1322b04201425b5e3c70cbd4e6cc05c0c7ce8be28c7a6d64f04cce4752e48972cad4503c5cba00ef4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 68732f3efac70bd1fd8bc4442e2b5137 |
| SHA1 | 38ffcd40cebe9bc491c8f5a3ddfe8d71b3d1035e |
| SHA256 | 671a5230458ad67bc8e1bf77819c15fbc65eeab636d5138bd80c7437c478d327 |
| SHA512 | bcf9e3ca4716f8198d3b99d996ea12b65a329bcbf7eba072594a71afc05e857ace7eb4abd6d61ca47e2f1edd41b24e4011e6ffc50234c29cd6b9ae813888ad85 |