Analysis Overview
Threat Level: Likely malicious
The file https://bing.com was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
Checks SCSI registry key(s)
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Modifies data under HKEY_USERS
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-06 08:05
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-06 08:05
Reported
2024-04-06 08:14
Platform
win10v2004-20231215-en
Max time kernel
501s
Max time network
501s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Rensen.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Rensen.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133568643509420904" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Rensen.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://bing.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed2ea9758,0x7ffed2ea9768,0x7ffed2ea9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1848,i,4062379375956556845,12153122758061855625,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1848,i,4062379375956556845,12153122758061855625,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2164 --field-trial-handle=1848,i,4062379375956556845,12153122758061855625,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2892 --field-trial-handle=1848,i,4062379375956556845,12153122758061855625,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2900 --field-trial-handle=1848,i,4062379375956556845,12153122758061855625,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3968 --field-trial-handle=1848,i,4062379375956556845,12153122758061855625,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4792 --field-trial-handle=1848,i,4062379375956556845,12153122758061855625,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 --field-trial-handle=1848,i,4062379375956556845,12153122758061855625,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 --field-trial-handle=1848,i,4062379375956556845,12153122758061855625,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3240 --field-trial-handle=1848,i,4062379375956556845,12153122758061855625,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4632 --field-trial-handle=1848,i,4062379375956556845,12153122758061855625,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5036 --field-trial-handle=1848,i,4062379375956556845,12153122758061855625,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4904 --field-trial-handle=1848,i,4062379375956556845,12153122758061855625,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3340 --field-trial-handle=1848,i,4062379375956556845,12153122758061855625,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5160 --field-trial-handle=1848,i,4062379375956556845,12153122758061855625,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 --field-trial-handle=1848,i,4062379375956556845,12153122758061855625,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5912 --field-trial-handle=1848,i,4062379375956556845,12153122758061855625,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5964 --field-trial-handle=1848,i,4062379375956556845,12153122758061855625,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 --field-trial-handle=1848,i,4062379375956556845,12153122758061855625,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5440 --field-trial-handle=1848,i,4062379375956556845,12153122758061855625,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5624 --field-trial-handle=1848,i,4062379375956556845,12153122758061855625,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\Rensen.exe
"C:\Users\Admin\Downloads\Rensen.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
C:\Users\Admin\Downloads\Rensen.exe
"C:\Users\Admin\Downloads\Rensen.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffed2ea9758,0x7ffed2ea9768,0x7ffed2ea9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3056 --field-trial-handle=1848,i,4062379375956556845,12153122758061855625,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5732 --field-trial-handle=1848,i,4062379375956556845,12153122758061855625,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4992 --field-trial-handle=1848,i,4062379375956556845,12153122758061855625,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5264 --field-trial-handle=1848,i,4062379375956556845,12153122758061855625,131072 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | bing.com | udp |
| US | 13.107.21.200:443 | bing.com | tcp |
| GB | 2.23.92.203:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 2.23.92.203:443 | r.bing.com | udp |
| GB | 96.17.178.188:443 | aefd.nelreports.net | tcp |
| GB | 2.23.92.217:443 | r.bing.com | tcp |
| GB | 2.23.92.217:443 | r.bing.com | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.92.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.74.250.142.in-addr.arpa | udp |
| GB | 96.17.178.188:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| GB | 23.48.165.28:443 | assets.msn.com | tcp |
| US | 8.8.8.8:53 | 188.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.92.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 40.126.32.138:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | aadcdn.msftauth.net | udp |
| US | 8.8.8.8:53 | 28.165.48.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.121.231.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.33.18.104.in-addr.arpa | udp |
| US | 152.199.23.37:443 | aadcdn.msftauth.net | tcp |
| US | 8.8.8.8:53 | 37.23.199.152.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.249.30.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.65.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.3:443 | github.com | tcp |
| DE | 140.82.121.3:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| GB | 2.23.92.217:443 | www.bing.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | 3.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| DE | 142.250.184.202:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 202.184.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.112.82.140.in-addr.arpa | udp |
| DE | 142.250.184.202:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| DE | 172.217.16.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| DE | 142.250.186.110:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 5.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.185.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.186.250.142.in-addr.arpa | udp |
Files
\??\pipe\crashpad_3184_UTQPAATOGHPIWFGM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 2a2ce28c193b65fad19ae295dfc0a121 |
| SHA1 | 12524711e05855b6df7513e9d82b2db6ecdbfe44 |
| SHA256 | 5fc36712218be8a20cc21614e942566f4c4dfedc9f8ec8cc51bc33a64c8f8b79 |
| SHA512 | 15672d3ac7b136d82e6348a7f7370cabd266dd620925b765637b4da18793a285645dc41373bd1eba03bcfd384cea6b980d3fca3cea53cef1cc2c24112a0d45fa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e83a85ab35b9df2ac8b861af36de64ae |
| SHA1 | eef34888e47c1a6852728fa54bd9424f73f82520 |
| SHA256 | 6b25d2d466d44f6512abc669a475a43b7c7e04f1af7730d1ee4df4b7a7a8235e |
| SHA512 | 5c0941e67e7825bd89d10abd86ebf4a92679da339ab8998a1ed881c7570943ba53cd99247a11fc04a08adbb0ce9f71e9c5e6ada25c6c4bbc406fb062141c5eb3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\7e450e06-3acd-4516-8d29-e7bf66f24450.tmp
| MD5 | 1a1c9549d4bf43f985398aa45cf48494 |
| SHA1 | 11ca03cb9f6012b78d3f0e5fd1b9eca637a64eba |
| SHA256 | 2d5f4025cb0d1ac952034bb0faf14d1f3a7427ff6e7296fd914bb40c9501f5ab |
| SHA512 | e2cb8d2429f95b5eb6d33e8fbb784bdf0f725da633f8346788546951615fe95991c13404735acd4ebbaa2ac187f749e1c14644eee7826a772106f3ceeec28809 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4fb90921e128003c6747e5fd2557d8e0 |
| SHA1 | 5196e96a16d9972e5eb21a5a02d044c461633dcd |
| SHA256 | 29414470bfb086c0e391f8d93a13ead10e24f17f4d9ba11e9e66919793839075 |
| SHA512 | 7797b3a416a55c7f6cb61a9a827733e2445a0c81706b98047235f52a83a00530f7a708d19a8814a985057f72e17e1ff2eb6837f94b45cdad404d8b1e7a9690be |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | b8b3e53e08db3c2a86afe078ffe7414b |
| SHA1 | 5e71407624caef43cf819176ce658507e68b8211 |
| SHA256 | 0516fcd9d554f624680174a7d807645a2614d5b6eb5c41afc921a059beeb0b2b |
| SHA512 | 7fe6560e3492f7c469d9f323d35be0a6058f93784f22745decd8d9623f9de9b65a3d2556d987490063112d24da2ed6920a93bce8c56a2d197ab3b9160879a4cd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | a70e9a02af747784ed7b275c9cfb4cd4 |
| SHA1 | a6d92ebc1ba0c645faf2f8da542fe2a3fe92f5f7 |
| SHA256 | f67e72914cc89a0d6239827ce349acfa8b539b72c36a9037c9e19b0cb7c95f39 |
| SHA512 | 72007f2543cf70233d1d552b03d672268b11fdb0de5c3164ea04b4c31ebc66156c1676bbbf95504b361543f3d0f0ce8134db9cdc34652262c0a8d5a34eed4901 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | fccbb894dd51cd667b9b07d9d3808753 |
| SHA1 | e0a24675ba9d9fa730a5f13d7336e48787a04661 |
| SHA256 | 56883c8dbfe60346dde1e70ee7fa308815bf990ea09c880c8cd6d70789635809 |
| SHA512 | 22f3fcac49770bcefb707466edcf6a4d79c11077ac2bd648bab74775bec20ded792d34609ca0c689546982790fbcdeedfb123f6e39d904f11f0cbead6d6728f0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5d7c95.TMP
| MD5 | f3ec5b32d52fd73ce1c98995541c9f6b |
| SHA1 | d4db8a8b480a8433f0a3c84eeffbbf618e2fa10d |
| SHA256 | 4d0c50c14479a20fbef6f954e884ff6bb37baf5887d7b411643ec801685faeec |
| SHA512 | 61790a5b4244fa4fe2ba8b702e7a576fdf048fc2339b51efff4f500615de1c5a89b3eb94bbaadf055a44ab20c709348959d90a7dbd18e79c1670a14c0fdc82df |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4709fbc0eba41df9209c1b294e78e9b3 |
| SHA1 | 1b6af3d6ebb60a8be29020b353f75a8fb9dd846c |
| SHA256 | 1e2c3bf7db6c31c8cbd407d30906a6c110ba696b0b882fa689210c9b1896676d |
| SHA512 | e6e2123864ebc97c7e8d3932e0466eafe87a433bb696fad720d5af6383fc466cc64bc1c7bacfd5423c4a3869dea5103a73974885ca65714477b1063a9361883f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 30677eb6f60681f2ea83d7025360c296 |
| SHA1 | 856c96cdde353792502083efc894b3ce1c97296f |
| SHA256 | 486dc6e0e1b657f441889ffd4822ecde7e5197ae4950ef807817c87ab334d585 |
| SHA512 | dcd39ef2cb2e12d96ca5f6394cd09b3060f2a769391f50f6f944e93a4908918b15114341fee60206a697ac31f67a01766f186c891ac87f2fb9c4cc55a8e636c8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 24078b4b6e6df776c2326e5ea51660d6 |
| SHA1 | 3eae685fbde53ff9a5c1ce82265b19a9111942d4 |
| SHA256 | 0f3e8281938e51b0bfe5696fe9a07204fbdfe43fb748c37e7a714326c4bc44f3 |
| SHA512 | f24b72d0fbde9a261c540a2e72f977727a1df3f0c585410d815decb17a0f92392f95faf8369a7fdedc4a56ba82c902ec268c99885d089955777e5b7b920e0411 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012
| MD5 | e1f8c1a199ca38a7811716335fb94d43 |
| SHA1 | e35ea248cba54eb9830c06268004848400461164 |
| SHA256 | 78f0f79cdd0e79a9fba9b367697255425b78da4364dc522bc59a3ce65fe95a6c |
| SHA512 | 12310f32ee77701c1e3491325a843d938c792f42bfdbbc599fe4b2f6703f5fe6588fbcd58a6a2d519050fc9ef53619e2e35dfadcbda4b218df8a912a59a5381a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013
| MD5 | 8edf1178fbf41e750ab75fa410368a9c |
| SHA1 | 3104a4867ab00cdee8f4e5427b2a691cde97e1a0 |
| SHA256 | 717088880d26775f3bccaea18ccb54cef604f9b28dfb357efaaa60d44476a9d4 |
| SHA512 | dbdab4ff33ee8fc08f9c0fa8ddea2be03e47fff2645d484ff045b420d421915ba91284e5d8f55cbf523f0b041c3d1f813d1e5ddd6dc0c7e073d566f05ea77e76 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011
| MD5 | e1831f8fadccd3ffa076214089522cea |
| SHA1 | 10acd26c218ff1bbbe6ac785eab5485045f61881 |
| SHA256 | 9b9a4a9191b023df1aa66258eb19fc64ae5356cfc97a9dda258c6cc8ba1059ac |
| SHA512 | 372c486ac381358cc301f32cd89b7a05da7380c03fa524147c2ddf3f5e23f9b57c17485aaedc85b413461a879afc42e729547b0c96c26c49bbdb7301cd064298 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e
| MD5 | f650e6b6cae5279e4c89126960b6b090 |
| SHA1 | 9f79318b36cc53712c3e7e0cf6e9ef91f62811e9 |
| SHA256 | 86781350321e19d398b5a3760fd4c0af43764862c8c37e319b8b743f15c559c0 |
| SHA512 | eff8025498be7773e063c43137946382c408cb886272ac4c9f8cdc6b2447b8e4d4c559351bcec842b7436b3d7be96c51da967637c8e99ed48822876ded0cb2df |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014
| MD5 | 939b17598242605d4cda089e4c40e52a |
| SHA1 | cb7e96bbb89879ab97002ef7764e868d8536fdbd |
| SHA256 | 14d0a9ba41b036d7702963b2f0048a670f138372fbc3644ec4f009cd3184e041 |
| SHA512 | d62140ff22453508964a7fc40602adc68b2ceea883eb7e77206a84569b2cb6ffad4b0796371ca28ce1a7110adf58786b374854d5fb1dc53a42588d61c79143e7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015
| MD5 | 8b2813296f6e3577e9ac2eb518ac437e |
| SHA1 | 6c8066353b4d463018aa1e4e9bb9bf2e9a7d9a86 |
| SHA256 | befb3b0471067ac66b93fcdba75c11d743f70a02bb9f5eef7501fa874686319d |
| SHA512 | a1ed4d23dfbe981bf749c2008ab55a3d76e8f41801a09475e7e0109600f288aa20036273940e8ba70a172dec57eec56fe7c567cb941ba71edae080f2fdcc1e0c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016
| MD5 | ee752d1511d5545228d0884d3859bcaa |
| SHA1 | 101ff34567dde76dc3ca539954a2544001302c3e |
| SHA256 | 49ffd1f840f11ef95c7d9f348d4535c3fde175414d94ea2182124bae245c345b |
| SHA512 | 6bb03d3b16f0ff19a8b054dd7187bd65ac15a752b56de110eb30205ea9e2701fd78e4cfb1daa5f020ca076efa1c02677ea99dde0788aaf69bc20a4d4b15eda8e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017
| MD5 | 063fe934b18300c766e7279114db4b67 |
| SHA1 | d7e71855cf6e8d1e7fbaa763223857f50cd1d4bd |
| SHA256 | 8745914e0214bcd9d2e6a841f0679a81084ef3fc3d99125876bee26653f4253e |
| SHA512 | 9d0dfc21306b3a56c2ecdf1265392271969e3765e161e117c8765125b34793e24458217cf6514b364f351f47e65baaaf5856be0d13406a789f844d6ba8c7075f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b
| MD5 | 840a2dc1618ad9c55fd310a7fa99defa |
| SHA1 | 758a611114db290b4657e0a250cfa3e9039f98d8 |
| SHA256 | 88b068b725836f11c74f18cc8baf4aebc5ce09f0b418535a1b624b1efbf003a7 |
| SHA512 | 8f9a61608131e2176a2b4caa2b120a0d66b23d6f52df555ba467ce315f4dc62e4dd282305e42442e1717bdb811550daa636334b269932d38ea3f49773b877ecb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a16d31bab19e0a3f5a8d007816b0f7e2 |
| SHA1 | 1cc397590d6c17a7cf2460b07716786960f49ba6 |
| SHA256 | 2b91ca06db19a88f1770fa1872d83ac64f52ff31b1381329c8833f56f3edc21a |
| SHA512 | c58b8fd0623e653e092c0a40d4976f0677981d9c6d03d5d4effc4ca829452f6bf251813a6be27c3ce8ca5521ffb8c3e0697c593bcf4049dd730e7c80e95bd624 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 802985b9dd5037c3b0a9132d81f645ca |
| SHA1 | cf037d38af1a8b3b74682e62577af1e9ee4a76b6 |
| SHA256 | 6c908ebf136e4ac421f3e32e8ab10b51e6ba998b419edbeed170b3865951398e |
| SHA512 | 7a6215c11ccf08aa57caa34caa837235bd8e9e437729088a7deb33badf8475b8a446f41a643e0a4758af581c860d72b457ed7dc8f98010bfa8a26d7b196632bb |
C:\Users\Admin\Downloads\Rensen.exe
| MD5 | e19ebda4ea362c8421ba3e51dfe9186c |
| SHA1 | df86f196d1b669f84d08433d003c61c70d91440d |
| SHA256 | 0f08c5a7f6201cc07f7e68047ee764f2f3ef5809ce1779518000b0c71192d6b3 |
| SHA512 | 878c5a1fea207c120d021d71b4d71f39b212eaf11903af3d423472cfa118ec260885badfc2ea32aa8e01a13bfd2bd9c128cd889d0ed125ed4aad9c71a9a888b3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1469809b71df9c8f05946f65fce0d5eb |
| SHA1 | 47d7328bc0c217ce7279557b3d5e2f1d4008f5e9 |
| SHA256 | fb23ab8c6045927684eeaa148a91afe6cf03643056b6792c2b64423748d32fbb |
| SHA512 | 37432d0ff844aea2139cb46b51af6cd5a6bdfa13ca17f9b2cfed695d013755d08b776a40e0b5603e2cd7b5eee99a49cc21f21bda64d31067129d7ad1bafab64c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 23e96f10438551c1b4ca2aca7d225624 |
| SHA1 | 2df0076b5106b5c64768aa290f324064fcd2c200 |
| SHA256 | 55c145870158fb8ccf45921317709e0f2a4acd0824a63142dff34befd62d8c7a |
| SHA512 | d479ace08f86f92eb2483b7e8c38c652b6da4eb413e33eb331dbe2766c6a3a61ab61f22cbc80fa219832713798ab4e963c457b097be55e8ba034b8f54961a1ba |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 1e057bda5bcb5ea8b9e0b9f2e3d0dfea |
| SHA1 | 8539a31011c43b6d0271d3b0c180cef54a3b2148 |
| SHA256 | b43066c9be8a36e602264e3024fc4f5e789d3999c6f702d6dca19e732e29a79e |
| SHA512 | fad282afdd29c3b698c2f3def26250dcb8f43097755fa5f3114e3a7a91d1cc8341233c9acf5888edf72917effe5e68653101fcc50aa747c2ff4e7d5349d2ee7e |
C:\Users\Admin\Downloads\Rensen.cfg
| MD5 | 35230636c7f6f045b3f20055ddf15d2f |
| SHA1 | 2aa372c9ba3f03895544ce77185de774f4c0dccc |
| SHA256 | 379367ea19cde6d52b658a8292794a50ba8040edbb6a638c5260fb8acf21120f |
| SHA512 | d6abc7fe2feb6ff98b23cd811357f11b28d72f10b1f80ba3c7608243a73c06d811565198206f520ca2f951302c887df083758592325aef507353ab0a1bf12a5e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8a63a25a08e1471638cd5f79a4238980 |
| SHA1 | 2f4a8922e666c02908534bbff38bd01320d30144 |
| SHA256 | 16bdf984fa94960cf2d4bdf879c7a894d20374200b045169700f686dbf14cc23 |
| SHA512 | a2ca2b37229b4413de013f9739690a69fadfd219fa21e37cdca696c561ae56a70cc95b210f61fb6379ce81fa70156bc7fb3f402aca37757f872f4958924d321d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 2dd2f26b3cacbc30d83a70e9bbcf8794 |
| SHA1 | 3318e6f1280fbf0c1c6097abe8029718a64f1814 |
| SHA256 | a624a42ab8a9a6b5e1bda8f284833cc858e1717206c59372b38180f0548c80ac |
| SHA512 | 94559c74520e35641798809899fe777f3f06a107dab0d639a6337a4d97c5d7297e5ca741bd8cee372956f2c0d5fe2f9a5db54e4ce72577e710633a95f7f6932d |
memory/2612-767-0x00000243A7230000-0x00000243A7231000-memory.dmp
memory/2612-768-0x00000243A7230000-0x00000243A7231000-memory.dmp
memory/2612-769-0x00000243A7230000-0x00000243A7231000-memory.dmp
memory/2612-779-0x00000243A7230000-0x00000243A7231000-memory.dmp
memory/2612-778-0x00000243A7230000-0x00000243A7231000-memory.dmp
memory/2612-777-0x00000243A7230000-0x00000243A7231000-memory.dmp
memory/2612-776-0x00000243A7230000-0x00000243A7231000-memory.dmp
memory/2612-775-0x00000243A7230000-0x00000243A7231000-memory.dmp
memory/2612-773-0x00000243A7230000-0x00000243A7231000-memory.dmp
memory/2612-774-0x00000243A7230000-0x00000243A7231000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | bc16ebe41a9fc2938c4060992a92b0af |
| SHA1 | 1719af3e339b187d984a76437eb80cae5dc50e6f |
| SHA256 | 5874dbe9583546eb24cfb2b237d58f97ef186cd72866dd224df82e62817744ae |
| SHA512 | c78d4be86a3f35ae07375b37fd39f869d317a6ec6699d7673731e6f9b255d7bcbfacf58ca71c3f51baac1e2b2bbee7da58603efa5bd51a31162c481aab7a912c |