Analysis Overview
Threat Level: Known bad
The file https://tkirkland.clickfunnels.com was found to be: Known bad.
Malicious Activity Summary
PlugX
PlugX Rat Payload
Executes dropped EXE
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2022-03-24 01:14
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2022-03-24 01:14
Reported
2022-03-24 01:17
Platform
win10-20220310-en
Max time kernel
157s
Max time network
169s
Command Line
Signatures
PlugX
PlugX Rat Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | \??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\99.279.200\software_reporter_tool.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | \??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\99.279.200\software_reporter_tool.exe | N/A |
| Token: 33 | N/A | C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\software_reporter_tool.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\software_reporter_tool.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://tkirkland.clickfunnels.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fff87a24f50,0x7fff87a24f60,0x7fff87a24f70
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1528,8249928895352893402,17463108047797590437,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1560 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1528,8249928895352893402,17463108047797590437,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1748 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1528,8249928895352893402,17463108047797590437,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,8249928895352893402,17463108047797590437,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2924 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,8249928895352893402,17463108047797590437,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2940 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1528,8249928895352893402,17463108047797590437,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4148 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,8249928895352893402,17463108047797590437,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4476 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1528,8249928895352893402,17463108047797590437,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4964 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1528,8249928895352893402,17463108047797590437,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,8249928895352893402,17463108047797590437,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,8249928895352893402,17463108047797590437,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1528,8249928895352893402,17463108047797590437,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4256 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1528,8249928895352893402,17463108047797590437,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4340 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1528,8249928895352893402,17463108047797590437,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1528,8249928895352893402,17463108047797590437,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4396 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1528,8249928895352893402,17463108047797590437,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2176 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1528,8249928895352893402,17463108047797590437,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5944 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1528,8249928895352893402,17463108047797590437,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5956 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1528,8249928895352893402,17463108047797590437,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5744 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1528,8249928895352893402,17463108047797590437,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5144 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1528,8249928895352893402,17463108047797590437,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4260 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,8249928895352893402,17463108047797590437,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1528,8249928895352893402,17463108047797590437,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4608 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1528,8249928895352893402,17463108047797590437,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1444 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1528,8249928895352893402,17463108047797590437,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2280 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1528,8249928895352893402,17463108047797590437,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4100 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1528,8249928895352893402,17463108047797590437,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6004 /prefetch:2
