Analysis Overview
SHA256
83d4b0869a1cd74c64c112556e1191e63b298876baf6ed51a358b72aced304f9
Threat Level: Known bad
The file konflickt.exe was found to be: Known bad.
Malicious Activity Summary
Vanillarat family
VanillaRat
Vanilla Rat payload
Vanilla Rat payload
Drops file in System32 directory
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Unsigned PE
Browser Information Discovery
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-07 14:49
Signatures
Vanilla Rat payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Vanillarat family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-07 14:49
Reported
2024-08-07 14:52
Platform
win7-20240704-en
Max time kernel
148s
Max time network
150s
Command Line
Signatures
VanillaRat
Vanilla Rat payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\konflickt.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\konflickt.exe
"C:\Users\Admin\AppData\Local\Temp\konflickt.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | konflickt.ddns.net | udp |
| TR | 176.33.118.135:1604 | konflickt.ddns.net | tcp |
| TR | 176.33.118.135:1604 | konflickt.ddns.net | tcp |
| TR | 176.33.118.135:1604 | konflickt.ddns.net | tcp |
| US | 8.8.8.8:53 | konflickt.ddns.net | udp |
| TR | 176.33.118.135:1604 | konflickt.ddns.net | tcp |
| TR | 176.33.118.135:1604 | konflickt.ddns.net | tcp |
| TR | 176.33.118.135:1604 | konflickt.ddns.net | tcp |
| US | 8.8.8.8:53 | konflickt.ddns.net | udp |
| TR | 176.33.118.135:1604 | konflickt.ddns.net | tcp |
| TR | 176.33.118.135:1604 | konflickt.ddns.net | tcp |
Files
memory/2068-0-0x000000007457E000-0x000000007457F000-memory.dmp
memory/2068-1-0x00000000009D0000-0x00000000009F2000-memory.dmp
memory/2068-2-0x0000000074570000-0x0000000074C5E000-memory.dmp
memory/2068-3-0x0000000074570000-0x0000000074C5E000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-07 14:49
Reported
2024-08-07 14:52
Platform
win10v2004-20240802-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
VanillaRat
Vanilla Rat payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Crashpad\settings.dat | C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe | N/A |
| File opened for modification | C:\Program Files\Crashpad\metadata | C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe | N/A |
Browser Information Discovery
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\konflickt.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133675158136006866" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\konflickt.exe
"C:\Users\Admin\AppData\Local\Temp\konflickt.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd8bbecc40,0x7ffd8bbecc4c,0x7ffd8bbecc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1952,i,2814341148978192488,4368146213511835997,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1948 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2060,i,2814341148978192488,4368146213511835997,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1808 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2316,i,2814341148978192488,4368146213511835997,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2276 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd8bbecc40,0x7ffd8bbecc4c,0x7ffd8bbecc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,2814341148978192488,4368146213511835997,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3168 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3252,i,2814341148978192488,4368146213511835997,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3268 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4540,i,2814341148978192488,4368146213511835997,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4624 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4936,i,2814341148978192488,4368146213511835997,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4944 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5056,i,2814341148978192488,4368146213511835997,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5096 /prefetch:8
