Analysis Overview
Threat Level: Known bad
The file https://scanner.topsec.com/?d=3744&r=auto&u=https%3A%2F%2Fmaknastudio.com%2Fpkyos&t=a4fe2e96fe6815a71cc8a7f1ae1196e6fbcf1f08 was found to be: Known bad.
Malicious Activity Summary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-07-02 15:31
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-02 15:31
Reported
2024-07-02 15:34
Platform
win10v2004-20240508-en
Max time kernel
188s
Max time network
192s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133644078950714415" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://scanner.topsec.com/?d=3744&r=auto&u=https%3A%2F%2Fmaknastudio.com%2Fpkyos&t=a4fe2e96fe6815a71cc8a7f1ae1196e6fbcf1f08
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffca11ab58,0x7fffca11ab68,0x7fffca11ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 --field-trial-handle=1888,i,7296898952391185249,5000202951227458421,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1888,i,7296898952391185249,5000202951227458421,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2052 --field-trial-handle=1888,i,7296898952391185249,5000202951227458421,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2908 --field-trial-handle=1888,i,7296898952391185249,5000202951227458421,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2916 --field-trial-handle=1888,i,7296898952391185249,5000202951227458421,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4708 --field-trial-handle=1888,i,7296898952391185249,5000202951227458421,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4092 --field-trial-handle=1888,i,7296898952391185249,5000202951227458421,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=1664 --field-trial-handle=1888,i,7296898952391185249,5000202951227458421,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3412 --field-trial-handle=1888,i,7296898952391185249,5000202951227458421,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5044 --field-trial-handle=1888,i,7296898952391185249,5000202951227458421,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3932 --field-trial-handle=1888,i,7296898952391185249,5000202951227458421,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4900 --field-trial-handle=1888,i,7296898952391185249,5000202951227458421,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4380 --field-trial-handle=1888,i,7296898952391185249,5000202951227458421,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3376 --field-trial-handle=1888,i,7296898952391185249,5000202951227458421,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3388 --field-trial-handle=1888,i,7296898952391185249,5000202951227458421,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4368 --field-trial-handle=1888,i,7296898952391185249,5000202951227458421,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4364 --field-trial-handle=1888,i,7296898952391185249,5000202951227458421,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2420 --field-trial-handle=1888,i,7296898952391185249,5000202951227458421,131072 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | scanner.topsec.com | udp |
| BE | 35.210.200.138:443 | scanner.topsec.com | tcp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.200.210.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | maknastudio.com | udp |
| SG | 103.134.153.80:443 | maknastudio.com | tcp |
| US | 8.8.8.8:53 | 80.153.134.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| SG | 103.134.153.80:443 | maknastudio.com | udp |
| US | 8.8.8.8:53 | booking.com | udp |
| GB | 13.224.222.108:443 | booking.com | tcp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.222.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.booking.com | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cf.bstatic.com | udp |
| US | 8.8.8.8:53 | shelves.booking.com | udp |
| FR | 3.165.113.41:443 | cf.bstatic.com | tcp |
| FR | 3.165.113.41:443 | cf.bstatic.com | tcp |
| FR | 3.165.113.41:443 | cf.bstatic.com | tcp |
| FR | 3.165.113.41:443 | cf.bstatic.com | tcp |
| FR | 3.165.113.41:443 | cf.bstatic.com | tcp |
| FR | 3.165.113.41:443 | cf.bstatic.com | tcp |
| FR | 3.165.113.41:443 | cf.bstatic.com | tcp |
| FR | 3.165.113.41:443 | cf.bstatic.com | tcp |
| FR | 3.165.113.41:443 | cf.bstatic.com | tcp |
| FR | 3.165.113.41:443 | cf.bstatic.com | tcp |
| FR | 3.165.113.41:443 | cf.bstatic.com | tcp |
| FR | 3.165.113.41:443 | cf.bstatic.com | tcp |
| FR | 3.165.113.85:443 | shelves.booking.com | tcp |
| US | 8.8.8.8:53 | 41.113.165.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.113.165.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | q-xx.bstatic.com | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| GB | 108.138.233.92:443 | q-xx.bstatic.com | tcp |