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\software_reporter_tool.exe
"C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\software_reporter_tool.exe" --engine=2 --scan-locations=1,2,3,4,5,6,7,8,10 --disabled-locations=9,11 --session-id=Zwl/LKOw6r9oIsXsKLbLQVtHK6lJ9oh8qLrAXl3X --registry-suffix=ESET --enable-crash-reporting --srt-field-trial-group-name=NewCleanerUIExperiment
\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\99.279.200\software_reporter_tool.exe
"c:\users\admin\appdata\local\google\chrome\user data\swreporter\99.279.200\software_reporter_tool.exe" --crash-handler "--database=c:\users\admin\appdata\local\Google\Software Reporter Tool" --url=https://clients2.google.com/cr/report --annotation=plat=Win32 --annotation=prod=ChromeFoil --annotation=ver=99.279.200 --initial-client-data=0x258,0x25c,0x260,0x234,0x264,0x7ff606fa25a0,0x7ff606fa25b0,0x7ff606fa25c0
\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\99.279.200\software_reporter_tool.exe
"c:\users\admin\appdata\local\google\chrome\user data\swreporter\99.279.200\software_reporter_tool.exe" --enable-crash-reporting --use-crash-handler-with-id="\\.\pipe\crashpad_4944_EVNKLTZWFDOTCORN" --sandboxed-process-id=2 --init-done-notifier=728 --sandbox-mojo-pipe-token=4872999659529640950 --mojo-platform-channel-handle=704 --engine=2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| NL | 142.250.179.174:443 | clients2.google.com | udp |
| NL | 172.217.168.237:443 | accounts.google.com | udp |
| US | 104.16.14.194:443 | tkirkland.clickfunnels.com | tcp |
| NL | 142.250.179.174:443 | clients2.google.com | tcp |
| NL | 172.217.168.237:443 | accounts.google.com | tcp |
| US | 104.16.14.194:443 | tkirkland.clickfunnels.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| NL | 172.217.168.193:443 | udp | |
| NL | 172.217.168.193:443 | tcp | |
| US | 188.114.96.0:443 | tcp | |
| US | 188.114.96.0:443 | use.fontawesome.com | tcp |
| US | 104.16.18.94:443 | tcp | |
| US | 104.16.18.94:443 | tcp | |
| US | 104.16.18.94:443 | tcp | |
| US | 104.16.18.94:443 | tcp | |
| US | 104.16.18.94:443 | tcp | |
| US | 104.16.18.94:443 | tcp | |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| DE | 143.204.98.90:443 | cmp.osano.com | tcp |
| US | 104.18.18.229:443 | tcp | |
| US | 104.18.18.229:443 | tcp | |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 52.217.78.76:443 | tcp | |
| US | 151.101.1.195:443 | cdn.firebase.com | tcp |
| US | 104.16.18.94:443 | cdnjs.cloudflare.com | tcp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | tcp |
| US | 172.67.72.165:443 | tcp | |
| US | 104.18.47.230:443 | tcp | |
| US | 151.101.2.133:443 | tcp | |
| US | 151.101.0.217:443 | tcp | |
| US | 151.101.0.217:443 | tcp | |
| US | 151.101.0.217:443 | tcp | |
| NL | 151.101.38.109:443 | tcp | |
| NL | 151.101.38.109:443 | tcp | |
| US | 34.120.202.204:443 | tcp | |
| NL | 151.101.38.109:443 | tcp | |
| NL | 151.101.38.109:443 | tcp | |
| NL | 151.101.38.109:443 | tcp | |
| NL | 151.101.38.109:443 | tcp | |
| NL | 151.101.38.109:443 | tcp | |
| US | 52.217.78.76:443 | tcp | |
| US | 151.101.64.217:443 | tcp | |
| US | 34.120.202.204:443 | fresnel.vimeocdn.com | tcp |
| FR | 2.22.22.179:443 | tcp | |
| FR | 2.22.22.179:443 | udp | |
| US | 188.114.96.0:443 | use.fontawesome.com | tcp |
| NL | 142.250.179.170:443 | content-autofill.googleapis.com | tcp |
| US | 34.96.102.137:443 | udp | |
| US | 35.201.97.85:443 | tcp | |
| NL | 178.250.2.140:443 | dynamic.criteo.com | tcp |
| DE | 78.46.194.138:443 | tcp | |
| DE | 143.204.98.115:443 | dna8twue3dlxq.cloudfront.net | tcp |
| US | 34.96.102.137:443 | udp | |
| NL | 104.80.228.192:443 | s.pinimg.com | tcp |
| NL | 96.16.53.217:443 | analytics.tiktok.com | tcp |
| FR | 2.22.22.106:443 | tcp | |
| FR | 178.250.0.130:443 | static.criteo.net | tcp |
| DE | 143.204.98.116:443 | wsmcdn.audioeye.com | tcp |
| FR | 2.22.22.106:443 | udp | |
| FR | 178.250.0.157:443 | gum.criteo.com | tcp |
| DE | 143.204.98.103:443 | wsv3cdn.audioeye.com | tcp |
| DE | 143.204.98.103:443 | wsv3cdn.audioeye.com | tcp |
| NL | 178.250.2.151:443 | sslwidget.criteo.com | tcp |
| US | 74.119.119.150:443 | widget.us.criteo.com | tcp |
