Analysis Overview
Threat Level: No (potentially) malicious behavior was detected
The file https://jenniferbrownconsulting.lt.acemlnb.com/Prod/link-tracker?notrack=1¬rack=1&redirectUrl=aHR0cHMlM0ElMkYlMkZ3d3cuYW1hem9uLmNvbSUyRkluY2x1c2lvbi1EaXZlcnNpdHktV29ya3BsYWNlLVdpbGwtQ2hhbmdlJTJGZHAlMkYxOTQ2Mzg0MDk3JTJGcmVmJTNEdG1tX3BhcF9zd2F0Y2hfMCUzRl9lbmNvZGluZyUzRFVURjglMjZxaWQlM0QlMjZzciUzRCUyNnV0bV9zb3VyY2UlM0RBY3RpdmVDYW1wYWlnbiUyNnV0bV9tZWRpdW0lM0RlbWFpbCUyNnV0bV9jb250ZW50JTNET3VyJTJCQ29tbXVuaXR5JTJCQ2FsbHMlMkJSZXR1cm4lMkJUb21vcnJvdyUyNTJDJTJCVGh1cnNkYXklMjUyQyUyQkZlYXR1cmluZyUyQkNBTCUyQkZJUkUlMjZ1dG1fY2FtcGFpZ24lM0RDb21tdW5pdHklMkJDYWxsJTJCUmVtaW5kZXIlMkIyJTI1MkYxNyUyNTJGMjAyMg%3D%3D&sig=FcdRkqtV63eW6Muvz78X6Synh44M7V8hqhruar3SMMw&iat=1647441228&a=%7C%7C66406802%7C%7C&account=jenniferbrownconsulting.activehosted.com&email=LRRV6glqIfcVPcYsJBrMHi%2FZD%2BmsUFpJrc5fHf6IoVE%3D&s=bad97c655476f96a390a72c05a742011&i=562A822A24A6141&utm_source=hs_email&utm_medium=email&_hsenc=p2ANqtz-8a9pt4WRMGzLmExAyHPkOR09vMrgrzh7KK6sbwtG-0dTz71uH9nk3acRx2VcxsnQ6NXWTi was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Modifies data under HKEY_USERS
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 07:34
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 07:34
Reported
2024-06-13 07:37
Platform
win10v2004-20240611-en
Max time kernel
149s
Max time network
147s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133627377031503349" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://jenniferbrownconsulting.lt.acemlnb.com/Prod/link-tracker?notrack=1¬rack=1&redirectUrl=aHR0cHMlM0ElMkYlMkZ3d3cuYW1hem9uLmNvbSUyRkluY2x1c2lvbi1EaXZlcnNpdHktV29ya3BsYWNlLVdpbGwtQ2hhbmdlJTJGZHAlMkYxOTQ2Mzg0MDk3JTJGcmVmJTNEdG1tX3BhcF9zd2F0Y2hfMCUzRl9lbmNvZGluZyUzRFVURjglMjZxaWQlM0QlMjZzciUzRCUyNnV0bV9zb3VyY2UlM0RBY3RpdmVDYW1wYWlnbiUyNnV0bV9tZWRpdW0lM0RlbWFpbCUyNnV0bV9jb250ZW50JTNET3VyJTJCQ29tbXVuaXR5JTJCQ2FsbHMlMkJSZXR1cm4lMkJUb21vcnJvdyUyNTJDJTJCVGh1cnNkYXklMjUyQyUyQkZlYXR1cmluZyUyQkNBTCUyQkZJUkUlMjZ1dG1fY2FtcGFpZ24lM0RDb21tdW5pdHklMkJDYWxsJTJCUmVtaW5kZXIlMkIyJTI1MkYxNyUyNTJGMjAyMg%3D%3D&sig=FcdRkqtV63eW6Muvz78X6Synh44M7V8hqhruar3SMMw&iat=1647441228&a=%7C%7C66406802%7C%7C&account=jenniferbrownconsulting.activehosted.com&email=LRRV6glqIfcVPcYsJBrMHi%2FZD%2BmsUFpJrc5fHf6IoVE%3D&s=bad97c655476f96a390a72c05a742011&i=562A822A24A6141&utm_source=hs_email&utm_medium=email&_hsenc=p2ANqtz-8a9pt4WRMGzLmExAyHPkOR09vMrgrzh7KK6sbwtG-0dTz71uH9nk3acRx2VcxsnQ6NXWTi
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb9edab58,0x7ffdb9edab68,0x7ffdb9edab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1000 --field-trial-handle=1884,i,7360059841442298778,2066371049661271112,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1884,i,7360059841442298778,2066371049661271112,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2212 --field-trial-handle=1884,i,7360059841442298778,2066371049661271112,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2992 --field-trial-handle=1884,i,7360059841442298778,2066371049661271112,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3000 --field-trial-handle=1884,i,7360059841442298778,2066371049661271112,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4476 --field-trial-handle=1884,i,7360059841442298778,2066371049661271112,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4680 --field-trial-handle=1884,i,7360059841442298778,2066371049661271112,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4840 --field-trial-handle=1884,i,7360059841442298778,2066371049661271112,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 --field-trial-handle=1884,i,7360059841442298778,2066371049661271112,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4644 --field-trial-handle=1884,i,7360059841442298778,2066371049661271112,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2548 --field-trial-handle=1884,i,7360059841442298778,2066371049661271112,131072 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | jenniferbrownconsulting.lt.acemlnb.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 52.200.114.168:443 | jenniferbrownconsulting.lt.acemlnb.com | tcp |
| US | 52.200.114.168:443 | jenniferbrownconsulting.lt.acemlnb.com | tcp |
| US | 8.8.8.8:53 | www.amazon.com | udp |
| US | 3.162.84.60:443 | www.amazon.com | tcp |
| NL | 23.62.61.89:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.114.200.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.84.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | m.media-amazon.com | udp |
| US | 8.8.8.8:53 | images-na.ssl-images-amazon.com | udp |
| US | 8.8.8.8:53 | completion.amazon.com | udp |
| FR | 52.222.194.94:443 | images-na.ssl-images-amazon.com | tcp |
| FR | 52.222.194.94:443 | images-na.ssl-images-amazon.com | tcp |
| FR | 52.222.194.94:443 | images-na.ssl-images-amazon.com | tcp |
| FR | 52.222.194.94:443 | images-na.ssl-images-amazon.com | tcp |
| FR | 52.222.194.94:443 | images-na.ssl-images-amazon.com | tcp |
| FR | 52.222.194.94:443 | images-na.ssl-images-amazon.com | udp |
| US | 8.8.8.8:53 | fls-na.amazon.com | udp |
| FR | 52.222.194.94:443 | images-na.ssl-images-amazon.com | udp |
| US | 18.204.58.205:443 | fls-na.amazon.com | tcp |
| US | 8.8.8.8:53 | 94.194.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.58.204.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | get.adobe.com | udp |
| US | 3.162.84.60:443 | www.amazon.com | udp |
| US | 8.8.8.8:53 | aax-us-east-retail-direct.amazon.com | udp |
| US | 8.8.8.8:53 | blog.aboutamazon.com | udp |
| US | 8.8.8.8:53 | services.amazon.com | udp |
| US | 8.8.8.8:53 | www.aboutamazon.com | udp |
| US | 54.239.17.248:443 | aax-us-east-retail-direct.amazon.com | tcp |
| US | 54.239.17.248:443 | aax-us-east-retail-direct.amazon.com | tcp |
| US | 8.8.8.8:53 | www.amazon.jobs | udp |
| US | 8.8.8.8:53 | www.amazon.science | udp |
| US | 8.8.8.8:53 | affiliate-program.amazon.com | udp |
| US | 8.8.8.8:53 | advertising.amazon.com | udp |
| US | 8.8.8.8:53 | aws.amazon.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 216.58.204.74:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | blinkforhome.com | udp |
| US | 8.8.8.8:53 | developer.amazon.com | udp |
| US | 8.8.8.8:53 | eero.com | udp |
| US | 8.8.8.8:53 | go.thehub-amazon.com | udp |
| US | 8.8.8.8:53 | kdp.amazon.com | udp |
| US | 8.8.8.8:53 | read.amazon.com | udp |
| US | 8.8.8.8:53 | music.amazon.com | udp |
| US | 8.8.8.8:53 | pro.imdb.com | udp |
| US | 8.8.8.8:53 | 248.17.239.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ring.com | udp |
| FR | 13.224.63.15:443 | read.amazon.com | tcp |
| US | 8.8.8.8:53 | sell.amazon.com | udp |
| US | 8.8.8.8:53 | shop.ring.com | udp |
| US | 8.8.8.8:53 | videodirect.amazon.com | udp |
| US | 8.8.8.8:53 | www.6pm.com | udp |
| US | 8.8.8.8:53 | www.abebooks.com | udp |
| US | 8.8.8.8:53 | unagi-na.amazon.com | udp |
| US | 8.8.8.8:53 | www.acx.com | udp |
| US | 8.8.8.8:53 | www.audible.com | udp |
| US | 52.46.138.192:443 | unagi-na.amazon.com | tcp |
| US | 8.8.8.8:53 | www.boxofficemojo.com | udp |
| US | 8.8.8.8:53 | www.goodreads.com | udp |
| US | 8.8.8.8:53 | www.imdb.com | udp |
| US | 8.8.8.8:53 | www.pillpack.com | udp |
| US | 8.8.8.8:53 | www.shopbop.com | udp |
| US | 8.8.8.8:53 | www.woot.com | udp |
| US | 8.8.8.8:53 | www.zappos.com | udp |
| US | 44.215.142.139:443 | completion.amazon.com | tcp |
| US | 52.46.138.192:443 | unagi-na.amazon.com | tcp |
| US | 8.8.8.8:53 | aax-us-iad.amazon.com | udp |
| US | 52.46.131.231:443 | aax-us-iad.amazon.com | tcp |
| US | 8.8.8.8:53 | d3fpmv3m8wlug6.cloudfront.net | udp |
| GB | 216.58.204.74:443 | content-autofill.googleapis.com | udp |
| US | 52.46.131.231:443 | aax-us-iad.amazon.com | tcp |
| US | 52.46.131.231:443 | aax-us-iad.amazon.com | tcp |
| US | 52.46.131.231:443 | aax-us-iad.amazon.com | tcp |
| FR | 13.249.12.134:443 | d3fpmv3m8wlug6.cloudfront.net | tcp |
| FR | 13.249.12.134:443 | d3fpmv3m8wlug6.cloudfront.net | tcp |
| FR | 13.249.12.134:443 | d3fpmv3m8wlug6.cloudfront.net | tcp |
| US | 52.46.138.192:443 | unagi-na.amazon.com | tcp |
| US | 52.46.138.192:443 | unagi-na.amazon.com | tcp |
| US | 8.8.8.8:53 | unagi.amazon.com | udp |
| US | 8.8.8.8:53 | 15.63.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.138.46.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.142.215.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.131.46.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.12.249.13.in-addr.arpa | udp |
| US | 52.46.137.139:443 | unagi.amazon.com | tcp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 3.165.118.121:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| US | 52.46.143.56:443 | s.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | cloudfront-labs.amazonaws.com | udp |
| US | 52.94.234.174:443 | cloudfront-labs.amazonaws.com | tcp |
| US | 8.8.8.8:53 | 139.137.46.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.118.165.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.143.46.52.in-addr.arpa | udp |
| US | 52.46.137.139:443 | unagi.amazon.com | tcp |
| US | 52.94.234.174:443 | cloudfront-labs.amazonaws.com | tcp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | match.360yield.com | udp |
| US | 8.8.8.8:53 | rtb-csync.smartadserver.com | udp |
| US | 8.8.8.8:53 | dsum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | capi.connatix.com | udp |
| US | 8.8.8.8:53 | amazon.partners.tremorhub.com | udp |
| FR | 52.222.167.201:443 | www.imdb.com | tcp |
| US | 8.8.8.8:53 | pbs.yahoo.com | udp |
| US | 8.8.8.8:53 | ads.samba.tv | udp |
| US | 8.8.8.8:53 | usersync.samplicio.us | udp |
| DE | 37.252.171.53:443 | ib.adnxs.com | tcp |
| IE | 54.77.89.252:443 | match.360yield.com | tcp |
| US | 172.64.151.101:443 | dsum-sec.casalemedia.com | tcp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| US | 8.8.8.8:53 | dpm.demdex.net | udp |
| US | 172.64.146.152:443 | capi.connatix.com | tcp |
| GB | 87.248.114.11:443 | pbs.yahoo.com | tcp |
| NL | 89.149.192.200:443 | rtb-csync.smartadserver.com | tcp |
| US | 54.86.90.186:443 | ads.samba.tv | tcp |
| DE | 52.58.232.213:443 | usersync.samplicio.us | tcp |
| IE | 46.137.118.5:443 | dpm.demdex.net | tcp |
| NL | 69.173.156.149:443 | pixel.rubiconproject.com | tcp |
| US | 172.64.151.101:443 | dsum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | odr.mookie1.com | udp |
| US | 8.8.8.8:53 | c1.adform.net | udp |
| US | 8.8.8.8:53 | bs.serving-sys.com | udp |
| US | 8.8.8.8:53 | cookie-matching.mediarithmics.com | udp |
| DK | 37.157.6.233:443 | c1.adform.net | tcp |
| DE | 3.64.38.125:443 | bs.serving-sys.com | tcp |
| US | 34.160.236.64:443 | odr.mookie1.com | tcp |
| US | 52.46.143.56:443 | s.amazon-adsystem.com | tcp |
| FR | 54.36.150.184:443 | cookie-matching.mediarithmics.com | tcp |
| US | 52.46.143.56:443 | s.amazon-adsystem.com | tcp |
| US | 52.46.143.56:443 | s.amazon-adsystem.com | tcp |
| US | 52.46.143.56:443 | s.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | csync.loopme.me | udp |
| NL | 35.214.214.73:443 | csync.loopme.me | tcp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | crb.kargo.com | udp |
| US | 52.46.143.56:443 | s.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | lm.serving-sys.com | udp |
| DE | 3.70.67.155:443 | crb.kargo.com | tcp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| DE | 52.28.91.150:443 | lm.serving-sys.com | tcp |
| US | 18.204.58.205:443 | fls-na.amazon.com | tcp |
| GB | 142.250.200.2:443 | cm.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | image2.pubmatic.com | udp |
| US | 8.8.8.8:53 | 201.167.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.151.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.171.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.89.77.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.146.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.114.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.192.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.232.58.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.118.137.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.90.86.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.236.160.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.150.36.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.38.64.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.6.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.214.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.67.70.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| US | 8.8.8.8:53 | loadus.exelator.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | lciapi.ninthdecimal.com | udp |
| US | 8.8.8.8:53 | sync-amazon.ads.yieldmo.com | udp |
| GB | 142.250.200.2:443 | cm.g.doubleclick.net | udp |
| GB | 185.64.191.210:443 | image2.pubmatic.com | tcp |
| NL | 69.173.156.148:443 | token.rubiconproject.com | tcp |
| IE | 34.254.143.3:443 | loadus.exelator.com | tcp |
| US | 44.207.194.199:443 | lciapi.ninthdecimal.com | tcp |
| IE | 52.19.157.252:443 | sync-amazon.ads.yieldmo.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | us-u.openx.net | udp |
| US | 35.244.159.8:443 | us-u.openx.net | tcp |
| US | 8.8.8.8:53 | sync.taboola.com | udp |
| US | 8.8.8.8:53 | aa.agkn.com | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| IE | 63.35.204.117:443 | aa.agkn.com | tcp |
| NL | 141.226.228.48:443 | sync.taboola.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 8.8.8.8:53 | tags.bluekai.com | udp |
| US | 8.8.8.8:53 | public-prod-dspcookiematching.dmxleo.com | udp |
| US | 8.8.8.8:53 | cms.analytics.yahoo.com | udp |
| BE | 23.55.96.210:443 | tags.bluekai.com | tcp |
| FR | 188.65.124.66:443 | public-prod-dspcookiematching.dmxleo.com | tcp |
| US | 8.8.8.8:53 | ads.stickyadstv.com | udp |
| US | 8.8.8.8:53 | sync.rfp.fout.jp | udp |
| DE | 3.75.62.37:443 | cms.analytics.yahoo.com | tcp |
| US | 8.8.8.8:53 | beacon.krxd.net | udp |
| US | 35.186.196.148:443 | sync.rfp.fout.jp | tcp |
| NL | 154.57.158.115:443 | ads.stickyadstv.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 8.8.8.8:53 | match.sharethrough.com | udp |
| NL | 154.57.158.115:443 | ads.stickyadstv.com | tcp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | usermatch.krxd.net | udp |
| US | 35.244.159.8:443 | us-u.openx.net | udp |
| US | 8.8.8.8:53 | sb.scorecardresearch.com | udp |
| DE | 52.57.239.98:443 | match.sharethrough.com | tcp |
| US | 8.8.8.8:53 | eb2.3lift.com | udp |
| US | 8.8.8.8:53 | uipglob.semasio.net | udp |
| FR | 18.155.129.81:443 | sb.scorecardresearch.com | tcp |
| US | 13.248.245.213:443 | eb2.3lift.com | tcp |
| US | 8.8.8.8:53 | usersync.gumgum.com | udp |
| DK | 77.243.51.121:443 | uipglob.semasio.net | tcp |
| US | 8.8.8.8:53 | pi.ispot.tv | udp |
| IE | 52.210.15.1:443 | usersync.gumgum.com | tcp |
| US | 151.101.2.132:443 | pi.ispot.tv | tcp |
| US | 8.8.8.8:53 | image6.pubmatic.com | udp |
| GB | 185.64.190.78:443 | image6.pubmatic.com | tcp |
| US | 8.8.8.8:53 | 150.91.28.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.191.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.143.254.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.157.19.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.194.207.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.228.226.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.159.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.204.35.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.149.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.96.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.124.65.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.62.75.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.196.186.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.158.57.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.239.57.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.245.248.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.129.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.51.243.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.15.210.52.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 132.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | b11v5ewz9l.execute-api.us-east-1.amazonaws.com | udp |
| US | 3.223.23.76:443 | b11v5ewz9l.execute-api.us-east-1.amazonaws.com | tcp |
| US | 8.8.8.8:53 | 76.23.223.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
\??\pipe\crashpad_2520_SEBISYRZYGNRPUFS
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | e5051583caca1832f85a99f144e1e34d |
| SHA1 | 780898e7bad3b602ab8e003ccb2e6396eb303506 |
| SHA256 | fb308411207493c808a77aa9d48df42e55527b825bafb9a4253bdc91fb5c7f1f |
| SHA512 | df6d91f24deb77c8704f0b82f396b75ed6b4bd384de13ed370ae7d4597f33aec459b3dafcf6839719e5a906b22bb27ec6b281533d98fdc6294b17ffeb71418fc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9b0f7dd92f3d3721e04dc54e3f2946cf |
| SHA1 | ca563cfae5bd510fe03e7d70b4a507bde46deade |
| SHA256 | 26e55e1c36aa83564216435eec357abbfa4d41944c8f980dfa1869b42efd42c5 |
| SHA512 | 02cdd1061ecd9cad73c6f29b22687600b9f1526394cb3437489e64b5aa87992e42decb4be3131e6f709d4f3907903e2abc38091e293c1f14ff772ac9621d924e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f5a65c039bdc13d0875226c3f7190890 |
| SHA1 | f0b47373aa7c934557e6098dd2199417c3e19fe0 |
| SHA256 | 3b68d146276582ccc5dcf57ef4139d3ba5fa2357b65d837242a2e67b67926b52 |
| SHA512 | 7d61280b2ed819a37ccace1fb5b685eb495d76c6e29218af78306ac1ef730c60bed71c1c085a78a86554429cbc8a5b89541761a50eafd7beb8a5bafa8a2784ec |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1e24f3e80e2d86e7c5d57ca76fe2a359 |
| SHA1 | 0fefee7ab7252a25f0d74f5a744e994d501c7b9f |
| SHA256 | ec8c964f692bc809032987e7014928cc7c0be03ff3085d4a3764564bea9520be |
| SHA512 | 4c5c32657c43ddd86531f068feae7288fed5684108588500f2bc298f773398da2140a5722b3124bfa791f67f3d612a4efe57ef9482d0b547a47e378cd88cfedb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 7b53874c820c377991fbe4c5f9fbe79e |
| SHA1 | 867e26c755396334f788bb6757efd26cf7b3950e |
| SHA256 | 48568882f0afbac8706f27d959b0e5c0aa45eba48ba69922f085e64aa93b92ba |
| SHA512 | 319f7bf43a852922b8663541573717cef3e25c220e2904c92d743dadef52939cf439aeab72585942aa591a47b70780ef186e9d38eb62721ffcf6f8fc380dc7fe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 89562b3717a125d8a30d3a6c861deae6 |
| SHA1 | cb1e4713c83e7ffd0c8eff80b90b57e9c6e58c51 |
| SHA256 | ef09b150728777a5c2244116d500726f89c92da9bc32dc9284c1f562b9258d1d |
| SHA512 | d1e5c66bb9b3068aaba61a22714c494c64e0339ef9e7975e2e1f3f005d329b6e62072d5fa790f2d75daad8ac5f61d69422e3b5c3197748fb104391538f5424f0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e617a5c0e4d7c5ca2133ee00cc53524f |
| SHA1 | 6f19fe4f7709b0d61076de5bd01d214c144530c0 |
| SHA256 | 517bf55ea0482a21ed656aeb417d4da7009d41cba5e47a58b07f9b588c5af517 |
| SHA512 | 206042b368ad6076a7f2c6a9a8b36a6a2b754e61ff8fadfb8305ae84d2a64d68fd36b4a12cb0c8ff2832e7af40d0b695f33ddf463b878ef5a0a02deed0301b38 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7ae0c7007dc9c2e4dab465aa082f2fb3 |
| SHA1 | d7c2725e55a18adff6ffbaa46d046e29a2ebab5b |
| SHA256 | 3a460de6cdb15f0ff57fb77c04989223d320f4a34c228f619f98a717ff9c41d2 |
| SHA512 | ab77880fe20974df1d5d32171cedf99c8aad0e2a32b08229d7061cdeed7c689251af2a6e7746b85a0b1a36630feb609dbab9932118e78534c723f8041f7bedc4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a97467354dec1c5a2872c14a9b0cf56a |
| SHA1 | 26cd2cdf55cc43cfcf012112788147354255f280 |
| SHA256 | 2b60bfedc5b9dde438d21791dd7f7091ce357d32f914f22a9e33bcbc81ef45a3 |
| SHA512 | 30b2d1e81de36fb737adb5add5169ae7bc2d28a87c3fbdcf030015f1cb45f9e66e78ab9c2e6e2916f37df051250f11f1286130575555f73ec64596c1470c6a4e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 3983009d17b6775882e856c5b3776056 |
| SHA1 | 98e43a85d9cc750c49bd7a11620a476f2862d626 |
| SHA256 | 837b164976d7ff8b5b1b4921ca7a9c59ba97ddc0033cc6be1d1ae1f74e65486a |
| SHA512 | 0a2d35a2a18a34d81908455689927f3fcde6e13ef5162d5fa1a2cbc547aa37b5b5e9d055101d42aa4b601b4d272d59839c3d7c68a804effdc93176c3661912a5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 07f115adb791ceb37397ea7b78ead162 |
| SHA1 | ef1949cec8e423c531bcc072949344acc5dc30f3 |
| SHA256 | c8caa78168ce4cb721ed8c0b7d47d0aa20f0886c4cda9c63282776fe315e2cf1 |
| SHA512 | 36693e6239716becd2b26b733d2437686b562d7799e15267d1b23fcfc9080ea0b6aa35d7c709a0b2d577eee6c7a0ec470eee402f0a279f1b0da2fa61af917cda |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6811de2e5ccbeb7a05b7ad8bc32cfc23 |
| SHA1 | fe1faae92648cacfd728444cba7d2258039b92ea |
| SHA256 | 90def8c68a5d1665184515dbdfae4dbde31c64853e3c4c3c41bbc8cfd760aa2f |
| SHA512 | a06ffc36494319a70417507fcb9f83f13eeaf9d5aceee405a9ed222a1f6a18ab3bce62e1db140b9f10d52977e060c3ff6023dea91e28ef1a14a5569c5f60c1b3 |