Analysis Overview
Threat Level: Known bad
The file http://consumerpanel0x254a2.frge.io/ was found to be: Known bad.
Malicious Activity Summary
PlugX
PlugX Rat Payload
Executes dropped EXE
Reads user/profile data of web browsers
Loads dropped DLL
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2022-03-18 12:47
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2022-03-18 12:47
Reported
2022-03-18 12:50
Platform
win7-20220310-en
Max time kernel
4294209s
Max time network
149s
Command Line
Signatures
PlugX
PlugX Rat Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\software_reporter_tool.exe | N/A |
Reads user/profile data of web browsers
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | \??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\99.279.200\software_reporter_tool.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | \??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\99.279.200\software_reporter_tool.exe | N/A |
| Token: 33 | N/A | C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\software_reporter_tool.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\software_reporter_tool.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" http://consumerpanel0x254a2.frge.io/
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6874f50,0x7fef6874f60,0x7fef6874f70
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1116,18090893443687275975,12649674635807762697,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1124 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1116,18090893443687275975,12649674635807762697,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1268 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1116,18090893443687275975,12649674635807762697,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1652 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1116,18090893443687275975,12649674635807762697,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2092 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1116,18090893443687275975,12649674635807762697,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2064 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1116,18090893443687275975,12649674635807762697,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1116,18090893443687275975,12649674635807762697,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2848 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1116,18090893443687275975,12649674635807762697,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3880 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1116,18090893443687275975,12649674635807762697,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3868 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1116,18090893443687275975,12649674635807762697,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3480 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1116,18090893443687275975,12649674635807762697,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3448 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1116,18090893443687275975,12649674635807762697,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3388 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1116,18090893443687275975,12649674635807762697,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2504 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1116,18090893443687275975,12649674635807762697,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3404 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1116,18090893443687275975,12649674635807762697,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3288 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1116,18090893443687275975,12649674635807762697,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3848 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1116,18090893443687275975,12649674635807762697,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1116,18090893443687275975,12649674635807762697,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1116,18090893443687275975,12649674635807762697,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3452 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1116,18090893443687275975,12649674635807762697,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=532 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1116,18090893443687275975,12649674635807762697,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3284 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1116,18090893443687275975,12649674635807762697,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1740 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1116,18090893443687275975,12649674635807762697,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1536 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1116,18090893443687275975,12649674635807762697,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3712 /prefetch:8
