Analysis Overview
Threat Level: Known bad
The file https://valkclove.com/ was found to be: Known bad.
Malicious Activity Summary
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: [email protected]
Drops file in Windows directory
Browser Information Discovery
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-30 10:12
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-30 10:12
Reported
2024-11-30 10:14
Platform
win10v2004-20241007-en
Max time kernel
102s
Max time network
96s
Command Line
Signatures
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: [email protected]
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133774351763323066" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://valkclove.com/
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffec777cc40,0x7ffec777cc4c,0x7ffec777cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1912,i,4958070241952270206,13561508513398668845,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1876 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1880,i,4958070241952270206,13561508513398668845,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2572 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2104,i,4958070241952270206,13561508513398668845,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2580 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,4958070241952270206,13561508513398668845,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3136 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,4958070241952270206,13561508513398668845,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3372 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4600,i,4958070241952270206,13561508513398668845,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4612 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | valkclove.com | udp |
| US | 104.21.49.25:443 | valkclove.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.49.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 104.21.49.25:443 | valkclove.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.2.137:443 | code.jquery.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.200.10:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 229.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 104.21.49.25:443 | valkclove.com | udp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | use.fontawesome.com | udp |
| US | 104.21.27.152:443 | use.fontawesome.com | tcp |
| US | 8.8.8.8:53 | 152.27.21.104.in-addr.arpa | udp |
| GB | 142.250.200.10:443 | content-autofill.googleapis.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 104.21.27.152:443 | use.fontawesome.com | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
Files
\??\pipe\crashpad_2808_KOKMANFQYLRVSVSA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 5db8202c9e87b99d30be80b224c3871b |
| SHA1 | 69e6cb12bcddba2086d69babc1cc72dadfa40952 |
| SHA256 | a4e9885b0e8bfa2628e3854bd5fbc9d28f346f35754e3c07f21f5823986ca9be |
| SHA512 | 7e4160fa7ba7756d4026adc079c094791d97b9eba1c817231283a699a7fd9c0e48d2210e0d8a4557e80fa672bb55272e6ae19351b73fdb334e7103bf7b923a65 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 8212b703314a1daaa016f3ff388e7a06 |
| SHA1 | c26be03c36f2a573ea4ec1f44dfccf86375010a5 |
| SHA256 | 8d667f9e608bf6ab0afc9040c3d8810894b267765e696140f80eebe4ebc2f0a0 |
| SHA512 | dec35e2c25b06a3504ef3509bcbc7894e2b899b0c062cb309383bbd25c71d40bbf7ef655fbc3fa2738e959a7d6606069c628a6f5b29bdf8193151b1f79c37fec |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1a98ccdd1b49d455be45a2108497f403 |
| SHA1 | 99a58cf6340da1035b20bc3ae4bf405e052289c7 |
| SHA256 | 514dbefd4f245b18021bb7f2632fd238da0118891eaf615a4fe7a59ab7e8bd5d |
| SHA512 | a54c7c2defe6c2cdb58b1c6dd212ff99c28265dc14bad14b1ba037c3c7cc01120a57a7b619844ecec19c68bea47c1b9e232dc087efaf87a1138ae80e2c54850a |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b3bc893e90cb61ee7a9eb0f0a87119ea |
| SHA1 | 85f646033ecc55ad5f4c159c53847f161ce53088 |
| SHA256 | 81b5614bb6ef1515ea8d91671b9c82eb61444580aca1ad2967a4f612331e1a76 |
| SHA512 | 43d446bf5bba86b5bc5a5ec077c466bbd102e675f5f84b1902b4ddc06b68b133ca72d61ed7be645b7ae1f405c3011db7992a341f4b3bc86cf438bca0ae66f238 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3e2bac9848803e78c1bf3240d2b39ae9 |
