Analysis Overview
SHA256
d26c17e05042b098fa7d3d62ee0e8aa7840e1fb9da15e9491778f4411f41a146
Threat Level: Shows suspicious behavior
The file Новая папка.zip was found to be: Shows suspicious behavior.
Malicious Activity Summary
VMProtect packed file
Legitimate hosting services abused for malware hosting/C2
Unsigned PE
Enumerates physical storage devices
Program crash
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Uses Task Scheduler COM API
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Modifies data under HKEY_USERS
Checks processor information in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Office document contains embedded OLE objects
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: AddClipboardFormatListener
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-12-23 08:18
Signatures
VMProtect packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Office document contains embedded OLE objects
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral7
Detonation Overview
Submitted
2023-12-23 08:11
Reported
2023-12-23 08:52
Platform
win10-20231215-en
Max time kernel
309s
Max time network
1576s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\android\Driver\X64\winusbcoinstaller2.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 129.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.121.231.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.73.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
Files
Analysis: behavioral15
Detonation Overview
Submitted
2023-12-23 08:11
Reported
2023-12-23 08:53
Platform
win10-20231215-en
Max time kernel
308s
Max time network
1577s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\android\Driver\X86\qu_usb_serial.sys"
C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\android\Driver\X86\qu_usb_serial.sys
"C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\android\Driver\X86\qu_usb_serial.sys"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 178.223.142.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.112.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
Files
memory/4744-0-0x0000000000400000-0x0000000000437000-memory.dmp
Analysis: behavioral22
Detonation Overview
Submitted
2023-12-23 08:11
Reported
2023-12-23 09:15
Platform
win10-20231215-en
Max time kernel
384s
Max time network
1821s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\android\adb.exe
"C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\android\adb.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 178.223.142.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.178.17.96.in-addr.arpa | udp |
Files
memory/1620-0-0x0000000000400000-0x0000000000505000-memory.dmp
Analysis: behavioral29
Detonation Overview
Submitted
2023-12-23 08:11
Reported
2023-12-23 09:17
Platform
win10-20231215-en
Max time kernel
311s
Max time network
1821s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-721438792-2341338383-2410509276-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-721438792-2341338383-2410509276-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\max_pt_emmc_ddr.mbn"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 154.141.79.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
Files
Analysis: behavioral12
Detonation Overview
Submitted
2023-12-23 08:11
Reported
2023-12-23 08:53
Platform
win10-20231215-en
Max time kernel
426s
Max time network
1610s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\android\Driver\X86\hw_quusbmdm.sys"
C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\android\Driver\X86\hw_quusbmdm.sys
"C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\android\Driver\X86\hw_quusbmdm.sys"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.178.89.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.171.91.138.in-addr.arpa | udp |
Files
Analysis: behavioral18
Detonation Overview
Submitted
2023-12-23 08:11
Reported
2023-12-23 09:14
Platform
win10-20231215-en
Max time kernel
285s
Max time network
1822s
Command Line
Signatures
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\android\DriverUninstall.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\android\DriverUninstall.exe
"C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\android\DriverUninstall.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 79.121.231.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.143.182.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.178.17.96.in-addr.arpa | udp |
Files
Analysis: behavioral20
Detonation Overview
Submitted
2023-12-23 08:11
Reported
2023-12-23 09:14
Platform
win10-20231215-en
Max time kernel
865s
Max time network
1820s
Command Line
Signatures
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 96 wrote to memory of 4568 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 96 wrote to memory of 4568 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 96 wrote to memory of 4568 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\android\LocateDevice.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\android\LocateDevice.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 114.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.73.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.121.231.20.in-addr.arpa | udp |
Files
Analysis: behavioral26
Detonation Overview
Submitted
2023-12-23 08:11
Reported
2023-12-23 09:20
Platform
win10-20231215-en
Max time kernel
337s
Max time network
1822s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1968775928-2924269989-3510977013-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1968775928-2924269989-3510977013-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\hm_note3_emmc_ddr.mbn"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.73.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
Files
Analysis: behavioral30
Detonation Overview
Submitted
2023-12-23 08:11
Reported
2023-12-23 09:20
Platform
win10-20231215-en
Max time kernel
324s
Max time network
1822s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1968775928-2924269989-3510977013-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1968775928-2924269989-3510977013-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\mi5_ufs_ddr.elf"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.178.89.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
Files
Analysis: behavioral16
Detonation Overview
Submitted
2023-12-23 08:11
Reported
2023-12-23 09:11
Platform
win10-20231215-en
Max time kernel
266s
Max time network
1823s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\android\Driver\X86\usbser.sys"
C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\android\Driver\X86\usbser.sys
"C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\android\Driver\X86\usbser.sys"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 79.121.231.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.197.79.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.178.17.96.in-addr.arpa | udp |
Files
memory/2352-0-0x0000000000010000-0x000000000001C000-memory.dmp
Analysis: behavioral19
Detonation Overview
Submitted
2023-12-23 08:11
Reported
2023-12-23 09:14
Platform
win10-20231215-en
Max time kernel
300s
Max time network
1825s
Command Line
Signatures
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Processes
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\android\HandSet ProductLine 2.01.02.00版本配套表.docx" /o ""
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 46.28.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.65.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.239.69.13.in-addr.arpa | udp |
Files
memory/3628-0-0x00007FFB9A930000-0x00007FFB9A940000-memory.dmp
memory/3628-2-0x00007FFBDA8A0000-0x00007FFBDAA7B000-memory.dmp
memory/3628-1-0x00007FFB9A930000-0x00007FFB9A940000-memory.dmp
memory/3628-3-0x00007FFBDA8A0000-0x00007FFBDAA7B000-memory.dmp
memory/3628-5-0x00007FFB9A930000-0x00007FFB9A940000-memory.dmp
memory/3628-6-0x00007FFBDA8A0000-0x00007FFBDAA7B000-memory.dmp
memory/3628-4-0x00007FFB9A930000-0x00007FFB9A940000-memory.dmp
memory/3628-7-0x00007FFBDA8A0000-0x00007FFBDAA7B000-memory.dmp
memory/3628-8-0x00007FFBDA8A0000-0x00007FFBDAA7B000-memory.dmp
memory/3628-9-0x00007FFBDA8A0000-0x00007FFBDAA7B000-memory.dmp