| DE | 143.204.98.69:443 | analytics.audioeye.com | tcp |
| NL | 216.58.214.2:443 | tcp | |
| IE | 212.82.100.181:443 | tcp | |
| US | 64.74.236.159:443 | tcp | |
| BE | 87.248.116.11:443 | tcp | |
| IE | 54.229.245.101:443 | tcp | |
| US | 35.244.174.68:443 | tcp | |
| DE | 3.126.56.137:443 | ups.analytics.yahoo.com | tcp |
| NL | 104.80.228.119:443 | cw.addthis.com | tcp |
| NL | 213.19.162.80:443 | tcp | |
| NL | 185.33.221.87:443 | tcp | |
| GB | 185.64.190.80:443 | tcp | |
| NL | 216.58.214.2:443 | udp | |
| US | 13.248.245.213:443 | tcp | |
| FR | 2.16.118.158:443 | contextual.media.net | tcp |
| FR | 2.18.99.184:443 | tcp | |
| DE | 143.204.98.115:443 | s.ad.smaato.net | tcp |
| DE | 18.197.164.96:443 | tcp | |
| IE | 54.76.10.135:443 | tcp | |
| NL | 104.109.249.82:443 | criteo-sync.teads.tv | tcp |
| NL | 141.226.228.48:443 | tcp | |
| FR | 185.86.139.89:443 | rtb-csync.smartadserver.com | tcp |
| DE | 35.156.177.8:443 | tcp | |
| US | 52.54.53.207:443 | tcp | |
| US | 52.8.175.250:443 | tcp | |
| IE | 3.248.155.194:443 | tcp | |
| NL | 46.228.164.13:443 | d.turn.com | tcp |
| US | 52.72.192.11:443 | tcp | |
| US | 3.225.165.174:443 | tcp | |
| NL | 104.123.41.104:443 | tcp | |
| US | 205.185.216.10:443 | tcp | |
| US | 34.232.57.25:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 52.45.194.124:443 | tcp | |
| DE | 143.204.98.90:443 | consent.api.osano.com | tcp |
| US | 157.240.27.27:443 | tcp | |
| FR | 2.22.147.88:443 | snap.licdn.com | tcp |
| US | 204.79.197.200:443 | tcp | |
| US | 52.70.96.75:443 | tcp | |
| DE | 91.228.74.189:443 | tcp | |
| US | 13.107.42.14:443 | tcp | |
| US | 142.250.102.155:443 | tcp | |
| US | 52.70.96.75:443 | tcp | |
| NL | 142.250.179.162:443 | googleads.g.doubleclick.net | tcp |
| DE | 143.204.98.62:443 | rules.quantcount.com | tcp |
| IE | 52.142.114.2:443 | tcp | |
| US | 157.240.19.35:443 | tcp | |
| US | 40.76.174.66:443 | tcp | |
| FR | 178.250.0.162:443 | csm.fr.eu.criteo.net | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| NL | 142.250.179.163:443 | update.googleapis.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| NL | 142.250.179.163:443 | udp | |
| US | 8.8.4.4:443 | dns.google | udp |
| CA | 35.215.54.231:443 | e2c45.gcp.gvt2.com | tcp |
| NL | 172.217.168.227:443 | beacons.gvt2.com | tcp |
| NL | 172.217.168.227:443 | udp |
Files
\??\pipe\crashpad_1688_MKJCTSKYWEMWVYIE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/4944-119-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\software_reporter_tool.exe
| MD5 | 550a7b8643deac1eea9560825620a09a |
| SHA1 | 4d0158685aa567b82638150a83fc416dead83c43 |
| SHA256 | fda8bb76b6f5d47330145dec6eb9cd1f715a5f8d9183423484502e126f673e04 |
| SHA512 | c25ce56572f385656b6ee48648026a0ad5439a478260d3f9454cdc977f34013a5f96a4cc15bbbd843b66f796c96858e132558c49d60423be91c5efc85a281b64 |
memory/4976-123-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\software_reporter_tool.exe
| MD5 | af7e3e10c977370ed52c47d1f29dd3e1 |
| SHA1 | 473a3c8040a5612720013b0f705bdd5da2b89d9f |
| SHA256 | a91fdcb7928fbe72c99c35e8dce63b2fd16d0a19d4c2d44894856fdc3943cf2c |
| SHA512 | 7ca5381c480a8fba2f31100819ef4f99dda025bd2f2c86d40acbb3bd87cffd0c49cacbd59b81ca47858b138488354fb147757d87242acef6b2e61faabad811b6 |
\??\c:\users\admin\appdata\local\Google\Software Reporter Tool\settings.dat
| MD5 | 0d918d588733d7090bfb1308a0dace32 |
| SHA1 | ce4a67c1bce2afa7810ca37d97eab5968f848bfe |
| SHA256 | 81f262ceb54e549d83eeec2a74221cd45825760f424e7014fbd582edc468682e |
| SHA512 | 1e7695710c3e72238d4e6f6378eae799768459988d5527c4b4c5ccbe22da80aa4a93f9d91b8fe173e5d84e2574661149ffcecf5e290ce728dbd6aae944f634ec |
memory/5056-129-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\software_reporter_tool.exe
| MD5 | a1f92a0924826927284baf266999faf5 |
| SHA1 | 7907b0b1baa545b9adbe8401145efa505fdeacda |
| SHA256 | 33e450164654dbc83516dfda0e78ebf9803f883fdbda4bdb01fac85ac017b8ff |
| SHA512 | 153617d2c5736d822d27c82a171ec723f93975e57be7f709d324c441afa8e35be33b71a6fbfe5bffeffa3a2fe58b777ac0357d0b0e0ceff9108fea1e34a9dab9 |
memory/5056-133-0x00007FFFA0150000-0x00007FFFA0151000-memory.dmp
memory/5056-134-0x00007FFFA0C40000-0x00007FFFA0C41000-memory.dmp
\??\c:\users\admin\appdata\local\Google\Software Reporter Tool\settings.dat
| MD5 | 0d918d588733d7090bfb1308a0dace32 |
| SHA1 | ce4a67c1bce2afa7810ca37d97eab5968f848bfe |
| SHA256 | 81f262ceb54e549d83eeec2a74221cd45825760f424e7014fbd582edc468682e |
| SHA512 | 1e7695710c3e72238d4e6f6378eae799768459988d5527c4b4c5ccbe22da80aa4a93f9d91b8fe173e5d84e2574661149ffcecf5e290ce728dbd6aae944f634ec |