Analysis Overview
Threat Level: No (potentially) malicious behavior was detected
The file https://hidrive.ionos.com/ was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Modifies data under HKEY_USERS
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-14 15:36
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-14 15:36
Reported
2024-06-14 15:39
Platform
ubuntu2404-amd64-20240523-en
Max time network
149s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | hidrive.ionos.com | udp |
| US | 8.8.8.8:53 | hidrive.ionos.com | udp |
| DE | 85.214.3.95:443 | hidrive.ionos.com | tcp |
| US | 8.8.8.8:53 | detectportal.firefox.com | udp |
| US | 8.8.8.8:53 | detectportal.firefox.com | udp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 8.8.8.8:53 | www.mozilla.org | udp |
| US | 8.8.8.8:53 | www.mozilla.org | udp |
| US | 8.8.8.8:53 | www.mozorg.moz.works | udp |
| DE | 13.32.119.185:443 | www.mozilla.org | tcp |
| US | 35.190.72.216:443 | location.services.mozilla.com | udp |
| DE | 85.214.3.95:443 | hidrive.ionos.com | tcp |
| US | 8.8.8.8:53 | example.org | udp |
| US | 8.8.8.8:53 | ipv4only.arpa | udp |
| US | 8.8.8.8:53 | example.org | udp |
| US | 8.8.8.8:53 | ipv4only.arpa | udp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 8.8.8.8:53 | fp2e7a.wpc.phicdn.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | fp2e7a.wpc.phicdn.net | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 34.117.188.166:443 | spocs.getpocket.com | tcp |
| US | 34.117.188.166:443 | spocs.getpocket.com | tcp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| DE | 85.214.3.95:443 | hidrive.ionos.com | tcp |
| DE | 85.214.3.95:443 | hidrive.ionos.com | tcp |
| DE | 85.214.3.95:443 | hidrive.ionos.com | tcp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 44.232.194.163:443 | shavar.services.mozilla.com | tcp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | tcp |
| DE | 85.214.3.95:443 | hidrive.ionos.com | tcp |
| DE | 85.214.3.95:443 | hidrive.ionos.com | tcp |
| US | 8.8.8.8:53 | frontend-services.ionos.com | udp |
| US | 8.8.8.8:53 | frontend-services.ionos.com | udp |
| DE | 85.214.3.95:443 | hidrive.ionos.com | tcp |
| US | 8.8.8.8:53 | tiles-cdn.prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | tiles-cdn.prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| DE | 13.32.119.185:443 | www.mozilla.org | tcp |
| DE | 217.160.86.74:443 | frontend-services.ionos.com | tcp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.36.165.17:443 | tiles-cdn.prod.ads.prod.webservices.mozgcp.net | tcp |
| US | 34.36.165.17:443 | tiles-cdn.prod.ads.prod.webservices.mozgcp.net | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | fp2e7a.wpc.phicdn.net | udp |
| US | 8.8.8.8:53 | ce1.uicdn.net | udp |
| US | 8.8.8.8:53 | ce1.uicdn.net | udp |
| DE | 213.165.66.58:443 | ce1.uicdn.net | tcp |
| DE | 85.214.3.95:443 | hidrive.ionos.com | tcp |
| DE | 85.214.3.95:443 | hidrive.ionos.com | tcp |
| DE | 85.214.3.95:443 | hidrive.ionos.com | tcp |
| US | 8.8.8.8:53 | www.strato.de | udp |
| US | 8.8.8.8:53 | www.strato.de | udp |
| DE | 85.214.3.95:443 | hidrive.ionos.com | tcp |
| DE | 192.67.198.33:443 | www.strato.de | tcp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | fp2e7a.wpc.phicdn.net | udp |
| DE | 217.160.86.74:443 | frontend-services.ionos.com | tcp |
| DE | 217.160.86.74:443 | frontend-services.ionos.com | tcp |
| DE | 217.160.86.74:443 | frontend-services.ionos.com | tcp |
| DE | 217.160.86.74:443 | frontend-services.ionos.com | tcp |
| US | 8.8.8.8:53 | normandy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | normandy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | normandy-cdn.services.mozilla.com | udp |
| DE | 85.214.3.95:443 | hidrive.ionos.com | tcp |
| US | 8.8.8.8:53 | fp2e7a.wpc.phicdn.net | udp |
| US | 8.8.8.8:53 | img-getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | img-getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 35.201.103.21:443 | normandy.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.237.76:443 | img-getpocket.cdn.mozilla.net | tcp |
| US | 34.120.237.76:443 | img-getpocket.cdn.mozilla.net | tcp |
| US | 34.120.237.76:443 | img-getpocket.cdn.mozilla.net | tcp |
| DE | 85.214.3.95:443 | hidrive.ionos.com | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.107.243.93:443 | push.services.mozilla.com | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | classify-client.services.mozilla.com | udp |
| US | 8.8.8.8:53 | classify-client.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod-classifyclient.normandy.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.98.75.36:443 | classify-client.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | incoming.telemetry.mozilla.org | udp |
| US | 8.8.8.8:53 | incoming.telemetry.mozilla.org | udp |
| US | 8.8.8.8:53 | telemetry-incoming.r53-2.services.mozilla.com | udp |
| US | 8.8.8.8:53 | tif.ionos.com | udp |
| US | 8.8.8.8:53 | tif.ionos.com | udp |
| US | 34.120.208.123:443 | incoming.telemetry.mozilla.org | tcp |
| US | 8.8.8.8:53 | tif-ionos-com.ha-cdn.de | udp |
| DE | 195.20.251.98:443 | tif.ionos.com | tcp |
| US | 8.8.8.8:53 | fp2e7a.wpc.phicdn.net | udp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | fp2e7a.wpc.phicdn.net | udp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | t.ionos.com | udp |
| US | 8.8.8.8:53 | t.ionos.com | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | t-ionos-com.ha-cdn.de | udp |
| US | 8.8.8.8:53 | telemetry-incoming.r53-2.services.mozilla.com | udp |
| DE | 195.20.250.196:443 | t.ionos.com | tcp |
| US | 8.8.8.8:53 | www.amazon.co.uk | udp |
| US | 8.8.8.8:53 | www.amazon.co.uk | udp |
| US | 8.8.8.8:53 | www.vodafone.co.uk | udp |
| US | 8.8.8.8:53 | www.vodafone.co.uk | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.reddit.com | udp |
| US | 8.8.8.8:53 | www.reddit.com | udp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | www.bbc.co.uk | udp |
| US | 8.8.8.8:53 | www.bbc.co.uk | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | www-live.waf.digital-prod.vodafoneaws.co.uk | udp |
| US | 8.8.8.8:53 | www.ebay.co.uk | udp |
| US | 8.8.8.8:53 | reddit.map.fastly.net | udp |
| US | 8.8.8.8:53 | getpocket.com | udp |
| US | 8.8.8.8:53 | getpocket.com | udp |
| US | 8.8.8.8:53 | www.mozorg.moz.works | udp |
| US | 8.8.8.8:53 | edition.cnn.com | udp |
| US | 8.8.8.8:53 | edition.cnn.com | udp |
| US | 8.8.8.8:53 | bbc.map.fastly.net | udp |
| US | 8.8.8.8:53 | foundation.mozilla.org | udp |
| US | 8.8.8.8:53 | foundation.mozilla.org | udp |
| US | 8.8.8.8:53 | e11847.a.akamaiedge.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | support.mozilla.org | udp |
| US | 8.8.8.8:53 | support.mozilla.org | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | www.wired.com | udp |
| US | 8.8.8.8:53 | www.wired.com | udp |
| US | 8.8.8.8:53 | www.menshealth.com | udp |
| US | 8.8.8.8:53 | www.menshealth.com | udp |
| US | 8.8.8.8:53 | h2.condenast.map.fastly.net | udp |
| US | 8.8.8.8:53 | hearst-hdm.map.fastly.net | udp |
| US | 8.8.8.8:53 | news.sky.com | udp |
| US | 8.8.8.8:53 | news.sky.com | udp |
| US | 8.8.8.8:53 | www.spectator.co.uk | udp |
| US | 8.8.8.8:53 | www.spectator.co.uk | udp |
| US | 8.8.8.8:53 | e10653.e12.akamaiedge.net | udp |
| US | 8.8.8.8:53 | www.vox.com | udp |
| US | 8.8.8.8:53 | www.vox.com | udp |
| US | 8.8.8.8:53 | www.bbc.com | udp |
| US | 8.8.8.8:53 | www.bbc.com | udp |
| US | 8.8.8.8:53 | n.sni.global.fastly.net | udp |
| US | 8.8.8.8:53 | bbc.map.fastly.net | udp |
| US | 8.8.8.8:53 | www.theguardian.com | udp |
| US | 8.8.8.8:53 | www.theguardian.com | udp |
| US | 8.8.8.8:53 | www.businessinsider.com | udp |
| US | 8.8.8.8:53 | www.businessinsider.com | udp |
| US | 8.8.8.8:53 | f.shared.global.fastly.net | udp |
| US | 8.8.8.8:53 | www.huffingtonpost.co.uk | udp |
| US | 8.8.8.8:53 | www.huffingtonpost.co.uk | udp |
| US | 8.8.8.8:53 | gizmodo.com | udp |
| US | 8.8.8.8:53 | gizmodo.com | udp |
| US | 8.8.8.8:53 | buzzfeed2.map.fastly.net | udp |
| US | 8.8.8.8:53 | www.newstatesman.com | udp |
| US | 8.8.8.8:53 | www.newstatesman.com | udp |
| US | 8.8.8.8:53 | www.smithsonianmag.com | udp |
| US | 8.8.8.8:53 | www.smithsonianmag.com | udp |
| US | 8.8.8.8:53 | www.newyorker.com | udp |
| US | 8.8.8.8:53 | condenast.map.fastly.net | udp |
| US | 8.8.8.8:53 | theconversation.com | udp |
| US | 8.8.8.8:53 | theconversation.com | udp |
| US | 8.8.8.8:53 | www.fastcompany.com | udp |
| US | 8.8.8.8:53 | www.fastcompany.com | udp |
| US | 8.8.8.8:53 | mansueto.map.fastly.net | udp |
| US | 8.8.8.8:53 | www.goodhousekeeping.com | udp |
| US | 8.8.8.8:53 | www.goodhousekeeping.com | udp |
| US | 8.8.8.8:53 | www.womenshealthmag.com | udp |
| US | 8.8.8.8:53 | www.womenshealthmag.com | udp |
| US | 8.8.8.8:53 | hearst-hdm.map.fastly.net | udp |
| US | 8.8.8.8:53 | safebrowsing.googleapis.com | udp |
| US | 8.8.8.8:53 | safebrowsing.googleapis.com | udp |
| GB | 216.58.204.74:443 | safebrowsing.googleapis.com | tcp |
| GB | 216.58.204.74:443 | safebrowsing.googleapis.com | udp |
| US | 8.8.8.8:53 | services.addons.mozilla.org | udp |
| US | 8.8.8.8:53 | services.addons.mozilla.org | udp |
| DE | 52.222.236.48:443 | services.addons.mozilla.org | tcp |
| US | 8.8.8.8:53 | versioncheck-bg.addons.mozilla.org | udp |
| US | 8.8.8.8:53 | versioncheck-bg.addons.mozilla.org | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 34.160.90.233:443 | versioncheck-bg.addons.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | fp2e7a.wpc.phicdn.net | udp |
| US | 34.160.90.233:443 | versioncheck-bg.addons.mozilla.org | udp |
| US | 8.8.8.8:53 | addons.mozilla.org | udp |
| US | 8.8.8.8:53 | addons.mozilla.org | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 18.173.205.72:443 | addons.mozilla.org | tcp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| NL | 2.18.121.79:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | detectportal.firefox.com | udp |
| US | 8.8.8.8:53 | detectportal.firefox.com | udp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 8.8.8.8:53 | ipv4only.arpa | udp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 8.8.8.8:53 | ipv4only.arpa | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 15:36
Reported
2024-06-14 15:39
Platform
win10-20240404-en
Max time kernel
149s
Max time network
139s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133628530075985959" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://hidrive.ionos.com/
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff86f5e9758,0x7ff86f5e9768,0x7ff86f5e9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1508 --field-trial-handle=1752,i,3909338333726075675,2150631647159554029,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1824 --field-trial-handle=1752,i,3909338333726075675,2150631647159554029,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2072 --field-trial-handle=1752,i,3909338333726075675,2150631647159554029,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3040 --field-trial-handle=1752,i,3909338333726075675,2150631647159554029,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3076 --field-trial-handle=1752,i,3909338333726075675,2150631647159554029,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4664 --field-trial-handle=1752,i,3909338333726075675,2150631647159554029,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4720 --field-trial-handle=1752,i,3909338333726075675,2150631647159554029,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2572 --field-trial-handle=1752,i,3909338333726075675,2150631647159554029,131072 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | hidrive.ionos.com | udp |
| DE | 85.214.3.95:443 | hidrive.ionos.com | tcp |
| DE | 85.214.3.95:443 | hidrive.ionos.com | tcp |
| DE | 85.214.3.95:443 | hidrive.ionos.com | tcp |
| DE | 85.214.3.95:443 | hidrive.ionos.com | tcp |
| DE | 85.214.3.95:443 | hidrive.ionos.com | tcp |
| DE | 85.214.3.95:443 | hidrive.ionos.com | tcp |
| US | 8.8.8.8:53 | 95.3.214.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | frontend-services.ionos.com | udp |
| DE | 217.160.86.61:443 | frontend-services.ionos.com | tcp |
| US | 8.8.8.8:53 | www.strato.de | udp |
| DE | 85.214.3.95:443 | hidrive.ionos.com | tcp |
| US | 8.8.8.8:53 | ce1.uicdn.net | udp |
| DE | 192.67.198.33:443 | www.strato.de | tcp |
| DE | 213.165.66.58:443 | ce1.uicdn.net | tcp |
| DE | 217.160.86.61:443 | frontend-services.ionos.com | tcp |
| DE | 217.160.86.61:443 | frontend-services.ionos.com | tcp |
| DE | 217.160.86.61:443 | frontend-services.ionos.com | tcp |
| DE | 217.160.86.61:443 | frontend-services.ionos.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| DE | 192.67.198.33:443 | www.strato.de | tcp |
| GB | 172.217.16.234:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | tif.ionos.com | udp |
| US | 8.8.8.8:53 | 61.86.160.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.66.165.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.198.67.192.in-addr.arpa | udp |
| DE | 195.20.251.98:443 | tif.ionos.com | tcp |
| US | 8.8.8.8:53 | t.ionos.com | udp |
| DE | 195.20.250.196:443 | t.ionos.com | tcp |
| US | 8.8.8.8:53 | 196.250.20.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.251.20.195.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.173.189.20.in-addr.arpa | udp |
Files
\??\pipe\crashpad_308_LKPOLXTZIBKFDHJY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a192d07c464c65ee8fdd5a0517ba7dcc |
| SHA1 | 8e7566f6ccdd61197588364271be9cb289f0b4f8 |
| SHA256 | 72843162ff3fb4c97a0e89ad38ccb3ca6a754f9e04d698cf51b0b4e57f70e816 |
| SHA512 | 042b7d3924938b9c45e3d55341e26c0259c60c1ec6550ab6b5c55552572e8f6359507a1b1c52ab2e074afd01ac1b03a860dcf75b5242edf4c1138d58cdb58013 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d9d74807-a4b8-4891-97dd-bc90fbbe5d44.tmp
| MD5 | 6506841506d8a7a4d3a9d121c30b4756 |
| SHA1 | f0f5f3ce773b2998f287470d7f72cdaf9610542c |
| SHA256 | 9ca98da0566bf50f840463efc063e95bdf9a7b0ff765767f8f7b46fcd0b590be |
| SHA512 | dd91e078564668a6f72dbf3a5b698eb6133b7ac604fe67c658ef4411ed154f6e646e780a131ab30b6748e65bc60a9413ee681d3c51a2d6ab3a10dd93041e6e24 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 58e13d3d585c2600027b144e1c90f782 |
| SHA1 | 79e95ed9e42fad2af1ee967995578fa765f55360 |
| SHA256 | 5dcaf2245edf4c462aaafd7234d3a1d0ab7d559c2a416713322ba2c2c0c63551 |
| SHA512 | cd87a969a8a8ccff9a7e8b007deaab1d74b53ae4b9db9aaa0cbdc89fbfbe9988fcbda0943b22dff8b32b61bee99f58f646e99c093c22877ccbe03bb465ee402f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2f1f8a59db75a1a448b33bc132d65fa3 |
| SHA1 | 0ae55b11d10d01cefa329a51ed187811d6fdcdb4 |
| SHA256 | 330037352c9496806de3cec5f8c838c6873ed0dc9918edd65276abc1cc6b1f61 |
| SHA512 | f8dd67b8c85bdc78c4509d513bd170298cf95cc514eecb8e36bc7b535fbb0577e08de989addb1bdf093fb06be2b64ff7e5128b5a4053060b41b98d3e234be66e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ceab73e80cdd06dc38e9f99884ec37f9 |
| SHA1 | 4247352a090326be01ca56f72f56a61dff19bc2a |
| SHA256 | dbe173e92e12984ba4810a8c9c4c7b1fe1c09f7ead46d4e0d3c2bb18b4a3d5e9 |
| SHA512 | 165cec4fa7bafef296715b51aee527cb059ea015795f64665b8939a9eb34edd76c28c86c1518c5e56514ebf5cb7f904b5786f1a68c8c322e0fd2c6c3f37ab7f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 49380d555e14a2070468c81adf90fcea |
| SHA1 | 80003af452e10fbfbd51d65846f316acd9c22b26 |
| SHA256 | 37c6cfe50fac0147dd71e936aac0e17403cd9dd4cc7344b0a80d52b1e32d0ac3 |
| SHA512 | ba89198d907c56c5fe8bb459dadc963980314a702b1f325775fbd118b210011d13929d91e411a5f85295226b108015c2c41987e96de6b6b2ae7daabf3caf0d1d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 3e663edd81c30cb4b266b77fa82716c8 |
| SHA1 | 551769e6040ec8ccfee60626d8d8fa58215411ce |
| SHA256 | 4af0ef74b171ba1f457523059e05a4d0618fbba1416794c574f1e66483ae6360 |
| SHA512 | 4cdab6afaf1cfb8399902df50145bbaba01445eafe86ee1dcf53af2678331a0280a0bdbe4eb38b3ba3f8135c5da3795d01232833324037102c8a115365158a6b |