Analysis Overview
SHA256
6e4e80c7fc6f4a659f2bceabc5e609061ee6e3715c070f853e79c8ad9a2718f6
Threat Level: Known bad
The file Client.exe was found to be: Known bad.
Malicious Activity Summary
Njrat family
njRAT/Bladabindi
Modifies Windows Firewall
Unsigned PE
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Modifies data under HKEY_USERS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-29 00:36
Signatures
Njrat family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-29 00:36
Reported
2024-05-29 00:39
Platform
win10v2004-20240508-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
njRAT/Bladabindi
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133614166618163587" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Client.exe
"C:\Users\Admin\AppData\Local\Temp\Client.exe"
C:\Windows\SysWOW64\netsh.exe
netsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\Client.exe" "Client.exe" ENABLE
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb97bdab58,0x7ffb97bdab68,0x7ffb97bdab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1956,i,17644277690033423587,2509237240271641964,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1956,i,17644277690033423587,2509237240271641964,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2252 --field-trial-handle=1956,i,17644277690033423587,2509237240271641964,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3092 --field-trial-handle=1956,i,17644277690033423587,2509237240271641964,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3132 --field-trial-handle=1956,i,17644277690033423587,2509237240271641964,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4296 --field-trial-handle=1956,i,17644277690033423587,2509237240271641964,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4032 --field-trial-handle=1956,i,17644277690033423587,2509237240271641964,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4584 --field-trial-handle=1956,i,17644277690033423587,2509237240271641964,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4776 --field-trial-handle=1956,i,17644277690033423587,2509237240271641964,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4840 --field-trial-handle=1956,i,17644277690033423587,2509237240271641964,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 --field-trial-handle=1956,i,17644277690033423587,2509237240271641964,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5064 --field-trial-handle=1956,i,17644277690033423587,2509237240271641964,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4872 --field-trial-handle=1956,i,17644277690033423587,2509237240271641964,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3952 --field-trial-handle=1956,i,17644277690033423587,2509237240271641964,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3120 --field-trial-handle=1956,i,17644277690033423587,2509237240271641964,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4304 --field-trial-handle=1956,i,17644277690033423587,2509237240271641964,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3208 --field-trial-handle=1956,i,17644277690033423587,2509237240271641964,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3236 --field-trial-handle=1956,i,17644277690033423587,2509237240271641964,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5244 --field-trial-handle=1956,i,17644277690033423587,2509237240271641964,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5708 --field-trial-handle=1956,i,17644277690033423587,2509237240271641964,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5824 --field-trial-handle=1956,i,17644277690033423587,2509237240271641964,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5968 --field-trial-handle=1956,i,17644277690033423587,2509237240271641964,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6076 --field-trial-handle=1956,i,17644277690033423587,2509237240271641964,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5968 --field-trial-handle=1956,i,17644277690033423587,2509237240271641964,131072 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| N/A | 127.0.0.1:6522 | tcp | |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:6522 | tcp | |