C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ff6ccd34698,0x7ff6ccd346a4,0x7ff6ccd346b0
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4504,i,2814341148978192488,4368146213511835997,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5200 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5292,i,2814341148978192488,4368146213511835997,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5296 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4792,i,2814341148978192488,4368146213511835997,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4860 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x50c 0x508
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5556,i,2814341148978192488,4368146213511835997,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5612 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | konflickt.ddns.net | udp |
| TR | 176.33.118.135:1604 | konflickt.ddns.net | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 10.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| NL | 172.217.168.206:443 | clients2.google.com | udp |
| NL | 172.217.168.206:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 206.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pornhub.com | udp |
| US | 66.254.114.41:443 | pornhub.com | tcp |
| US | 66.254.114.41:443 | pornhub.com | tcp |
| US | 8.8.8.8:53 | www.pornhub.com | udp |
| US | 8.8.8.8:53 | static.trafficjunky.com | udp |
| US | 8.8.8.8:53 | ei.phncdn.com | udp |
| GB | 64.210.156.18:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.18:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ei.phncdn.com | tcp |
| US | 8.8.8.8:53 | media.trafficjunky.net | udp |
| US | 8.8.8.8:53 | prvc.io | udp |
| US | 8.8.8.8:53 | cdn1-smallimg.phncdn.com | udp |
| US | 66.254.114.156:443 | cdn1-smallimg.phncdn.com | tcp |
| GB | 64.210.156.18:443 | media.trafficjunky.net | tcp |
| US | 104.21.56.52:443 | prvc.io | tcp |
| TR | 176.33.118.135:1604 | konflickt.ddns.net | tcp |
| GB | 64.210.156.17:443 | media.trafficjunky.net | tcp |
| US | 8.8.8.8:53 | eg-cdn.trafficjunky.net | udp |
| US | 8.8.8.8:53 | ss.phncdn.com | udp |
| US | 8.8.8.8:53 | a.adtng.com | udp |
| US | 8.8.8.8:53 | 41.114.254.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.156.210.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.156.210.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.114.254.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.56.21.104.in-addr.arpa | udp |
| US | 66.254.114.171:443 | a.adtng.com | tcp |
| PL | 93.184.223.43:443 | eg-cdn.trafficjunky.net | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | hw-cdn2.adtng.com | udp |
| NL | 142.250.179.202:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| GB | 64.210.156.7:443 | hw-cdn2.adtng.com | tcp |
| GB | 64.210.156.7:443 | hw-cdn2.adtng.com | tcp |
| GB | 64.210.156.7:443 | hw-cdn2.adtng.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | etahub.com | udp |
| US | 66.254.114.62:443 | etahub.com | tcp |
| US | 8.8.8.8:53 | storage.googleapis.com | udp |
| NL | 216.58.208.123:443 | storage.googleapis.com | tcp |
| US | 8.8.8.8:53 | 171.114.254.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.223.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.156.210.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.114.254.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.208.58.216.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| NL | 142.251.39.99:443 | www.google.co.uk | tcp |
| NL | 142.250.102.155:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 155.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ew.phncdn.com | udp |
