Analysis Overview
Threat Level: Likely malicious
The file http://wearedevs.com was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
Browser Information Discovery
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies data under HKEY_USERS
Modifies registry class
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-03 21:00
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-03 21:00
Reported
2024-11-03 21:01
Platform
win10v2004-20241007-en
Max time kernel
51s
Max time network
56s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Extreme Injector v3.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133751412587359330" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://wearedevs.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa3a40cc40,0x7ffa3a40cc4c,0x7ffa3a40cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1936,i,12578244958694135639,4394542346453230863,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1932 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2148,i,12578244958694135639,4394542346453230863,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2196 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2180,i,12578244958694135639,4394542346453230863,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2420 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3044,i,12578244958694135639,4394542346453230863,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3060 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3048,i,12578244958694135639,4394542346453230863,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3096 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4492,i,12578244958694135639,4394542346453230863,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3668 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3356,i,12578244958694135639,4394542346453230863,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3332 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4660,i,12578244958694135639,4394542346453230863,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4668 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4792,i,12578244958694135639,4394542346453230863,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4648 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4320,i,12578244958694135639,4394542346453230863,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5048 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5232,i,12578244958694135639,4394542346453230863,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5184 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6072,i,12578244958694135639,4394542346453230863,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5756 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3052,i,12578244958694135639,4394542346453230863,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4024 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3528,i,12578244958694135639,4394542346453230863,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5236 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5268,i,12578244958694135639,4394542346453230863,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5244 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5184,i,12578244958694135639,4394542346453230863,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5040 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4024,i,12578244958694135639,4394542346453230863,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5704 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6132,i,12578244958694135639,4394542346453230863,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5680 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6000,i,12578244958694135639,4394542346453230863,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6016 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6232,i,12578244958694135639,4394542346453230863,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6256 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6388,i,12578244958694135639,4394542346453230863,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6392 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5448,i,12578244958694135639,4394542346453230863,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6580 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=4664,i,12578244958694135639,4394542346453230863,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6616 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5668,i,12578244958694135639,4394542346453230863,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5488 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\Extreme Injector v3.exe
"C:\Users\Admin\Downloads\Extreme Injector v3.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wearedevs.com | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 198.49.23.144:80 | wearedevs.com | tcp |
| US | 198.49.23.144:80 | wearedevs.com | tcp |
| US | 198.49.23.144:443 | wearedevs.com | tcp |
| US | 8.8.8.8:53 | wearedevs.net | udp |
| US | 172.67.71.2:443 | wearedevs.net | tcp |
| US | 172.67.71.2:443 | wearedevs.net | udp |