| N/A | 127.0.0.1:6522 | tcp | |
| N/A | 127.0.0.1:6522 | tcp | |
| N/A | 127.0.0.1:6522 | tcp | |
| N/A | 127.0.0.1:6522 | tcp | |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 216.58.215.36:443 | www.google.com | udp |
| FR | 216.58.215.36:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 131.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.74.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.215.58.216.in-addr.arpa | udp |
| N/A | 127.0.0.1:6522 | tcp | |
| US | 8.8.8.8:53 | 163.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| FR | 172.217.20.174:443 | play.google.com | udp |
| FR | 172.217.20.174:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 174.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| FR | 142.250.179.78:443 | clients2.google.com | udp |
| FR | 142.250.179.78:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 78.179.250.142.in-addr.arpa | udp |
| N/A | 127.0.0.1:6522 | tcp | |
| US | 8.8.8.8:53 | ogs.google.com | udp |
| FR | 142.250.179.78:443 | ogs.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | 67.214.58.216.in-addr.arpa | udp |
| N/A | 127.0.0.1:6522 | tcp | |
| N/A | 127.0.0.1:6522 | tcp | |
| US | 8.8.8.8:53 | 66.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | superuser.com | udp |
| US | 104.18.43.79:443 | superuser.com | tcp |
| US | 104.18.43.79:443 | superuser.com | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | cdn.sstatic.net | udp |
| FR | 142.250.178.138:443 | ajax.googleapis.com | tcp |
| US | 104.18.40.222:443 | cdn.sstatic.net | tcp |
| US | 104.18.40.222:443 | cdn.sstatic.net | tcp |
| US | 104.18.40.222:443 | cdn.sstatic.net | tcp |
| US | 104.18.40.222:443 | cdn.sstatic.net | tcp |
| US | 104.18.40.222:443 | cdn.sstatic.net | tcp |
| N/A | 127.0.0.1:6522 | tcp | |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 104.19.178.52:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 8.8.8.8:53 | 79.43.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.40.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.178.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.73.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pub.doubleverify.com | udp |
| US | 104.18.166.224:443 | pub.doubleverify.com | tcp |
| US | 104.19.178.52:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 104.18.166.224:443 | pub.doubleverify.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| FR | 216.58.214.74:443 | content-autofill.googleapis.com | tcp |
| US | 104.18.32.137:443 | geolocation.onetrust.com | tcp |
| US | 8.8.8.8:53 | qa.sockets.stackexchange.com | udp |
| US | 172.64.152.233:443 | qa.sockets.stackexchange.com | tcp |
| US | 8.8.8.8:53 | 224.166.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.32.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.214.58.216.in-addr.arpa | udp |
| FR | 216.58.214.74:443 | content-autofill.googleapis.com | udp |
| US | 104.18.166.224:443 | pub.doubleverify.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 233.152.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.214.58.216.in-addr.arpa | udp |
| N/A | 127.0.0.1:6522 | tcp | |
| N/A | 127.0.0.1:6522 | tcp | |
| US | 8.8.8.8:53 | stackoverflow-privacy.my.onetrust.com | udp |
| US | 172.64.155.119:443 | stackoverflow-privacy.my.onetrust.com | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 33b355ee610bfcec157089d14b897a03.safeframe.googlesyndication.com | udp |