| US | 8.8.8.8:53 | t-cf.bstatic.com | udp |
| GB | 108.138.233.93:443 | t-cf.bstatic.com | tcp |
| US | 8.8.8.8:53 | account.booking.com | udp |
| GB | 108.156.39.58:443 | account.booking.com | tcp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.233.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.233.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| GB | 108.156.39.58:443 | account.booking.com | tcp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 104.19.178.52:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | accommodations.booking.com | udp |
| GB | 143.204.68.13:443 | accommodations.booking.com | tcp |
| US | 8.8.8.8:53 | 52.178.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.68.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| GB | 143.204.68.13:443 | accommodations.booking.com | tcp |
| US | 8.8.8.8:53 | 84.203.85.209.in-addr.arpa | udp |
| GB | 108.138.233.93:443 | t-cf.bstatic.com | tcp |
| GB | 108.138.233.93:443 | t-cf.bstatic.com | tcp |
| GB | 108.138.233.93:443 | t-cf.bstatic.com | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| BE | 64.233.167.154:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | www3.doubleclick.net | udp |
| GB | 172.217.16.238:443 | www3.doubleclick.net | tcp |
| GB | 172.217.16.238:443 | www3.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 3afa27566009fc403b175a0feb88b246.safeframe.googlesyndication.com | udp |
| GB | 172.217.169.65:443 | 3afa27566009fc403b175a0feb88b246.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 154.167.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | marketingplatform.google.com | udp |
| GB | 216.58.201.110:443 | marketingplatform.google.com | tcp |
| GB | 216.58.201.110:443 | marketingplatform.google.com | tcp |
| US | 8.8.8.8:53 | r-xx.bstatic.com | udp |
| ES | 108.157.125.129:443 | r-xx.bstatic.com | tcp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 129.125.157.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| IE | 209.85.203.84:443 | accounts.google.com | udp |
| IE | 209.85.203.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.178.14:443 | google.com | tcp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nellie.booking.com | udp |
| GB | 13.224.245.57:443 | nellie.booking.com | tcp |
| US | 8.8.8.8:53 | 57.245.224.13.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | d8c14d4960ca.edge.sdk.awswaf.com | udp |
| FR | 3.165.136.108:443 | d8c14d4960ca.edge.sdk.awswaf.com | tcp |
| US | 8.8.8.8:53 | s.pinimg.com | udp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 8.8.8.8:53 | creativecdn.com | udp |
| US | 13.107.21.237:443 | bat.bing.com | tcp |
| GB | 151.101.188.84:443 | s.pinimg.com | tcp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 108.136.165.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.188.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.8.184.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s.yimg.jp | udp |
| JP | 182.22.24.124:443 | s.yimg.jp | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | gtp-mktg.booking.com | udp |
| ES | 108.157.125.111:443 | gtp-mktg.booking.com | tcp |
| US | 8.8.8.8:53 | d8c14d4960ca.47a814e6.us-east-2.token.awswaf.com | udp |
| US | 8.8.8.8:53 | 124.24.22.182.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.125.157.108.in-addr.arpa | udp |
| GB | 13.224.222.87:443 | d8c14d4960ca.47a814e6.us-east-2.token.awswaf.com | tcp |
| US | 8.8.8.8:53 | 87.222.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| GB | 151.101.188.84:443 | s.pinimg.com | udp |
| GB | 142.250.187.226:443 | ade.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| GB | 216.58.213.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | ct.pinterest.com | udp |
| BE | 104.90.24.194:443 | ct.pinterest.com | tcp |
| BE | 104.90.24.194:443 | ct.pinterest.com | tcp |
| BE | 104.90.24.194:443 | ct.pinterest.com | tcp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.24.90.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 192.178.49.163:443 | beacons.gcp.gvt2.com | tcp |
| GB | 142.250.187.226:443 | ade.googlesyndication.com | udp |
| BE | 104.90.24.194:443 | ct.pinterest.com | udp |
| US | 8.8.8.8:53 | 163.49.178.192.in-addr.arpa | udp |
| GB | 13.224.222.87:443 | d8c14d4960ca.47a814e6.us-east-2.token.awswaf.com | udp |
| GB | 13.224.222.87:443 | d8c14d4960ca.47a814e6.us-east-2.token.awswaf.com | tcp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | tcp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| US | 192.178.49.163:443 | beacons.gcp.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | 208.143.182.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
Files
\??\pipe\crashpad_4500_KQTFXRWTCKQERVMJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c03bc5cdc302b91fdc1010f64aaf3838 |
| SHA1 | ecf91057a49caaa7b1e26937173cb88e7e5ec3e0 |
| SHA256 | 1140039cb27e009de363931e21c43383c78c5fada3052c3b2866352382004b93 |
| SHA512 | 8e8866a316a1752092be254fd21e999dcee06bc18d87d89ab5759075b8c2a84e1a9b7b71d7d1b61c81e13820ef574d6d75246565042d2882116feb7c10d8b666 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | aeb2ad2f79df050f9da731575094ccdf |
| SHA1 | 73f184f53429f2528d6758ad71ab72a29e1b572c |
| SHA256 | 606f362de2a39685df706d562161f5d80ecdb733094d9588f9debfc6bac4088f |
| SHA512 | e3b632644d95351cd7d48040c249d27fbe805dcce480c665524cca5086cd2716e89ad242a48b9ecdee19fa042a9b743ad8564d1556a6b885a6d4fa04a9b2dc03 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4a9822ec8c7782d3f0e45bfda521ae0b |
| SHA1 | 4028a213ae04ae6a5e5d5465ce9b976ea3ba43f0 |
| SHA256 | c741b30ca38b7a7bed0313b153ab174a16c476c77e23caac5ae08a709f2a9da7 |
| SHA512 | 255ce59e516becc905117dbdbcb7201e25dcac5d9a978d0517b11c7782fb1232913abc08b424a68d8d4c281d4ae819a2da41082a00a4d7b1938289002f5d2240 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 202370fd9752fe6f8aa480bf47ca5ce0 |
| SHA1 | 2f41fd9494f031a3f95e0048ad85ae0a0a291022 |
| SHA256 | 1a74c6a45368dd4291acddc61072a68fd37cbae1ce74139f753f24971c0146e4 |
| SHA512 | 1ada48d7a0122c90381f46917d7a671b0836d38f3e30e98b61f7329135a5dd291fb6f451fa7e3a21e7b70fb3f48b9d8fb7e2d622968a2194e1248103b79e0572 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 0973dfb28733325fd6f29de41de4d822 |
| SHA1 | 0e0fa27f03b4445346acc276312ac70337ad7bcd |
| SHA256 | da65fbedf5724a1103d5e9d4dfddfab611f84df1892065ab19349715f34c7106 |
| SHA512 | a6174f3120f037db6d0c9ff41a19c6e30703775f9ccdf2d88b7f204709847bc7ebe00c810d00beeb81909d79b1c42766356a9b41ef730cc8510bc43594d7becc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a9a5fb7ffb0031b7c3a0a4257e335c18 |
| SHA1 | b784897d41ac95036bcd058af49ab3228194716d |
| SHA256 | f73606dab23989e0f93902380337e8bf7381b9b5d4366d2199cf9fadc31a343b |
| SHA512 | 502991f6a1d78dc8da2e7d8662a0dd0440390024ce0e38b36b93a701f7bd79a9d8d34328a43657cbb53108e43e2236e41c9ebd9b396325b0ffaa7c28d1d3c262 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f17f5ee0af3ef5058e59fa440249e54e |
| SHA1 | 19ddc752e6a1e4345bf1ddb10444af11fe8c3c6e |
| SHA256 | eea69f3859d06b89290b4e1485805cac3662a995a31d1da981dea274d5438c13 |
| SHA512 | e6b529187ba8c712e3d822d7c71b5e7bab31b682bc2be8f23f7b44120d64d07c255e20878b292ef1073a55061af4a56ea2487c3dfe2ea7f567b4fee23c11b871 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 37478798cb6422c306f6e809c69d1fff |
| SHA1 | ef6fb4c486ef453d092236a5a5882b6b69cdb65f |
| SHA256 | d9370a2f0dee8463edbf227e11ec7e0e6ead22abd40d5ffb505dfe5d2f86fd50 |
| SHA512 | 3c0a84bdf66260abdf4e4025f3204897173553c27d6fcda37bd04948c0e02cac6e7c8ce17c2cb6b03ae409bcba06777fa959d4d3e966bf25d404b72b2a81cb31 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 4d03218232045506ec9bb2d3049d337e |
| SHA1 | 1679f269fe4286fe2e4a1a1e04dc2099f49eb4d0 |
| SHA256 | f11674e3f9b04d4b10c64e89f4c04634eb4cbcee8829591e3edcc74cbcb3e382 |
| SHA512 | 145f315d749a4420b36e7f0afe6af1dc5b47ecd1c8b0cf5b026865af8c857f712817ca909d582e81ab37b282edbe5f189421256ff1c43c0a64ab6e46db98ddfb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 8cc11f8c1c723a153cfa126daad3cf57 |
| SHA1 | da97cf4491d988a032f78500ff35a445bf33fde6 |
| SHA256 | 1c647f7030a3f5732bb31970185913f2183df583f44a246b46262932985edee4 |
| SHA512 | 58a8dfbab759ce5265615fb3176b26079eff31d61f49af8c99dfbdc838a1e54a3989d69601be916e1365b0a988bf542812f9f7030e92759d4f06383ff4022b82 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58726c.TMP
| MD5 | 32585c625a102399702bd675cd8fc2b3 |
| SHA1 | ec9e13d121b43dcb3e60353c1a8f8c6795bb78ae |
| SHA256 | 03774ba74cd5e61a6cfc5d3928e06457f86e511c14064e534fa50d103ada20cf |
| SHA512 | 8c4cc948d538c10d70f425ec3bb2a248bd0b81d4b5a3f168fc89d81edce84377b599345a4ab13659accc5be26f48fefd5b2f209b49ce73d5c304cca5c4480f49 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f94e35ee3c8c5c2b0c8d1351625237fa |
| SHA1 | b85afbccf144853aa87876ff292e09f692f7beab |
| SHA256 | 8914688bd6b88f10a59e693556626e3e2c9998779e87ebe1cb13451a4b6f1a83 |
| SHA512 | 93b192c75e6085b75b96e048c2f5c5db9933636625e97fca72461ad909c2b1b365ade823872b9407257363b9bdbb0600677a5241f9d42467516a464aa8b62235 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 6b096be2c60fc988b7de9e4761d690d6 |
| SHA1 | db269c7d2610d4c100e7a9457fd50ba9158a8509 |
| SHA256 | 4033bbd5de323d5e51ca46a1327780eefc592ef27b3e5a1a681fb512cc68c598 |
| SHA512 | a8f7f0b68812c4e43c1e10abe92cf30623ffef1ec2cc6fc5914fa0599a76b97e3fedc142d15af1f74103ba06b616f3d2db161301a120a6a156d56a4e9b36d856 |