| US | 8.8.8.8:53 | cdn1d-static-shared.phncdn.com | udp |
| US | 104.21.56.52:443 | prvc.io | udp |
| US | 8.8.8.8:53 | ht-cdn.trafficjunky.net | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 66.254.114.62:443 | etahub.com | tcp |
| US | 66.254.114.62:443 | etahub.com | tcp |
| US | 66.254.114.62:443 | etahub.com | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | tcp |
| NL | 142.250.179.202:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | iv-h.phncdn.com | udp |
| GB | 89.187.167.21:443 | iv-h.phncdn.com | tcp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.167.187.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.190.18.2.in-addr.arpa | udp |
| TR | 176.33.118.135:1604 | konflickt.ddns.net | tcp |
| US | 8.8.8.8:53 | konflickt.ddns.net | udp |
| TR | 176.33.118.135:1604 | konflickt.ddns.net | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| TR | 176.33.118.135:1604 | konflickt.ddns.net | tcp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | iv-h.phncdn.com | udp |
| TR | 176.33.118.135:1604 | konflickt.ddns.net | tcp |
| US | 8.8.8.8:53 | konflickt.ddns.net | udp |
| TR | 176.33.118.135:1604 | konflickt.ddns.net | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| TR | 176.33.118.135:1604 | konflickt.ddns.net | tcp |
Files
memory/5012-0-0x0000000074EEE000-0x0000000074EEF000-memory.dmp
memory/5012-1-0x00000000004B0000-0x00000000004D2000-memory.dmp
memory/5012-2-0x00000000054D0000-0x0000000005A74000-memory.dmp
memory/5012-3-0x0000000004F20000-0x0000000004FB2000-memory.dmp
memory/5012-4-0x0000000004EE0000-0x0000000004EEA000-memory.dmp
memory/5012-5-0x0000000074EE0000-0x0000000075690000-memory.dmp
\??\pipe\crashpad_4640_ISAHSFBSNIIUKVJZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | ebd1e0c475994371b3998462615f0d05 |
| SHA1 | 14e355cb59a4e518018b776164c6d0217aca50e8 |
| SHA256 | 6982055c717bbdaed4aeec95fd9209e1f933093cf5419bc09194366ee80b0541 |
| SHA512 | 7aa0bc09e0f291418fe3b6683c2e6e83781a2d96af1d36fd47162a132cfb1fe0051135fe401c6f953c85948974aa79343fb88a0d40ed31be7c60249ae21a3a32 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0eeae903407a2556ff7bea688b42242b |
| SHA1 | 0e97f781922448b7b59bf75e14cfb346ce185e8f |
| SHA256 | 119a13b4fd325f1a4c82947b5bf45ec4bea80c4eed2e121106de941543b8b645 |
| SHA512 | 02bb8d31413c5298a10e4a62ecb5509bd1905d868ffe66027af065a183d2754a83a80ad31dbcd617b53db3970077877a2ced7917451d0232b0da75d0b030a0b0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 40cc2332ca25b262a3c12bdde528dfa1 |
| SHA1 | 5de12e6aeabbf3ca8d24e5182d14369fece9aeaf |
| SHA256 | 85e2f3cda26a16a7069212232d857f79f76caa6cafff21bd89c01a7d0e96ed38 |
| SHA512 | 3506446da7a91f37dfa8b970b02351543268c3a91def1d3fcd4470e621742fb0f5bc0124bd9fd59f80b6a5746e7608f9609f06d43e8466f7adf6225a3913f0b4 |
memory/5012-145-0x0000000074EEE000-0x0000000074EEF000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f81cf4872e6f055f68416f26e4e1bbb0 |
| SHA1 | 108264668dd8f5e7223a278a6cabf5523f318452 |
| SHA256 | 3828f7edc410509561d056d26d97eeb9fe3317e1897a41ce8926f68b008e637e |
| SHA512 | 65aef632358ab5433472c86d8565cc64aa689063aac51212ecdc31d695d91b670657febb7841e3399508a2ed8d8cdb258a426b2a2b952c1ac573e4cc64335793 |
memory/5012-154-0x0000000074EE0000-0x0000000075690000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 713cb61fe6abd95479f3ac58952b88b5 |
| SHA1 | a4512b96c3a2300066889de88349e2a0fa27bb25 |
| SHA256 | abfd5abc1b6d7f8fde5281040931e911ccc49117e6a713fac8ba04757f3bf9b9 |
| SHA512 | d5588f122c065dfff4a5ce5f1293839619f0241a99bd7bafe60debb83a5fef7a54b1e59891d0f0b1d7f0c4243f65f21adf18d7b868ae9fb4a2073f719ace8c5b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0786bf67d971a543a34e0da26c75ed65 |
| SHA1 | 5f65e28a6d4721ad332c8b8d548b1a3b9fb4bcc7 |
| SHA256 | ee0f6cc2fed42c02ac0a62aee6548b9cd6c7e2b8dae7ea4dde20821084599595 |
| SHA512 | cac3688ba12105a6cd90b404b52260045329d38d99fc961b17231b7a065584555d89672a0632c317b24128f4b5de5f81afdb6e40ba7599fe59fd704a80e7048f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a5a93ed17c7ac6ab1c97d37f2a0f975c |
| SHA1 | a373c4019a05398ec8da1302537aabb55a28620e |
| SHA256 | bc97915bf2fbf4c322b6cf6219340c842e916ce6cf82a86ee7ed29cca7287801 |
| SHA512 | 18c9bdffae462cbfb517f8015535444724f7a8c3f53bbebbd9d05c3243147f58c2b3ce3fa68efd2cfdedb96cd4958cace250c92f72ba6d98aab85a0dac2fc08f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 379176ac49b1f0748219490a46acef5f |
| SHA1 | 57d42bec1297f5d089248eaa506a03b4a697fc07 |
| SHA256 | bd24567de146c68d672fd82b62852b9cae5b0dbb45167c1b64cfcb33df4614ba |
| SHA512 | dd21de194f43be43a2685ba043a2b885f99c9b741878a5beb823cc43dcce4756cde65710c1468b903c5b874dba0176a89e6407362622cc0b457c3b386005f81d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f66d07ace37c39a5d0eea92a21363982 |
| SHA1 | 4296b6504cb3f01dfc1ce5f760f53d57fa45b4c4 |
| SHA256 | 162b3332b040cb52390b1f272510f3135f05414bacd839c8cf4e31b385b27225 |
| SHA512 | af46d37641c6d98da963bc371bdb778132286569ff96882747217e21a51d74b4957bf6e1c8e59b8f0ed167219243d056510293b78830ad7cf25e60db52e40e5e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c7ed0bc65a9bb6d5c021d3dea02a1962 |
| SHA1 | dd60424c30af14057df4a43823e721ab4621e6e0 |
| SHA256 | 65c81681098c1f256cdc5ed304c23cf00200ebc8e0c53e2de88f1b5f0d2a8e71 |
| SHA512 | 4e368d92f30703576e97038745b2c582444f9edf8c72ecac1f35e9d7183420b25b75e2418b60657f7530f7a024030fed77a31cea5f5ba873512b171975744b80 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7f259c4543bd90e62abf8679172a9838 |
| SHA1 | 4ab412071e84241dc7f6b8be1e2902922fdf5e76 |
| SHA256 | 00344b25cd78fdd553561d5306960af490e4f5d96b32743a21914fce8be66fd5 |
| SHA512 | 2e8dda20c36d61a5619a2e5cb5a2d4910e3149eb61566039be3cb75d21f77dee9aa43d3fc8bc18a12c73730e45a0364044eb03ff3018fefc9ca024e32a9bdcc9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 4b3e6bd159debcbfa2d88ad703a06a6b |
| SHA1 | 79f2764d51be77debc231400275aec5c079da5ef |
| SHA256 | b3045b4114a5b20920fe62716e091b3963192a05adf2b5f1bd2f5f7bcce12a5f |
| SHA512 | 715c5aa49444531aa4381e35f9c317ad05c6927b3f352e6b7e4deaef8f01b302a9b82b234c400ccf775e6f71c5b732223e642332b14daddc1df19b970be78ea7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | cf8c17f690d6cd5a1f2d8181c2faa05e |
| SHA1 | 9c9bd96f57799fca6da0fc01ed39d3b7350a38cd |
| SHA256 | 8a1936954297a52cb37c1f161f1b99e134cb4d26c92ddd7b4820e7d89c89111b |
| SHA512 | 41479a3736aab5063a4b63a6d81e3b2964a2727779663bde4fcb4b9ba6d3ccc84fc855067eac3554ea360de5b94238e8d80d9f743f9bcd700a6322ab456bd8a7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 813976e10f9f9c5e752cd8706d97984b |
| SHA1 | e7136961bcc9a99f7819caf9b4dbc1d21605c22c |
| SHA256 | f220b53b6120c8e326a13acad43373d2a6976db241423dda2c51db7cb8f24c9b |
| SHA512 | b1dfbd32e76365a57c00781cc83c79945b50ed63835813885bb351670a7e511227d1be739f55022fae0535625ce07c82cf16b6a962c25705121e295df6c05b76 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7b41eb88d1e02eca81a625675646952a |
| SHA1 | f681552d895b51403c303bbc30a8ca4a39aa7334 |
| SHA256 | 50ffbb133ecf665059999540161c2c1fc397baaa46864da2840f23fe71be3e76 |
| SHA512 | ef1176281fe672fbf9e039d248dbaabe7cc7939cd0ad73566062b7325ae123e547fde78da4c63bf9a16300a8474427227240c59125b7a9feeb570fc4f09da41e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5800dda7303814db2fd566c0fa0b0b82 |
| SHA1 | bfd73329c80e5f49debf20d2dbaab1f97530d5cd |
| SHA256 | 6f103f22afe9628f4986fa97841753836a28c6a7d326a8c32c70e45c4c653ebb |
| SHA512 | 25319ef095498387e149331c85780d88988575918f5e139e19edaa5974c0138c1998955b59c8f68cf1e3943b24562d71b136d9abbbd746a89bf2e23839bb93e1 |