| FR | 142.250.201.162:443 | securepubads.g.doubleclick.net | tcp |
| FR | 142.250.201.162:443 | securepubads.g.doubleclick.net | tcp |
| FR | 142.250.201.162:443 | securepubads.g.doubleclick.net | tcp |
| FR | 172.217.20.161:443 | 33b355ee610bfcec157089d14b897a03.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| FR | 142.250.179.97:443 | tpc.googlesyndication.com | tcp |
| FR | 142.250.179.97:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 119.155.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads4.g.doubleclick.net | udp |
| FR | 142.250.201.162:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| FR | 142.250.179.98:443 | googleads4.g.doubleclick.net | tcp |
| FR | 142.250.75.230:443 | s0.2mdn.net | tcp |
| FR | 142.250.179.98:443 | googleads4.g.doubleclick.net | tcp |
| FR | 142.250.75.230:443 | s0.2mdn.net | tcp |
| FR | 142.250.201.162:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 161.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.75.250.142.in-addr.arpa | udp |
| N/A | 127.0.0.1:6522 | tcp | |
| N/A | 127.0.0.1:6522 | tcp | |
| FR | 142.250.178.138:443 | content-autofill.googleapis.com | udp |
| US | 192.0.73.2:443 | www.gravatar.com | udp |
| US | 8.8.8.8:53 | i.sstatic.net | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | graph.facebook.com | udp |
| US | 172.64.146.223:443 | i.sstatic.net | tcp |
| US | 172.64.146.223:443 | i.sstatic.net | tcp |
| US | 172.64.146.223:443 | i.sstatic.net | tcp |
| GB | 163.70.151.23:443 | graph.facebook.com | tcp |
| FR | 142.250.178.129:443 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | platform-lookaside.fbsbx.com | udp |
| GB | 163.70.151.21:443 | platform-lookaside.fbsbx.com | tcp |
| US | 172.64.152.233:443 | qa.sockets.stackexchange.com | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| BE | 64.233.166.155:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | fe4848bb73e4f03e3125d1555a31182d.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 223.146.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.166.233.64.in-addr.arpa | udp |
| N/A | 127.0.0.1:6522 | tcp | |
| FR | 142.250.179.98:443 | googleads4.g.doubleclick.net | udp |
| FR | 142.250.75.230:443 | s0.2mdn.net | udp |
| US | 172.64.152.233:443 | qa.sockets.stackexchange.com | tcp |
| US | 8.8.8.8:53 | cdfaf014403ee66f0ee0a1ec807d9433.safeframe.googlesyndication.com | udp |
| N/A | 127.0.0.1:6522 | tcp | |
| FR | 172.217.20.174:443 | play.google.com | udp |
| N/A | 127.0.0.1:6522 | tcp | |
| N/A | 127.0.0.1:6522 | tcp | |
| N/A | 127.0.0.1:6522 | tcp | |
| N/A | 127.0.0.1:6522 | tcp | |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:6522 | tcp | |
| N/A | 127.0.0.1:6522 | tcp | |
| N/A | 127.0.0.1:6522 | tcp | |
| N/A | 127.0.0.1:6522 | tcp | |
| N/A | 127.0.0.1:6522 | tcp | |
| N/A | 127.0.0.1:6522 | tcp | |
| N/A | 127.0.0.1:6522 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 216.58.215.36:443 | www.google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | tcp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | tcp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | tcp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | tcp |
| N/A | 127.0.0.1:6522 | tcp | |
| US | 8.8.8.8:53 | e2c76.gcp.gvt2.com | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
| SA | 34.1.52.129:443 | e2c76.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 35.215.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn1.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn2.gstatic.com | udp |
| FR | 142.250.179.110:443 | encrypted-tbn1.gstatic.com | tcp |
| FR | 142.250.179.110:443 | encrypted-tbn1.gstatic.com | tcp |
| FR | 142.250.179.110:443 | encrypted-tbn1.gstatic.com | tcp |
| FR | 142.250.179.110:443 | encrypted-tbn1.gstatic.com | tcp |
| FR | 142.250.179.110:443 | encrypted-tbn1.gstatic.com | tcp |
| FR | 142.250.179.110:443 | encrypted-tbn1.gstatic.com | tcp |
| FR | 142.250.179.110:443 | encrypted-tbn1.gstatic.com | tcp |
| FR | 142.250.179.110:443 | encrypted-tbn1.gstatic.com | tcp |
| FR | 142.250.179.110:443 | encrypted-tbn1.gstatic.com | tcp |
| FR | 172.217.20.206:443 | encrypted-tbn2.gstatic.com | tcp |
| FR | 172.217.20.206:443 | encrypted-tbn2.gstatic.com | tcp |
| FR | 142.250.179.110:443 | encrypted-tbn1.gstatic.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| FR | 172.217.18.195:443 | beacons.gvt2.com | tcp |
| US | 8.8.8.8:53 | 129.52.1.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.18.217.172.in-addr.arpa | udp |
| N/A | 127.0.0.1:6522 | tcp | |
| N/A | 127.0.0.1:6522 | tcp | |
| US | 8.8.8.8:53 | id.google.com | udp |
| FR | 216.58.214.74:443 | content-autofill.googleapis.com | udp |
| FR | 172.217.20.174:443 | play.google.com | udp |
| N/A | 127.0.0.1:6522 | tcp | |
| N/A | 127.0.0.1:6522 | tcp | |
| N/A | 127.0.0.1:6522 | tcp | |
| N/A | 127.0.0.1:6522 | tcp | |
| US | 8.8.8.8:53 | 24.73.42.20.in-addr.arpa | udp |
Files
memory/3440-0-0x0000000074F22000-0x0000000074F23000-memory.dmp
memory/3440-1-0x0000000074F20000-0x00000000754D1000-memory.dmp
memory/3440-2-0x0000000074F20000-0x00000000754D1000-memory.dmp
memory/3440-3-0x0000000074F22000-0x0000000074F23000-memory.dmp
memory/3440-4-0x0000000074F20000-0x00000000754D1000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 01fedaa06c4cae55e922b7b3d20c6790 |
| SHA1 | 1601ff09cef8898732c62d23289b91b598c47ba7 |
| SHA256 | 010d78ec02f4018101fdbe655cccc12c85b060aaac647bbd34b2166cb07d338b |
| SHA512 | 4ab68bb1ffad79e3ac1a968d7b79e6ac38d7b5a84f7299dc2ec21522f9c3284823277438a11eeac40a3de9d06172c47b465b430b29fb6d9d3f95e2f3225f3c3d |
\??\pipe\crashpad_1772_JQGHYXSUWCASJVUH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
memory/3440-58-0x0000000074F20000-0x00000000754D1000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | cc27f4998d441a8143f49290cf6b1f99 |
| SHA1 | ca6fa5965a61914c4c47df324c69079dc39c2635 |
| SHA256 | 9360435e77ae2561de1dd86edfcb79bb055abf2f11ddcdef445bcdde7c87baf0 |
| SHA512 | 62498b42e4c1e19378306b83b5a17bf24bd3556b87260980b15727415248ae02ea55ea0521bbb14df524c3ce24537d729801632a8b3352ebb4154229e48e1fc7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c18c1b7c91f2602a497b22b7322dc5a6 |
| SHA1 | ca5e8243b7e90c09a3b4355890166386d1efbbde |
| SHA256 | 61cb371cb1dc486a3a7cfece8ea0f13a853b3947741cdb30faed244829a11c49 |
| SHA512 | 4e951c709eb393a9fd23805a11a6df68799dd23dddd4df561e46c8194c7d90d3807eefc17de85ede7f3b007af9fc41e3815d26b83f3b53ffc368c75ffdacbb75 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ead0400b11f443bb5ac44bc7c032693e |
| SHA1 | 00edeb1109767d9a88806e163c52d79d2f99661c |
| SHA256 | 1d3a8f3c4c654765a607d766345b561f569150beb36b2368ccb2c0a827823a28 |
| SHA512 | f0655a775b2a78ea0797e6f27de6405f294eceed2719c6c93379e626318626a6068d714554afb959a93a4cc79c48c147dffbe2ee1921544617578ea905b10cf8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 3c1d89e664ba304a549ac91f463d49a2 |
| SHA1 | c7392f3386e3b87c708b0cf287c723346801aa16 |
| SHA256 | 7eb8d9968ae75f141be6000a8693cfab7ab7f34884fd4ab0b09c2bc534f4918b |
| SHA512 | 8ef83d6553ff57e368a78703d8dfdc7f267ad88c527ae5387b4381a759283f8e909bf82768278b36bf64de26dcc77e0965056b3c373fbad5d2d6527d53431ad4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ea9d75cdcdc3314217f0edf69e3fb7bb |
| SHA1 | bb36bed24caa7e18ff96b71398b54e988b759dd3 |
| SHA256 | 5619f2c627e4a52ea1619d1bd401e60fec46445ae894fa28afc5733f0ce47703 |