memory/3628-10-0x00007FFBD84E0000-0x00007FFBD858E000-memory.dmp
memory/3628-11-0x00007FFBDA8A0000-0x00007FFBDAA7B000-memory.dmp
memory/3628-14-0x00007FFBDA8A0000-0x00007FFBDAA7B000-memory.dmp
memory/3628-16-0x00007FFBDA8A0000-0x00007FFBDAA7B000-memory.dmp
memory/3628-15-0x00007FFBDA8A0000-0x00007FFBDAA7B000-memory.dmp
memory/3628-18-0x00007FFBDA8A0000-0x00007FFBDAA7B000-memory.dmp
memory/3628-17-0x00007FFB979F0000-0x00007FFB97A00000-memory.dmp
memory/3628-19-0x00007FFBDA8A0000-0x00007FFBDAA7B000-memory.dmp
memory/3628-20-0x00007FFBD84E0000-0x00007FFBD858E000-memory.dmp
memory/3628-21-0x00007FFBDA8A0000-0x00007FFBDAA7B000-memory.dmp
memory/3628-22-0x00007FFB979F0000-0x00007FFB97A00000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\4DB2774D.emf
| MD5 | 9b765fa145a9a30f3df4f3d827a49fdc |
| SHA1 | 4166cf6965614b4247ad72557e5b174457f215ce |
| SHA256 | fc8f38c3d4e47aa11f912ed32e4a8997419c5e9493fcd988242ced39b584f7f8 |
| SHA512 | 8d3241c75181e197a506883cb46644e5ab3360d999eb5f887a7dc7d3ce64ddaa96537effa2b94bbe14fa577e1c96b4fb36206220aa7ea6588c287dc6d6146c9c |
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
memory/3628-227-0x00007FFBDA8A0000-0x00007FFBDAA7B000-memory.dmp
memory/3628-228-0x00007FFBDA8A0000-0x00007FFBDAA7B000-memory.dmp
memory/3628-229-0x00007FFBD84E0000-0x00007FFBD858E000-memory.dmp
memory/3628-230-0x00007FFBDA8A0000-0x00007FFBDAA7B000-memory.dmp
memory/3628-308-0x00007FFB9A930000-0x00007FFB9A940000-memory.dmp
memory/3628-309-0x00007FFB9A930000-0x00007FFB9A940000-memory.dmp
memory/3628-310-0x00007FFBD84E0000-0x00007FFBD858E000-memory.dmp
memory/3628-312-0x00007FFBD84E0000-0x00007FFBD858E000-memory.dmp
memory/3628-311-0x00007FFB9A930000-0x00007FFB9A940000-memory.dmp
memory/3628-314-0x00007FFBDA8A0000-0x00007FFBDAA7B000-memory.dmp
memory/3628-315-0x00007FFBDA8A0000-0x00007FFBDAA7B000-memory.dmp
memory/3628-317-0x00007FFBDA8A0000-0x00007FFBDAA7B000-memory.dmp
memory/3628-316-0x00007FFBDA8A0000-0x00007FFBDAA7B000-memory.dmp
memory/3628-313-0x00007FFB9A930000-0x00007FFB9A940000-memory.dmp
memory/3628-318-0x00007FFBD84E0000-0x00007FFBD858E000-memory.dmp
Analysis: behavioral27
Detonation Overview
Submitted
2023-12-23 08:11
Reported
2023-12-23 09:16
Platform
win10-20231215-en
Max time kernel
856s
Max time network
1825s
Command Line
Signatures
VMProtect packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\hw_tool_en.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\hw_tool_en.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\hw_tool_en.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\hw_tool_en.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\hw_tool_en.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\hw_tool_en.exe
"C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\hw_tool_en.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.73.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.121.231.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
Files
memory/516-1-0x0000000001240000-0x0000000001241000-memory.dmp
memory/516-2-0x0000000001770000-0x0000000001771000-memory.dmp
memory/516-3-0x0000000000400000-0x0000000001087000-memory.dmp
memory/516-5-0x0000000002F50000-0x0000000002F51000-memory.dmp
memory/516-4-0x0000000002F40000-0x0000000002F41000-memory.dmp
memory/516-0-0x0000000001230000-0x0000000001231000-memory.dmp
memory/516-6-0x0000000002F60000-0x0000000002F61000-memory.dmp
memory/516-10-0x0000000003160000-0x0000000003161000-memory.dmp
memory/516-11-0x0000000000400000-0x0000000001087000-memory.dmp
Analysis: behavioral32
Detonation Overview
Submitted
2023-12-23 08:11
Reported
2023-12-23 09:16
Platform
win10-20231215-en
Max time kernel
380s
Max time network
1822s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\mix_ufs_ddr.elf"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.116.69.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2023-12-23 08:11
Reported
2023-12-23 08:53
Platform
win10-20231215-en
Max time kernel
878s
Max time network
1610s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\android\Driver\X64\usbser.sys"
C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\android\Driver\X64\usbser.sys
"C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\android\Driver\X64\usbser.sys"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.73.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.171.91.138.in-addr.arpa | udp |
Files
memory/3712-0-0x0000000000010000-0x000000000001E000-memory.dmp
Analysis: behavioral28
Detonation Overview
Submitted
2023-12-23 08:11
Reported
2023-12-23 09:16
Platform
win10-20231215-en
Max time kernel
309s
Max time network
1577s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\max_gp_emmc_ddr.mbn"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 79.121.231.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.71.105.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
Files
Analysis: behavioral31
Detonation Overview
Submitted
2023-12-23 08:11
Reported
2023-12-23 09:17
Platform
win10-20231215-en
Max time kernel
528s
Max time network
1824s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\mi5s_ufs_ddr.elf"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 79.121.231.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-23 08:11
Reported
2023-12-23 08:51
Platform
win10-20231215-en
Max time kernel
1800s
Max time network
1827s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133477937493878183" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\3_emmc_ddr.mbn"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1276.0.2036577754\1319938378" -parentBuildID 20221007134813 -prefsHandle 1720 -prefMapHandle 1712 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c6202a1-93f7-43b4-ad7f-09bd01147403} 1276 "\\.\pipe\gecko-crash-server-pipe.1276" 1796 247765d8a58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1276.1.1812866050\1634986055" -parentBuildID 20221007134813 -prefsHandle 2140 -prefMapHandle 2136 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3efc65f8-5d03-45c2-8e03-4fcbe24e0ca9} 1276 "\\.\pipe\gecko-crash-server-pipe.1276" 2152 2476406f858 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1276.2.2117643517\1970881365" -childID 1 -isForBrowser -prefsHandle 2864 -prefMapHandle 2860 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6fb7b8a6-01b4-40f9-afa4-c92e4eb4f367} 1276 "\\.\pipe\gecko-crash-server-pipe.1276" 2876 2477a69db58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1276.3.474415425\1579109895" -childID 2 -isForBrowser -prefsHandle 3512 -prefMapHandle 3508 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f057d7cd-5583-407b-93e8-85444d68e085} 1276 "\\.\pipe\gecko-crash-server-pipe.1276" 3520 2477b40a458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1276.4.1663158625\114310801" -childID 3 -isForBrowser -prefsHandle 4216 -prefMapHandle 4212 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d1f9992-b240-46e9-ac98-5fbb733b7b83} 1276 "\\.\pipe\gecko-crash-server-pipe.1276" 4228 2477c53d258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1276.5.1158960031\1009151544" -childID 4 -isForBrowser -prefsHandle 4788 -prefMapHandle 4776 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea35cb2d-560b-49b1-8477-53070e47d2c3} 1276 "\\.\pipe\gecko-crash-server-pipe.1276" 4804 2477c9cf658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1276.6.1004874056\900834599" -childID 5 -isForBrowser -prefsHandle 4952 -prefMapHandle 4956 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1281e307-b090-4400-bbf4-11f97451f159} 1276 "\\.\pipe\gecko-crash-server-pipe.1276" 4944 2477c9ce158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1276.7.948089434\1100430546" -childID 6 -isForBrowser -prefsHandle 5132 -prefMapHandle 5136 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f01ccbb6-57db-4ce4-ac03-459626c66458} 1276 "\\.\pipe\gecko-crash-server-pipe.1276" 4804 2477c9d0258 tab
