Analysis Overview
Threat Level: Known bad
The file https://filebin.ca/7daZAsXNH927/SHIPPINGBILL.PDF.zip was found to be: Known bad.
Malicious Activity Summary
STRRAT
Drops file in Program Files directory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Opens file in notepad (likely ransom note)
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-10-13 03:46
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-10-13 03:46
Reported
2023-10-13 03:57
Platform
win10v2004-20230915-en
Max time kernel
626s
Max time network
637s
Command Line
Signatures
STRRAT
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\server\ntdll.pdb | C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\ntdll.pdb | C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\ntdll.pdb | C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\server\jvm.pdb | C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\server\dll\jvm.pdb | C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\jvm.pdb | C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\jvm.pdb | C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\ntdll.pdb | C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\jvm.pdb | C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\dll\jvm.pdb | C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\server\dll\ntdll.pdb | C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre1.8.0_66\bin\dll\ntdll.pdb | C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133416424094080709" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1926387074-3400613176-3566796709-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://filebin.ca/7daZAsXNH927/SHIPPINGBILL.PDF.zip
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd3dd9758,0x7ffcd3dd9768,0x7ffcd3dd9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 --field-trial-handle=1876,i,5147849643716627213,18116380090183969184,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1876,i,5147849643716627213,18116380090183969184,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1876,i,5147849643716627213,18116380090183969184,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3320 --field-trial-handle=1876,i,5147849643716627213,18116380090183969184,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2900 --field-trial-handle=1876,i,5147849643716627213,18116380090183969184,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4636 --field-trial-handle=1876,i,5147849643716627213,18116380090183969184,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3780 --field-trial-handle=1876,i,5147849643716627213,18116380090183969184,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4044 --field-trial-handle=1876,i,5147849643716627213,18116380090183969184,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 --field-trial-handle=1876,i,5147849643716627213,18116380090183969184,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4896 --field-trial-handle=1876,i,5147849643716627213,18116380090183969184,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 --field-trial-handle=1876,i,5147849643716627213,18116380090183969184,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5740 --field-trial-handle=1876,i,5147849643716627213,18116380090183969184,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 --field-trial-handle=1876,i,5147849643716627213,18116380090183969184,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2432 --field-trial-handle=1876,i,5147849643716627213,18116380090183969184,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5700 --field-trial-handle=1876,i,5147849643716627213,18116380090183969184,131072 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 --field-trial-handle=1876,i,5147849643716627213,18116380090183969184,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5416 --field-trial-handle=1876,i,5147849643716627213,18116380090183969184,131072 /prefetch:2
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\SHIPPINGBILL.PDF\" -spe -an -ai#7zMap16145:94:7zEvent16970
C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
"C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\SHIPPINGBILL.PDF\SHIPPING BILL.PDF.jar"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\SHIPPINGBILL.PDF\hs_err_pid4400.log
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2328 --field-trial-handle=1876,i,5147849643716627213,18116380090183969184,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2380 --field-trial-handle=1876,i,5147849643716627213,18116380090183969184,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5684 --field-trial-handle=1876,i,5147849643716627213,18116380090183969184,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6048 --field-trial-handle=1876,i,5147849643716627213,18116380090183969184,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3288 --field-trial-handle=1876,i,5147849643716627213,18116380090183969184,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5696 --field-trial-handle=1876,i,5147849643716627213,18116380090183969184,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6484 --field-trial-handle=1876,i,5147849643716627213,18116380090183969184,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6772 --field-trial-handle=1876,i,5147849643716627213,18116380090183969184,131072 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | filebin.ca | udp |
| US | 104.21.28.57:443 | filebin.ca | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 104.21.28.57:443 | filebin.ca | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 88.221.25.153:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 170.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.28.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.3.197.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.25.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | challenges.cloudflare.com | udp |
| US | 104.17.3.184:443 | challenges.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 104.17.3.184:443 | challenges.cloudflare.com | udp |
| US | 8.8.8.8:53 | 184.3.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 29.81.57.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 104.21.28.57:443 | filebin.ca | udp |
| US | 104.17.3.184:443 | challenges.cloudflare.com | udp |
| US | 8.8.8.8:53 | assets.vocti.ca | udp |
| US | 104.21.54.171:443 | assets.vocti.ca | tcp |
| US | 104.21.54.171:443 | assets.vocti.ca | tcp |
| US | 104.21.54.171:443 | assets.vocti.ca | tcp |
| US | 8.8.8.8:53 | 171.54.21.104.in-addr.arpa | udp |
| US | 104.21.54.171:443 | assets.vocti.ca | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| NL | 142.251.36.42:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | 42.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.173.189.20.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 38.148.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 100.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | 206.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | virustotal.com | udp |
| US | 216.239.38.21:443 | virustotal.com | tcp |
| US | 216.239.38.21:443 | virustotal.com | tcp |
| US | 8.8.8.8:53 | www.virustotal.com | udp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 8.8.8.8:53 | 21.38.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.34.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| NL | 142.250.179.163:443 | www.recaptcha.net | tcp |
| US | 8.8.8.8:53 | 200.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | recaptcha.net | udp |
| NL | 142.251.39.99:443 | recaptcha.net | tcp |
| US | 8.8.8.8:53 | 99.39.251.142.in-addr.arpa | udp |
| NL | 142.251.39.99:443 | recaptcha.net | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| US | 8.8.8.8:53 | www.google.be | udp |
| NL | 142.250.102.154:443 | stats.g.doubleclick.net | tcp |
| NL | 142.250.179.163:443 | www.google.be | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.102.250.142.in-addr.arpa | udp |
| NL | 142.251.39.106:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 106.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 216.58.204.67:443 | beacons.gcp.gvt2.com | tcp |
| GB | 216.58.204.67:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
Files
\??\pipe\crashpad_2896_BVWLVRLHOJPLRIQX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d90d5d5dc496c7f53d00e358a19de80e |
| SHA1 | f06a7a439b5e9e6ff0ef425ff3b995d019f05aff |
| SHA256 | 3efa045f1a280951d814922357b68c94de63a3fa0669ff33d94e341c096dd429 |
| SHA512 | d5c4a4478a8ca2ba3130f4ca0428bfe98fe200d64b451781c0e2cf7045856b7a8637a9deaf6c51f7203fa21e035324e1b0f26738788595a0936c41ec54e29fd0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\49a39f4c-028b-48d8-aad8-f722a25f7ba3.tmp
| MD5 | 55068acc06fe11c7b94688d0639e321f |
| SHA1 | 0d49ff4c8242f7fca4e3d4bb83fd3a87139d9d7c |
| SHA256 | 61bec06418ce1b7823e6eb3078b226ad9a716e1ec1e54838fa44df4897a9c59c |
| SHA512 | 9f944bbdba45427d30444d7b3ca4ecfb34f409049c8db3dc2004d7f1e990ba2f6745ad6078490e0a5597be40fa10d753768886fbdc8cc20c125a0855cc9e477b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b6719ffb72580eb6039b4a3b24ad4735 |
| SHA1 | 8c09eade1ed715ece64c74435926ef44435b558e |
| SHA256 | f446eb9c55e11d6941466855d90eef728cb20caff368e43ea89f71caf49a5497 |
| SHA512 | 5829169aaf60b080e511c10a659c0aace89f268a6e24f4fe2a3281b3a4ca98de28fe45b3b5d06d5e1c4db98ec3f54e8b2115fb1506bb87344f2d0261c4cf259b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9d6abbaaa08adb8924479efb7c70fa2d |
| SHA1 | 72551722d6e6e200168f0675ac9fe7b24ec2cf2c |
| SHA256 | d0485e5ab74c22eb6d3859b249fd5a7c0f3dd3354635d7e2dee716b7ecd21cd6 |
| SHA512 | 42dfd9e1c50a83799af2ab95556c6b80237d638ff1e866dc4351c2fd9895ef4a4190b483e157b2308171078f34c3533e6d1d18ae6258efc29a1eec93759a8fbd |
C:\Users\Admin\Downloads\SHIPPINGBILL.PDF.zip
| MD5 | 73fa8a40c71f0f63666091ccf380c4c7 |
| SHA1 | c0fe14133cebc149f92e3ec6a562627b95350b93 |
| SHA256 | 65c7a9781457f7fadb81eac625dffa8ba1c90ef46bbcc0a6a01e1638cb8495ee |
| SHA512 | 07f1d6b26aea0b006169d42c806658683450697838db51499ab39fcf9bee0b06f292531055b55fb0a722fb82a43d0637e060fe97b2aa0a1977729b35b94bee31 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 323332043cbe244518a73da72d4795e0 |
| SHA1 | 10c256afbe7bcf0ff69ab4661ce1f9894de3161b |
| SHA256 | 04282d7ba57ab62cbb553d4bab2ab69f9b63cf0af8dd98190e0400ce345a2ec0 |
| SHA512 | 595b61acfe492bb6bf994368cfc5484057ba6b201e80b5311039524baddfa59417193dd5d2ecdcdaf5a0a8f6c4789ee63126f1f85459d1f616bbdbaba90358fa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | fd8836e228488b1c20885b1a349610b6 |
| SHA1 | a8f823785465c830b30156efb4de45b17b8b3d8e |
| SHA256 | 1a1d8d83c53093a3ae91d8e2081f33586c71aea49f25be2acc426b340c14be24 |
| SHA512 | 3f09040945966a6af3dde11fef25bfaba1de45d6ea705f437b1adde40f505ff69cb55174453509088284c340d491687892beb9632370bbecfd4fc54c7fbacda4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 3f3fdd3cd9cc51d65100dd9452fdda78 |
| SHA1 | f654283242455316e505f9dd446ca1315a40a2de |
| SHA256 | a0ec08484be99d6c3e8b031d0e313d3908023f34cf9b7fc6a0572c71a8c9b292 |
| SHA512 | 8458417b7899d8484f4d87aea1740ebf87ab3d91964cf068c5b28448d13e32aa374418fb1d96822799a0d155fab3470ddafe29bbc96d9bb8decab9c83bc31d22 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b7210685b84be9518f93a3bc7c15af94 |
| SHA1 | 45e13bcc99ecc63abe3c7575e08aa44c64c2e9e6 |
| SHA256 | d95e2cd62c77cefdcbd53f99efe2a50a95a9e029000bfdc3a6e2417a24ff9a6a |
| SHA512 | fabd13390af18922055a4f14807400e529e2b1eb65eae81253e983f0823c1781b0a858386119075e95834807fcdf102e87214068b316cbb70f0394d19f6b45ad |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7550d692bb19415f35ad15b7f0121b53 |
| SHA1 | afec26f2e2b3239c7c5e107bc85f671300173157 |
| SHA256 | 5dafdd58719743d1b3e35eead533dfb9cfb68805d38466a52be1983165f42ab3 |
| SHA512 | 2b76cc3b628fed31adbc50fa082e75c1cf94f496a36038263e7012f4872c23a07fbc03042db47a3400b98ac3016f20b563d8ba253a62b36ac4f2caecd9047456 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59d94f.TMP
| MD5 | 4d33e04b24312c7c00ad2176d3c9993a |
| SHA1 | 2c39cff65504137360dabbb19a2393e9d664e0b3 |
| SHA256 | ad9ca8fd3dfe28ca08ef17be0d6f944ab0dfe6d5156de5936e195156b30badd0 |
| SHA512 | a062818afebf58810812b38a7292346d5910661b278a959f9048f2613d830840b4b7745bc3de2f0541263ac585f77badb64b936266ee7086ac787419dd91c755 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 08ee85dde5831e6663d5df615e93e436 |
| SHA1 | 8121109e9b2ef1164b6faad82d7e2e7d5ac6f50d |
| SHA256 | e03e1e4440c05c1800416a7e8b1d38cbabf097b6c3e38fdd5bec67d22e51118d |
| SHA512 | 367852b7518b91b171d37c4cc043dee8bafd312acd3e530e4f66acb2e7d71a8ea794a587591d38b37e9ad993f64346a02c5f8f36434158b2fda4a4ba7c55c219 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | ed8d54851ca5841754ab56b32c2ddad5 |
| SHA1 | aa757157abe6fd4dbc59c182174f408a49fee0c5 |
| SHA256 | d30d2ac80fa24f82949c90868bc962e4cf350c261450b7844f59f1d1a80cc632 |
| SHA512 | ac8037731e712b83dfee63b2116dbaba78ce3ebb792377edee483d6f83c7e0d83852aff406204ea72257017c3531e4bd6fa22d5696659989051b638d396b57e2 |
C:\Users\Admin\Downloads\SHIPPINGBILL.PDF.zip
| MD5 | 73fa8a40c71f0f63666091ccf380c4c7 |
| SHA1 | c0fe14133cebc149f92e3ec6a562627b95350b93 |
| SHA256 | 65c7a9781457f7fadb81eac625dffa8ba1c90ef46bbcc0a6a01e1638cb8495ee |
| SHA512 | 07f1d6b26aea0b006169d42c806658683450697838db51499ab39fcf9bee0b06f292531055b55fb0a722fb82a43d0637e060fe97b2aa0a1977729b35b94bee31 |
C:\Users\Admin\Downloads\SHIPPINGBILL.PDF\SHIPPING BILL.PDF.jar
| MD5 | d3ff400fe2e20f494e39a5a5a8e5c1c5 |
| SHA1 | 66c40bff1bf77749b887f93de72043ecf09cda16 |
| SHA256 | 0c3a1b79b6e8d372c0e29eeb56ae8814c630d2575e5bdf0d9d1ec10fc9a8385d |
| SHA512 | 89922923f0593a9733931fe7d715b2cd8762dd6b40f476e31cab4fd51f04bed814f3276a923278ebafb6fdb8e684d27aeee3b1492ee8ab4239c188e1a6f4420c |
memory/4400-209-0x0000000003170000-0x0000000004170000-memory.dmp
memory/4400-216-0x00000000015C0000-0x00000000015C1000-memory.dmp
memory/4400-217-0x0000000003170000-0x0000000004170000-memory.dmp
memory/4400-218-0x00000000015C0000-0x00000000015C1000-memory.dmp
memory/4400-226-0x00000000015C0000-0x00000000015C1000-memory.dmp
memory/4400-228-0x0000000003170000-0x0000000004170000-memory.dmp
memory/4400-227-0x00000000015C0000-0x00000000015C1000-memory.dmp
memory/4400-237-0x0000000003170000-0x0000000004170000-memory.dmp
memory/4400-238-0x0000000003400000-0x0000000003410000-memory.dmp
memory/4400-239-0x0000000003170000-0x0000000004170000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 26cb095d659fea8ce2d99f6c22ecccc9 |
| SHA1 | 42a18c390df858f5fe80e253a960264650d1b9d9 |
| SHA256 | 1bc0b58ea7ce22928ed010deb620715e054db603735508cc64e95fe10c08ec70 |
| SHA512 | 2882f468aa67d385cff7e6861e01908f482e263da4eed026a83009c180e643b944c8bab06bd6e97bc76e44b742dd007787231de9df014e0b43a699eaf332a5c1 |
C:\Users\Admin\Downloads\SHIPPINGBILL.PDF\hs_err_pid4400.log
| MD5 | e1a9edcc6a78003272b353e04946f476 |
| SHA1 | a2678c0bb039a8c4564a298324605af53526ebe2 |
| SHA256 | d04bf609de17476b81383645969206244f0686be96de03ac3a94ee0d56cc0e69 |
| SHA512 | 56e3799a743e27524044146a46148b2616a55aa6cb3c5a0b80047acf13740cbd173d87d00f7fc6ca26bf766013890e656212ec328cbff53685e0ab87a62bd69f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 69a6109148ea8e27ed2c0e348d0865dc |
| SHA1 | 69180db850065267b314071e8e995e014d6a2b07 |
| SHA256 | ae3fb2c1bd6022c8e508f29ca07c7094a7d533cb6e315ac8c5a182c037df708d |
| SHA512 | d3b4b8cdc33b8676c250dce9500897b22d78383fa7cff7f2781431745f20c57858f62eda62873ce30237165e1f3d13fc0a214b1682ae2208b6145e4fb181c098 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 35b87e8f0140187f2bc86801822e9f42 |
| SHA1 | ebafcb3f539c4e8bf819af955c348b986dad2397 |
| SHA256 | 5e857c131477dfa08f1ec2ee975c5a6eb8baef0c1aeb3b936c2234518b992f5b |
| SHA512 | 842e1ec25e49c79efefab9209c7c93f118de14638df23196c11d4076621e9902636daaf300ab36e5acd276ddede0d5997f4582deb72348ce13e57ad8bcdbe7f0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a3ac7bee8f6a573e60bb55e84b809137 |
| SHA1 | cabcf7c2f4aeebf0f567bbc8d5460fca83f82d3c |
| SHA256 | 480cd07e96a50c5d4a490807fbc216059769af9987e3b310f80b2e12fdee6afd |
| SHA512 | 8d28af3d23a85d662430f2d86ecd8290dca4a85cf5a759acc9eca311efb6f9e49369a1a9d76b4e3337378f979580c3f90f9d0359863c791a9ea2c12d5c270ae6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018
| MD5 | 7f529c2ef4e90c2fe7b09ada4f85f4f1 |
| SHA1 | 58b9e4de7b4a1e549a17cb471541ed330a61781b |
| SHA256 | 2ebaeac31ed41fbe24fc07bc3b0fb4043422a790e356a5f38c82b125e3451827 |
| SHA512 | bcf6ee7711e5dbf1943dcd133e675006d574e3959761cb1007e69b8299c5d3a8435324427b402f65b0feb3374b625e2959fcb321b67ddbaae36c5ffcb74dcd0e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 608f5b86ba653376422bd56ffda271bb |
| SHA1 | b89ec21cbe9f37f25f933646ef5604165d376df7 |
| SHA256 | 50f29ae613063c27f52391a5bd1b7ebf4080d43d60225398cb09aed9fb8f3483 |
| SHA512 | 7cdc21182c04217372205b09776def3bb3225b89be3ced1b0e3b0ae9a1aa9368bbb11c6d42974e4f99f23245aa894c852bf7e89846bdfb0d778b5f59daabf4d7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | ad9fe0c2dd46592c8cfd27708b4efc70 |
| SHA1 | 665dc25e8b02daa8f9621763f4580607a0bc6708 |
| SHA256 | 0b468b55aed0903615fd5ff53717e9ee4ff269d9763482ce80998a0307222118 |
| SHA512 | c852fe84aa8b051380dc5a2e0ebec3b61cd2e9cf3cce5623c894007a4d826be37a42c1a05a5647323e925103bcc618a3d488d90ae85697bf8036b37b557eec6b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ce3decd63bef83441b2be6d40179cbb0 |
| SHA1 | b790f37547316d319988e7a6ab1091a787d8b33b |
| SHA256 | 82f5ac70d849cac25caf96c5c187477292f6242ce554f9d51df5231ea4298abe |
| SHA512 | 19d583782269c6b4cb9f92fd8b2a1052f8fa5d953a2fffe8d2745aad6941df38891a8d383b4a393c6a06c7a8a595519ccf6ca8c65e99cd3bbde55dc267a120ac |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ee2f921c1035cf9cbb40c223b2427f80 |
| SHA1 | 8268e92b20f6f39c60e1e8b282858351a1395444 |
| SHA256 | cad1e836ee8b8fedb3c3c9df6e88371300127d34458f665b26aad1a7f1ae7528 |
| SHA512 | da52fe08d43c0a5b776afbb69690a1ff858ad887a5ee1f85f8fe888bc9d9c5232f0c2792ee7c554c88d8cf5280da6115094d289a29aec03bad07dd81ca04a01e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 0c87866f90ba9526d30a583af79f3d6e |
| SHA1 | 9fbfb652b0be9397c7605974869bba9e58d5d001 |
| SHA256 | 7d08c7a8f351fbc28dfb5e4f930d85a71bb1ca1576d056773e27ef1de0ed52c7 |
| SHA512 | ed849c85681593818b6b86fd1734133e3898bd25e0c3373603ef494932c7a6aaebf2dbaeddb094661ccf38d3f5aad8e29303703245d4b71ba7e2d58bf8f83c57 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5f9d04.TMP
| MD5 | cebf0f3a8940d3491fe9a4a5da109018 |
| SHA1 | ddf064c84246d2d0e1c6100f3a90b4bd30b1a910 |
| SHA256 | 83c02f694654d36157b330945e00c296ec17e1e06f79075202a36510120a0319 |
| SHA512 | 9777edcdc40d7ed42106efabb3240b3ea66aa3f01e1dcdbe8611a80ffa068025c983d53e9d6a149b8c42f460e1dd88f29a5ba721200ceceb70642a524d2434cc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 1b84ea2df293eaf09e2c546837cc5d7f |
| SHA1 | a917563a096ac39938546f87953a259c886fdd75 |
| SHA256 | 8ac78fc7162354e7b25670d62a1dcb4354ff33d9dc2b4e846da7b5a0137d920b |
| SHA512 | 0e22747e109b94a211c20069e4850090d133da77ab371e5cb0386239b89738e972cbcc0096932ad7a7caa03caa3142fb7bb61d0280115b0d84f2e16f2e97d98d |