| SHA512 | 2ce161ef650aa3004f519dcd2fe167c880d2f9131e212b719ff60d8717ad64f9b0dc599df8642ed28867b69df39fd8e38c6408d79b4e6cb6671f13496e642445 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a861f4c01174dcb49bb2f3da84109770 |
| SHA1 | 9f050d6428bb7e8b4af2a9694c889e0af4657f1e |
| SHA256 | 2a44d984aad16935f54a35d9c043180cefc6fc0ff8bd57e513d7688a2ff3a018 |
| SHA512 | 208f2ad5dda55201a9ed442aa62a3bd63e8b57597cb77fcc9fb898b8c0ec49bcc5c43c73388b648933eecc1023fe6a11451f2066de40635210fcb128b0553ab8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025
| MD5 | d84862513956cbe61aeb4ebbfdd3355a |
| SHA1 | 14ab269df17cb0333b1556ce120d587324479f6b |
| SHA256 | a18b26912ab9e034923cc64fbfdb59d682500f2c556456930e480b6bd69e33b5 |
| SHA512 | d04ca96d72595f1e291a6ce96f092c1707064800103cde733512a186c1b22e089b63690a0c53965c97248dd782731b22fa2d27b8ee3ae112647382f1c06d1a9d |
memory/3440-251-0x0000000074F20000-0x00000000754D1000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028
| MD5 | d546a874d6488dc7b2abd0843b4d02b2 |
| SHA1 | abc38412c078bb9ab9ff9757aeefa67a19ff2501 |
| SHA256 | c243c2a98c75631185c8d04ecfffc2765b0d3e3516c3ee7e2cd8d2b67660cf5e |
| SHA512 | 13c7bde4df056340a345dbf1473a01308fd2786be7a384411814afa8f005d34d2ea979a24cb2d7821b5bd928841ffc3c00944500a55c2f0934155ba786ae9c0b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2d1f23f3b2d88cace27e02735e493035 |
| SHA1 | e6f7474a1722d158ba948804f9bbca2599df6c48 |
| SHA256 | 56988fb00effedca7033783c1e41edca09620231cf563ba60543109b1ec3f7dc |
| SHA512 | 53a3f22db92436ec5d6f43ae02ec4c05310add9ee918c790a8085704e44555242b83db930cb91f7a8866bf05fac848e541aa380b780ae45bb2d81629f4e8f4ec |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f
| MD5 | 34602c14b3cd39436015a03c31a33c69 |
| SHA1 | 3c483bff2700da63547b033d6e181d8eda923a79 |
| SHA256 | cdcd68953968b057152973f3a8c5ddb22af24ad0fa7f30150cff714ffa124284 |
| SHA512 | 07d047a878e3dd70fa32b6c40812a79e8cccad87708a40fc942422067a95c4fc5b97b69e1921103fc569fe48b9fb2499c3a1578b2c4dd1cf2add1f0e07fb95b5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020
| MD5 | df0c867c5fabd8e3d924adaa0b71645f |
| SHA1 | 03080a2098c5ae7d430ffc50360252ce01dc8d19 |
| SHA256 | 5f58994bcd7c1fd1ea6b68dc79e50554a82235f193937093cdd7b1f0d9b1fb5b |
| SHA512 | da24d89c4921a5f1ec0d7aefcbca5a8a4e53fdc28385e4c9c29f3b3a0b6d2f84167e46ef77b7aff03c5b0ed23917b3fd8e7e8bda675903788e95cdad9a56d352 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 000f8638efd24f102fc4a56d7c64eae5 |
| SHA1 | bc60005efd49c147d00c608b32fafd9341be9e47 |
| SHA256 | e59ef6dfe4a5a2d0e30e64b08da6bca6c171d4f0673cfa9e5f8ecad62e786ab3 |
| SHA512 | bc9925d1400536901137c026bd19fa7325ffc0f4fad90bc608b2920423ad6b2404c2759f3dfed9ca91a93d12e04454a8bc7b3628c19a066abdb1eb506485779d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe586136.TMP
| MD5 | 47325fb167b9a495e59d0b83b8868cd3 |
| SHA1 | 0d1bc351a525ca807a486f914ed7df736d810356 |
| SHA256 | 4e1f580a463c174c56a5ee60090257ca81fde7504cc39b2acfb5c7b6e1c8c191 |
| SHA512 | 46f9f8ab116c048a2db3bd7d8919b4e31eaeeca4d994f83481cadbc4cf1d637a5c706a1bedb5324cb77e936dd6957f75aba0816db38d3e66ca167af9eb4f2181 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 93558e2a4c2d37a4666350c6ddd78982 |
| SHA1 | 7d0aa614efee5c3563ce249a05019c16d29c0224 |
| SHA256 | da8651004ca790f50135260a3ea1b7231374ae6d47de4516d1e2fb0748ee03f6 |
| SHA512 | c71bff004d919e7cc0adac464e26306fbfcef2a4633d2cd4367300348614e48d214b7c598d82d72bd001b4af8f396bb2f216bed95415d4d66fa4e41f0ebb7e1d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4ecd9b405155bf3375b70263775750fe |
| SHA1 | 65d7fb158c5f36fd71550ae23241a7e6a6254eda |
| SHA256 | 360f55820831250e7095302b8ade436572b4580ae87fb5e1af43f658d6d46dd4 |
