Analysis Overview
Threat Level: Likely malicious
The file https://github.com/RattlesHyper/TrafficerMC/releases/download/v3.1/TrafficerMC-3.1-windows-x64.exe was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Drops file in System32 directory
Browser Information Discovery
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-12 14:14
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-12 14:14
Reported
2024-08-12 14:20
Platform
win10v2004-20240802-en
Max time kernel
393s
Max time network
392s
Command Line
Signatures
Downloads MZ/PE file
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133679456578300872" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/RattlesHyper/TrafficerMC/releases/download/v3.1/TrafficerMC-3.1-windows-x64.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb973fcc40,0x7ffb973fcc4c,0x7ffb973fcc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1892,i,8362580919842126717,6013486505684172642,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1888 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2068,i,8362580919842126717,6013486505684172642,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2104 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2212,i,8362580919842126717,6013486505684172642,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2460 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,8362580919842126717,6013486505684172642,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3152 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,8362580919842126717,6013486505684172642,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3184 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4820,i,8362580919842126717,6013486505684172642,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4836 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4852,i,8362580919842126717,6013486505684172642,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4996 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5252,i,8362580919842126717,6013486505684172642,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5268 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4568,i,8362580919842126717,6013486505684172642,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5416 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb96ce46f8,0x7ffb96ce4708,0x7ffb96ce4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,8322648675747373071,8955867924989797418,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2012 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,8322648675747373071,8955867924989797418,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2460 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,8322648675747373071,8955867924989797418,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8322648675747373071,8955867924989797418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8322648675747373071,8955867924989797418,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8322648675747373071,8955867924989797418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4368 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8322648675747373071,8955867924989797418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8322648675747373071,8955867924989797418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,8322648675747373071,8955867924989797418,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3636 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,8322648675747373071,8955867924989797418,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3636 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8322648675747373071,8955867924989797418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8322648675747373071,8955867924989797418,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2000,8322648675747373071,8955867924989797418,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5272 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8322648675747373071,8955867924989797418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8322648675747373071,8955867924989797418,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2000,8322648675747373071,8955867924989797418,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6276 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8322648675747373071,8955867924989797418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2000,8322648675747373071,8955867924989797418,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4700 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,8322648675747373071,8955867924989797418,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2620 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.109.