| SHA1 | 471ccd837deee3c16c8c8843eae4bb638a2b2b07 |
| SHA256 | 8830baaa823aff2f4d11b14c59fd2dbf0825859208f4ea611f8554b8ee46a681 |
| SHA512 | cd6260328d49ad299dbc93e45479c5d1f515f76dc66a651f7d2b4354d2637cbf65f51eda7496352dcff169d3e043ab08064ef9f78f90360cb7884b9fd22ad3a4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | da019dd8b381fee729722dc6e3201625 |
| SHA1 | 1926c182a971f9e5fdaa8fe1a116f9e8f8bbc6bc |
| SHA256 | 19c68b9f92cebc40ac31dbd1bcf33172ce0976d98f1d1d2e9108b9aee25c5249 |
| SHA512 | 2f798585139d359a9881a5e9117bfd8109d9c0b085bd4683faf7f0a1f3142f67fce9aab227d5ec42e2b9159600a5e53ad2b5dd98b52c50078b4b0117d1033902 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 39e75e30918c3bb408f0b4544ba58163 |
| SHA1 | f1d92bbf1cabfa54160fcf60c283aed2175391f8 |
| SHA256 | 85e169422e34158128abe5d1b12e7c49db57adcb3d9b544b2d7550da93914509 |
| SHA512 | 229467d1a72024e99094b9e71dc29362166867313cf913969a3fe8f306c0cc04fa5ea055a543b75896bdd71f0e17102fd8c9ee225952a09362a5c4a7a089c9b9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b9277c668bacf056a06f8438e636489f |
| SHA1 | 7e7a9f010eb0748b4ca0cc913319d384e38dacf7 |
| SHA256 | 8ff8adf7094a6aa10a13734b0174bf4184bad87b68ea1abae215c4b93f5df129 |
| SHA512 | b34cf5b8d4502c5d4aea1eb18bf88923fc66b8faec74defb730fa33ffad8ea142256805f4ccbe32ee4b06fcabfc7d0cbadf64f9b96f153b78fcb0717e45939df |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fded8610ab32193e62632fa6420c55be |
| SHA1 | 661d67df5e94fe09191b4ae0f5dd6111b35f2aa8 |
| SHA256 | 34892bc81405fadc193cafa73109123be34227d0788ef4dada05f8e89b4cd206 |
| SHA512 | 70b8bd46b26fb60229fb99e5405fc91fcd89e87b9c5701401e2734643c64d44eda2a395d3e40d95dcd960953fc5f38d9894e9acfb64971a9bf80f3a4da87ce0f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 53563bc33c58c447ebb26f815462bfd6 |
| SHA1 | ce2a3f03b5fcedd3420a7c913d1755e640717a52 |
| SHA256 | e51590d8070b166363bd7c7cc2e31d011874f76aa326c3f7668e110493bef0b8 |
| SHA512 | 9bd26f9e0cb73afe7b8520df54ca56d5ce26f39b7becc6d6dde743cc34c5e8e12a5894895954a086396288e3c3a798423a45bc6693f64893b8b6dc111d562069 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0da68675dac9a070490a9b18c8093341 |
| SHA1 | bce91acfb9089f7d279f459ccf24cb1647a59f48 |
| SHA256 | b7b1242e036b9e4b3604d514dd2eb5237436d02630218f68adb259a29cd2ea5b |
| SHA512 | b161076afcdfe1380726d5d6752d2d18c46cc6c92f137c1a36b5458cd736b4196c95d8a58867feee9074d109f72efc1d373076a697dd97c7a01a93f8b622847a |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-30 10:12
Reported
2024-11-30 10:14
Platform
win11-20241007-en
Max time kernel
93s
Max time network
92s
Command Line
Signatures
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: [email protected]
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133774351759296625" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://valkclove.com/
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc08fcc40,0x7ffcc08fcc4c,0x7ffcc08fcc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1776,i,7831782402008110703,3457680632221841609,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1772 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2024,i,7831782402008110703,3457680632221841609,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2088 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2156,i,7831782402008110703,3457680632221841609,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2352 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3084,i,7831782402008110703,3457680632221841609,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3112 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3100,i,7831782402008110703,3457680632221841609,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3152 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3736,i,7831782402008110703,3457680632221841609,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3536 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | valkclove.com | udp |
| US | 172.67.158.13:443 | valkclove.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 13.158.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 172.67.158.13:443 | valkclove.com | udp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.130.137:443 | code.jquery.com | tcp |