| SHA512 | 8ffcf60f42ed040cae65185a4a33f0a682556ea054dd0ee998f5bcaa2980ee66560c33c1466189b2882e22f252e76aeb02ffed19818b6ffa72c2ead65c84e01e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\cd26ab94-ab51-49be-9993-4e742f2e8ec7.tmp
| MD5 | 18febfa85b6b27a4baa9d12b81838f2f |
| SHA1 | edae22d485cdd01c9334823834cf5ad5e436c5bb |
| SHA256 | d9c80f36447175bb127d12c0eeef14582b6dee94c91e7b9e856edda79894562b |
| SHA512 | ae39af8a01b53feeb3f3df638d7579f87d49d1073b9a2e0360f90131a92b37fed00d9be52fe9f5d5927a42f1114e3c8e8f9f1fbe7cf4c0c243f139e1d37d9bb9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 492612622352ad00963f0442009b8de5 |
| SHA1 | 878f3a4ecb624042bdfce0129827737a810e58cc |
| SHA256 | 15cc21d60af9164537b63f13019b9330553da7287d22755313beca0aca1e04f9 |
| SHA512 | c0612172ae010baa526fbb4a2b8c30d6233e778a5d80b8a234728d7e0e56afeb4d0642b5e6e076eba9449451f843e18add232a54508fa043b3ccdaa70504afb4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 4404d7c58181e45d40130e374682b9eb |
| SHA1 | d6299cfb654e628c9c1a2b5d341dcee5c123c8e3 |
| SHA256 | b47ad636aef1a6c3b4d55d4021da7d3fc7bb90ff9e565fc1aa81cf80dfeb0779 |
| SHA512 | 7a39a4ddf3dc51229506efadc2acd870eb385992ce6305d931438b584a17881c18b06a1be1c4236ab829e08ef91a51d08a736893a88281c076ff063e24e0252a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 8157920e475c3f6226ac2aadfaadfc4b |
| SHA1 | 9de46fbb7ed69898f4ba6038a10ea1a17ad035cd |
| SHA256 | 926ccc20444eff8439ce16765f6b918214b15e05d0b538b45451a384a46af2b2 |
| SHA512 | f470ce78e4a2dc34847fe377e983ead623c48af2fd0fd9f5173d60c82598edabb7142b5d6a5cc794e1a85df4a644af9348a582a14d7dc2cb928592757b8fd06c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a61da270ef35eb46ca18ae9d18be6ea7 |
| SHA1 | 7b000a507ad10cb09ff5f81ef7274975b5f2b2c8 |
| SHA256 | dd3269e9105b5a9efee13b0dd07584da5caab550bcab785beaa13d4db86c5c1b |
| SHA512 | ea7f8027f6246e8c661542d725d054e1c1d602f692199d37db913bde6ad4264bd2e7f6e07c8ce44766bae4353630c4be086aa2b5e766ece30b06262d40b4eda9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c
| MD5 | c356a0c771a0209d3482777edfc10768 |
| SHA1 | 1ff2d992af8a6f19c30ecbe8f3591f26fe1cab08 |
| SHA256 | 32381f4549d36fa4583e599adc04056a4da80a6067c6805b7081c3f3f54a27ad |
| SHA512 | 561084baf8d65579ead79e79c2c3920ef987384d52ecc11a2689aff95c54a6b823a0c4a8e5b910e60e569450e36563f53adb5796f261f13bbeea59130b81fe3c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d
| MD5 | b99c109402eb5090a41bd60127623b77 |
| SHA1 | f0a74bfe1e275a5683bfb4312aba6486e2834d62 |
| SHA256 | ba454b5ba7c123abbb66244771cf49844219cb6c9f2a23d07bd6bc91a4f8f950 |
| SHA512 | 619a29ea7a1c678ab86c9cd4c2c3cf9686d613bba14088fece0f8a55a51f8bdbbe239b58f53c2c84e3b20e9fb8cb842c92a4627c760a164777d5f03176a96608 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e
| MD5 | 18fa2e39cd464591489d8fa9217e25e7 |
| SHA1 | 87e11371a06ed5cb998d77504b2ac18e1f022e01 |
| SHA256 | 92c83b8cd694d5aa9b846bde687c15ac8c6c086116a79962cb77831b3d333535 |
| SHA512 | 7a97c939acafe8c6f140ac29ac93f3756231dbd31c346a24ca0b2aa7b46527afa5d22c710693edf5ed218ae68b2e0e9077f05bedc9749383fb60471d3a3e5e2a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | db8eeb1efcb680b0ef83570e2bdcf99e |
| SHA1 | 2331023234ad9610f69c140b5673d2fc0dd6d308 |
| SHA256 | 1310176caec8cf867a552a10f204b4254c102907f4fc51f045c40dd28a58ac49 |
| SHA512 | 5c2fe28ee2d1fd3ec0dcd3b1234012a89e77fdd9d94c6cc7651531d034b28f9b4364ba18a738915424caac758b18c5797ec8b76596a6a1166f9efeebdfa52f6b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | db638310fa4abbda02cbb0816d9592b1 |
| SHA1 | 3e4d4283c21493493fca3816d580f66156e4d36b |
| SHA256 | e9d4b643ae5c8247e51cd9bd776b48eb826a2fe2a9c681d423e2aa3851f487db |
| SHA512 | df6ba861c77d3081953e2ae65bb4aee910c4a68b7b03621a16da2d373de4dc691b1c4a9367f819ecdd08d0910730d4408100f07831cc07f716598620485717c0 |