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\software_reporter_tool.exe
"C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\software_reporter_tool.exe" --engine=2 --scan-locations=1,2,3,4,5,6,7,8,10 --disabled-locations=9,11 --session-id=wfWktvnewDEP/XnPBUdspcEPhKkCVbHbI+Q1uPgk --registry-suffix=ESET --enable-crash-reporting --srt-field-trial-group-name=NewCleanerUIExperiment
\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\99.279.200\software_reporter_tool.exe
"c:\users\admin\appdata\local\google\chrome\user data\swreporter\99.279.200\software_reporter_tool.exe" --crash-handler "--database=c:\users\admin\appdata\local\Google\Software Reporter Tool" --url=https://clients2.google.com/cr/report --annotation=plat=Win32 --annotation=prod=ChromeFoil --annotation=ver=99.279.200 --initial-client-data=0x160,0x164,0x168,0x134,0x16c,0x1401f25a0,0x1401f25b0,0x1401f25c0
\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\99.279.200\software_reporter_tool.exe
"c:\users\admin\appdata\local\google\chrome\user data\swreporter\99.279.200\software_reporter_tool.exe" --enable-crash-reporting --use-crash-handler-with-id="\\.\pipe\crashpad_2816_EKCIVSZDEKBRSGZU" --sandboxed-process-id=2 --init-done-notifier=480 --sandbox-mojo-pipe-token=10877758877610061709 --mojo-platform-channel-handle=440 --engine=2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | consumerpanel0x254a2.frge.io | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| NL | 142.251.36.45:443 | accounts.google.com | tcp |
| NL | 142.250.179.174:443 | clients2.google.com | udp |
| GB | 18.133.249.238:80 | consumerpanel0x254a2.frge.io | tcp |
| GB | 18.133.249.238:80 | consumerpanel0x254a2.frge.io | tcp |
| US | 8.8.8.8:53 | edgedl.me.gvt1.com | udp |
| US | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| NL | 172.217.168.193:443 | clients2.googleusercontent.com | udp |
| NL | 172.217.168.193:443 | clients2.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | s.yimg.com | udp |
| US | 8.8.8.8:53 | upst.fwdcdn.com | udp |
| BE | 87.248.116.12:443 | s.yimg.com | tcp |
| US | 104.18.4.9:443 | upst.fwdcdn.com | tcp |
| US | 8.8.8.8:53 | ukr.net | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| NL | 142.251.36.42:443 | content-autofill.googleapis.com | tcp |
| BE | 87.248.116.12:443 | s.yimg.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | udp |
| NL | 142.250.179.131:443 | ssl.gstatic.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| DE | 46.4.105.116:443 | webhook.site | tcp |
| DE | 46.4.105.116:443 | webhook.site | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| NL | 142.250.179.163:443 | update.googleapis.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| NL | 142.250.179.163:443 | udp | |
| US | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| NL | 142.250.179.163:443 | udp | |
| US | 8.8.8.8:443 | dns.google | udp |
| NL | 142.250.179.202:443 | safebrowsing.googleapis.com | tcp |
Files
\??\pipe\crashpad_1928_HBMCQQLJVVLGHBVA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\software_reporter_tool.exe
| MD5 | be4bad2ae5c1d453828ed1ed605de318 |
| SHA1 | f86833b47a44ba6f8df47e98f48d3d32212f9982 |
| SHA256 | b549ae9d0a4db4b4fa996471b04dd7d98ea09e6e1882e00383d3d3fec1bdf806 |
| SHA512 | 1afaf789a15b23b844a219d1895ff189710b167256d94fdd25b1804669478174ad682a2171d31d93c2b0f4d51393038f4eb694e9ed7d0816dd7b7c91d2fd229b |
\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\software_reporter_tool.exe
| MD5 | 3dcd45838971b3e51d01e62c09d36e08 |
| SHA1 | 9884fc2f1ed03043d5a6aa5f59625b7a0cad4c2a |
| SHA256 | d7081c02c19718ed94ef3154ede0d045c50ba7d9e7653b7b5c589ac1a0b36f81 |
| SHA512 | 6e2b5e3b75bd872bd01c6b8feaea76aea733f75320e4b88877ef1aae061d37ac0de82943502c2c575f67dcd77961bba506d5f16489bd33b8aa621e472fe648fa |
\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\software_reporter_tool.exe
| MD5 | 3dcd45838971b3e51d01e62c09d36e08 |
| SHA1 | 9884fc2f1ed03043d5a6aa5f59625b7a0cad4c2a |
