Analysis Overview
SHA256
1135f4d76cb6ca7605d54bd690b378bd769acdd28172fe55117f53de8f3c7520
Threat Level: Known bad
The file 1135f4d76cb6ca7605d54bd690b378bd769acdd28172fe55117f53de8f3c7520.exe was found to be: Known bad.
Malicious Activity Summary
njRAT/Bladabindi
Modifies Windows Firewall
Executes dropped EXE
Loads dropped DLL
Checks computer location settings
Adds Run key to start application
Suspicious use of SetThreadContext
Enumerates physical storage devices
Event Triggered Execution: Netsh Helper DLL
Modifies data under HKEY_USERS
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious behavior: LoadsDriver
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Enumerates system info in registry
Suspicious behavior: GetForegroundWindowSpam
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-19 15:20
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-19 15:20
Reported
2024-06-19 15:25
Platform
win7-20240611-en
Max time kernel
34s
Max time network
241s
Command Line
Signatures
njRAT/Bladabindi
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1135f4d76cb6ca7605d54bd690b378bd769acdd28172fe55117f53de8f3c7520.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1135f4d76cb6ca7605d54bd690b378bd769acdd28172fe55117f53de8f3c7520.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\confuse = "C:\\Users\\Admin\\AppData\\Roaming\\confuse\\chargeable.exe" | C:\Users\Admin\AppData\Local\Temp\1135f4d76cb6ca7605d54bd690b378bd769acdd28172fe55117f53de8f3c7520.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\SysMain = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1135f4d76cb6ca7605d54bd690b378bd769acdd28172fe55117f53de8f3c7520.exe" | C:\Users\Admin\AppData\Local\Temp\1135f4d76cb6ca7605d54bd690b378bd769acdd28172fe55117f53de8f3c7520.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 1708 set thread context of 2932 | N/A | C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe | C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe |
Enumerates physical storage devices
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\1135f4d76cb6ca7605d54bd690b378bd769acdd28172fe55117f53de8f3c7520.exe
"C:\Users\Admin\AppData\Local\Temp\1135f4d76cb6ca7605d54bd690b378bd769acdd28172fe55117f53de8f3c7520.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef8079758,0x7fef8079768,0x7fef8079778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1168 --field-trial-handle=1528,i,12377343651428919716,520660762569673973,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1428 --field-trial-handle=1528,i,12377343651428919716,520660762569673973,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1480 --field-trial-handle=1528,i,12377343651428919716,520660762569673973,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2248 --field-trial-handle=1528,i,12377343651428919716,520660762569673973,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2252 --field-trial-handle=1528,i,12377343651428919716,520660762569673973,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1672 --field-trial-handle=1528,i,12377343651428919716,520660762569673973,131072 /prefetch:2
C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe
"C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1616 --field-trial-handle=1528,i,12377343651428919716,520660762569673973,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3424 --field-trial-handle=1528,i,12377343651428919716,520660762569673973,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3544 --field-trial-handle=1528,i,12377343651428919716,520660762569673973,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3472 --field-trial-handle=1528,i,12377343651428919716,520660762569673973,131072 /prefetch:8
C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe
C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3588 --field-trial-handle=1528,i,12377343651428919716,520660762569673973,131072 /prefetch:1
C:\Windows\SysWOW64\netsh.exe
netsh firewall add allowedprogram "C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe" "chargeable.exe" ENABLE
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2444 --field-trial-handle=1528,i,12377343651428919716,520660762569673973,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2260 --field-trial-handle=1528,i,12377343651428919716,520660762569673973,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3412 --field-trial-handle=1528,i,12377343651428919716,520660762569673973,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1864 --field-trial-handle=1528,i,12377343651428919716,520660762569673973,131072 /prefetch:8
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2604 CREDAT:275457 /prefetch:2
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2416.0.375021267\1070482852" -parentBuildID 20221007134813 -prefsHandle 1220 -prefMapHandle 1212 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {83cfa766-8995-416c-9c32-6e3e653910f2} 2416 "\\.\pipe\gecko-crash-server-pipe.2416" 1300 45dbb58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2416.1.549603253\1456385999" -parentBuildID 20221007134813 -prefsHandle 1460 -prefMapHandle 1456 -prefsLen 20928 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed3d7981-3870-412f-a86f-2955f9d43595} 2416 "\\.\pipe\gecko-crash-server-pipe.2416" 1488 d72b58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2416.2.105199088\471583025" -childID 1 -isForBrowser -prefsHandle 2088 -prefMapHandle 2084 -prefsLen 20966 -prefMapSize 233444 -jsInitHandle 844 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d2b0a78-6e46-4978-b4b7-9cb0db50411f} 2416 "\\.\pipe\gecko-crash-server-pipe.2416" 2100 1a591f58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2416.3.2097465720\445110021" -childID 2 -isForBrowser -prefsHandle 2612 -prefMapHandle 2608 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 844 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {37c92020-652f-4eac-ab00-b1cab1a501a9} 2416 "\\.\pipe\gecko-crash-server-pipe.2416" 2624 1bff6558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2416.4.1716050427\444482372" -childID 3 -isForBrowser -prefsHandle 3040 -prefMapHandle 2916 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 844 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4587c856-07e2-459c-8b6e-150b8216c447} 2416 "\\.\pipe\gecko-crash-server-pipe.2416" 2904 1c2e8b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2416.5.978416662\1279493605" -childID 4 -isForBrowser -prefsHandle 3844 -prefMapHandle 3848 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 844 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {89361132-1f36-49fa-ad5f-2db5153ad9e9} 2416 "\\.\pipe\gecko-crash-server-pipe.2416" 3860 1e6e7058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2416.6.484989240\1716134048" -childID 5 -isForBrowser -prefsHandle 3868 -prefMapHandle 3872 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 844 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b944e6bb-b48f-4457-ba72-3c44eb40d9cd} 2416 "\\.\pipe\gecko-crash-server-pipe.2416" 3892 1e6e6758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2416.7.1318207780\525097462" -childID 6 -isForBrowser -prefsHandle 3896 -prefMapHandle 3892 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 844 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6d53e34-645b-4c88-863a-7c111e32ce01} 2416 "\\.\pipe\gecko-crash-server-pipe.2416" 4064 1e6e6458 tab
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.187.238:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| MA | 41.249.109.189:10000 | doddyfire.linkpc.net | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 172.217.169.42:443 | content-autofill.googleapis.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| GB | 172.217.169.42:443 | content-autofill.googleapis.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| BR | 172.217.29.3:443 | beacons2.gvt2.com | tcp |
| BR | 172.217.29.3:443 | beacons2.gvt2.com | tcp |
| BR | 172.217.29.3:443 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.bing.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | tcp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 52.42.69.239:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
Files
memory/2436-0-0x0000000074E01000-0x0000000074E02000-memory.dmp
memory/2436-1-0x0000000074E00000-0x00000000753AB000-memory.dmp
memory/2436-2-0x0000000074E00000-0x00000000753AB000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Cab6FE5.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar7055.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 10e23842805c6653ab2ec94f0c3057c3 |
| SHA1 | 53ffae3c55f7692f31079fb5221e5b82cd49328c |
| SHA256 | 976d8f03a87918f8fe083f6ba532a1558e476c3b417122201639dfbc85c0e0bf |
| SHA512 | c5c6144c51bc61db7cdf51653bac494d09f73429faf3282bba304129a824c24e44c48cebd7f767333f4d3453c2033536d1b8f3f5697347610b254390b1407ba5 |
\??\pipe\crashpad_1868_TIJUDPYUMKOZNHCI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
\Users\Admin\AppData\Roaming\confuse\chargeable.exe
| MD5 | e7b877ea72a8e42c4050624da48790ad |
| SHA1 | 637cd7fb1658fb21577c7fae378fb59c0d9f1b22 |
| SHA256 | 0c1d17e45c5549437fff5c867de90917d115fc841138d4f2a032b537c46f366e |
| SHA512 | 85259054c77e754190669d447e9ff73cae937cc90c60525e7b27ae747c80e4e9b9be708297afd56d0bcd9e2746927f8f749080317981f0749cceeaeacf28c927 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5f65ee1717d546755832663c05e1825d |
| SHA1 | 38140714c4f671e88dac8261c68eb108153e91e8 |
| SHA256 | c900f80f9b6e9873f1f9b55221a45db77fa7f49dcc1c2654920e9d3cedaac51e |
| SHA512 | 72699a6210ab1f626141d0228cd8012c723ea9f8a21691166ce524cbf5746fc2e4cb50fd3f4a973d96a421e1b1614716aa5b236cb8d7c1bd45feae8ab62f9b2e |
memory/2436-234-0x0000000074E00000-0x00000000753AB000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8be0ea5c5ddc75a8d54a64249523a6c7 |
| SHA1 | aa1b191c8f396757331f47ab2d8c59bebebe301e |
| SHA256 | d9da534ff4be46acace251ddc34ee30e2f17d0683f1cd06266f8b2599ad84eca |
| SHA512 | 8c0e7c135387ea52c0e0928eda30fd7200c752c4561373f6d001429b15f170c978a3b188c34303ef3fcfb6f3edc304318db678159630512db692d08fafbe17d9 |
memory/2932-413-0x0000000000400000-0x000000000040C000-memory.dmp
memory/2932-416-0x0000000000400000-0x000000000040C000-memory.dmp
memory/2932-415-0x0000000000400000-0x000000000040C000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 227ef45bb790830edc4160bac5648dfb |
| SHA1 | 77534f9b9e17962029492b8711b5c592e8b3b64e |
| SHA256 | 4e16337e66542f13e6d965f9fae5901ae9126d4b09722033240ff3935526f032 |
| SHA512 | 3c76570a6e06525adbd02f4f3a54dac2db0f7e1014dc2a36b52e48531ea908774dba9cdb4f08b90da7da5e1eda3003d8d29e7438968cf4971bba1b03514d1737 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be9a89d42174910405e738fcac3ea44d |
| SHA1 | 9f68cd6041ebfe128dcc88c7775ab9a56a162fd7 |
| SHA256 | 3ca506bff988c9696f6f5ae98905b7a297c373c733cd7ba9ea17e04192af3898 |
| SHA512 | 23f656b968eab55e7af2190950ecf4335de7b16ae4fa23e9065d90c87dff5a1b54d45f56e5b420d44da0538746df64c7547d3fc400e5eac52039f469de9a74c1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 25d253b25a2c25540b944e2d90d2b77f |
| SHA1 | cf82b92f242442e40e1c0d54550c387e1ba47680 |
| SHA256 | efb844dc7da1efaad6e22db3545152347f47bf9d964c9348fe07bde1efb9b229 |
| SHA512 | 8236d9ebb072274278f2c9269527fdc78fc0c7c1997aee5bac5840c02db1fa2006cc118604c2d44eac5913bd70f9fa19781c4d6a7169170a32ce2289dbbd7d7e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c34c4a376ae52b7b997f714218f259d0 |
| SHA1 | 184e67bf8f3a0ca63debd397d5bac9b59ac6450f |
| SHA256 | 4562acb1926c66fd8c08c533e1732545aa7addb5ceb2bfc3f483e673e5b03987 |
| SHA512 | 8c27e79ddec03b6d222ebac71933565be39813aa59caca7f69d33879af6f986e103a85dd144cdb3b257d43fb82efecb29cdc96ffebf5d492900d615f0c0aa6ff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 972eb3e3d5ca5ed81202f713b6e38e55 |
| SHA1 | 7689013d249c72e832018a37beb1a4b3d21edfde |
| SHA256 | f3c940db0fc4a8c5f16bcc1fafa66fe1036b0d02505661e1ecb1b1d6b26e7cb5 |
| SHA512 | 975cac23887fdc824e68515262772ff9f740cb6dacc254264a1cb4235f25aa1485c330291e750316b22671a28f15652c81d26bb3265588eb520db87c10a52c24 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 421cd6c72f556c3a43cb18d72b6ca9b2 |
| SHA1 | 85254f22bad22247d02a4f8110048ee98fdf7af2 |
| SHA256 | 6a59aec071db57e84556b4653897497670fda4600c673722430802a2e4b1c0fa |
| SHA512 | 0fbefa9de34a219905f3bd20af29eb28833b65248a91302ec7cedaad40615af241698ad8f9d47b81cbc71ee43c94635903fe76b225af4bce0600b28fbf265336 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5b5dd0aae9e557d07384c2717023847d |
| SHA1 | 2366fb39c46179a642dae082a0640e100568c61c |
| SHA256 | cf60d418f420c5e13036b322c4d014f65a9990c9cb93d63624b3acdbe3ed4e28 |
| SHA512 | 7950a5a515e554b7509644e0aab980947e76f2b07233d5c5ee1b087aa16946e783312d74315de21f095f043284d988ce4128f0b7cecb51c688295fdcc2312a71 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 42046b378423a7a922a912c392acb41c |
| SHA1 | 148240fd145c610d6961b5036b2ec681fd02a0d6 |
| SHA256 | 61f61aa1429d6d5f7b55a86538aa9436e1931a118afce65b5ddbb7f296b05dc0 |
| SHA512 | c9c1b0c9949a5a9c43215c70c8af6784743acdfce68956d55500a734bd3bf2e0e5140176ce0324a790e6e24a2dd4f884eb09d2cac64359e8d18676e026066845 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5a2050a87b18a6b08a08e544a0613be5 |
| SHA1 | 460832f85c3251a409d29e4f0964b40c42b38a51 |
| SHA256 | 136d999d03a038cfa1721f1f15aecd993ae52bf1a6971f934625d77b749cea6a |
| SHA512 | bbc2072220fff66afdd805e022075d5ce0faf758959ad73bf907912e848c74495e257a19e1e88214b550d26bf965f534fa31b1b4dde97e0c994293bc14eb4024 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ee082761-977b-4c3c-8f25-6f44224155a2.tmp
| MD5 | 2b7cf17755c519fd2d1786e80df5e9aa |
| SHA1 | f113d865360efe4962e49f3abf3c900c3832ce18 |
| SHA256 | b72c8ebedc500a5f60efcd433479278d1a0ec4e67224f47baefb9f9a430b71da |
| SHA512 | 47e2a8eee8bada62a99d4c3de0e57f13d2ea3655cf79583ff520f1c4861aa63b5ea21657cc06ec34aba8f510cd05b30e5f8bcd155275ab11ec5a374cb018a43d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3390ba63dbc3ffb73450cb9c626aa23c |
| SHA1 | 3193218c4d92e9446d61cf5d8190d91c8b316822 |
| SHA256 | c139dd6ef28c0eeb3d4b092c1fc752a9fa64181963b7c7654f11d6ec34af9955 |
| SHA512 | 0151e1c1609a66f87bd99c81462a1a53e6ef7f5248825de76be33e4da7c4e5d9c2933276b0a02f4c45dfb165b69f04b01fe9777f27ea4342fd4b43e8af2ee4ba |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2cd305f25afce344093ee61d8efc4fe1 |
| SHA1 | 82143ca68316d2062710cd67df09b74a2ce87f60 |
| SHA256 | b5500947713c5bd409c44058279ee4ab382273308b9f32ebda2f924ab15e650b |
| SHA512 | 51b3b1cc765424e957756d2ca02e38fa39ad2b647d11e17bf457f81ed5b8bed01d2a913401e0f46b323ef47ebd36c708a72954c704a148a73c25c06019f327b3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7c667272d86398402c40542c9c854dee |
| SHA1 | a596ae99a6e7e307cd0046d640b64804ccd0795b |
| SHA256 | e187e10d89f769f38553437127cea61c122717e4687b45b4d12c09d124db6515 |
| SHA512 | 38045b035ed54cfd6bc6c85ade8e5b5679cd0f9800ba7f22afd135302cf2034b1a339f4d900c7bf8cf8f832e20cfba3b5f5e9424500f1e5a63a600c82ac359c9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | abfa9319923e7b3516f4194a578a91a0 |
| SHA1 | 3941ae0767ae8ea5d5707ad1e6d1373392b711cf |
| SHA256 | c3174755f202ebd162a6a87ea412bf736b0c6a5df188caa2e63a8ee88f032f45 |
| SHA512 | a51f749d6e329d663ee9cd1677ff544d9430417a2da199e94537bdb7e7a8599bb3c0f82e72216aca39c3c77ab427f77ec5cbd6e9f9b6caefd40690c4ab4afbc9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b9439c80f08d194f23903f6c9c7f1926 |
| SHA1 | 228b8123cced50b64c98ad968a2ec971ca6051d6 |
| SHA256 | ca25567af4ec8256ed7d24976eb5344b2631c8c9517f1a5862dd6b2424601822 |
| SHA512 | 920fbf005c87a21e084dff7f88e6486132cb023c90bc15c90637315e1e946ccc2aafe120463bf96008d15fd2ac41d677b3895945f209bb0062e7bf6bac229628 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 81f6a1c613dbe76d48074464ed0a935d |
| SHA1 | 47fb60349fc506f4081beb19969db7da67130ca9 |
| SHA256 | 57f1732d072c7027e67df638764b7e09a8424089bf50115e16d9245b0926363d |
| SHA512 | 11e289113fd567d522ca34cc6ebb5e5e71de4c1240eb6f14a40bd9cae9b3f73be14beb9fdf709e47c4ec0763e5920aa04a6c077efa237e63e55b6341377f0c25 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 403b5bd9739af6a167bc7399e6efbe9e |
| SHA1 | b94b2904ad7ba23b0fee723e0b2f89a15dd8c680 |
| SHA256 | cce86ec61cfa0607f7325210f5b8e2378ed594e3ed611d37e5ae2c619afc2e3c |
| SHA512 | db1e372a96193246331aec3316db5a208c541bf992e2c8ce21f4519eec52184bd753d8f4c1111c0d6c8ff32a7a74312cfb23c95e553514612c5dcb78073520c4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 92206e2453194637b2b5b2ffdada7100 |
| SHA1 | b86f221571f92ef40cd45898050b09a07367c224 |
| SHA256 | 91bc35eb52c8d0bf2e7eeab24275dd4fa8b03ce2723991de890a77d529c65e2d |
| SHA512 | d119a0f47232580c7dd3ba908699096c3d0129b314b277055365cddc5ed362b086b690e848e924e25f607dcca6be7aefcc502a6e0c8cb583e9a2ff146ff5e077 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 079428fee118133b495649488c39f86f |
| SHA1 | e175ae5cdda281b62bccff52985189a64a498afe |
| SHA256 | 4143bee8c4926e14a11f7d15de1e2d7e900d69f9dc0335ce1a2e41265c69c672 |
| SHA512 | 245320aeb38485efc6e3f58acd1c3ddbfaf731d4ff8e33410d5fd37c5e6471ecbfbba201c40d86d83179d93e5ccdd7380a5da498c319188ef94a333b250891dd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 536dbbe28e77486b60fadf347909d543 |
| SHA1 | 669e0022bf3be8d6dc03f274602b48ca15ef1c07 |
| SHA256 | 02898b5c450cda7f19bd4b906c2c9d65bd4dbaf5386c55dccec29ca5fc075f76 |
| SHA512 | d46aa9e6085c5bdde34ac22948cfc4d04f02943f53cfb3de50b74d9f6f54db1a175546c32b42c3c3c7e9ffd8484e6835fffa341145f3072f27dd8090b17d72d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a5f306676e6c924c1d6079e90f5733fd |
| SHA1 | f94258269f557939e930f2e635923def6ad0533a |
| SHA256 | d0a9869d7d5fed878ac3084a58e2307eebe49a755af5a3693fd65a60cde52eda |
| SHA512 | 231c1d36e8d6d0f6d0a0437560a993809b91d09fb712b958482f920534b6ed6e2f12803bb611e3a90adb997c14eeb77bbfc00d2d3e3eb5180f85f54bb3b228d4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 09821d67a915c9bd9e488874cd0fda67 |
| SHA1 | aa873bc9de18874e9e8e4d600b0c906ffcfdce4b |
| SHA256 | add3620df18c409d1a881d13843d9dc135b0aa4317b07a9fa00c80acd5cd934d |
| SHA512 | 773e1234c09870f5714cbe488e94cfe8ac72f8463cb17cb1079b594c6abb9cd79734198f260d341239b854e75ad1c5f2f3e680d879568d20cf1bbdcdb6e14f90 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 66b7855c0fb2f0e3c5613e5493f6c67f |
| SHA1 | fdfbb685270427890a179db95c3ecfd6dcd90adc |
| SHA256 | cf6bd2138c637871a6b065c5dbd5d1afa93e26aae79267a5a2d3f94eb56e77e3 |
| SHA512 | 3031f3110942d1de31e99d2c116d6bc115e3e599ff54842ad73ac6f65d3098685868526b01807df69b1a089e0b78e1a54e2347a709a2d1b395f9645e9532548c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4f6d5e37473ed9a4a776056e1e6f2ab9 |
| SHA1 | 09e69ea55ad0c68082b218c7b26203bebe22c93b |
| SHA256 | 0b63438150033f977630507dba89c7aa7bde5ec935b13a4e0df24b586a0e16fd |
| SHA512 | 345ea64112ae93edf5442c7db02094a3b7f4abf871ae760e5c5be0c49e11672dee49685b7bf8de555755ed08a9b91f402e3bf035606337126c4d1299233088b7 |
C:\Users\Admin\AppData\Local\Temp\~DF6C102900285F97CB.TMP
| MD5 | ffd7385a02d8289f5a6834c16314bfb1 |
| SHA1 | db6367b937763ac07d800fbbe914ba642227fee0 |
| SHA256 | f017c504e9054e0c7a32b5efb9776f946242fd683072eaf87f37ee0109161066 |
| SHA512 | f6fed192b4cee63cb717eff9ce105cf1c1fff136940b9f97fc841e3c0f710995969a438e9504ca58d41cdb5250513966133834e4d3fbfbea33ee18854ec10326 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 61ea054615e1465389cd0fc4078e02cf |
| SHA1 | 358e768efd7a7871349b5b4ffc10b245d57b2b9e |
| SHA256 | 99f72e4f488473a37d60d8c18e9f4709a3de89ac1aa97cef9329e68d417fdef5 |
| SHA512 | e458af747cb1a0c75a05925ff0217c46fc08e7ffe203a6e876a38e432e2b945067b62ae0652c783df8d3f0acd6d6dd7c98aa61c719d240bb9e9ff0f37d29da5b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 0e538d10cbc02906f14a4b1764017def |
| SHA1 | f990215af40411bb209c19e00dcac770287e4098 |
| SHA256 | 23fb0e66c72f6355c4e8b2b617ae70e15ec19c68813ee1b93254b44b548f1246 |
| SHA512 | 34ff25717967085b3c1f7f6efed0a88a4b008cd99accecba5941b5bff546260a8447cd5d67719d1f435fb8be7b06c94bb0abb8f77170ccc36bf145803c3f260b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 40b624e8025595ed687e1aaba09c921c |
| SHA1 | 46dbd38512b9323b28b507bf8f2cc8519334432f |
| SHA256 | cdc6440b7464a96318066e5a3ef342bb5657266002cf2f517d6346d9ebd947ec |
| SHA512 | f6158327bf347c524d21fc4be22d822a8d4163428d04a147833e49fe6cf57a90deb839e4802f25ef8aea3977e4b918fe6071c88b4ccde1aa77f8182936a3dce1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\f56308b8-7d60-48c3-bc7f-294ffecd57bc.tmp
| MD5 | 6895099cea1b07073f104d50e01e6cd4 |
| SHA1 | 380fc5f927762a95f00655fbc026d388d032905c |
| SHA256 | 8b22d300680c8f30dbb59b62672ef27b12cb30f2920643f278ef85fdfd652136 |
| SHA512 | 3aad6d741c80809f0f450da43c88520392026f22e01dd3a2e1029a879d693d02732c7c5c78ab88e1c37dc7f783aad56c799aa06576562c92f2027f10b76ffc42 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\15kjbvz9.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 026d58b1e826ce4747c768757f15bdf4 |
| SHA1 | f426809b1bd4eeb2c860929c889950773f15b7fd |
| SHA256 | ad4ceae4e9b45cc6c18c6a4595925f7c8631d93b9c5932d13c172c926491825e |
| SHA512 | 821f3f902719c2db8383d45a8cd0d3f7fb6ff209657f67d853daae1b6aa5fd6daeb27224b963eadda0c57f365ee8d9f70103a6af62126b8c57fe9abc3d91205d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\15kjbvz9.default-release\datareporting\glean\pending_pings\df981b92-6b2a-4128-a121-e3ef887cc67b
| MD5 | 16efc7143e89cf85e9a6e7cf74c2e3d6 |
| SHA1 | 9b98a449382de6bf5746234d131a5d6387197b7c |
| SHA256 | 7452b1be10033cd55a17e010966be5d9cace89da08fa7a6bfbeee2e47218a0cf |
| SHA512 | d4b192c22f393543ed56d44fdf0295e1f7ebb6483d41d2fbf66a8c1fbaf610690c3feef55d5c7d552e2b7dbaa7537b32fa5eb717b158d6c3c36b362ccae183b1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\15kjbvz9.default-release\datareporting\glean\pending_pings\c072f71e-8896-420b-8702-b73b16ac5ec7
| MD5 | fca0b3f3d76f4fb219028d53262b3aec |
| SHA1 | 6bc772a9cd322541db0d72c15ca0fbe6505b9be2 |
| SHA256 | 4ffb33d12397bb8903f26ef0cdb46de1fcd8fdb12decb2e1e30b7f79407b0f16 |
| SHA512 | 3eba39fea95a786f2ecf0a3b9b6f4ff901b6eca9cc9778546734d9c50c3974c31fb67bf0af031713e1a8c4723db4c4683482779fa23a82f11a761cc8aa883c7d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\15kjbvz9.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 001c4ba972d95575268ba181820e81fa |
| SHA1 | f8187bc09a5f6dee3e26d1926bf9b65dfa6f1f3d |
| SHA256 | 8c48a11db73c4dcc9c9a02a05b76827de6f8829c2b3197c59df181fd40795d2f |
| SHA512 | aea24b8f52d30c74a9b522b24e90c1d878427b16e55379f4521e83854feb89d41db4410d56f252b5bb1d2a315e5a4f9e3a9eaa73950031ea3a0ad00a805f13a0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\15kjbvz9.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | b81849940d06d68897005c7308e698f0 |
| SHA1 | dc7b49421e8d06e77539a4ac03e4d421ad1c977a |
| SHA256 | 983be65e88e109f43b1f29b5ef93596b068022bc3c7db7b3fb363f24cf5254ae |
| SHA512 | c84c1c55922c25d18f6e84523ed8c1b0fcc224e093ecebb0910639a5b2ba1eebd80576973dec470b4817e79682fec5ca442e4ef1dc8706836ed3ae1eacd9d96b |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-19 15:20
Reported
2024-06-19 15:50
Platform
win10v2004-20240508-en
Max time kernel
1799s
Max time network
1796s
Command Line
Signatures
njRAT/Bladabindi
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\1135f4d76cb6ca7605d54bd690b378bd769acdd28172fe55117f53de8f3c7520.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\confuse = "C:\\Users\\Admin\\AppData\\Roaming\\confuse\\chargeable.exe" | C:\Users\Admin\AppData\Local\Temp\1135f4d76cb6ca7605d54bd690b378bd769acdd28172fe55117f53de8f3c7520.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SysMain = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1135f4d76cb6ca7605d54bd690b378bd769acdd28172fe55117f53de8f3c7520.exe" | C:\Users\Admin\AppData\Local\Temp\1135f4d76cb6ca7605d54bd690b378bd769acdd28172fe55117f53de8f3c7520.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 3152 set thread context of 1360 | N/A | C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe | C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe |
Enumerates physical storage devices
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133632841691860444" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\1135f4d76cb6ca7605d54bd690b378bd769acdd28172fe55117f53de8f3c7520.exe
"C:\Users\Admin\AppData\Local\Temp\1135f4d76cb6ca7605d54bd690b378bd769acdd28172fe55117f53de8f3c7520.exe"
C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe
"C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe"
C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe
C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe
C:\Windows\SysWOW64\netsh.exe
netsh firewall add allowedprogram "C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe" "chargeable.exe" ENABLE
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8b115ab58,0x7ff8b115ab68,0x7ff8b115ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 --field-trial-handle=1920,i,1720441264639542557,18406979682450827388,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1824 --field-trial-handle=1920,i,1720441264639542557,18406979682450827388,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2264 --field-trial-handle=1920,i,1720441264639542557,18406979682450827388,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1736 --field-trial-handle=1920,i,1720441264639542557,18406979682450827388,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3128 --field-trial-handle=1920,i,1720441264639542557,18406979682450827388,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4052 --field-trial-handle=1920,i,1720441264639542557,18406979682450827388,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4688 --field-trial-handle=1920,i,1720441264639542557,18406979682450827388,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3648 --field-trial-handle=1920,i,1720441264639542557,18406979682450827388,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff74a78ae48,0x7ff74a78ae58,0x7ff74a78ae68
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4712 --field-trial-handle=1920,i,1720441264639542557,18406979682450827388,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4908 --field-trial-handle=1920,i,1720441264639542557,18406979682450827388,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3492 --field-trial-handle=1920,i,1720441264639542557,18406979682450827388,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3984 --field-trial-handle=1920,i,1720441264639542557,18406979682450827388,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3480 --field-trial-handle=1920,i,1720441264639542557,18406979682450827388,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4172 --field-trial-handle=1920,i,1720441264639542557,18406979682450827388,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3136 --field-trial-handle=1920,i,1720441264639542557,18406979682450827388,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4832 --field-trial-handle=1920,i,1720441264639542557,18406979682450827388,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4856 --field-trial-handle=1920,i,1720441264639542557,18406979682450827388,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4532 --field-trial-handle=1920,i,1720441264639542557,18406979682450827388,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4316 --field-trial-handle=1920,i,1720441264639542557,18406979682450827388,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2668 --field-trial-handle=1920,i,1720441264639542557,18406979682450827388,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=1484 --field-trial-handle=1920,i,1720441264639542557,18406979682450827388,131072 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
| US | 8.8.8.8:53 | doddyfire.linkpc.net | udp |
Files
memory/320-0-0x0000000074C82000-0x0000000074C83000-memory.dmp
memory/320-1-0x0000000074C80000-0x0000000075231000-memory.dmp
memory/320-2-0x0000000074C80000-0x0000000075231000-memory.dmp
C:\Users\Admin\AppData\Roaming\confuse\chargeable.exe
| MD5 | 632ee1dc394ca36ac0af043a19275549 |
| SHA1 | 31d7abc0bfc91e5a724942ef23de1f395d270b77 |
| SHA256 | ba174e8f8f032d3385555ac965f63f551e14451ebedc3a16d3b0ac20e3833534 |
| SHA512 | cdfd3ad33e8708cf3ebc6643b88ff6b2cffc2c20d0d52ced06e11acbe3f8ce77e86698782cf228d66120ae0920cb9c6f098cbc8c68eb16b8152bb64311d8b624 |
memory/320-17-0x0000000074C80000-0x0000000075231000-memory.dmp
memory/3152-18-0x0000000074C80000-0x0000000075231000-memory.dmp
memory/3152-19-0x0000000074C80000-0x0000000075231000-memory.dmp
memory/1360-20-0x0000000000400000-0x000000000040C000-memory.dmp
memory/1360-23-0x0000000074C80000-0x0000000075231000-memory.dmp
memory/3152-24-0x0000000074C80000-0x0000000075231000-memory.dmp
memory/1360-25-0x0000000074C80000-0x0000000075231000-memory.dmp
memory/1360-26-0x0000000074C80000-0x0000000075231000-memory.dmp
memory/1360-27-0x0000000074C80000-0x0000000075231000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 5460a095ffc91e16065137d118251fa4 |
| SHA1 | a8b074cb99c5264869c6d1590791ff57135a5d56 |
| SHA256 | 03ca250413edde9149d615c01ba471c13d8c3e8358c2b860be170089c50b4ab8 |
| SHA512 | fce69526d1c062091781da7552cc8b428a5af7aa66344680b2ace5741111a1ea3f359a0efc66d37c2bea8f31e0b10feb2eaa82838e26804373b5728a82bc883d |
\??\pipe\crashpad_1008_WGMTHCKIQQDKZZNL
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 221f83767ff1e2370d4fd11557e3927b |
| SHA1 | 61a75e3b37dcca1809c341b981e1a5dedb14fbc9 |
| SHA256 | a58e0a2e79b1ebc00a04e0ac0fe3dbf88dfcdbd1a79b2b9fd649c457e7975524 |
| SHA512 | 0f01b11a584d5f274062c67d701d831f0e7076fe52a4020a3900a48470a0b9f3258f90ec2e927a3b001ee689181fc0f308ff0f5e63d0d85ff3fc2591e28995fb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b333079b09b8ba730d73c22dfc2d4d52 |
| SHA1 | d298226a14a6165c5bbb9241e8f21c5f80df0a28 |
| SHA256 | 80e4d8f4211655c9372f23e41be45ed5e36fe7f853d2c3d3ba00d1c54279b8e4 |
| SHA512 | 5f26ffeca4417d8e75854d095acdceb56ec6ffa7558111e1d7b0bb89825e07015a9547dab561888ef5f777e457feb5e2d3e49a3b8412e770bbf7c6ed5e34cb19 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 93199d7bd5ea03ce313e9438b4b2a498 |
| SHA1 | e2d3c24ce863cdaf026afd5092d36f83a5ef739b |
| SHA256 | fc28c0c8c0ea2346c0b64080630e0d5dfcb4be03cad12270048b05c0632726bd |
| SHA512 | 0a6dbce7597189ff03ec0527093984fa59254b4b3bb5fed1f28ef0de96807b79c6e6539a43c84f44490630349d4bdd85c9794fe22ad0cf1a365586f9e4f619b6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | c125fe6d0f2c88c5a33489e68d563069 |
| SHA1 | 6d87d42156d282bc27c0cd61aed8030bea5f897e |
| SHA256 | 3a05d5eb3ffb2495d2515ad6afc7bd57758886178a9499ecf90528f4a2ba241c |
| SHA512 | 647d2e5db2cc750e1428525f92fd7ee4c2cf816d00fd13dbb2e42d1017946580325affa4919e54b25e1b7ba093eeabf0ef6d24d02ff6c5c097fd833ec74a6cac |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe598f94.TMP
| MD5 | 55585467747a49b376312f079cfda9a3 |
| SHA1 | 44cc3e3df3cde006095a4f44ab0767790b132503 |
| SHA256 | b8b251388b59294c85aaebc3a76b162f98de08676e75f1f39c01d0551abe1978 |
| SHA512 | 2a193195fea15b10d8285ef40a60bd0a7f380b016a2a3611a2452843997dc8cb33ff9240e0491063a724864e1851ef09bdbc1d8d7bbf74bde5eca22129aee136 |
C:\Program Files\Google\Chrome\Application\SetupMetrics\20240619152249.pma
| MD5 | 6d971ce11af4a6a93a4311841da1a178 |
| SHA1 | cbfdbc9b184f340cbad764abc4d8a31b9c250176 |
| SHA256 | 338ddefb963d5042cae01de7b87ac40f4d78d1bfa2014ff774036f4bc7486783 |
| SHA512 | c58b59b9677f70a5bb5efd0ecbf59d2ac21cbc52e661980241d3be33663825e2a7a77adafbcec195e1d9d89d05b9ccb5e5be1a201f92cb1c1f54c258af16e29f |