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.58.20.217.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 184.28.176.35:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.176.28.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.109.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 30.73.42.20.in-addr.arpa | udp |
Files
\??\pipe\crashpad_2792_RDUPVOBRSKDXBHDO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | c812b19e4d81a6d4623aece981e16ee4 |
| SHA1 | e69dcd775d116b73387065d8e139bb9f5c698a66 |
| SHA256 | 5736f891abd7657f2bebd78d4409b417e394b73e7cd0fba1426af212da779d45 |
| SHA512 | 44afe468a6e8ac7771477dfed242e8ef981b84acb6fae30c9465fba1bafdde1771ecfcb834650d85c9ecff192b36cae78f462b4e0d81adf60e274da35315a8ea |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | ba1186a37308555ed669ecca6cdd5f9a |
| SHA1 | 12e3f0bc3e2caa6f9c487721966f785a51235443 |
| SHA256 | ae52a2ef5202debad7874bedb5960cbce027a860525e45ade4af1018040942a2 |
| SHA512 | 0e0bbf2b0ca1061fffeabb70a9016205d6837012ccaf26115236ab0d995b263d09e03c64f2fc2e9e323f3561d36e31c067ab0cf2b51000da0920758d51351518 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e628dad9-872d-4fe1-b208-a3bbd55d9701.tmp
| MD5 | dbdb7c2ebc404a6983a12c029c3e5aae |
| SHA1 | a6d3ecc1055c84883c9ac590f42c09ed1bf6bc41 |
| SHA256 | 408620a2839a84544bee55b0d0ef538e452683c1f027480e21c31db5206f036e |
| SHA512 | faa0d1f5e68a8ceb8737e1fe696f9f9be96951dab99ddcf0608e2884bf5e3ee342596bcae9a629af5a5070218db6e4f53f7f8ea01b15f133d66f3e7a5face0e1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6c4f7692e4db129d6e72c8a985328407 |
| SHA1 | 57a7ae4d5e9bb25bd5dd115adde62a7ce06320f1 |
| SHA256 | 0e92bfa88d6ae5291ab31d5b169dcf6ff5489f4adf7813ba5dae76b932ccf66f |
| SHA512 | 4cb3e004728103b46a0cc3faf1d7f83a8123d627645b0ae451f44d26fa1d468f786f7cde1cc09136e96a88e993809aa24c5c94b352f3dc4ccf037ea396094188 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | afddb8cb7d5fef8675c5fbc891f0ce30 |
| SHA1 | 47061d64673a7c476a3c9faa4a11972a9e89cfcd |
| SHA256 | 682cfc9e3448dd20e335a86144e197175939fc05a0bd4caa65d92c00ea2134ea |
| SHA512 | fd65f79b1e35f05ce8d28a803134e6fd09ae104b60cde86ca6a2d4594dd4bae9f5f175c76121f567674bc81b1f8a744a9d5f3eb492ab4641f811ac7be712e8a3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | d8aea5c4a861b2efc2b7ee3bf61d1b7e |
| SHA1 | b5e71e6d4443a82d2ae07a9fe732c11431517dc5 |
| SHA256 | 6d927d4b56d8f4dc47774cfd51cf918b98d3e6d5692938555a43a9c93cb07839 |
| SHA512 | 7b9a3c72cbd3cd67a6defa5e52ace61466c21d2189976859ad2b03b442c09161daaeaa01350ec33255d473d78d209112cf55515a166967524505e6e5de893084 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | aca5119431fbd03370ed4331e91ac2a6 |
| SHA1 | e5e025974258723dc185384381818a40a6d93a26 |
| SHA256 | f9643c5488e7dc089aab91558bf02c8f25983e8d96a2b1bed9b8377e85dcc154 |
| SHA512 | 688e39a06f638a073f42a5cf77434839a495398711c7db35998549d7320eeca6af4ea899e175acb8461749a51a6971aae4f1357472c26881952dd5d0f40d9260 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5e242653a74f5b20f4d6608a4cde28d3 |
| SHA1 | 998917049af1af538450620e569d757584085feb |
| SHA256 | 074dec2ca95bd941c01767d16086930e6b9f5cf03108917e26c8eb881d46e4a8 |
| SHA512 | 0a574c999951bb283bfd00539ea6c8416ec54e4f02087b4814fc9c55b5f53769b7108899ab51626ec72f0a8e66534f60f36d9ac5cf9e6c231c2f0225fc52dbb9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | eb9cee0e31f032779506d5c5d2e0e613 |
| SHA1 | d0b3316d1206adb39958e52d818699ca5d61f02e |
| SHA256 | e248b73e0849dc8946037c882f3f5eec0702ac658259f4d8c9ef4b3a68328f5e |
| SHA512 | 4a2b749d2479a8c7b6d3f5bd8a834966a59295abc87d7a8f6bd6b37b17a4aaa8fbe570a4af11b92d967ecf1e0544e0c739736e3cb227baaaed4e580358557a7c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 0caa066639db8ef6c96ff2b6e617776d |
