Analysis Overview
Threat Level: Likely malicious
The file https://cwitss-my.sharepoint.com/:o:/g/personal/nblake_curtisswright_asia/EnXpOthGKcVGmNzstkbUkXwBGD1HvpFIyzOezsAC44UylA?e=5:tsodqE&at=9&xsdata=MDV8MDJ8bWVsb255Lm1pbm5pY2tAdm9sdm8uY29tfGQyZjllZTNhMGRkMjRkZWNmN2M5MDhkYzhhYjcxY2Q1fGYyNTQ5M2FlMWM5ODQxZDc4YTMzMGJlNzVmNWZlNjAzfDB8MHw2Mzg1Mzc3NjY1NDQ2NTcxMDd8VW5rbm93bnxUV0ZwYkdac2IzZDhleUpXSWpvaU1DNHdMakF3TURBaUxDSlFJam9pVjJsdU16SWlMQ0pCVGlJNklrMWhhV3dpTENKWFZDSTZNbjA9fDQwMDAwfHx8&sdata=S2hsaHJzSmlhMmtxdUhISEFDdnBnY3p4cFI1b25zc29TVnREemxxejYyUT0= was found to be: Likely malicious.
Malicious Activity Summary
A potential corporate email address has been identified in the URL: 05|02|[email protected]|d2f9ee3a0dd24decf7c908dc8ab71cd5|f25493ae1c9841d78a330be75f5fe603|0|0|638537766544657107|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=|40000|||
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Modifies data under HKEY_USERS
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-12 14:24
Signatures
A potential corporate email address has been identified in the URL: 05|02|[email protected]|d2f9ee3a0dd24decf7c908dc8ab71cd5|f25493ae1c9841d78a330be75f5fe603|0|0|638537766544657107|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=|40000|||
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 14:24
Reported
2024-06-12 14:27
Platform
win10v2004-20240611-en
Max time kernel
149s
Max time network
152s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cwitss-my.sharepoint.com/:o:/g/personal/nblake_curtisswright_asia/EnXpOthGKcVGmNzstkbUkXwBGD1HvpFIyzOezsAC44UylA?e=5:tsodqE&at=9&xsdata=MDV8MDJ8bWVsb255Lm1pbm5pY2tAdm9sdm8uY29tfGQyZjllZTNhMGRkMjRkZWNmN2M5MDhkYzhhYjcxY2Q1fGYyNTQ5M2FlMWM5ODQxZDc4YTMzMGJlNzVmNWZlNjAzfDB8MHw2Mzg1Mzc3NjY1NDQ2NTcxMDd8VW5rbm93bnxUV0ZwYkdac2IzZDhleUpXSWpvaU1DNHdMakF3TURBaUxDSlFJam9pVjJsdU16SWlMQ0pCVGlJNklrMWhhV3dpTENKWFZDSTZNbjA9fDQwMDAwfHx8&sdata=S2hsaHJzSmlhMmtxdUhISEFDdnBnY3p4cFI1b25zc29TVnREemxxejYyUT0=
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdab77ab58,0x7ffdab77ab68,0x7ffdab77ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1612 --field-trial-handle=1868,i,3639218139426070274,3290662531113956033,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1868,i,3639218139426070274,3290662531113956033,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2276 --field-trial-handle=1868,i,3639218139426070274,3290662531113956033,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2864 --field-trial-handle=1868,i,3639218139426070274,3290662531113956033,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2872 --field-trial-handle=1868,i,3639218139426070274,3290662531113956033,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4376 --field-trial-handle=1868,i,3639218139426070274,3290662531113956033,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4380 --field-trial-handle=1868,i,3639218139426070274,3290662531113956033,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4544 --field-trial-handle=1868,i,3639218139426070274,3290662531113956033,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4684 --field-trial-handle=1868,i,3639218139426070274,3290662531113956033,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4720 --field-trial-handle=1868,i,3639218139426070274,3290662531113956033,131072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd9c9246f8,0x7ffd9c924708,0x7ffd9c924718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,12858257945635618119,12299351360743219321,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,12858257945635618119,12299351360743219321,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,12858257945635618119,12299351360743219321,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,12858257945635618119,12299351360743219321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,12858257945635618119,12299351360743219321,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,12858257945635618119,12299351360743219321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,12858257945635618119,12299351360743219321,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3044 --field-trial-handle=1868,i,3639218139426070274,3290662531113956033,131072 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | cwitss-my.sharepoint.com | udp |
| US | 13.107.136.10:443 | cwitss-my.sharepoint.com | tcp |
| US | 13.107.136.10:443 | cwitss-my.sharepoint.com | tcp |
| US | 8.8.8.8:53 | 10.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.136.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | res-1.cdn.office.net | udp |
| SE | 2.21.96.97:443 | res-1.cdn.office.net | tcp |
| SE | 2.21.96.97:443 | res-1.cdn.office.net | tcp |
| SE | 2.21.96.97:443 | res-1.cdn.office.net | tcp |
| SE | 2.21.96.97:443 | res-1.cdn.office.net | tcp |
| US | 8.8.8.8:53 | 97.96.21.2.in-addr.arpa | udp |
| SE | 2.21.96.97:443 | res-1.cdn.office.net | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 40.126.32.74:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | aadcdn.msauth.net | udp |
| US | 13.107.253.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.253.64:443 | aadcdn.msauth.net | tcp |
| US | 8.8.8.8:53 | identity.nel.measure.office.net | udp |
| US | 8.8.8.8:53 | aadcdn.msftauth.net | udp |
| US | 152.199.21.175:443 | aadcdn.msftauth.net | tcp |
| US | 152.199.21.175:443 | aadcdn.msftauth.net | tcp |
| US | 152.199.21.175:443 | aadcdn.msftauth.net | tcp |
| IE | 2.18.24.25:443 | identity.nel.measure.office.net | tcp |
| US | 152.199.21.175:443 | aadcdn.msftauth.net | tcp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.253.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.24.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | autologon.microsoftazuread-sso.com | udp |
| US | 8.8.8.8:53 | privacy.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| IE | 20.190.159.68:443 | autologon.microsoftazuread-sso.com | tcp |
| US | 8.8.8.8:53 | 18.53.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.178.10:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| FR | 51.11.192.49:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| FR | 51.11.192.49:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 49.192.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fpt.dfp.microsoft.com | udp |
| NL | 20.31.161.73:443 | fpt.dfp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.161.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msft.sts.microsoft.com | udp |
| US | 167.220.71.70:443 | msft.sts.microsoft.com | tcp |
| US | 167.220.71.70:443 | msft.sts.microsoft.com | tcp |
| US | 167.220.71.70:443 | msft.sts.microsoft.com | tcp |
| US | 8.8.8.8:53 | 70.71.220.167.in-addr.arpa | udp |
| US | 8.8.8.8:53 | az416426.vo.msecnd.net | udp |
| GB | 142.250.178.10:443 | content-autofill.googleapis.com | udp |
| US | 152.199.19.161:443 | az416426.vo.msecnd.net | tcp |
| US | 8.8.8.8:53 | dc.services.visualstudio.com | udp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| NL | 20.50.88.242:443 | dc.services.visualstudio.com | tcp |
| NL | 20.50.88.242:443 | dc.services.visualstudio.com | tcp |
| US | 8.8.8.8:53 | 242.88.50.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 142.250.69.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 3.69.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 142.250.69.3:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 17.173.189.20.in-addr.arpa | udp |
Files
\??\pipe\crashpad_628_JWDJCDJXMCJMNIKR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d5f7af4dd38328ad82e35d626631feef |
| SHA1 | f805d4c8074fe3fecef3156e2c436f376150742c |
| SHA256 | 03dc0e6469d15a16d5c6d89ac3321df327a7c1b04196b7c77ca6b958bf7076a2 |
| SHA512 | 56584cf9dbeea16d54ba82c8717d1c2ebd295de70a8f74ba8b36b9bdec6ddb9c68a5a07d927c5dd1b9d7aacf97a163e66a9445b54fef43c04efff05cc4fd25fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bd84cb9695021044467bfdaf90a4dfa7 |
| SHA1 | a67f707e855fedd47a88d54b9060113c20c5d2db |
| SHA256 | 1413f9e94a17fbf0fd66fb92dd4f5148fd125e37e29efa513f62dd17b2b57c12 |
| SHA512 | 6e2e608140457341a12df8139f19fb6eecce244e9009b08d962fd66d6c80d697cd969064b5a02242f82da21a52d062d8754032f73f57bb108d0b859072b9d28e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 006ad4bd28e58d841c1316dfd38ce628 |
| SHA1 | 6e553af5886eab35682c2f61fbb77cf6a9ed48fc |
| SHA256 | fc3824bb27300aac13c99ab9b8a6badd300a922a4c40ed56970c39baa75d498a |
| SHA512 | 7eaf4a0174d476fa202bce80a11445e3bef9693ef2c3b09d8b6850023be572ef2539174ec7611cae09a4268c8f380825e6cb3338d130b1e13c1256110e44b4e7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c136d3ef6b9cf73e5e18b2e28fe02322 |
| SHA1 | c0154a793207495255a248efe02ad463981d994f |
| SHA256 | e6f1d1214a708aecb99dd5bce88a23af7d7647ffbd5b4d8903fb43351682b2fe |
| SHA512 | 66e64c301922099051fad58a992f6129c2dde6129e44ea7124142dd595ed4fdba341c47883fab567a90ca54cf2a6d9a7015d54f3dab92e8ab8f81c51cce5da83 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 2b6d41a8faadb5ec79b269e6460f8572 |
| SHA1 | 2751fbca1056616fbb3c1aefd687b3a6e58a465d |
| SHA256 | 251e94db08861df361cdfbb778c6c67f31bdc9cdaf7be2954a6c8c709d0d8fe8 |
| SHA512 | d1e47169de120dc3e7d57e82ec9ace0be31a56f215ec46140c98ddb54d8f49137a4c684bb86aea32071c695ff68506881b59e44180cdcc1fe6113d1638ce7e83 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 92a0121bb67e82ef5ea6511647cdd88d |
| SHA1 | 694a281d1638134822ecaa5354ec06e87b30fa05 |
| SHA256 | bb93fc16dc2441c7e4c8959854cd4053cce03d026429449ae77e1896ead394de |
| SHA512 | 2d0b88969fc146ad258a1e566c30331625456433e0656ba186854c320e71c8214f57f058150c8a43c5a3dc1b55ad399e55c4681de169c0b0dc17a4ce056892b3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 22ebc31643c6023c0c37f3e04214b6fc |
| SHA1 | d87ead021434035b9b48fac7dfc6fe1ed35d0fed |
| SHA256 | 3417ae70cae8321083b6319ad0daf532744c7cf21ee272215dff03e7ab98e9f6 |
| SHA512 | 77d0891803fb7b2376082a34c32d81f598494364d04521632d7baeb32e9a2ef3b543d70f20c6a2c52dc07d84ee59e98cc29dc911d1f3f5276ee0dfa2fec769c9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57a23b.TMP
| MD5 | 52526160f1833b76fc6368aad3a36d66 |
| SHA1 | 00ca2ac0fd60e1a423ce05a4196d430e1d1044c6 |
| SHA256 | 0394eb5797500a2e1894e87c6b5c6845837ce08f66d5c8dffbac25d7e5aa2edf |
| SHA512 | 11dba01e1c024a14261e360bc8095b30148463f2b4007ceda8879dc92ccef66ef3142fb61f3abc57db4ae994381b0aa451129fcdaaf5a0ae52cb4148a37cd4df |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 53d3ed56fc9e5966f27810e43885e510 |
| SHA1 | 7f47b0a6fa1232be93c74bd1d2697568a76e95c0 |
| SHA256 | 42b1c740f6d6aede24ee1fd1f5938e857ddd7418d5c7e7f708e3793a0732d32b |
| SHA512 | 8679d525d4d0143ad550db445530495ace46aab1dd5110093bc0e8a03cf713dac74de0a88aec4fceb413493d72ce0bf9cc8178de60e36a58e3f4d43c95c43b06 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 25f72f61be5610395ccf59288bde75b0 |
| SHA1 | 37b703d9d598c9780d8f484c2114ced6cdc667a6 |
| SHA256 | c27596291a04e11f09b14978e7326be55127bddbb2662eff5f9393b608803fee |
| SHA512 | 520911a121f827b1cc41c51e0b96954240cc0a98214d11a9d61b20bfc96cfcd689f93032ec8b19990b5b20743075958edc12628a61b70480d7f7f7473f6d20e3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 53c9687f487cc17c00ccc0fc2b56c188 |
| SHA1 | 3eead5db0bd71b45d054c7addb3b8ccfe57e8da2 |
| SHA256 | 6e329d7a51ad578935a92066c2fc27e235082dda8cd797961a9aab4afa65d7fa |
| SHA512 | 55b5eb2f8b3fee820fd92e2c6a61805ca383610cccb0b19a73be38cc158e0e81044a27d813e6b4e68a10a2c15104ffa7509e7b33e14751dd144301ed0c5e7cc4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 84fdc253b7cb6a0f346ac2dcb06fadec |
| SHA1 | 39ee872da90d593c25949059e6b930233fb0d76e |
| SHA256 | 36942e76526db54c009f22d808d86fd366b026e359fc77c7b144e4eb2b6879f1 |
| SHA512 | 2fe808b6e710fb33cf1d94b7fbf54c05e81d31979524d5f77084fea585817f7c1efaac956e18488684b0c152f7b810f7b89263020075e4dd6d77a10ee588f96e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3a09f853479af373691d131247040276 |
| SHA1 | 1b6f098e04da87e9cf2d3284943ec2144f36ac04 |
| SHA256 | a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f |
| SHA512 | 341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 182c3bcf6e7fb7e171c239c6f20f989d |
| SHA1 | b3048a741e57cceb276e63d5c5f50f18eb6bb7c5 |
| SHA256 | 6daae5134285513fda4c8f2de519a0943ec24db20b81d67f24a8dd69f5e9bf61 |
| SHA512 | 635400d60b77ebe6d98b1cae532a1161821dd876c979a7830202e46533c1eed12387e731cbe99a10072a7f49a13fa1f07d6e5b2ae334bd7afbe68e1d39d3fc8d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e1277aad0a76bb4dbc1cd7b09663d6f3 |
| SHA1 | 84523751da13d4ee0dbebc9a2f4a85032cac9a1d |
| SHA256 | c0090b259c37a44d394833789e9d1fa6765187865a1046f171549379466cf395 |
| SHA512 | f90bec02586f02f1abc5f7d8ba4d03f237f5ddc23f13f7c87a3191443b1b7c44cf704910488a2768267425d7e0cc92c62442c34d49b74bdfb3029be0d357491e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2f04244fc1b38eb86d359a2ce9d26fe3 |
| SHA1 | dd5b717b32260f5bb2ce45a4b11b13c840b29a01 |
| SHA256 | dfdd63642fe1ccea356b614eb5ab7511854629d92ff6fe1a2d55bf0883e5e97b |
| SHA512 | c561cc7e6fbc215f604d00a8de5b26f3dc951ace85701ee73f9254fcf7ad0bf0b27d3d94730a74ee70b370fe04bba2001d0159c10f05c04abfc96180c702d996 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 570d623ee73ee0f93a1913b64b54e908 |
| SHA1 | 22b049879f54d33e14d13dde37eea090197381c5 |
| SHA256 | 62f7e292490ada69550f738da68741210bd5c9a904988adc2918786e56a718e4 |
| SHA512 | 7998d4f32aa084b83e54b92f0539d71959d6803ed07905b35e7b9f758350a58ef70542a9918fd3ea46cf333cf99118c8d0ec00603cb7a718ff866097040f7f12 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 986c8d674006bcfc157f2819f251f18a |
| SHA1 | fbadc43b27f902c6a30eff00c6f4ba77e93e1b9a |
| SHA256 | de198fb23892d14c4eb5a3b02c5719b109e12fb042d88c58a0e6d7a2ec5ae281 |
| SHA512 | 69e4a38f71dcd0d54a81502f680fefdce7bf63caa2440d8ac8da2242010cc044d478cb2f68b27eafba73c3e98910a9811b67d5309d6fec864b9ebaf096e5774f |