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc641c9758,0x7ffc641c9768,0x7ffc641c9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1844,i,17047214649279445672,9104589823413593297,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1844,i,17047214649279445672,9104589823413593297,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2080 --field-trial-handle=1844,i,17047214649279445672,9104589823413593297,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3016 --field-trial-handle=1844,i,17047214649279445672,9104589823413593297,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2984 --field-trial-handle=1844,i,17047214649279445672,9104589823413593297,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4448 --field-trial-handle=1844,i,17047214649279445672,9104589823413593297,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4600 --field-trial-handle=1844,i,17047214649279445672,9104589823413593297,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4752 --field-trial-handle=1844,i,17047214649279445672,9104589823413593297,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3796 --field-trial-handle=1844,i,17047214649279445672,9104589823413593297,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4640 --field-trial-handle=1844,i,17047214649279445672,9104589823413593297,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4720 --field-trial-handle=1844,i,17047214649279445672,9104589823413593297,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5008 --field-trial-handle=1844,i,17047214649279445672,9104589823413593297,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3796 --field-trial-handle=1844,i,17047214649279445672,9104589823413593297,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 --field-trial-handle=1844,i,17047214649279445672,9104589823413593297,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 --field-trial-handle=1844,i,17047214649279445672,9104589823413593297,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4608 --field-trial-handle=1844,i,17047214649279445672,9104589823413593297,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 --field-trial-handle=1844,i,17047214649279445672,9104589823413593297,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4628 --field-trial-handle=1844,i,17047214649279445672,9104589823413593297,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5852 --field-trial-handle=1844,i,17047214649279445672,9104589823413593297,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5208 --field-trial-handle=1844,i,17047214649279445672,9104589823413593297,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5884 --field-trial-handle=1844,i,17047214649279445672,9104589823413593297,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5896 --field-trial-handle=1844,i,17047214649279445672,9104589823413593297,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5880 --field-trial-handle=1844,i,17047214649279445672,9104589823413593297,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=164 --field-trial-handle=1844,i,17047214649279445672,9104589823413593297,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6108 --field-trial-handle=1844,i,17047214649279445672,9104589823413593297,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4752 --field-trial-handle=1844,i,17047214649279445672,9104589823413593297,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=3136 --field-trial-handle=1844,i,17047214649279445672,9104589823413593297,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5320 --field-trial-handle=1844,i,17047214649279445672,9104589823413593297,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5808 --field-trial-handle=1844,i,17047214649279445672,9104589823413593297,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5648 --field-trial-handle=1844,i,17047214649279445672,9104589823413593297,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5440 --field-trial-handle=1844,i,17047214649279445672,9104589823413593297,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=3080 --field-trial-handle=1844,i,17047214649279445672,9104589823413593297,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=5776 --field-trial-handle=1844,i,17047214649279445672,9104589823413593297,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=5800 --field-trial-handle=1844,i,17047214649279445672,9104589823413593297,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=4436 --field-trial-handle=1844,i,17047214649279445672,9104589823413593297,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=3228 --field-trial-handle=1844,i,17047214649279445672,9104589823413593297,131072 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 79.121.231.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.117.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.171.91.138.in-addr.arpa | udp |
| N/A | 127.0.0.1:49832 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 44.236.180.36:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 35.155.84.57:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| N/A | 127.0.0.1:49840 | tcp | |
| US | 8.8.8.8:53 | 36.180.236.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| GB | 88.221.134.209:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | 209.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.180.14:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.180.14:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r1---sn-4g5e6nzl.gvt1.com | udp |
| US | 8.8.8.8:53 | 14.180.250.142.in-addr.arpa | udp |
| DE | 74.125.11.102:443 | r1---sn-4g5e6nzl.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1.sn-4g5e6nzl.gvt1.com | udp |
| US | 8.8.8.8:53 | r1.sn-4g5e6nzl.gvt1.com | udp |
| DE | 74.125.11.102:443 | r1.sn-4g5e6nzl.gvt1.com | udp |
| US | 8.8.8.8:53 | 102.11.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.4:443 | www.google.com | udp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | ogs.google.com | udp |
| GB | 142.250.200.46:443 | ogs.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 142.250.180.3:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gg.gg | udp |
| RU | 91.215.42.31:443 | gg.gg | tcp |
| RU | 91.215.42.31:443 | gg.gg | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 96.17.179.184:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 31.42.215.91.in-addr.arpa | udp |
| RU | 91.215.42.31:80 | gg.gg | tcp |
| RU | 91.215.42.31:80 | gg.gg | tcp |
| US | 8.8.8.8:53 | check.ddos-guard.net | udp |
| RU | 185.129.100.100:443 | check.ddos-guard.net | tcp |
| US | 8.8.8.8:53 | ddos-guard.net | udp |
| US | 8.8.8.8:53 | 100.100.129.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.androidfilehost.com | udp |
| US | 172.66.43.61:443 | www.androidfilehost.com | tcp |
| US | 8.8.8.8:53 | androidfilehost.com | udp |
| US | 8.8.8.8:53 | use.typekit.net | udp |
| US | 8.8.8.8:53 | use.fontawesome.com | udp |
| US | 172.66.43.61:443 | androidfilehost.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 88.221.134.115:443 | use.typekit.net | tcp |
| US | 172.64.141.13:443 | use.fontawesome.com | tcp |
| GB | 142.250.180.10:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | 61.43.66.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.141.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | p.typekit.net | udp |
| GB | 88.221.135.104:443 | p.typekit.net | tcp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.16.56.101:443 | static.cloudflareinsights.com | tcp |
| US | 172.64.141.13:443 | use.fontawesome.com | udp |
| GB | 88.221.134.115:443 | use.typekit.net | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 172.217.169.10:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 104.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.56.16.104.in-addr.arpa | udp |
| GB | 142.250.200.46:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.46:443 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | tcp |
| US | 172.64.141.13:443 | use.fontawesome.com | tcp |
| US | 8.8.8.8:53 | 10.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ava3.androidfilehost.com | udp |
| US | 51.81.56.101:443 | ava3.androidfilehost.com | tcp |
| US | 51.81.56.101:443 | ava3.androidfilehost.com | tcp |
| US | 8.8.8.8:53 | 101.56.81.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | tcp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 35.215.58.216.in-addr.arpa | udp |
| GB | 142.250.180.10:443 | content-autofill.googleapis.com | udp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | e2c11.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| AU | 34.129.38.245:443 | e2c11.gcp.gvt2.com | tcp |
| FR | 216.58.204.78:443 | clients2.google.com | udp |
| US | 8.8.8.8:53 | 78.204.58.216.in-addr.arpa | udp |
| AU | 34.129.38.245:443 | e2c11.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 245.38.129.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| FR | 172.217.18.195:443 | beacons.gvt2.com | tcp |
| US | 8.8.8.8:53 | e2c43.gcp.gvt2.com | udp |
| NL | 35.214.142.18:443 | e2c43.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 195.18.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.142.214.35.in-addr.arpa | udp |
| FR | 216.58.204.78:443 | clients2.google.com | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | tcp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| FR | 172.217.18.195:443 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | 178.223.142.52.in-addr.arpa | udp |
| RU | 91.215.42.31:443 | gg.gg | tcp |
| RU | 91.215.42.31:443 | gg.gg | tcp |
| US | 8.8.8.8:53 | drive.google.com | udp |
| GB | 142.250.187.206:443 | drive.google.com | tcp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | androidfilehost.com | udp |
| US | 172.66.43.61:443 | androidfilehost.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.187.206:443 | drive.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| FR | 216.58.204.78:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 64.233.167.84:443 | accounts.google.com | udp |
| FR | 216.58.204.78:443 | play.google.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 172.217.169.42:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.179.238:443 | apis.google.com | udp |
| GB | 142.250.200.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 84.167.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content.googleapis.com | udp |
| US | 8.8.8.8:53 | blobcomments-pa.clients6.google.com | udp |
| FR | 216.58.204.74:443 | blobcomments-pa.clients6.google.com | tcp |
| GB | 216.58.212.234:443 | content.googleapis.com | tcp |
| FR | 216.58.204.74:443 | blobcomments-pa.clients6.google.com | tcp |
| FR | 216.58.204.74:443 | blobcomments-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | 234.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 216.58.212.193:443 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 193.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | peoplestackwebexperiments-pa.clients6.google.com | udp |
| GB | 172.217.169.10:443 | peoplestackwebexperiments-pa.clients6.google.com | tcp |
| GB | 172.217.169.10:443 | peoplestackwebexperiments-pa.clients6.google.com | tcp |
| GB | 172.217.169.10:443 | peoplestackwebexperiments-pa.clients6.google.com | udp |
| FR | 216.58.204.78:443 | play.google.com | udp |
| BE | 64.233.167.84:443 | accounts.google.com | udp |
| FR | 216.58.204.74:443 | blobcomments-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| DE | 216.58.212.131:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 131.212.58.216.in-addr.arpa | udp |
| BE | 64.233.167.84:443 | accounts.google.com | udp |
| BE | 64.233.167.84:443 | accounts.google.com | tcp |
| US | 172.66.43.61:443 | androidfilehost.com | udp |
| US | 8.8.8.8:53 | www.androidfilehost.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 104.16.56.101:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | use.typekit.net | udp |
| GB | 172.217.169.74:443 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | p.typekit.net | udp |
| GB | 88.221.134.115:443 | use.typekit.net | tcp |
| GB | 88.221.135.104:443 | p.typekit.net | tcp |
| US | 8.8.8.8:53 | use.fontawesome.com | udp |
| US | 8.8.8.8:53 | 74.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.200.46:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.46:443 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| GB | 142.250.187.206:443 | drive.google.com | udp |
| BE | 64.233.167.84:443 | accounts.google.com | udp |
| FR | 216.58.204.74:443 | blobcomments-pa.clients6.google.com | udp |
| GB | 172.217.169.10:443 | peoplestackwebexperiments-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 216.58.212.238:443 | google.com | tcp |
| US | 8.8.8.8:53 | 238.212.58.216.in-addr.arpa | udp |
| DE | 216.58.212.131:443 | beacons.gcp.gvt2.com | udp |
| BE | 64.233.167.84:443 | accounts.google.com | udp |
| FR | 216.58.204.78:443 | play.google.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | tcp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | 116.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.com | udp |
| DE | 216.58.212.131:443 | beacons.gcp.gvt2.com | udp |
| GB | 216.58.212.238:443 | google.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 142.250.180.3:443 | ssl.gstatic.com | udp |
| GB | 142.250.180.3:443 | ssl.gstatic.com | udp |
| GB | 142.250.180.3:443 | ssl.gstatic.com | udp |
| GB | 142.250.180.3:443 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 142.250.180.3:443 | ssl.gstatic.com | udp |
| GB | 142.250.180.3:443 | ssl.gstatic.com | udp |
| GB | 142.250.180.3:443 | ssl.gstatic.com | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\datareporting\glean\pending_pings\736c9b99-eead-4822-a01b-7d8a5d2c56c0
| MD5 | 5f86279f6977c135fba9d2cbad1f703c |
| SHA1 | d72d443d06597f76306318b93d61e32bd3e51220 |
| SHA256 | adf872dc9c779b1836a935867bcf73b9ebdc7f2479fee9c0bce572aedd84acb6 |
| SHA512 | 6cdd2339859d2b5b3ef8d1b7dd52b09869f69d4a66e331852d08b5155a39c1deba5a20dd6830830af6b1879ce1a28d375b9ab984e3c9e72f30e89d9345d758c0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\datareporting\glean\pending_pings\15b1e7e5-f48f-4acb-bbe0-1e15e12c4ee8
| MD5 | f4399133d84b58bb0d234a5009d156f9 |
| SHA1 | 6ccb11c613c50c88f7eb18b90602ce54484e80eb |
| SHA256 | 63dbe4f2b7807723e7d9a48f1bd0f72f0e373658a9e16d9f4f87e9ff772da8f0 |
| SHA512 | 888e9add20bfeca8e2e16d4806de2624f6e8ea04acdba173d7dd2722f1748d6db380d9e705422fd5fb3339a0dcf719a1445c3c1ad7204e8b4cc672120791b37f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 3d48bd0b348247df7c00accb3d83ccaa |
| SHA1 | bb6cc5d5e4ff9db3180379f2422a056457013bf1 |
| SHA256 | 3b5d19a61c3fa6f7b097a5790e00a62445696250635d5e2f4b21bd73cd37fabe |
| SHA512 | 82f6c90e58d5098b7cdf3900545c81b5eb9c6011f7fe97f00aa42f1768ab287a328173ebfaede38f9aa14b159fde89d77621aec33bfc10fa86793a16b9cdb564 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\prefs.js
| MD5 | f6e54092d4695e611c37dae5588dde51 |
| SHA1 | 2b012ae3bb7c73ca56366b260216f8bfabef274d |
| SHA256 | 78a747ed0cda86ca4ed44aebff0b868ae168c504e74b67764778d0e7a1008542 |
| SHA512 | 2cc8a8ae556bd1f525776dfa831e8b6333c87b177a95ccb4b6dd17c4ae951901d759ebbf61ad87aaaec1e4901813885f0aa12c0cb34e0507c8bd3bc6226e2ab3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\prefs-1.js
| MD5 | 346d19a3db64c763acc1c300867b436a |
| SHA1 | 5f02a77caba113a8d8b523e944349087593128cf |
| SHA256 | 4ce16d03f431a8ac8122e24bdbb3fe333b26dbed05fda8ff74f913de77aba51f |
| SHA512 | e6317cf9ca55ebf8f7e0603996a680a1b66a1238d786532341d58977d069ff4ff8ad681db9260566129485f23c0a4aad9632c7aace730f81542edae91a14c97f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 7318ae5d4df54f74b9878bb5b57ee09f |
| SHA1 | b170226fe0d4f30371c62cbd2b1bdfbc02097d1b |
| SHA256 | 831f5094ab7c6721930746be781d1d06868ce8b0f848d89ee73c79e302949e27 |
| SHA512 | 26f932dfe670a50708e93a24a7423798952b8be635ff09bf0b43def4f565dd2255f2f9416f8f87a4aec6fdd57cdc9bccb99f3ed7683d380ed1ba505c48214b41 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\prefs-1.js
| MD5 | 08436a3fd1e6881d19d5c9ae9cbc774d |
| SHA1 | aab0068bba918bb56ae5d41725d26c0467172b37 |
| SHA256 | 7dfad887bcd3f5bbed80a48d9c6e9fb3c9f91a789208682f45e7d48a48bbf177 |
| SHA512 | cb37b448be1d71f8cdf06e16cc51cff6ea35afebb61e4f3c4653b9e55eee5e6210d4c34ce487b1641f30864471d0b6a5d01acb8391e36890054dd60b6342130f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\B573808F9B4F64D3E5F0B069BDAA48EF4086E712
| MD5 | 7be59c6ae32baf455d40e0f6f7ddbc5d |
| SHA1 | 22e8e6f5ecd7113abf2dcdc8850787d5ddf3e1a9 |
| SHA256 | 4bf45ae582733fa006e8d4538dece89bd526d6d4087430f12addb64d76df2984 |
| SHA512 | 35f70bebfb6881a6d2612262eda8456d863bab77e3133546f648966a5ccb7842cbb8ba23532d4fd37a667f5ee3ab88e97e9119f77e7ca7d979bf1c72b1afd317 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\prefs-1.js
| MD5 | f36c1011c260ebf8392261e17fc2fcfc |
| SHA1 | 5258f55b38e1f4901fb841324232ce90c2237edd |
| SHA256 | 9503bbf0e8705e657bd23d9ab5a0c7ad1f0282d001d17fe08e38704ae04ae9ef |
| SHA512 | f15e24ab702ebe4b3b99f9598c9452fdb330df59c6057f4d814b5f7dad3f32ba77a49c27debebf963b0413ddbd23283742fcbb89ef0b87daeae7d02886140c0d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\7002E71F4F8431A3D59D2158243A0EA278856918
| MD5 | f736fe8d7f824a57aab605bfe0fb917b |
| SHA1 | 2002ceb65836e9ddb8e43f770b3eeade254066bb |
| SHA256 | 8e8af001117fde3ec18887e944329637f36c933b67c19fc40b184d6c7f592f4d |
| SHA512 | dd303c7a473e54ac8f8bf0be438fb369bca61d3e2cb4ec226468de673b199bf4dad489c4ce64f26c3a2f776bc52d80c9e4857504ba8f56653eb61f2ccf4881b9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\sessionstore.jsonlz4
| MD5 | 5ec0c205934cbacb1749e0fb8e5e095a |
| SHA1 | e6c2176476d0088485823fc2203b45746c09dbc4 |
| SHA256 | 8bc35e302ea1cb6590302658a2be732dac413731396dfa59fbcb0731fcbcc4ea |
| SHA512 | eaac940618d99ce607576f0f55e7fea786cc1e2db0890d9332b29dfe1745322367a42e1faa61c3bdcfbb82510692855184a752beff0fe4b4a370b15db55bd68f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | e50e5a357390e86b372cefba823f54ec |
| SHA1 | 7bf04bb2d1c5d2f40b227d40a449417329190b06 |
| SHA256 | 279abfe43aaa213bb42360d5ec17846b638d3433927d666cf4545b29653a460a |
| SHA512 | 77fb2c1b8260fca2fd48666d11d3ada6224a846016fb35b23a56ec2fc4f14750d5e69f5141c95f9a68c4c31d9d6d1118532784250113a60b5009e4c37150f47d |
\??\pipe\crashpad_4948_PIAGZNFZRBSATRJW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 5de08ce8dcb9b637436d3d37aaf63805 |
| SHA1 | 02312d218910374df49d965967a8024656ff86bf |
| SHA256 | fa644d008e3a2ad1d1a11beaca4e9959fe2c391afff4d7918f03db10ce2196d4 |
| SHA512 | a65616ad12c2ba8b15092b18c59708969f9245c49d0e55746a025c21af5517e790e1caf32f290b49a351b2d6e5fa65ff10821791c0dd7a416f139efdf70b820f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0c52a658680d6379ba20c0c53160d325 |
| SHA1 | 6eafd5b64135bda360c9e6881590c120955d37e8 |
| SHA256 | b9f6e6ba7f02f4109d902cbe361911eb46b61c45cd7cff006dc4d754e1ed2416 |
| SHA512 | 6e020a9c31ce45f341bc1baa40df9797a6947671c11b8b08dbe5cd5e53da2518d2aca4d4ced76d3aefafc0d8372a3822740476f5ef24ee1d37f707eba3b38a6e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c2fcd740581acd9c72b002b8d5578555 |
| SHA1 | 6a033ac1ff9dc8ee43dd80e9997bb9a3a1f8732f |
| SHA256 | 8ea7a0419c7ac8f8db6007a7cdefa92a29e0eda6be1f2e289110700dc3e8212d |
| SHA512 | 8cd3a3a460ffda29f2e5f96d5085e722322f80a6466ae71266279b482b4e96c76d4d2b951d7a10d2ff5318d957873a2c05421099e5b5df630298cc8c3da09819 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d8cceaf9f848078549879ef681d58ea5 |
| SHA1 | 6cd54c9fe96c819c3dfc059297c7328069fe4c6f |
| SHA256 | 9a2843af21b30c7852f748a816c12bbdabf4597712d9a8e03ac82bd31efea633 |
| SHA512 | 5a687ee0d0f2abdc760f776e2371a8e5b2b0a9c3972736474457d6487d685a66e57fe1b65e4d457c22b0a22f5d6982c62bcaa0f1d75cc32f89e88ca01bc7cc00 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6f74bfccda7b606117ea58377251b493 |
| SHA1 | 2ad0df697613191a9cd9c868e9d4560976b6bbf3 |
| SHA256 | 801bdb8ecca2ec2e09e5e2746298e6bd04de887a7aea4d734e2efc590152a1e2 |
| SHA512 | 9792e33538b6505f48e2e2d154aad83f5b809f69f36025eb67663e6efab4adeb2d181aecc1bf864e776feb4aaec1b0ed988b4a78370b0f0235ac562476e4cb06 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 330f4e99623ec5a3d241a8fef15428b8 |
| SHA1 | 053f644c96feff02027b4f5ceba83ec166d2a6d0 |
| SHA256 | 36f4c09b89e08bce475f1b19254cffd99fadaba60d35b05924bb1161713362b5 |
| SHA512 | 3ed812a49bf5297b19ed825376dcef1f41de215bd786ee91f5651f0f77f24ca386de06c002814738cb0b1660b7f85dc083b02eeabffbb0e89632cdbcd5ee9c80 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 894b311ebc8f0000d951b4f292e847c7 |
| SHA1 | e16b59908ef21d0af444b91780e70ff6aa953f82 |
| SHA256 | c5a5d235200cda46a3875ff6fa1555287c652cce1397a01401114a4b13d8f7ac |
| SHA512 | 8777a8ffa7dbb5f2fc9357662e0433cd8e19addd2d58e77dac81b5edafa0bcbf9215fc3484e9249ca46f89ab154c93283975cf91242fe679078de0160f7d30d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5fea88.TMP
| MD5 | 7523534ba1236ab1f474097644f5221a |
| SHA1 | 9f4938337d33f4063bddbe62d757ea4d0ab81e20 |
| SHA256 | 166c7d684a99f59a934eab35649ecf31b3623271bde279a5e6fa73e2dda2300b |
| SHA512 | 4a07dfe886d95f056585f5a6affe767bd40c66e7324d5e79c8b8369a4d90d6099a038b6986ffd8f42689672af44fb7c3e8d74a69d04b1360bf66c5948afca23d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | ef60c98f20aa5f57560afe25d530c403 |
| SHA1 | 7049d8a5367719f62bbd08c1d47047b8435a531f |
| SHA256 | 629ef7f7c16d39fb421b211ddaa7f8b75db974a3f67cd150caaa836a1c28477f |
| SHA512 | 14a058db395ceb3c8d3d43e569779d4f7e3ab2feb368cfb8e6456e9fc4509a63991a2d7546ccc6017daa5b3d273b43153fdd9c93552f965cc5c3abf995188d90 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\60636c7e-d7b7-42c0-ae84-789f79a3c2c4.tmp
| MD5 | 86f1c6b5cac9407917e358dc7c7782c6 |
| SHA1 | a7a44d83f3d8f1b441d5f949acac50b6c6dc30b9 |
| SHA256 | f6e830b467bd21c8faf0b5a98fee3047a7b46ca6987f763cc10b93516eb1e63d |
| SHA512 | 283be3b4a5d6df09ff9c7a8649205b49e2fd33b4273f3a01b7ea204eb6e4c818263d2d5c8145fa1f2eb9b1dea3a40c9520efdc038a775a9bf6adffdeca41bc7f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ca02963d7346ee925a42acf39f67a21d |
| SHA1 | 3a7ff2086bfaf2e1253455104dfc1c4e6d42eb4b |
| SHA256 | d5e77c5a2922e14044fee6e6b09696c42b54ca7ac4b2885f8fb19dc013fad37c |
| SHA512 | 73d1b69c863d1f0790d1cbaf6a4a2c36ba15c5b94017755e9d59183c4a172d83b54fd15c1f2d49028c0df2c99d74427a67d6c478af852560f45b525231861fe0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 9b87b82d40b4c7faf6f7d18b53c28ddc |
| SHA1 | 2d2fea8cf96e7f227b45c38dbe9bd849f7ecd144 |
| SHA256 | 919ead5a73526fec5af09d3ea799d316b96234b75a82140bea76b87be6f29592 |
| SHA512 | 1d5a3b071623ba93eb8bb4e9a00728b7bcfa9af2fbb9480ef07a208693f4306c36d8f9a758ddab5315cb93b765713bd92c17eadd849eee84e27d5f6b9d8f0e55 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a5566b8ae34ca7746d1c39bd5a7d1141 |
| SHA1 | cc900299b395cbae0f6e28e4dcc5636a22d3fa63 |
| SHA256 | db9305f0b8fecd34f9359ef045ddb611d91c6edb8e3e4591b5820dcc2c528415 |
| SHA512 | 8bcd8365f414c596b37884135a8a405f045f5f15517a681d499a41ad0f0af0404b1fa33f97010f4da1caa8871624ee701ed237cb9c5c6ffeed0e4053d2f0ffe4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a555439b087732ce672196b3ee664d85 |
| SHA1 | b67ad5553f35bb69af1d56ee70ff111bc5757b7b |
| SHA256 | ec50dceb1d307b3fb173bca0f4f9ded75fde0c0844bbf4868bb012692f331e31 |
| SHA512 | 06884ff0765145ff11017ee6f2a8dc8e27554eae67582bea2630fd44be7f2e6e90eddaecdb00a92a1791571900bd8a7b8ad788e5b1a78a9d893139e91fd7b913 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 3bb672c87d15ab6dddd07a01311fcfdf |
| SHA1 | 5288b86cae481988e73ec13cb5e1dfd0b3985095 |
| SHA256 | e2548d6a2818450bc72e9669aaec363b78a22c8610a37f303400037c8705a4ae |
| SHA512 | a68086fe39db979befc3d04cea0d7603b7a6c35b2269bef158d99d001a1cede64dc15cacf13c784648462454b7b29a3b71d567cccb32d5a516a142498de704c1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | ebe4a48a390cef8c289b2937a5d765f3 |
| SHA1 | be20449911c5d9b6ed7c6bec1c94649c1d6b6ad6 |
| SHA256 | 4a83c56677c5ba5d529bda6d77518998e4e19bf86bea25f1a282ed52d51c3896 |
| SHA512 | c68ac3fd547d84b1ce55339cb0a834c60b614a0928d0612490ca70fd2c15e4faa236fedb1fd994a6a1149aca4cc7f62bc79be7025d472dc11a23a4babf4c4fdd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8a16131394731285862ddac35f868244 |
| SHA1 | d25caf80bae04235cadd40b612d156a80eda937b |
| SHA256 | 009e6647b6ed8b0d88f291fc36dd259ce535aec0292b8e48516c97fd7125227c |
| SHA512 | a79b4cb1aa65f7855d8ec5595954d906ff8c0ac3c47ab0131b1f8e5d60f543f95c211621845e6c32fea8a91ba51517fce88acdfe304ba5f5455f903d9d50f255 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 2b65dacd891db5cee9f9fb59fefd6b60 |
| SHA1 | 53f1bcdae23b3e623e427c519f71833b4108d07c |
| SHA256 | f35395eb437aab8ee6a29bb0345daf8ce2a3c8b58a03b064bf417bd4ab830110 |
| SHA512 | a6ebf9dd2b0ce36fb1b83dffa88423252ad3c835fb693be61a2da5c2b449c2013fd4c979c764e424b5c5e34fb90fabda360d5370870879eded16cb320e2d6630 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0c17620a58b920406d3b2382b366f505 |
| SHA1 | 773741055e57e1993b3bd96724ff1a5b330b3af4 |
| SHA256 | c86ab5bf6097f8f9fba89904a79e202b0a7aeb063268ac755965e4a3f7bc5b6c |
| SHA512 | fe4374c5179c894dd0025883da12c98920d01526d1115128231ec5677a0a891327535798fe8817c79fa773bd7354efeee1f14785599f3a99fb1b2411d66e7a96 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 774eb716143f30f28504662aacf489ac |
| SHA1 | 6548a7039823b20a424f1a14c49f8a91cef387bb |
| SHA256 | c475af8e3d8b12a757db2f7d55dfed3fa6b36baa37d9e6da62921abf6e632afa |
| SHA512 | 9948fdb779c09f43f979efdbcd5c077a7b20adac5986bbe4ed71493703ed9c708c840f90c8d4ff70d017504989cbd9d4ef4a9239060ebaba4e8a1e8ae9de2aa4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0610fcf6f148e521aa7482e75fc061ff |
| SHA1 | f73c6e284cc791dc9cdf70a70219d0509ec896ec |
| SHA256 | f7d8373ed1b81c463ae4a71d3ffa7054fe4e2705ffce9a7091335df3a0c7aa29 |
| SHA512 | b9952a91a1fe20c0a87ad878543d6577b7649bfb733ce944d4224bfe05907f580daefd5ad0cfb1fc3a242e6073effce7de8d9d2bbfb6d8299b51791e8439335d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 618e1fb06c2553843d5fc029444a5d33 |
| SHA1 | b6c59dd19598044bb13517e6c00334a98b12703c |
| SHA256 | e4c96430db3c66183f78d3508bab09f835e17e9caf1d26db35f96bc2f6dbe651 |
| SHA512 | b6b59d32de70e648a46108511bb66b0980415acc1d99a54d1cb6829e90917954fe39e2cadf92be64050091013dcae22fc2543fa60ee752a987c711f21409e26e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b5e9e9f0ce7da0221a33771421ebb797 |
| SHA1 | ed3ac4a10b645b02adf60e776ad05a5bbe416c37 |
| SHA256 | 685ef5d0fc7cfe7816cacaecf8cc8d2cd1998218e3bcc1cded476e80809c369c |
| SHA512 | 1f2c6b5b277ef1a525a74cb010fbc60395190c69e99c247949001de7671d84277c552a66ce2bf9469e80a6c75e3218cf81d78ab877d215358598ff725ff2607d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | ee1cf40179a8a192ff346751feea6a8b |
| SHA1 | 1f7ad1a4cee46eb4d84be63b3389274ca58c120c |
| SHA256 | 4b83161c89237f944d4e14aeb48be8bce28f05c4af687aa29ef5b184689db8ef |
| SHA512 | 06b1d518ee099c88170aff61571a9d0a5851e5e4f3682765630227b3a53b52b9bc1cf3524db4829436a0271e1896bebaf87b20116e6d02df29f226a7d9b84208 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7dbd7857e3130b534f78ecb8bec34f1e |
| SHA1 | 11ba3afa6f629819051c575b34ec554c3eb78680 |
| SHA256 | 9565c410a92e1c270ab9ca94c04ab97d0fe68d5a08cd216abe9b7539a5e1415f |
| SHA512 | 659da16c099c6821ac2c5d3d0ae70f7081edd2ebb29c985eb47c2316314ce20d476515e6478164dc661685fa5011251e860097495f86d452ecae0ad0e2502613 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | f64b8445b71ebcfacc9cd1ce51df9559 |
| SHA1 | 30641e58dcac9b7c07d8609c49a973d5eea12d79 |
| SHA256 | 09e614c68f6fe093d06b09e4d87d1dfc19e093969e90bc34d161ab2f5387da49 |
| SHA512 | 8d1c4f7f935fe77ecfb1f9eed892bce29c69c62dcc38d7689eab2fcc89142a8abaa6f16d546f7aab29f76779ccbe9affa567bdd3e3e933b1b763f51900fbd682 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | c25b51a85a07f62dcb195f8c20bda0fa |
| SHA1 | 9699aca40a0a4b78b595d8149ffdd3f61c211db7 |
| SHA256 | 3f890e834ea8fd09756510d74e4fad4661e017aaaef53b7a8a4392acb0516fed |
| SHA512 | 05ff3cf15b315805c9a3bb3e4652ff61002f085259bccfe05da7b1b245dfcc36725f7cffcbbb1ac798e4a34bf72766801be96c13774bb0cce9631fd2cccbec9c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8b5dd04209d147f3190e720897878246 |
| SHA1 | 97e700e63b8de468f4d2407b4af230f450598694 |
| SHA256 | 79438b464589978fa4a7f4a15a33585f49d2a28590a38a33df3a376bfd962c72 |
| SHA512 | 0645c2a0f40721f5e07daabd14f7352f64b1cffd5958496129e05768091dd3726e1529319f2052aa276244ec6c94282690253322e9c81de0451d3c421c3be90e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | da03b4141e582823079487b808db2a3f |
| SHA1 | a739f7cee29e0e27e2e344df07a2f85eece20271 |
| SHA256 | 64f0933e8e2cd8767f4efa1a5640293d99201365e8824a6bcb61adcd631e2d23 |
| SHA512 | dbc58d851efbdc583267c152fb0b28c7fb86cec5f41638914ab157f69e253482db5791d1347ca0f2bd7f632f2a0a4ec85335ed253c12a79f40b1d7e82ef61928 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022
| MD5 | 929729aa7cff46b3dad2f748a57af24c |
| SHA1 | 81aa5db7dd63c79e23ccd23bf2520ab994295f2e |
| SHA256 | 3c63e6c7fa25849799d08bf54988bfb3b77b1d1eebb1e55a94b64995850cba2f |
| SHA512 | a10eaa6f2708b683bd43295b9c3da5840c0eb6d8a6b9e1922a534270fecbc0dcdb4cdcc28768df292a06f6210885b510254bdca17e5b3c507b0337fe7dc3d743 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1667f704b047a11c4d5b54b855f52035 |
| SHA1 | cfd0e172fa1e58fd977b33c91a668b99e998fb9a |
| SHA256 | bf06251e8d80563921556f63a54d533670711fe23d526f055d563426a9921d5d |
| SHA512 | 0efd84a9e30760f9579274a5d6fc528f73dbba5fbedc01fa39ef05f28dea06a5d2b67ee7667a81694bbf0dd30164978b5af36033bcb498579071b9f731cc0e27 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8f2aefb3b12aea422a776ba941655a2d |
| SHA1 | 6669bef2fd2ceca821f07be539bc38032dafcdb1 |
| SHA256 | 353c6d188e5dd62682a1d4ce80f125809a137556f68c1fd76dd9cdffc6da36b9 |
| SHA512 | 4c8736384f447c1270b1abd6c2d04c75949c045239a0dda2ac6261fe73dc100d4d98bde5d0754c4f0ca0378086f5ce29bec2c2e268f3c0311ee9844d9163553b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 5ec8a68f08fa54ab986052cc557ed2f7 |
| SHA1 | ee0c0de72f02f857ffac53727bb1ba437c91fb10 |
| SHA256 | caca2ce6e009479c8918247cefd44528966760f55efb4352f2756bb0328c1984 |
| SHA512 | aa77bd320ab3ee1f6012e341720895fb11bccace21786f8a9c2193deb90958d4b308ff5191b757a12b0587848eb4e0d194dbaa88987bddeec9c690b25558939c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d3e0efc12e8c74ab4acf30d1f6b8d786 |
| SHA1 | a9ff30fc52da8f01183433b2b796877df19f5276 |
| SHA256 | d1adadf341a007d5c2b0f297e09b962a3b2e525bfcc1f25d39b2ab41714241f1 |
| SHA512 | 1e5a07b107181dc64777d2341051a7041899accc44f169dd07f2a4f2c583db871d8a78ff8a9003e498321f28a32b365497de3f244320821e8098f763698655cd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d
| MD5 | 6db895a1b427dc3c8e620e47c15c68be |
| SHA1 | ab1fb4f532fed6a03b44500a92c7f3b584ef951c |
| SHA256 | 8843fe9fb655da6d5ac8a34c7629e2ffe25af87dec70e0dd0f0c2d78cd4198c6 |
| SHA512 | b9358b97aaee7a5dd6cc71c4e80af5c24696213adbbd947166d1f89c82914d678a6217f5e197b56503ee43b13942ab277d443b9511915eefe0284945ce76af74 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013
| MD5 | f5e29b5dfdc2fbe205842d933ed60c74 |
| SHA1 | 378b17f87accb41e3ae2a833fe9a3a837bf619e1 |
| SHA256 | 89dd7fc685e7c5b7dc707d7171d9512364d8e5c4bc89928d8b3063646545269a |
| SHA512 | fd6033fedb6fcef83025643e016367edaac9b3fab09c35b7c5320d839c3bec85dbd5b628e7563e6f019749d5b7eee7caf182a7109eb98b131ef89d7cece5623c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a
| MD5 | 95bea21166e248773de3f1d5fe58cc93 |
| SHA1 | 58caf3d3e2f83cc91cb98eef6e2b4ecd55b7f62e |
| SHA256 | 99c60c2a6da6771e20b288777c7809d87dc466e2c9a843dbaf8f0ff16acb6a1b |
| SHA512 | 22a7ff1aa14052061e0dd2a493eb835c674cb6e96c2b1d3ad533035eb0cb20296a115074107bd05a2313a189051ac6ec8efb6de236d98df54702ae9197ffb0be |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c
| MD5 | d20e5197303a3d586fafdab304157672 |
| SHA1 | be3790c74d1b40d2cfe3590fbf05c5bbd3bc7ee3 |
| SHA256 | 492cc1406bad0e5b7b1e858f4524582c85a805ce79391f77ab5c18c0145d7bab |
| SHA512 | 3d6415407a5e9ed857d1f505b5c277dfc486bae7c371a10369b1364fb576b4234e032c5e5c75fcdb94d2d95c5d12cc245743b508e56335e57458117f2252c022 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d
| MD5 | b54e26e3b806c6496ae5900594797673 |
| SHA1 | 82f5d8575cb75939feb4352d852a775c606f4c15 |
| SHA256 | cf0b59f29e82627bc738d930cb2477aa6e079f21b45695ebe220f9678524c5c4 |
| SHA512 | eb99b3d09650c143b71886c17b6159eb2d13df463440ed27509a5446075c7aa06ba9767e48b6fdd0f3008198999f85351844f1db0f2d25b1695c884f565ddcd8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e
| MD5 | 3d867e7895b81df7aae0222b5deb5dc6 |
| SHA1 | 5ab424558f9f2b8fb3e64dac44b4ff8ba54bacac |
| SHA256 | 4aae8d73deb3ee22150573b7b68be016d28105472a964616f4c17c44606bbf77 |
| SHA512 | cd446cf1ae680319c3d9f21684d5115093d47ab3919ca7f2964a99b6f44ad104c4816fb45913e77abc4eecb4024f17a527e64cbe3d13bc5252f4083275d12c9a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f
| MD5 | d982abb70ab42b83110d298265febba9 |
| SHA1 | 8a2825e0f849ae6553cbfd797aa7087a944b405d |
| SHA256 | 404ef83169cf671d47a3a379be74d79570b2744b17f5252e49898f9799806d25 |
| SHA512 | b8573268373ef493ca79e276430bc7140115967e6fc85bffe6c29589a257789a446832984d7a970b7d52e30bbfec538eb36aeee8ebb9e4bed9d692707e499431 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023