| SHA256 | d7081c02c19718ed94ef3154ede0d045c50ba7d9e7653b7b5c589ac1a0b36f81 |
| SHA512 | 6e2b5e3b75bd872bd01c6b8feaea76aea733f75320e4b88877ef1aae061d37ac0de82943502c2c575f67dcd77961bba506d5f16489bd33b8aa621e472fe648fa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\software_reporter_tool.exe
| MD5 | 3dcd45838971b3e51d01e62c09d36e08 |
| SHA1 | 9884fc2f1ed03043d5a6aa5f59625b7a0cad4c2a |
| SHA256 | d7081c02c19718ed94ef3154ede0d045c50ba7d9e7653b7b5c589ac1a0b36f81 |
| SHA512 | 6e2b5e3b75bd872bd01c6b8feaea76aea733f75320e4b88877ef1aae061d37ac0de82943502c2c575f67dcd77961bba506d5f16489bd33b8aa621e472fe648fa |
\??\c:\users\admin\appdata\local\Google\Software Reporter Tool\settings.dat
| MD5 | df0efa341f031f3bf1374b619062bafe |
| SHA1 | 403a499a0512d5573278f88afd1f7b6af0960304 |
| SHA256 | 8a488c1c15ea71bfa3709bc6cc499714baa1fa85053404c380fc826b044d0f34 |
| SHA512 | 0593073bed632ce281837d96fc65d81d7280393f2ce1e7b3125efb28a63e69bef46fadb76fd135b2e353783fff43423f7362ad8b5ed0330a76ff1f851897ecc4 |
memory/2904-79-0x00000001401F7000-0x00000001401F8000-memory.dmp
memory/2904-77-0x00000001401F7000-0x00000001401F8000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\software_reporter_tool.exe
| MD5 | e24a8f2794c842817f0341fda780d34a |
| SHA1 | 54afb23707757d3a421778c7cc3ef5bec2ffbfae |
| SHA256 | 20868450f3e2b63234fb3159db2abfef88a27b4c66aa16e705dc910862eea12a |
| SHA512 | 1ab068f68132d4a65554dc3211d297729f56e746ed63360b96d70d85bb62b56eaf984cc7a62cf99f1773c892debda8f559d497aefb426c7e86d56588d810b23a |
\??\c:\users\admin\appdata\local\Google\Software Reporter Tool\settings.dat
| MD5 | df0efa341f031f3bf1374b619062bafe |
| SHA1 | 403a499a0512d5573278f88afd1f7b6af0960304 |
| SHA256 | 8a488c1c15ea71bfa3709bc6cc499714baa1fa85053404c380fc826b044d0f34 |
| SHA512 | 0593073bed632ce281837d96fc65d81d7280393f2ce1e7b3125efb28a63e69bef46fadb76fd135b2e353783fff43423f7362ad8b5ed0330a76ff1f851897ecc4 |
\??\pipe\crashpad_2816_EKCIVSZDEKBRSGZU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\em005_64.dll
| MD5 | 8e3afc0e47b8be002485f5fdbe7e7a4f |
| SHA1 | 188c7fef744306ca74b521e3fbbe9067a095b3aa |
| SHA256 | 3cec089234a48de21f0356fd004a6f8c8e5452c0ad2dda2305538ab95af8d243 |
| SHA512 | e90050a774d4a44e887b0c96d74df1d81622382e5f87d7c5d5f84007761318b70cbc57352fa4c04a1c7c4fdf42caa45ee9c6157d850c064f686b56817b5840a8 |
\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\em004_64.dll
| MD5 | b7fba94f0b1695607c913494fb3d5cc0 |
| SHA1 | c2f026625e73bc3a8ac62a886d491af9402923f3 |
| SHA256 | 30bfd7e5f6bd21cbdb49b07e2a97ce9bb443e6e3354e4bdbad0b2f857ae1df4b |
| SHA512 | 1526e4f75fbc5d881b19e21647c224434d17c0070400b4907b98b67c55ede069a0f220ced9dcacf36965a959104bf2174bfa6200cc5573eb1b825bfa78438674 |
\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\em003_64.dll
| MD5 | ed7dc3016fa08bd433cd5096ace92242 |
| SHA1 | 62bb122d982af7e92941d2c0724e773a35fd47fb |
| SHA256 | 2042f35af25d79793b5a6aa39b5c81c517f3dc9c3cf5eb61bba4c05fd338c78e |
| SHA512 | b5733132191d5e0857f076f1e447884f510266e0d52ca9da84b361016796036aba9d6be34d51f74515195a96097fc19efa77fd194812bc4630983f71c49a9377 |
\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\99.279.200\em000_64.dll
| MD5 | d0cf72186dbaea05c5a5bf6594225fc3 |
| SHA1 | 0e69efd78dc1124122dd8b752be92cb1cbc067a1 |
| SHA256 | 225d4f7e3ab4687f05f817435b883f6c3271b6c4d4018d94fe4398a350d74907 |
| SHA512 | 8122a9a9205cfa67ff87cb4755089e5ed1acf8f807467216c98f09f94704f98497f7aa57ad29e255efa4d7206c577c4cf7fed140afb046499fc2e57e03f55285 |
\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\99.279.200\em001_64.dll
| MD5 | 38fd262bd0176bc860dc70aa39aa786d |
| SHA1 | 7adee6e2a3ca07a4d76b67b48138f3e9cb75c59f |
| SHA256 | 0bb35df1cf74684be24e616d95f584c313b3730152733b9b9e304bb8c693be71 |
| SHA512 | fcd0b6df6cf9208713e695b6994cfa6cfdf2ef969d2c01be037128955b42088df87127861be5b61d264b32b96d2d55779381132b4eeb2027b7ff36548701a568 |
\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\99.279.200\em003_64.dll
| MD5 | d856124a54c6039d556747efafac120e |
| SHA1 | 4f957df869f4eb1f6d6dbc0f57938a1f8e9188ac |
| SHA256 | 3d2336ae3fa4533cbb8771338e4561f4ee6340f60cf8132be42520ce672ca904 |
| SHA512 | e1dd43469420e69b512d0a018ac21a7132f0fc8c750564783f0609936d32fe33915ebec6ef3d53b0783fcdbbd450ef69ad8955a29fd19100dd864bc55164ca5c |
\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\99.279.200\em004_64.dll
| MD5 | b3d629f8eb410777af90bd97d1d9915a |
| SHA1 | 749e034cf8ab3d5a0cfe5c5c40ebe3924e323d65 |
| SHA256 | 5fa8246852df663922106e7e660b93c8aba2ec064ec7285d7ecb1f3c35b44c8b |
| SHA512 | d3c9ec3fd7a76d51bb6bf348a6445cac9e741f4af765e6da7814f31fa493fec2df8551513735ec513a8477f0c84a31a13cd7c9fe4eed15168947f3b89dc48a04 |
\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\99.279.200\em002_64.dll
| MD5 | 337f81a02ed2cafbc44baa9f38cdd228 |
| SHA1 | d46016fdbd59aa1a4fb3a099ae6f383ff8dc7ea7 |
| SHA256 | 7d51ce5b5543bf2fc2c0aa201ea75fdd4f156ebc2e3fb342cfe3c142b28251c6 |
| SHA512 | 97df19723d9392317951cb3604993180c8530b27952a8eb12ccf3f2476c7c834370f5493cdba2d440d8c8ec42c10cc5f67e9af519964a4d5363d3b8892aea5f7 |
\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\99.279.200\em005_64.dll
| MD5 | 1b35cf39127f6342717eabd9e14f56c8 |
| SHA1 | 8474417e21422e1637ad56e9a2f90c47c31ffca6 |
| SHA256 | 9bc079cb4815f2874d922847ced6096c12d342130cf5356fe002dafb759fcaed |
| SHA512 | 432a3fc972f7784a62c7da7027f314dbfe143914f8de2b7c110ed5f86c8a55c71385fe7a09aed641e582a71721f3abc34583304c18cb54daf89e247aac12f6ef |
\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\em002_64.dll
| MD5 | c1aa492887f3abed60432dd2986f10b3 |
| SHA1 | 710e064c54a395911c4e1ed69c3377f4dfe2be05 |
| SHA256 | d506cdb6019ac6cafa198f6fdc4cf19fcfb990f93a07700d1b4874d0e7918c7d |
| SHA512 | a62b0c056aad07de5363a601eac64e3553ff87c49066c14911b07aa0badd250b14a296fd6710ac6116bec919bedabc5233dcd66df4c7b85f857be8be3672f3e9 |
\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\em001_64.dll
| MD5 | 7adcb76ec34d774d1435b477e8625c47 |
| SHA1 | ec4ba0ad028c45489608c6822f3cabb683a07064 |
| SHA256 | a55be2be943078157b7d1cfb52febd4a95e4c7a37995bb75b19b079cc1ee5b9d |
| SHA512 | c1af669ee971b4f4a3bb057fe423a63376cfc19026650036b29d77fed73458d235889a662ac5e12c871c3e77f6fbdb1fa29c0dfa488a4a40fa045d79eb61e7c4 |
\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\em000_64.dll
| MD5 | d0cf72186dbaea05c5a5bf6594225fc3 |
| SHA1 | 0e69efd78dc1124122dd8b752be92cb1cbc067a1 |
| SHA256 | 225d4f7e3ab4687f05f817435b883f6c3271b6c4d4018d94fe4398a350d74907 |
| SHA512 | 8122a9a9205cfa67ff87cb4755089e5ed1acf8f807467216c98f09f94704f98497f7aa57ad29e255efa4d7206c577c4cf7fed140afb046499fc2e57e03f55285 |
\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\edls_64.dll
| MD5 | e9a7c44d7bda10b5b7a132d46fcdaf35 |
| SHA1 | 5217179f094c45ba660777cfa25c7eb00b5c8202 |
| SHA256 | 35351366369a7774f9f30f38dc8aa3cd5e087acd8eae79e80c24526cd40e95a1 |
| SHA512 | e76308eee65bf0bf31e58d754e07b63092a4109ef3d44df7b746da99d44be6112bc5f970123c4e82523b6d301392e09c2cfc490e304550b42d152cdb0757e774 |
Analysis: behavioral2
Detonation Overview
Submitted
2022-03-18 12:47
Reported
2022-03-18 12:50
Platform
win10v2004-en-20220113
Max time kernel
149s
Max time network
152s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" http://consumerpanel0x254a2.frge.io/
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8fbb84f50,0x7ff8fbb84f60,0x7ff8fbb84f70
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1632,17416196468734604136,14818298325602294236,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1652 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1632,17416196468734604136,14818298325602294236,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2016 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1632,17416196468734604136,14818298325602294236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2300 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,17416196468734604136,14818298325602294236,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2964 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,17416196468734604136,14818298325602294236,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3008 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,17416196468734604136,14818298325602294236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4280 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1632,17416196468734604136,14818298325602294236,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4280 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,17416196468734604136,14818298325602294236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4984 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,17416196468734604136,14818298325602294236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4392 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1632,17416196468734604136,14818298325602294236,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4520 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,17416196468734604136,14818298325602294236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4516 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,17416196468734604136,14818298325602294236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5208 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,17416196468734604136,14818298325602294236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5356 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,17416196468734604136,14818298325602294236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4552 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,17416196468734604136,14818298325602294236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4984 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,17416196468734604136,14818298325602294236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5172 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,17416196468734604136,14818298325602294236,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,17416196468734604136,14818298325602294236,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1632,17416196468734604136,14818298325602294236,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1632,17416196468734604136,14818298325602294236,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1632,17416196468734604136,14818298325602294236,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,17416196468734604136,14818298325602294236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=808 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1632,17416196468734604136,14818298325602294236,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1580 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,17416196468734604136,14818298325602294236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2580 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,17416196468734604136,14818298325602294236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4344 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,17416196468734604136,14818298325602294236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5600 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,17416196468734604136,14818298325602294236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1632,17416196468734604136,14818298325602294236,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4888 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,17416196468734604136,14818298325602294236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4968 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,17416196468734604136,14818298325602294236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2044 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | consumerpanel0x254a2.frge.io | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| NL | 142.251.36.45:443 | accounts.google.com | tcp |
| NL | 142.250.179.174:443 | clients2.google.com | tcp |
| GB | 18.133.249.238:80 | consumerpanel0x254a2.frge.io | tcp |
| GB | 18.133.249.238:80 | consumerpanel0x254a2.frge.io | tcp |
| US | 8.8.8.8:53 | edgedl.me.gvt1.com | udp |
| US | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| NL | 172.217.168.193:443 | clients2.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | s.yimg.com | udp |
| US | 8.8.8.8:53 | upst.fwdcdn.com | udp |
| BE | 87.248.116.12:443 | s.yimg.com | tcp |
| US | 8.8.8.8:53 | ukr.net | udp |
| US | 104.18.5.9:443 | upst.fwdcdn.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | tcp |
| BE | 87.248.116.12:443 | s.yimg.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| NL | 142.251.36.42:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | udp |
| NL | 142.250.179.131:443 | ssl.gstatic.com | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 204.79.197.203:443 | api.msn.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| DE | 46.4.105.116:443 | webhook.site | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| DE | 46.4.105.116:443 | webhook.site | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| DE | 46.4.105.116:443 | webhook.site | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | udp |
| NL | 142.250.179.163:443 | update.googleapis.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| NL | 142.250.179.163:443 | udp | |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
Files
\??\pipe\crashpad_1360_KMNMDMQIFPHIPPMC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Caches
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |