Analysis Overview
Threat Level: Known bad
The file https://nimb.ws/h3t6XR7 was found to be: Known bad.
Malicious Activity Summary
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-18 15:56
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-18 15:56
Reported
2024-06-18 15:59
Platform
win10v2004-20240611-en
Max time kernel
111s
Max time network
112s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133631998643320890" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://nimb.ws/h3t6XR7
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad3f7ab58,0x7ffad3f7ab68,0x7ffad3f7ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1612 --field-trial-handle=1860,i,16716825188853135167,12083059870473926180,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1860,i,16716825188853135167,12083059870473926180,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2204 --field-trial-handle=1860,i,16716825188853135167,12083059870473926180,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3028 --field-trial-handle=1860,i,16716825188853135167,12083059870473926180,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3052 --field-trial-handle=1860,i,16716825188853135167,12083059870473926180,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4120 --field-trial-handle=1860,i,16716825188853135167,12083059870473926180,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4556 --field-trial-handle=1860,i,16716825188853135167,12083059870473926180,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4860 --field-trial-handle=1860,i,16716825188853135167,12083059870473926180,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5084 --field-trial-handle=1860,i,16716825188853135167,12083059870473926180,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4884 --field-trial-handle=1860,i,16716825188853135167,12083059870473926180,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5344 --field-trial-handle=1860,i,16716825188853135167,12083059870473926180,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4864 --field-trial-handle=1860,i,16716825188853135167,12083059870473926180,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4528 --field-trial-handle=1860,i,16716825188853135167,12083059870473926180,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4176 --field-trial-handle=1860,i,16716825188853135167,12083059870473926180,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6108 --field-trial-handle=1860,i,16716825188853135167,12083059870473926180,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5148 --field-trial-handle=1860,i,16716825188853135167,12083059870473926180,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5936 --field-trial-handle=1860,i,16716825188853135167,12083059870473926180,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5840 --field-trial-handle=1860,i,16716825188853135167,12083059870473926180,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5924 --field-trial-handle=1860,i,16716825188853135167,12083059870473926180,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6056 --field-trial-handle=1860,i,16716825188853135167,12083059870473926180,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5748 --field-trial-handle=1860,i,16716825188853135167,12083059870473926180,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2384 --field-trial-handle=1860,i,16716825188853135167,12083059870473926180,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2284 --field-trial-handle=1860,i,16716825188853135167,12083059870473926180,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3924 --field-trial-handle=1860,i,16716825188853135167,12083059870473926180,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5968 --field-trial-handle=1860,i,16716825188853135167,12083059870473926180,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4440 --field-trial-handle=1860,i,16716825188853135167,12083059870473926180,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6004 --field-trial-handle=1860,i,16716825188853135167,12083059870473926180,131072 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | nimb.ws | udp |
| FR | 52.84.45.112:443 | nimb.ws | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.45.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | raji180693.nimbusweb.me | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.177.190.20.in-addr.arpa | udp |
| FR | 216.137.52.114:443 | raji180693.nimbusweb.me | tcp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.52.137.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d3hogio4d1txum.cloudfront.net | udp |
| US | 8.8.8.8:53 | nimbusweb.me | udp |
| FR | 3.160.185.150:443 | d3hogio4d1txum.cloudfront.net | tcp |
| FR | 3.160.185.150:443 | d3hogio4d1txum.cloudfront.net | tcp |
| FR | 52.222.144.84:443 | nimbusweb.me | tcp |
| FR | 52.222.144.84:443 | nimbusweb.me | tcp |
| US | 8.8.8.8:53 | 150.185.160.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.144.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.polyfill.io | udp |
| US | 104.18.53.237:443 | cdn.polyfill.io | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 237.53.18.104.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | metric.nimbusweb.me | udp |
| FR | 216.137.52.76:443 | metric.nimbusweb.me | tcp |
| FR | 216.137.52.76:443 | metric.nimbusweb.me | tcp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.52.137.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | stt.nimbusweb.me | udp |
| US | 216.239.38.21:443 | stt.nimbusweb.me | tcp |
| US | 216.239.38.21:443 | stt.nimbusweb.me | tcp |
| US | 8.8.8.8:53 | 21.38.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | l.getsitecontrol.com | udp |
| BE | 64.233.166.156:443 | stats.g.doubleclick.net | tcp |
| GB | 143.244.38.136:443 | l.getsitecontrol.com | tcp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| BE | 64.233.166.156:443 | stats.g.doubleclick.net | tcp |
| GB | 143.244.38.136:443 | l.getsitecontrol.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 156.166.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.38.244.143.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| GB | 143.244.38.136:443 | l.getsitecontrol.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| US | 8.8.8.8:53 | affiliate.nimbusweb.me | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| BE | 64.233.166.156:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | s2.getsitecontrol.com | udp |
| FR | 185.93.2.244:443 | s2.getsitecontrol.com | tcp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.2.93.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| DE | 172.104.226.213:443 | affiliate.nimbusweb.me | tcp |
| US | 8.8.8.8:53 | events.getsitectrl.com | udp |
| US | 3.225.98.5:443 | events.getsitectrl.com | tcp |
| US | 3.225.98.5:443 | events.getsitectrl.com | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | udp |
| BE | 2.17.107.112:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 13.107.253.64:443 | www.clarity.ms | tcp |
| US | 8.8.8.8:53 | 213.226.104.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.98.225.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | js-na1.hs-scripts.com | udp |
| US | 8.8.8.8:53 | cdn.convertbox.com | udp |
| US | 8.8.8.8:53 | tag.clearbitscripts.com | udp |
| US | 8.8.8.8:53 | px.ads.linkedin.com | udp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| GB | 163.70.147.23:443 | connect.facebook.net | tcp |
| US | 104.16.139.209:443 | js-na1.hs-scripts.com | tcp |
| FR | 3.160.188.11:443 | tag.clearbitscripts.com | tcp |
| GB | 143.244.38.136:443 | cdn.convertbox.com | tcp |
| GB | 143.244.38.136:443 | cdn.convertbox.com | tcp |
| US | 8.8.8.8:53 | 64.253.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.139.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.42.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.188.160.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | js.hsadspixel.net | udp |
| US | 8.8.8.8:53 | js.hscollectedforms.net | udp |
| US | 8.8.8.8:53 | js.hs-analytics.net | udp |
| US | 8.8.8.8:53 | js.hubspot.com | udp |
| US | 8.8.8.8:53 | js.hs-banner.com | udp |
| US | 204.79.197.237:443 | bat.bing.com | tcp |
| US | 172.64.153.27:443 | js.hs-banner.com | tcp |
| US | 204.79.197.237:443 | bat.bing.com | tcp |
| US | 8.8.8.8:53 | x.clarity.ms | udp |
| US | 172.64.153.27:443 | js.hs-banner.com | tcp |
| US | 8.8.8.8:53 | js.usemessages.com | udp |
| US | 8.8.8.8:53 | app.convertbox.com | udp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 104.16.77.142:443 | js.usemessages.com | tcp |
| US | 8.8.8.8:53 | api.hubspot.com | udp |
| US | 104.16.117.116:443 | api.hubspot.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.153.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.77.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.190.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.117.16.104.in-addr.arpa | udp |
| US | 104.17.223.152:443 | js.hsadspixel.net | tcp |
| US | 104.16.160.168:443 | js.hs-analytics.net | tcp |
| US | 104.17.223.152:443 | js.hsadspixel.net | tcp |
| US | 104.16.160.168:443 | js.hs-analytics.net | tcp |
| GB | 163.70.147.23:443 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | api.hubapi.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | cta-service-cms2.hubspot.com | udp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | x.clearbitjs.com | udp |
| GB | 18.135.18.21:443 | x.clearbitjs.com | tcp |
| GB | 18.135.18.21:443 | x.clearbitjs.com | tcp |
| US | 52.6.233.1:443 | app.convertbox.com | tcp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| US | 52.6.233.1:443 | app.convertbox.com | tcp |
| US | 8.8.8.8:53 | 152.223.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.160.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.18.135.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.233.6.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | perf-na1.hsforms.com | udp |
| US | 8.8.8.8:53 | www.linkedin.com | udp |
| US | 104.18.80.204:443 | perf-na1.hsforms.com | tcp |
| US | 104.18.244.108:443 | api.hubapi.com | tcp |
| US | 8.8.8.8:53 | app.clearbit.com | udp |
| US | 104.18.244.108:443 | api.hubapi.com | tcp |
| GB | 18.135.18.21:443 | app.clearbit.com | tcp |
| US | 8.8.8.8:53 | polyfill.io | udp |
| US | 8.8.8.8:53 | 204.80.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.244.18.104.in-addr.arpa | udp |
| US | 104.18.52.27:443 | polyfill.io | tcp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 8.8.8.8:53 | snap.licdn.com | udp |
| NL | 104.97.14.240:443 | snap.licdn.com | tcp |
| NL | 104.97.14.240:443 | snap.licdn.com | tcp |
| US | 8.8.8.8:53 | 27.52.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fonts.bunny.net | udp |
| GB | 143.244.38.136:443 | fonts.bunny.net | tcp |
| GB | 143.244.38.136:443 | fonts.bunny.net | tcp |
| US | 8.8.8.8:53 | 240.14.97.104.in-addr.arpa | udp |
| US | 104.16.107.254:443 | js.hscollectedforms.net | tcp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 8.8.8.8:53 | forms.hscollectedforms.net | udp |
| US | 8.8.8.8:53 | 254.107.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.178.14:443 | google.com | tcp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | encrypted-tbn1.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn2.gstatic.com | udp |
| GB | 142.250.180.14:443 | encrypted-tbn2.gstatic.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 14.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| US | 8.8.8.8:53 | track.hubspot.com | udp |
| US | 104.16.117.116:443 | track.hubspot.com | tcp |
| IE | 68.219.88.97:443 | c.clarity.ms | tcp |
| IE | 68.219.88.97:443 | c.clarity.ms | tcp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 8.8.8.8:53 | 97.88.219.68.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.187.238:443 | consent.google.com | tcp |
| GB | 142.250.187.238:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | www.virustotal.com | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | 46.34.125.74.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | recaptcha.net | udp |
| GB | 142.250.187.227:443 | recaptcha.net | tcp |
| GB | 142.250.187.227:443 | recaptcha.net | tcp |
| GB | 142.250.187.227:443 | recaptcha.net | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 216.58.213.10:443 | content-autofill.googleapis.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 8.8.8.8:53 | 10.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | tcp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | x.clarity.ms | udp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
Files
\??\pipe\crashpad_3140_VSFBTIXKHQPZYKTK
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 23ef946d42236eccc7fa32f4c2f27130 |
| SHA1 | c150623d57282ab3d602108466ba4f072d338505 |
| SHA256 | cc70e3a09b5097f3450ebb88e037dbd565802ba15b64c67cb8bde6a6b44840ba |
| SHA512 | 53c999765c8b338972e9bc88ebb7ee6af3856af4ae3cdfd0fc25439c53cf85717d267bc2498c51f262474929ab3ff85c4105e25b281e7eea9132db9a1db12f5d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2985248a8f6155f43b7f3ea6566ce321 |
| SHA1 | 3180400f431549431ee2570d93f28178914096ce |
| SHA256 | bbd2bc3c59929322a2771eeee03c19fa0e24aed1b9655e965d45981a67ef7dd4 |
| SHA512 | 71f3e4fd7c9d6e45d14c23c91044f1e665ca6a53011a9a73096a09751a351303797ece77f153c4a5014190da3853d15e34ecb83ecc3169563f108f79d6f0b81e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011
| MD5 | 6ff74c8dd69d2b4425adc05803abe1f0 |
| SHA1 | f26de15e88ab37db5f76c8a207f496d4e6e2df65 |
| SHA256 | c56ff2d017621df02335f09354c255bbdc5ad98bdd5be715894a51d0d5ccde31 |
| SHA512 | 04e4242c8e4f56803441596983226de28052ca28a775f07bce16ab1107a1964a10b8a5a73d4f8df8e9cea91e9e3acf52368a7db723931665b362393f7c95202a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 471271673ed6c39e7304e47d66589ca1 |
| SHA1 | 36262809641a51b8e0e0eaf7f3590c64354aa567 |
| SHA256 | 44b8bdc71f7f76a0b46670ba2fefdf495aa3374f04bebb91e41a61d27f66a85f |
| SHA512 | df2f640b472b29cd76f57fd046df742442b11b75f64da3d628033697da52f6fc095496883e25e34642a0133b178c2a30098adca8a3fbe53a577f7cd83b1b168f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 63f06732a4978d7a241ea78c8f5bfbbc |
| SHA1 | 0eff6af1cee1463e334fed1b92fdf9744b7c170e |
| SHA256 | 7dffc3810480e48dc6f0e47face94808eee9a85f93041a3fe719fee71284c2e7 |
| SHA512 | d61f62489697a9d426980a455cf9682e9c222b515f3aebd9658c5552059d6b8ce7d66f0b648eb4c45bdcbd7ccf31982b378cadca424103e19cde3e09af688988 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d3edfd71e44dd1f03273782950c30ea3 |
| SHA1 | 5f10e2990630a73ccb801c65b035bcff64a72908 |
| SHA256 | 2a121674fa21b01680d604da440e44c9b3a7d57514ad60e38c3743e30da91086 |
| SHA512 | fabfc0a82b8f2518bf68e056503d04362e98af04ae66fc410c1d5683aa65d2cfcaa47ded2e143f1d773ffb34ef74109ce6f31d180ed303fd3d22137a2bc69cf3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0d5f8aec78633b25d8ba76c9a559df83 |
| SHA1 | f8bc6144bf6223892943dcc52e84a464b5fd7a69 |
| SHA256 | 950c3abe48c29377bfa7e2c4600cd6d5f726d8d7ab5a8daad8afdf0a3ce80bc1 |
| SHA512 | a89ea1d8d55d3b2cb809cf9008e52afdf2ff8ce113a37abea16a101543bd5b0198fbf4c011458110fa144b9698d81df1293341dd672af5583de335f4298f5c47 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 78b4df4e206733e0de58932d296452b0 |
| SHA1 | 05132c29dc3e4c28ee1606d56a9e32224a824df3 |
| SHA256 | 03a6a1b0addb9a0a3b4348de0e62b47f18c8cfa96514472a07bb00a8382ec12e |
| SHA512 | f43cb3631c211d37d52cc4593250099411ce6b4e86aad80e96631e3c4203a88fc49b58527b57b9fb257c1705690386ec3750fd97da89a1927ed9c80ddc7a4545 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 47d4d9b14f41334b7777eb9272dca312 |
| SHA1 | 2b682c5161325947447384b2db283d0395750ad2 |
| SHA256 | 6b7ccd9bce4abb0bfca4f2e7c137070937653a017270d24ff2fc2fc36ee336a1 |
| SHA512 | e64593ebb390391a24df258aad3e3d839c333868de26279c4bd2c43fc7eadeb750834d07f6fe06575b0189b23799d856c10e5f9a979f049b61f4f33fe2b5216c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a5fe6230f566da4bca2331ea8891ea3e |
| SHA1 | 48b5c4d37b898fc765af6726b069e35cf465c568 |
| SHA256 | 310bddcbeed7ea10e226a3fc193d136c335f5ca7912eadc2c2d6f261a0bde695 |
| SHA512 | 91495b71f7f3d1c97e03a5f1c4e596b986d9691645c0cb74792b5e556cc1081fce33cceb277896ac5f33f7764a07cb1a29779e0be4eb657ff4be1d858bfa73a8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 93d1485ad657ff77d9e2e8b68c3b2a3b |
| SHA1 | 7afe25c7176fa4ad30394f23621ccae2d24f9113 |
| SHA256 | 5296c66f2f8ecfae92e477d8a81163b097274218a2649de132bd7268dba6d3ea |
| SHA512 | e0d8a7b6b27797ff9c714eba1b37873f3bf38e1f50dbcc103c26dd5aad2839772461ed4cb3b222d80d4f2d0dfcc4cab3a5436483f792e138b4f23389b7c22c98 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c4acb68ac16ad1709451113faeb9db65 |
| SHA1 | 4f332a479373a226b0413e56a1face0f31d0a2f0 |
| SHA256 | 3325ade142eac89b1c5abc72895da6b85e829a60307671daa0f6c4ab4c8686da |
| SHA512 | fc2a6e705c17676ab82437e1db623a27a1ce72158e3e8c6df37674e819c696d8c9fc866c53432f001301e534d95d23539b64e6af32016859de8e66e7c35524d4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003e
| MD5 | caaa5222d179a24ca5540080c7018b99 |
| SHA1 | 1f415a7a73a12a4c16f25709504f4e4e4beae9dd |
| SHA256 | b729255f2e984a20fa0f0eb07e08368cf468fd17ff27a7d1dbb4042ec261d8cf |
| SHA512 | 71b4f878aa154ba4a8523c2e36faa8dbe3cfafa082b18796d8b69539dee9506253b9e55fc9b71cc2c9027d22ae08587b0e2ddadbc8d3395dbb73584d1ca1ebcc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4e037083b15927c746ae8f5b82ceca63 |
| SHA1 | 6af17687c3e7de45dc11157a9de5f00e71d3e520 |
| SHA256 | 12a1727fb24fa9bdffb42d8c1469aaac15b2254d2fa29b14c515226108c7d4f7 |
| SHA512 | 06ada7c6a3b65d205c3a998d61bcf378087f088df812c6751a67c9b7b99e8e36faae4601f1b94a4557018e8a184e4b1023810f0e0126a4cff267ad328c153401 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003f
| MD5 | 87c2b09a983584b04a63f3ff44064d64 |
| SHA1 | 8796d5ef1ad1196309ef582cecef3ab95db27043 |
| SHA256 | d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0 |
| SHA512 | df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000041
| MD5 | 921df38cecd4019512bbc90523bd5df5 |
| SHA1 | 5bf380ffb3a385b734b70486afcfc493462eceec |
| SHA256 | 83289571497cbf2f2859d8308982493a9c92baa23bebfb41ceed584e3a6f8f3f |
| SHA512 | 35fa5f8559570af719f8a56854d6184daa7ef218d38c257e1ad71209272d37355e9ad93aaa9fbe7e3b0a9b8b46dfc9085879b01ce7bb86dd9308d4a6f35f09e5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1c23efbd18b23a3129de6d66139df56e |
| SHA1 | 0a402f50ec6f30005097735b9d1a718e6883b5dd |
| SHA256 | 8577f09265eaa1bc00d6608072cbe568bc04e91e2e360b12d2a71e59f6c82dd8 |
| SHA512 | b68dc9fcb84d21a0e3b8755b44c513ea9c4f351971ca9b5432e604191e6cea37d626a82c693046bbdbc52f9a76364a637a6542b80c52b71b0640ecc3e8c07d5a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 36d93ffb5a0450b191fdd06d7aa43a1f |
| SHA1 | 0c09b899261a17ae1f8f07327ad5ba591d0b9f97 |
| SHA256 | 57c111ee6843172d3c94aacccff9714458df1d1ade2ac39f6c8e18671ec6d06d |
| SHA512 | 2598bf54cff0d1ca1082a491350eff0f59a8ca8307a5d0ca16eccf94ee3bf53687dadb2aa768c8401d012668c769ff1aa048a9ef61ac4c7d0110730389153dae |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000057
| MD5 | 99916ce0720ed460e59d3fbd24d55be2 |
| SHA1 | d6bb9106eb65e3b84bfe03d872c931fb27f5a3db |
| SHA256 | 07118bf4bbc3ba87d75cbc11ddf427219a14d518436d7f3886d75301f897edaf |
| SHA512 | 8d3d52e57806d1850b57bffee12c1a8d9e1a1edcf871b2395df5c889991a183a8d652a0636d5452068f5ef78d37e08ce10b2b2f4e05c3e3c0f2f2230310418a8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 39164cae412e26a3b67ca6fa1d6e3f11 |
| SHA1 | e047d0673e49db3fdc03be9f9a1138cefd3ffc40 |
| SHA256 | f2eb3dbef4757e722b7451ec1d0c66dc68d0d865dfadf9373405c0472cdf3163 |
| SHA512 | 4ec17554365d0f2a496190750eda6b405d811ad483eb66941d972b59dd7ac7ba3cd3a54d0f6f4e34eff02e4fd7641065cd1ba6b4565607da422a2d5236acf3b7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 750e96379f748c97965fa6eea42b869c |
| SHA1 | d2162d592976f93edf54475d7115695448e1ca12 |
| SHA256 | 11846e12cc7d592c9b034ccfb130e6431dcb4d74836567455d5cc65dba472bfb |
| SHA512 | 4410ebdf7274c5394eb492f9e7e86f4e7fa3acbc38858f2c0a89e7f0e0cdb865d9a3df6ccebce2663cb1fa42a141da1786b79a79895fb95ae7528828c47eccbe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bf4746d1be7e25761e47a5d9eab6987c |
| SHA1 | 04412d1c9617d8a0786e233c697cd7c2612b7ad8 |
| SHA256 | 6b1c09b8cfde3b49efb3169d1c2ba978ebe3d7f7f64431a60eb93cabea1629e8 |
| SHA512 | cd7d0af1415a178bb9db0182fc2045ee6cf5654bdccfb3252321cb69a6350dc3b35d082beac699b68c81098653aa4aa01a8992aebbf9826e0a921f4c39d49fa0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 6b9f1da78368179b2a59b2228d079890 |
| SHA1 | e1bc8f78c7eef54a180baf5e314965c0924677e8 |
| SHA256 | 0d51a91847cafa022b001b0cbb99d6f43c7681a0a88b49916cccc4936db4a640 |
| SHA512 | 7646e6e7b92820a617a19bfd42e7dfd46ee18b9fd7f9e37383bde6dca13176e048e8db69f88293f85740fe9ba954dd5f581497f46b7bd551b71d862c0e3517ff |