| US | 8.8.8.8:53 | cdn.wearedevs.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 10.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.23.49.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.71.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 142.250.187.195:443 | www.google.co.uk | tcp |
| BE | 66.102.1.157:443 | stats.g.doubleclick.net | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.178.14:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.1.102.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| GB | 142.250.178.14:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 216.58.213.1:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.178.14:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| GB | 142.250.179.226:443 | ep1.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| GB | 142.250.179.225:443 | ep2.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.179.225:443 | ep2.adtrafficquality.google | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.200.250.142.in-addr.arpa | udp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | dsum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | ad.atdmt.com | udp |
| NL | 185.89.210.180:443 | ib.adnxs.com | tcp |
| US | 172.64.151.101:443 | dsum-sec.casalemedia.com | tcp |
| US | 8.8.8.8:53 | fw.adsafeprotected.com | udp |
| IE | 52.211.115.87:443 | fw.adsafeprotected.com | tcp |
| GB | 172.217.16.230:443 | s0.2mdn.net | tcp |
| GB | 172.217.16.230:443 | s0.2mdn.net | tcp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| US | 172.64.151.101:443 | dsum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| GB | 172.217.16.230:443 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | googleads4.g.doubleclick.net | udp |
| GB | 216.58.201.98:443 | googleads4.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | static.adsafeprotected.com | udp |
| NL | 18.239.50.40:443 | static.adsafeprotected.com | tcp |
| US | 8.8.8.8:53 | dt.adsafeprotected.com | udp |
| US | 35.161.17.182:443 | dt.adsafeprotected.com | tcp |
| US | 35.161.17.182:443 | dt.adsafeprotected.com | tcp |
| US | 35.161.17.182:443 | dt.adsafeprotected.com | tcp |
| GB | 216.58.201.98:443 | googleads4.g.doubleclick.net | udp |
| US | 35.161.17.182:443 | dt.adsafeprotected.com | tcp |
| US | 8.8.8.8:53 | 101.151.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.115.211.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.50.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.17.161.35.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.179.225:443 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| GB | 142.250.179.226:443 | ep1.adtrafficquality.google | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| GB | 142.250.187.226:443 | ade.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| HK | 142.250.71.163:443 | csi.gstatic.com | tcp |
| HK | 142.250.71.163:443 | csi.gstatic.com | tcp |
| GB | 142.250.187.226:443 | ade.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 163.71.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdnwrd2.com | udp |
| US | 104.21.75.26:443 | cdnwrd2.com | tcp |
| US | 104.21.75.26:443 | cdnwrd2.com | tcp |
| US | 8.8.8.8:53 | 26.75.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | us-u.openx.net | udp |
| US | 8.8.8.8:53 | sync.teads.tv | udp |
| US | 35.244.159.8:443 | us-u.openx.net | tcp |
| GB | 184.26.81.115:443 | sync.teads.tv | tcp |
| GB | 184.26.81.115:443 | sync.teads.tv | tcp |
| US | 35.244.159.8:443 | us-u.openx.net | udp |
| US | 8.8.8.8:53 | 8.159.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.81.26.184.in-addr.arpa | udp |
| GB | 142.250.179.226:443 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.11.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
Files
\??\pipe\crashpad_1932_EJGRGEQALGZQKGMW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1a9318adb29efd31_0
| MD5 | 8e05d718e7167f5c2baebb39d775ba77 |
| SHA1 | ccafb4b54cbec17e4f8723c7e503fb63c2ad287e |
| SHA256 | 24e8396609f1e9724b00ec4990da4a3c843756574cf084b024be7f3a802e5e45 |
| SHA512 | 38c204d6eeae6224ce826ad25e2d4659fd5312e3f0b33318117b1e0915daed3c8340b761843b43a18feaab7972ec29df8a92f351fdfee97d4059c77d94a8575f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 8a5c0c6ba0578fba0556956cc993e7b2 |
| SHA1 | e05bb9f1b95b07300e9d210d9e85ebeb37d505f0 |
| SHA256 | 94e12d817e3d4fa36f1f7d7709f8030604b056fa0dfb9bbe0cecc3a297005fb6 |
| SHA512 | fe8c2c5df17189f67e4ff18e26bfb799a80465a70b67c0186a10db1f73369d45f990d864bdfb07e892c727e90b24571f6d300535edd0c84548d27834af817958 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9ddafd11964d641e0c6a6fcb90525695 |
| SHA1 | 875ac3f00a859301fd5d8db77b1cf79c05396f90 |
| SHA256 | 06e47668573a0da26ad9d5596190ef32fd77650b4e32d4d4c76a8590d20fa609 |
| SHA512 | cd270ef26c814c56f688ca46862b96530bfac40c93532327af0335c4ea5a8d0cd56db4c65742cc42b6f8026f77dd7a6e67345389630d6c2ab61bf90a66d11bd1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 763a9255f0c6d759484680be96eddd66 |
| SHA1 | 2475d48e2f231835e3318e1b47a7dda462fbac56 |
| SHA256 | 9220c2cc78b0d921f3ba265a24bd90970add221eabe387804170b781d18e575b |
| SHA512 | 62396bbd667a6463ef0b367dd0a6c936a23e40fff8c616566d076204c9cfd3f9f9b2efff48488125f285a071ba95a8ca1b0b79760e80a0d551b34c91bfc4906d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | a8c5436fedb2c1ddd4208ed591c92c17 |
| SHA1 | 446047388352d76fe6b149654e522ab08144953f |
| SHA256 | 182e36d4b13b78ba106ecc01f47c2eca662583c2707823382bf8108e6b0d27d6 |
| SHA512 | 0275b2143aaf7b39033bcda4abfae839a47c802298b180b6886dfd7662fe81d8595973102fece8e67e60a045a31dbe2c2450604e7f017c297ccccec2004f0adb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b
| MD5 | b40fb6ac17dfb5bb35878a384682a64b |
| SHA1 | 61925f87658b84cb5b53ba9db59dd2f1ed814fd1 |
| SHA256 | 449deb6564c13c0afd52e4301c3a37d3130fb6afecd59f3341b70649ba4dfbc3 |
| SHA512 | ff56388f78213eafd7f290c02256c7331f02d59977581355fe5457723e593bb620d2f886523aa695494bf9ed3b681a788e2e2791de7b4183c860c4afe1ddca86 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a
| MD5 | d0257b73c491f026709ce5d4bd65a8e0 |
| SHA1 | ef1e88f1d6dbf04ba4983e48e91dc174a1697c96 |
| SHA256 | b399da75ede339706576a976f7766d444b67b4daf62b0b321866f6103bf291a6 |
| SHA512 | c8fcd72af6e6c82b0d7c4d51e31fc5dd5321eca6b3cf339888645a49eb010351a429cdf5f926c27cf0c150b48285e0f521431aa07b41dd8b0b3aa70358fdfa21 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 885bf05a13c15b61a9594cf0c5d97d11 |
| SHA1 | ae0f4172f7cfb21a23cbe811ed15fd2286768e31 |
| SHA256 | 3276d553b2ff84c0fce1d66feaddfcdc8d9a95ac4184f1ae7efc01dfd0e62a0e |
| SHA512 | 02105fa3856e7fd8109bf32e3b2ecd370e6b338b59fe17dd8f54cdad662d14506caa06341cb9a0c7278b01c759b72fa427bc7e869b80506ff0b1442b517aeca6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b
| MD5 | ec801a7d4b72a288ec6c207bb9ff0131 |
| SHA1 | 32eec2ae1f9e201516fa7fcdc16c4928f7997561 |
| SHA256 | b65f40618f584303ca0bcf9b5f88c233cc4237699c0c4bf40ba8facbe8195a46 |
| SHA512 | a07dd5e8241de73ce65ff8d74acef4942b85fc45cf6a7baafd3c0f9d330b08e7412f2023ba667e99b40e732a65e8fb4389f7fe73c7b6256ca71e63afe46cdcac |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029
| MD5 | bec2af13143a7771b0b89cec2ab92b27 |
| SHA1 | 9cd25b2c17a630fd0d6dae4aa80ea510ef4b89b2 |
| SHA256 | 52aa9c3bdb64b5d1c1fe6dbf456fc50da434916b6c7489f3c64a0ea9253408ab |
| SHA512 | 42d00250350982b0d3f26b84f33cc1365c8ab57f830f2f859cf3cdc8ba2879c09249264b1177c4b85de6a2461efe06620668c8d5bb036fde0b0030fa246075b6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 67998b68087704054ae1b4e6695f2ec6 |
| SHA1 | b6273e093a5cbd13d335018168e48f5d25b4182f |
| SHA256 | 80a6af3894c9f0e540e90dd674fa2f4ccf41885f917b0d5caa451f1ad8a9603f |
| SHA512 | d2dd27e9eb4500626657842d42598497f61895552e61dd82c430acca149fdb0552435a4b6d36a769d46c8d0dbbaef38e1f025b547973490c2f4c19f595175f13 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a40ac255ebae30146dc34e97baecb2be |
| SHA1 | 09f988ad7783c468af3cabf55fc93a5c2ccb3423 |
| SHA256 | 8aa07761d06335fc1b9eb9f99fa05d95d557922f281a38e3608b626d33d41870 |
| SHA512 | 3bcd4044a44a0ab7acfd1dc773ab9524cd6f5a8f52656426124d523f97ad104b3297626e5918e8742b64150c4247dda0d2d7129b73d3cd5579702bc4874c59c3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c8fbfe82-f6ab-444d-8b19-010950237df3.tmp
| MD5 | c1c1fd76765561e86358d65496c6301f |
| SHA1 | 6b4f51376f95662e4ed3fbc7c7f492907ee3d373 |
| SHA256 | 4ec860c92d9fddd7dfba5b1ba62c46c9d659dd183c233c4001c40cedfa6ce42d |
| SHA512 | e4c19ce1dbddd282880f21e3dac49415cb3d58ffd174803acf86395b9a96ad0e15876ba2418d07a8831e53aab31285ccf1619aa88ad17fe105725e7f8d38c11d |
memory/3956-361-0x00007FFA33683000-0x00007FFA33685000-memory.dmp
memory/3956-362-0x00000000001C0000-0x00000000003A6000-memory.dmp
memory/3956-363-0x00007FFA33680000-0x00007FFA34141000-memory.dmp
memory/3956-364-0x000000001D7C0000-0x000000001D7D2000-memory.dmp
memory/3956-365-0x000000001D820000-0x000000001D85C000-memory.dmp
memory/3956-367-0x00007FFA33680000-0x00007FFA34141000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 1e284038c4d627789c8421a3f88e88a2 |
| SHA1 | 7f2db82da7b68e0195b6dc551fa83a7412f7a661 |
| SHA256 | e6821a429112eb1de41b2780572c10b417def6975a76ca857267910520996577 |
| SHA512 | f5a68ce15bb52d49eabc137ab6c798c8d44fd9cd06ce1e545557be333cddd6b0d657698b284aade8979d180d3960175a0bbad910440d2d6b315ccdfc6f236015 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 7b8fde2a36ece9e20a7075c6ce8a4752 |
| SHA1 | ce1f4e788b0f0363deffa2e7d52da7da1a64e462 |
| SHA256 | c2f3aad69e2f6eb79d2880a1685b5d0df7fb9de8f3751b46bdc5ea6272bd2389 |
| SHA512 | 1b5ba12e2baae00397f8b00bc4c7ae01bce261c628ca7d599de0644a6b8a52d84a8f3d15086dcdcc06a341f430832a9d2282664ce8f9a53b56b8e3a8a8944a94 |
memory/3956-382-0x00007FFA33683000-0x00007FFA33685000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 82932d5a6abc3126df384a7ced51b453 |
| SHA1 | f1c6940b5b9d4a00e381dd4b3ad686e43c086e38 |
| SHA256 | 868ceac71fb21ae764c177c82b63f4f033986eaa5ff59f8ff64431c8f50a542d |
| SHA512 | 396a4563da46db97f1dd84b1bb8fd05921c706ee72923550acaacf36e07c72c3e84ed038f3cc23780c3debb28e0571b1ad17f2d10188a7d373994b7afeacb533 |
memory/3956-388-0x00007FFA33680000-0x00007FFA34141000-memory.dmp
memory/3956-389-0x00007FFA33680000-0x00007FFA34141000-memory.dmp