| MD5 | b8de9d1b9226474afc474a6c44829385 |
| SHA1 | 035c69c4c7fe2f148e34701dbfd7f01db5086fab |
| SHA256 | 07b1f60f09a9794b25e040fc813be000050f4b8967ddfc9f1024d3ef14b84b31 |
| SHA512 | 4e75d80b95b7b15a641e1db06ae2712287fbbd714ef88454d246e0efc075eb0ee40020888cb5b6d6015ad77818aacef864ddfde1f2ececf0445401441478e887 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025
| MD5 | a60cfab625e65c1509bf46aea94060d3 |
| SHA1 | 0d91e3b626874d40fac1c751c0b42ac5ce2bb4c8 |
| SHA256 | 567c7ceb33c7c6c41fd1fc58472d6019dc0beff7f1c68501c8cd8867686b7450 |
| SHA512 | 067bc95d6ae9926cf59949ded99d4d8c2e692ff385c4385e296f881a86c290a655f15116deb4d1abdc3e4597d9572700f3bc13bd6fe47234c0952011b8a58eb1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 630b3df7ff2f23438ca515754650ef56 |
| SHA1 | 9fc8204bd80971c460b06397b26760a674840f1d |
| SHA256 | ba82acb6a6d978d0b971e1cdf66a78c7b382265635cc0ca5b39d0966861cfef3 |
| SHA512 | 9c3440dcbaad8fa4f9c7554e7e1f95b438a4e91948acf6adc51873f98c29f054b139b0f902d67725c00e2fdc7d2ad28bf24fd33ae4ff4304d257f9e03115f07a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\77e2d2ab-8b36-4c9e-8ded-2f8bde8c6035.tmp
| MD5 | 216507397816ffb77f4a3e4601767cfe |
| SHA1 | 3e70fdc6ebdbf00fe04d9a2e1d22ef392bcf41fa |
| SHA256 | 78a5f14240730a8668ac02965acafc4c87ac848e83d3fee68c983acac50b7586 |
| SHA512 | b6f6e03770a686b9c6af08461cc27340c7f956b8a188886e4c18769ea4f012e6e6e86f038d5a0c56bd3357135c1b80147c89764ec5f7b76d157c014a87a98119 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d45087ce129e2c946f3f10927c98fd1f |
| SHA1 | 344e7411aec3484339662f2103f3f80e83785d72 |
| SHA256 | 2f3c5627400f92f96e882e02a66a9b4f46828cb003e894199dd4b65093c64f94 |
| SHA512 | f6405790a8dd625c589477e11ebd94ee0b4a6600ac15e83757a625da020cc6d6bdf59cfdf858f537c9a757ac17894b6a044b1fa30016ac8c0975107158a80b50 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | fee48a0ef5a4188f062628454e692aa1 |
| SHA1 | 976fa00c363cef76ae1a815a5df3e3e398a768a1 |
| SHA256 | 6ba790c55bbc9c117bd64c3d81908a7c19115b40e76c12f5d149f0c0831fb31f |
| SHA512 | 70fbe47b8ec25ba4f8d81ac389bef6f90407fa4eec5e2561767c7bc299f4b434e850a0181f33f087c5f6761ddedd1a69b0380c6b1758caf6f914795edcb1404a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\7ff8c49d-bc74-429d-8f62-c6818820abd9.tmp
| MD5 | e5344f81cd87c5fb1fbaf002c3bb84f0 |
| SHA1 | f13a0a455807c88a5c9abacfb299526581088f32 |
| SHA256 | 77411f20f39820144c2f97402b4c0173c08db24de1c24ca11af58bda5050374e |
| SHA512 | aaf22e8a34924d37e935bf05c533f58c6345fe4488bf20be2aa3396e5046d01ddb6f4c69325ea0cefd9f9fd1b54fc354459246ba5ac10a9f5dce3a421eace0e6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 69398acb45d846e8d6e1eeaeb1c08d05 |
| SHA1 | f5408adddfb3ad717d2790da07ac19061596718e |
| SHA256 | 806793f1942b71ada5078b31bb9312ff33696a194003b6ecd94384fa35b83238 |
| SHA512 | e090c66865ab7ee918537b34106b13e8bcce62639856e352fffd6bc9d8d9e78b915e4d1f30d4ef6663b3255e4af258606f16a164d26351c88b0dd9a848e75baf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5045480834cf27983d09516ff57d3ee8 |
| SHA1 | 916399e2596d8accde5c04335226f1328edd2cb8 |
| SHA256 | be672a282e59eb60018ed2e9aaff9f7a58aad51f9396c2947b03ab7b3dc0af15 |
| SHA512 | 711aecf96b1ec75f9afb5bdcbb0b1bf6aa94875ec5b33fd87700894cfb47a73260f763303d83021f1ee30dc27be4a1901891dd8203dbd1c8b1a765bb59490715 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 8657db62828974743e4650cbd0d9d700 |
| SHA1 | 8242c5ac023fc4371b39b06053e4184154ebaa5f |
| SHA256 | 79f65263c3b54ee8f6a2ddd3e28964206946dc4bd7eaf9cd81b5c8d6844b4f60 |
| SHA512 | 34c359c7cb85fde21dc634336a2834478572579b3d5b68fe255d257a4756ba7603ce64a735ddbc39ad51e5ed24e95091e248302ca5af6cc49605458d7041f063 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 1320318a52758b9e425090bb0b45ccc6 |
| SHA1 | d6b1571ca26a867228b7bfa45d439885cc592afb |
| SHA256 | 85a94221bd0058156cb67833084ebf27d6660fb3d4c6cbd9f3f87f43a35cd345 |
| SHA512 | 3e7e1f83af0e4b4a88e96bf5e3c6d1ef42e16f867ef80e8b3d98d8ead8be688be2a32039ecd5fe2b44785db353d3e3118c0b2e8588b97b6656b509692da7a773 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | b8839a337fedf94a497592ad3f1fe531 |
| SHA1 | 642046e8374cba6daf676cf0af0523ee0a223451 |
| SHA256 | a90a5eab6cfe1a0f99f93e323dcbce754c5c493f3773fd11d18cbdba8548147d |
| SHA512 | b26cb9d2236dea2934e3d9359531eb6b21a407287b3f1d3424b1b5056c491b5c204bbf63a8dc48a59365272d1a9f5c02cb91871fe01b1a35843109834b97afb9 |
Analysis: behavioral3
Detonation Overview
Submitted
2023-12-23 08:11
Reported
2023-12-23 08:52
Platform
win10-20231215-en
Max time kernel
285s
Max time network
1825s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\android\Driver\X64\hw_usbdev.sys"
C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\android\Driver\X64\hw_usbdev.sys
"C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\android\Driver\X64\hw_usbdev.sys"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.143.182.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
Files
memory/704-0-0x0000000000010000-0x000000000002C880-memory.dmp
Analysis: behavioral4
Detonation Overview
Submitted
2023-12-23 08:11
Reported
2023-12-23 08:51
Platform
win10-20231215-en
Max time kernel
1198s
Max time network
1821s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\android\Driver\X64\hw_usbvcom.sys"
C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\android\Driver\X64\hw_usbvcom.sys
"C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\android\Driver\X64\hw_usbvcom.sys"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 11.73.50.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.121.231.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.171.91.138.in-addr.arpa | udp |
Files
memory/3240-0-0x0000000000010000-0x0000000000046280-memory.dmp
Analysis: behavioral13
Detonation Overview
Submitted
2023-12-23 08:11
Reported
2023-12-23 08:53
Platform
win10-20231215-en
Max time kernel
877s
Max time network
1610s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\android\Driver\X86\hw_usbdev.sys"
C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\android\Driver\X86\hw_usbdev.sys
"C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\android\Driver\X86\hw_usbdev.sys"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 178.223.142.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.171.91.138.in-addr.arpa | udp |
Files
memory/4744-0-0x0000000000010000-0x0000000000028F80-memory.dmp
Analysis: behavioral8
Detonation Overview
Submitted
2023-12-23 08:11
Reported
2023-12-23 08:52
Platform
win10-20231215-en
Max time kernel
309s
Max time network
1596s
Command Line
Signatures
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 220 wrote to memory of 4836 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 220 wrote to memory of 4836 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 220 wrote to memory of 4836 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\android\Driver\X86\WdfCoInstaller01009.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\android\Driver\X86\WdfCoInstaller01009.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 79.121.231.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.223.142.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.192.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
Files
Analysis: behavioral14
Detonation Overview
Submitted
2023-12-23 08:11
Reported
2023-12-23 08:53
Platform
win10-20231215-en
Max time kernel
306s
Max time network
1611s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\android\Driver\X86\hw_usbvcom.sys"
C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\android\Driver\X86\hw_usbvcom.sys
"C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\android\Driver\X86\hw_usbvcom.sys"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 178.223.142.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.73.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
Files
Analysis: behavioral25
Detonation Overview
Submitted
2023-12-23 08:11
Reported
2023-12-23 09:16
Platform
win10-20231215-en
Max time kernel
309s
Max time network
1596s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\hm4a_emmc_ddr.mbn"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.223.142.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2023-12-23 08:11