| SHA1 | b40adaaf4255ece8d3406ac3ec3c38b24ab39cd5 |
| SHA256 | ed6e1d5af6830ef02f06516f2f4e25564625fb00b895ae16b2700e2ea71a29d8 |
| SHA512 | 8edb2c46f9a95365325cb4b940c198ede2c1efc3f68c19b8bdd242db3ff9ca5ec2c1d98039be60d2fd17bd06fec0b765f8f05499381c59e2dea91e0b8c9d46f2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bb2a67c79a456eaab18bb6df1ed3562c |
| SHA1 | 8af1443bc898c8cd433901951585dcd36a29ca53 |
| SHA256 | 411be64e2a1b5ca305595967b8eab85412d93d81e14f70309c2195ae08a3c81a |
| SHA512 | fab5d77acc95f7c19ceb00c6173cda1ada6175f1ffd12c5d7044fafc3b886882c38e133fd072813482c0c60a84124fde06d590c495af7f61dc78e86443421647 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e757f9fa4ba8704f5ae52bb2923068ec |
| SHA1 | c906249d074938e513cf6ef2c2e5a0737eb3648e |
| SHA256 | 5f9785fc8f6ea1a0f57fdfc5d6e87effcda53ceaf9530d633fc49ab47cd10742 |
| SHA512 | e1adf585ff5055ceb4fa95abf1b2fd54c0b92d4a466d39d42179ffcd30100d54adcc4952c7f920aabe3ec6e8cf3a48249d8efc9ef8bf838fac564ddf18ba0e1d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | dcd694c66195fe3af3b061bffb14aae6 |
| SHA1 | 6f1179da2b952d4b9882f4abc4e63d50284c4e6b |
| SHA256 | 84737a8387cb72c6f69200633cebe653beb6bd4ad7c4719c3307f08acd32c791 |
| SHA512 | bf401765ce249f6775a389efe0fcb3a382d62c650bf5ee2d98111110491ac021cd69702df1a8861c2ce1b13af08ea75e56436166d4314427dad228dcbc25ca0a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1d83c2180adadc4cc261c6b4717ed6d6 |
| SHA1 | 46a52129481c10213a362cee54835063c318c0fc |
| SHA256 | 34dc59769d39efed530e2b93fbaeab05b7d6485b7fa7b34556d43a6915d69e4b |
| SHA512 | ecb77f85d16756297b641386266703645e8bb124f781f9d5662973be60396236d5820a5d0b8aa27cab1a2a1ec7462f4007b71a6b9a7ca5be6116778f7bfad4ca |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ab4455d12a79fccb9c2e0c49e899e41b |
| SHA1 | 0ff789d8682b832e111f6946f032a5b36e5f4840 |
| SHA256 | 719fb9fd8ee3d6feb7862aa29a306690c0669dba10ec1169f41308375926aa5a |
| SHA512 | 9befb7dfa090a04731dba56b0b0f66115f169dc1bb8afbe71d494442de5a3683ecccc01b617336523d2257803b96f6098d2c671b465814dad41a42aff4b68098 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4f11a5c7431e9dc8fa086b7b4d62760b |
| SHA1 | 0df522857bfcda10c7ad04a4ffeaefef20f7d4c7 |
| SHA256 | 5fb890446aef3a8078d04ff2bab8d6ea3dd7e4cb4872891c68e0e727110e0899 |
| SHA512 | ba92d72de9ce60d519259b14a456296e7766fffebc5e3dd8ee811051613d7415511d4e41e86429d9caf12ad454219b967e714cdd451f9cb08e2c917f36a7bea7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2e368a549785707bfbca7dcfd91ea487 |
| SHA1 | ed16e7521bd8fa0f23dc36b4fe7adda7be07f0eb |
| SHA256 | 19a21dcfe10dda9cc387dcfa4092e42bd018e4e9954ff81c4cc3c91bbaf91ebe |
| SHA512 | 18d4358de702e0f582ca4c828ce1b4e3fba39363b5e5c34125228cf3e84ef690ad87c39b5206e8a61cd6afd674a1280abbcf6e97d60e098e3d5dbfc8f5d4ef9c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | de53197b99fc5d2840551e58f99f5a08 |
| SHA1 | c3aee6d843f8704b25b1e9e1451c231b481992f4 |
| SHA256 | 14cd5f2e848c2bf1661171fba11f33714f019e08b4395a1f796a26e7c08cdcf7 |
| SHA512 | d449a2cf00acb97c0b48e34e96849ad8f7b75a29ff8a9759cc8b65a1fc6baa6d9e8d8d603ed765f8e2b83818b940f9263784934e7a5e4b615180c4b6c173018e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4fdc63b40f953e59bdc51f8cf0b5c739 |
| SHA1 | 45a8d310fe70948e0b358835100cbf4f6c7f74c7 |
| SHA256 | 37a26ac1d563ec5a6336592a84b85e84be7163c1df6b7b12ebf51026efdb52eb |
| SHA512 | 4fd4b1f0c28d70587ddc10624566f021785479486a8119f8f4fddd22d8ebfd2f1e603bd5bdb1239d2cd57e1e27cab1b476a28ea4a17e6b90fa6a2a9e3917bf4b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0a82d37db745f4dc2c78fffb5924a1c9 |
| SHA1 | e967ceba09f54c091a2c92eb83b2976effc2ac77 |
| SHA256 | 1ae405640eb831d7053006f9ac2b62bc4f99976e6a4dd0af5a5e5ecd599b8af7 |
| SHA512 | 5a4cada8447b0e18d67e23024a076afa61a3b14c7469741acbef7226f3a46ccc38ea1e093cf142ebd1b12cdc59e522e8f2d456ee22e6bc9dad9d45beefc0df3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5c1d4aaa661c36e4e2db5e7e5e6a58ed |
| SHA1 | 6975f65729cc6f4e5051155989bb47fc02ea3c6a |
| SHA256 | 7bb8a86cf054564380851602eccc67cff4ce3e6f2796da07aee0149d197c35db |
| SHA512 | 76f565ca584440533553805a8b2aee020ea8a603c60688ff79197b5d91b0f535c126f2ae7aa73b50a0fe99b29fb5ed0b2bc4375d420ad31957e8ee4767b4c809 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
| MD5 | 852f7926b0fa8282262e175d8660b083 |
| SHA1 | 113346d3bf7ee0cce15952bbc7283e40c73790e0 |
| SHA256 | d9d2d66b4d908e4e76c07debc37084e5a0dc9020308477438d5889bc8e8e27ea |
| SHA512 | babf2788a18ce3610155a3b8c34d1f488959927e59ef9529ccc684cc2953e369e998874be7c79c28407a45993b6924cbad726408343b77fc6943fc3c2e0ad733 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fa1336c76d28ae58cf22e41ed6947962 |
| SHA1 | 927ec611c633c6870c8e0171fbefdadd624c67ec |
| SHA256 | f9242355cbe4a8f4a1ba892cdd26f2b359995c1e198d79c3d407be6b95c53f23 |
| SHA512 | acfce49b7552f102b25c51bb15c75427f8ae1e1acb94e14b52c837dd713ee8c288b9ac6128361c7f1e5b1adc580028bf55d1874fac6d9c44903528901c0dd448 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 1fe5ed8b3f622de1fd0aaa7a35bf2825 |
| SHA1 | fab594ede7a7af2406d0ebd756d8d2cb7b0c89d0 |
| SHA256 | 64094e45e2354c1a98885509fc3d3052a9ef6975bb962763fc623e4a93870cd7 |
| SHA512 | 1f2ab224b308bdade3aae9edd246e6787172705997d26bc2667e588b1ad73ee4d2d644e449e49e889af965540f18f635fe06585bbdae2f303f89522deb2e924c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | c3747be2579d534448b280a64e5140fe |
| SHA1 | 0ded382c2f5d62d268f12aaede96a44254897e2f |
| SHA256 | 56d43b788cab4420c4547fb68a59b6d99e40e5b1eb909eca262cc39289e1eea6 |
| SHA512 | 914cd9c5100fd2e0262894e41ef732474cc7bf748a9e96caf3c870b80ed869a321c20bae9c14a6302af9a89beb87c3524d55ad95fe10b91cae05470d2d083ec3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_1
| MD5 | 9e09409a97a6d03c1867ab59a3ae0848 |
| SHA1 | 77d2c936e58cb6de437fcf7e3807984ed627c0d8 |
| SHA256 | 3eedb8588a1fea4fe3457f07941c75896c5d5672b79bb34d2f09887682c92b97 |
| SHA512 | 5988f7eac65100a619d2bda6ce79f4788ba2db58bfdc8fb65a99986d19156598d409553b2d8a43f1714c9c727a7e2057a64e6946e1a42e6ef755435a9e9d4cb5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e765f3d75e6b0e4a7119c8b14d47d8da |
| SHA1 | cc9f7c7826c2e1a129e7d98884926076c3714fc0 |
| SHA256 | 986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89 |
| SHA512 | a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 53bc70ecb115bdbabe67620c416fe9b3 |
| SHA1 | af66ec51a13a59639eaf54d62ff3b4f092bb2fc1 |
| SHA256 | b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771 |
| SHA512 | cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1f6f84adc2f64efa19d09b1513b336b5 |
| SHA1 | 8c57ea15619925085cef6123ee340d25664aaf47 |
| SHA256 | 508ece4e96059c0288882637ee056c3377e08901c67da26ea508948dd6c17ab1 |
| SHA512 | 31907a7350e77f8106e84c2da1c4957e31aae9380a7a953eabccde8176b0283ed00f77ccf469797a3d329f8283961b10a09113e4450dc039a73ed8989f1e2feb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b43b532737179cce9f6ab6a60d555794 |
| SHA1 | 5da7613f19a992f7c011636c4fe09c00553fe29a |
| SHA256 | 0f2e5b5d2547199cbba02880c4ac274500c5537197b4b51b52500eec1c7ade2f |
| SHA512 | bc774cf4bcdbfbb1e87d3fa87b730371cbd3ed8215ff8f602b13c53152ab1ac26dcdfe31c7ac4197b58d14068c43c808edd3c5c1c6fe97ef98e8616afc054cb8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0dd787e91e24362f0d9881709a99a946 |
| SHA1 | 083bcbb3367dda3a949e12c623ccf518f22dd7df |
| SHA256 | 0da748ff2426a73b7e20523778bec4bfc954e9457c7ea339324d2712b39559df |
| SHA512 | 9d59b411df83d19d965db465fff1da9eabbb3089f12bff852b5766d4fe2490d8cafcd4e28b2bc51a542a665078dfb4bd18c0180f8b2535de9fe6cb6f7f539d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1c666f901b7030cd349161f7ff099eb8 |
| SHA1 | 839df68f88521201b3ccb3120d827e12e6b0a0c2 |
| SHA256 | 3deac41465d160b49dcf00c4a5894c5309d4ce9a9755e342af15bc351b93736f |
| SHA512 | 8542f3de2be9d033a6ed645638419658dcd1752f3c9f2ba1d8bc0f4467925b52626122805311ebcb5ea7a81b5047a9c03b6fe28e3c84307ac340323d18b639fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | f5cd008cf465804d0e6f39a8d81f9a2d |
| SHA1 | 6b2907356472ed4a719e5675cc08969f30adc855 |
| SHA256 | fcea95cc39dc6c2a925f5aed739dbedaa405ee4ce127f535fcf1c751b2b8fb5d |
| SHA512 | dc97034546a4c94bdaa6f644b5cfd1e477209de9a03a5b02a360c254a406c1d647d6f90860f385e27387b35631c41f0886cb543ede9116436941b9af6cd3285d |