| GB | 172.217.169.42:443 | content-autofill.googleapis.com | tcp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | udp |
| US | 104.21.27.152:443 | use.fontawesome.com | tcp |
| GB | 172.217.169.42:443 | content-autofill.googleapis.com | udp |
Files
\??\pipe\crashpad_1056_EPBTAKVLRUJXIIYA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 8702a440bf448011104db5d736d0f154 |
| SHA1 | 771811c8cbfd7930f889a2a73eaf2620482b937b |
| SHA256 | 91e71d125f797cad443e0f3752bcddd753b2f84a2b6c2761802164cb51bc91e7 |
| SHA512 | bfadea6aacb70352bcbd41a7847568e8c5bc22f9522484546014945b062966282744497307ac76e7e860e2084663ba6efe5152ddf87d1b0b2340ab1ae218efa8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 5ec7c0a8c58b328e2f1ff025f1878e6c |
| SHA1 | 663cebe36da203512bc308cab5bba152917825fe |
| SHA256 | bad962e4aa9431b91959110468f93a9ccdfe2366609cb3e742bf3f1bba54dd3a |
| SHA512 | ce2eb4795f8c428db9faa4ea4a21ae0b4d0eb906bfc073d1ab938257012ece30b5c74a7367669f5854452a19ee0009275eaadf124e8913bfa886e93e37e1f331 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ccdb25f22b665cd66e8c338d00b66cb4 |
| SHA1 | 72b1ea1ad447ed6cd4cace5efbfc09bab5409023 |
| SHA256 | 069674f45d8601a7cbf8af9ddd5db4f5fc70fe3ad82e18bd8847696fe4371f87 |
| SHA512 | 74ca9c8e7705d3a7968de9261f5b17265b5b3a73474b17c88df81dc7d530b087506de69fdea03f88048a0c05a3ff9cbcfc4b1c21fb75e78c3046721dfeebba64 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 84149ef0a8dafaccb99f393ce6a0ad89 |
| SHA1 | 7730dd2336a1234f549dd4014ceb120df6feb975 |
| SHA256 | 0ce1957cf0f44486470ef3bb29cbd402023baf5f37a501b7f8aba4f8118cb45a |
| SHA512 | 4e4a62d0d70a183c55ba714f51be11770e1446efe60452cb71fbecf8acd77710400bbe1bd7e9abc01d11be050f9316dc38b79e041667d7d76cacc8685d43415a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 497c37e8129c604c480adca0f487b11a |
| SHA1 | 89550c318893ffa89a7771e41333b4cdaef22444 |
| SHA256 | 9825d222d64492613c2492662d06b322aa4b7fd942f1a11185cd5dd7a47bb543 |
| SHA512 | f5a1a6353ade73f9cffeba6f26242a49110a62acdf089829309fd5c5730328cf9f39ce50e3febb9da51766fe8794c270b90b5a3a99c0c9a8b5cbe6a7ce8001be |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 05e40c4f24dba98f20f4947a0ff596b0 |
| SHA1 | 8e8ec136b74ed81aec556b88e61ea4682fa90867 |
| SHA256 | 847416143b6bdf1f7df27ed9d459a7c6303be3d53e38306870755d3e27103a18 |
| SHA512 | 2558c446b5249425f0f6df72c7123c7284f7b631e4c67f8119c43b57ef8c9a459a2b9f128bf8a77b2b9e542dc144a77a8e45fe545fc0412b11f33953c8876904 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 89f02da3518660b10d2da769e4530093 |
| SHA1 | 2461b9d8e94077b248a3d882cf0d3d14b70b5e16 |
| SHA256 | f7edcb4c0c71a1febd2d9513d0c2b91ca45e89c0ddda73b5e931bc41d1f43ea5 |
| SHA512 | c8acb2ff643b80d822e1a3a1131eaa8e41b74234ceb1d12dda94fd14a244791173cf0f85e17b4b3ab8b4c77257681f77b6339c378e3be8fba350705170dcb924 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c52489ff4cea46226c6adfd870be5867 |
| SHA1 | 0619af587e5e15159085f312909f5d15967eba78 |
| SHA256 | c4698b6acf8097a3dfbff44b705c15fed24ee82043bd01361f25e9ec95844939 |
| SHA512 | 75c0fc643fc8bf82961ece02195b933999901b0c011bf4adc38a4ab757213e727505b78dfcd67baaf1594caf87e981624a8b4b7c97b43b11b57bd4f2d21445ca |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c399c4a1b18a8c6b8b321ad77d5ed37d |
| SHA1 | f8f16e8f9d596cf70a89c8d18f96f4dcba8125cb |
| SHA256 | 7d0c4ac1fe73dd0ecc2420cf9dd6899bfe0fb115e2283bc7821128127e11a036 |
| SHA512 | 4b2692e16c803726303f485d3b50a0f6855fac08ee7e1636006ae24c354063fb0942884f0eb50f6fcd7d02348623395863b86098e2fa5d8e1f7e445595ffb2ec |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d82c29aa990589a466841547094d008a |
| SHA1 | b876fa2e7ca282c9ecc4ebcbf9f99c84be67c611 |
| SHA256 | 06f5b5917c6799056401da4229591875fc70dbbd55291dc867c8fcc9d1e7a491 |
| SHA512 | 7e618fb96792c1b459257e0c8b03b08bbe43c9c9a8f5cdf8b1504fcfcc0de405dc93f33eb9ff7056c223dce8b4ed871481882cfcf234da7bb406b7507297ba8c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a061f109bada959fc934de9188b36399 |
| SHA1 | f0bfc3f95080f18cadac3ad95e0d158118cbe93c |
| SHA256 | 84ef33f1e0a46c8ef811a88b191e335e5d1ec8162ba7feaaa1447aee49342f75 |
| SHA512 | d6856c0cfc1cebe05f96f65e3bc95489f11e728d15513ec90527bd508f10ea035910fce17840fc09abc8f8a81eafadf4a5b1e184e9f7a894945f2cd1cf79f050 |