Reported
2023-12-23 08:52
Platform
win10-20231215-en
Max time kernel
865s
Max time network
1597s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\android\Driver\X64\qu_usb_serial.sys"
C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\android\Driver\X64\qu_usb_serial.sys
"C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\android\Driver\X64\qu_usb_serial.sys"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.192.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
Files
memory/4708-0-0x0000000140000000-0x0000000140041000-memory.dmp
Analysis: behavioral10
Detonation Overview
Submitted
2023-12-23 08:11
Reported
2023-12-23 08:53
Platform
win10-20231215-en
Max time kernel
309s
Max time network
1599s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\android\Driver\X86\ew_usbccgpfilter.sys"
C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\android\Driver\X86\ew_usbccgpfilter.sys
"C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\android\Driver\X86\ew_usbccgpfilter.sys"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 178.223.142.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
Files
Analysis: behavioral17
Detonation Overview
Submitted
2023-12-23 08:11
Reported
2023-12-23 09:13
Platform
win10-20231215-en
Max time kernel
309s
Max time network
1592s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 308 wrote to memory of 2592 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 308 wrote to memory of 2592 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 308 wrote to memory of 2592 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 616
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\android\Driver\X86\winusbcoinstaller2.dll",#1
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\android\Driver\X86\winusbcoinstaller2.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 129.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.171.91.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.73.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral21
Detonation Overview
Submitted
2023-12-23 08:11
Reported
2023-12-23 09:14
Platform
win10-20231215-en
Max time kernel
497s
Max time network
1577s
Command Line
Signatures
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Processes
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\android\USB-Driver C00B101 Virus Scan Report.doc" /o ""
Network
| Country | Destination | Domain | Proto |
| US | 138.91.171.81:80 | tcp | |
| US | 8.8.8.8:53 | 46.28.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.201.50.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.171.91.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.73.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
Files
memory/4604-0-0x00007FFCF9B40000-0x00007FFCF9B50000-memory.dmp
memory/4604-1-0x00007FFCF9B40000-0x00007FFCF9B50000-memory.dmp
memory/4604-3-0x00007FFD39AB0000-0x00007FFD39C8B000-memory.dmp
memory/4604-2-0x00007FFCF9B40000-0x00007FFCF9B50000-memory.dmp
memory/4604-4-0x00007FFCF9B40000-0x00007FFCF9B50000-memory.dmp
memory/4604-6-0x00007FFD39AB0000-0x00007FFD39C8B000-memory.dmp
memory/4604-5-0x00007FFD39AB0000-0x00007FFD39C8B000-memory.dmp
memory/4604-7-0x00007FFD39AB0000-0x00007FFD39C8B000-memory.dmp
memory/4604-9-0x00007FFD39AB0000-0x00007FFD39C8B000-memory.dmp
memory/4604-11-0x00007FFD39AB0000-0x00007FFD39C8B000-memory.dmp
memory/4604-12-0x00007FFD39AB0000-0x00007FFD39C8B000-memory.dmp
memory/4604-13-0x00007FFD39AB0000-0x00007FFD39C8B000-memory.dmp
memory/4604-15-0x00007FFCF6760000-0x00007FFCF6770000-memory.dmp
memory/4604-14-0x00007FFD39AB0000-0x00007FFD39C8B000-memory.dmp
memory/4604-17-0x00007FFD39AB0000-0x00007FFD39C8B000-memory.dmp
memory/4604-16-0x00007FFD39AB0000-0x00007FFD39C8B000-memory.dmp
memory/4604-18-0x00007FFD39AB0000-0x00007FFD39C8B000-memory.dmp
memory/4604-20-0x00007FFD38B80000-0x00007FFD38C2E000-memory.dmp
memory/4604-23-0x00007FFD39AB0000-0x00007FFD39C8B000-memory.dmp
memory/4604-22-0x00007FFCF6760000-0x00007FFCF6770000-memory.dmp
memory/4604-26-0x00007FFD39AB0000-0x00007FFD39C8B000-memory.dmp
memory/4604-21-0x00007FFD39AB0000-0x00007FFD39C8B000-memory.dmp
memory/4604-19-0x00007FFD39AB0000-0x00007FFD39C8B000-memory.dmp
memory/4604-28-0x00007FFD39AB0000-0x00007FFD39C8B000-memory.dmp
memory/4604-31-0x00007FFD39AB0000-0x00007FFD39C8B000-memory.dmp
memory/4604-33-0x00007FFD395A0000-0x00007FFD3965F000-memory.dmp
memory/4604-29-0x00007FFD39AB0000-0x00007FFD39C8B000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
memory/4604-218-0x00007FFD39AB0000-0x00007FFD39C8B000-memory.dmp
memory/4604-219-0x00007FFD39AB0000-0x00007FFD39C8B000-memory.dmp
memory/4604-220-0x00007FFD395A0000-0x00007FFD3965F000-memory.dmp
memory/4604-286-0x00007FFCF9B40000-0x00007FFCF9B50000-memory.dmp
memory/4604-287-0x00007FFCF9B40000-0x00007FFCF9B50000-memory.dmp
memory/4604-288-0x00007FFCF9B40000-0x00007FFCF9B50000-memory.dmp
memory/4604-289-0x00007FFCF9B40000-0x00007FFCF9B50000-memory.dmp
memory/4604-290-0x00007FFD38B80000-0x00007FFD38C2E000-memory.dmp
memory/4604-292-0x00007FFD38B80000-0x00007FFD38C2E000-memory.dmp
memory/4604-291-0x00007FFD39AB0000-0x00007FFD39C8B000-memory.dmp
memory/4604-293-0x00007FFD395A0000-0x00007FFD3965F000-memory.dmp
Analysis: behavioral24
Detonation Overview
Submitted
2023-12-23 08:11
Reported
2023-12-23 09:16
Platform
win10-20231215-en
Max time kernel
309s
Max time network
1608s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1364394410-760759377-2797241167-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\hm4_pt_emmc_ddr.mbn"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 171.117.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2023-12-23 08:11
Reported
2023-12-23 08:52
Platform
win10-20231215-en
Max time kernel
309s
Max time network
1604s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\android\Driver\X64\hw_quusbmdm.sys"
C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\android\Driver\X64\hw_quusbmdm.sys
"C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\android\Driver\X64\hw_quusbmdm.sys"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 79.121.231.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.223.142.52.in-addr.arpa | udp |
Files
memory/816-0-0x0000000000010000-0x0000000000047500-memory.dmp
Analysis: behavioral9
Detonation Overview
Submitted
2023-12-23 08:11
Reported
2023-12-23 08:52
Platform
win10-20231215-en
Max time kernel
308s
Max time network
1582s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\android\Driver\X86\diagswitchdrv.sys"
C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\android\Driver\X86\diagswitchdrv.sys
"C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\android\Driver\X86\diagswitchdrv.sys"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.73.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.223.142.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
Files
memory/3864-0-0x0000000000010000-0x0000000000029200-memory.dmp
Analysis: behavioral11
Detonation Overview
Submitted
2023-12-23 08:11
Reported
2023-12-23 08:52
Platform
win10-20231215-en
Max time kernel
349s
Max time network
1825s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\android\Driver\X86\hw_ctrlfakedev.sys"
C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\android\Driver\X86\hw_ctrlfakedev.sys
"C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\android\Driver\X86\hw_ctrlfakedev.sys"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 79.121.231.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.73.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
Files
memory/372-0-0x0000000000010000-0x0000000000028C00-memory.dmp
Analysis: behavioral23
Detonation Overview
Submitted
2023-12-23 08:11
Reported
2023-12-23 09:15
Platform
win10-20231215-en
Max time kernel
307s
Max time network
1602s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2595843030-3811137303-3031389247-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2595843030-3811137303-3031389247-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Новая папка\2.60\date\hm4_gp_emmc_ddr.mbn"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 81.171.91.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |