Analysis Overview
Threat Level: Shows suspicious behavior
The file http://google.com was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped DLL
Executes dropped EXE
Drops desktop.ini file(s)
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in System32 directory
Drops file in Windows directory
Browser Information Discovery
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Modifies registry class
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-16 20:47
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-16 20:47
Reported
2024-08-16 20:50
Platform
win10v2004-20240802-en
Max time kernel
149s
Max time network
148s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\CMDWatcher_v0.4\CMDWatcher64.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\CMDWatcher_v0.4\CMDWatcher64.exe | N/A |
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File created | C:\Windows\assembly\Desktop.ini | C:\Users\Admin\Downloads\CMDWatcher_v0.4\CMDWatcher64.exe | N/A |
| File opened for modification | C:\Windows\assembly\Desktop.ini | C:\Users\Admin\Downloads\CMDWatcher_v0.4\CMDWatcher64.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\CMDWatcher_v0.4\CMDWatcher64.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\CMDWatcher_v0.4\CMDWatcher64.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\CMDWatcher_v0.4\CMDWatcher64.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\CMDWatcher_v0.4\CMDWatcher64.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\CMDWatcher_v0.4\CMDWatcher64.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\CMDWatcher_v0.4\CMDWatcher64.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\CMDWatcher_v0.4\CMDWatcher64.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\assembly\Desktop.ini | C:\Users\Admin\Downloads\CMDWatcher_v0.4\CMDWatcher64.exe | N/A |
| File opened for modification | C:\Windows\assembly\Desktop.ini | C:\Users\Admin\Downloads\CMDWatcher_v0.4\CMDWatcher64.exe | N/A |
| File opened for modification | C:\Windows\assembly | C:\Users\Admin\Downloads\CMDWatcher_v0.4\CMDWatcher64.exe | N/A |
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133683148777393150" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\CMDWatcher_v0.4\CMDWatcher64.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://google.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffeb050cc40,0x7ffeb050cc4c,0x7ffeb050cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2060,i,8165538151150326117,6954449992695766514,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2056 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1584,i,8165538151150326117,6954449992695766514,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2096 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2220,i,8165538151150326117,6954449992695766514,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2308 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3052,i,8165538151150326117,6954449992695766514,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3088 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3076,i,8165538151150326117,6954449992695766514,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3116 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4400,i,8165538151150326117,6954449992695766514,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4156,i,9445584274764997943,12714240264001792460,262144 --variations-seed-version --mojo-platform-channel-handle=3976 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4752,i,8165538151150326117,6954449992695766514,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4760 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4672,i,8165538151150326117,6954449992695766514,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4768 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5072,i,8165538151150326117,6954449992695766514,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4796 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5312,i,8165538151150326117,6954449992695766514,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5288 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=208,i,8165538151150326117,6954449992695766514,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5452 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5704,i,8165538151150326117,6954449992695766514,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5668 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\CMDWatcher_v0.4\" -spe -an -ai#7zMap1682:90:7zEvent16136
C:\Users\Admin\Downloads\CMDWatcher_v0.4\CMDWatcher64.exe
"C:\Users\Admin\Downloads\CMDWatcher_v0.4\CMDWatcher64.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5728,i,8165538151150326117,6954449992695766514,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5708 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4668,i,8165538151150326117,6954449992695766514,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5776 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5916,i,8165538151150326117,6954449992695766514,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5904 /prefetch:8
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\665b8dea01643cce577cc8cc6cc1677e78cbf4559b7c0fbd0446dee65970b4ea\" -spe -an -ai#7zMap21737:190:7zEvent649
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\665b8dea01643cce577cc8cc6cc1677e78cbf4559b7c0fbd0446dee65970b4ea\" -spe -an -ai#7zMap13105:190:7zEvent12489
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | google.com | udp |
| FR | 142.250.201.174:443 | google.com | tcp |
| FR | 142.250.201.174:80 | google.com | tcp |
| FR | 142.250.201.174:80 | google.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| FR | 216.58.213.74:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 67.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| FR | 142.250.201.174:443 | google.com | udp |
| FR | 216.58.213.74:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| FR | 142.250.179.78:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 78.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| FR | 172.217.18.206:443 | encrypted-tbn0.gstatic.com | tcp |
| FR | 172.217.18.206:443 | encrypted-tbn0.gstatic.com | tcp |
| FR | 172.217.18.206:443 | encrypted-tbn0.gstatic.com | tcp |
| FR | 172.217.18.206:443 | encrypted-tbn0.gstatic.com | tcp |
| FR | 172.217.18.206:443 | encrypted-tbn0.gstatic.com | tcp |
| FR | 172.217.18.206:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | 206.18.217.172.in-addr.arpa | udp |
| FR | 172.217.18.206:443 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| FR | 142.250.179.99:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | dns-tunnel-check.googlezip.net | udp |
| US | 8.8.8.8:53 | tunnel.googlezip.net | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| FR | 142.250.179.118:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | www.kahusecurity.com | udp |
| US | 8.8.8.8:53 | 99.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.179.250.142.in-addr.arpa | udp |
| US | 75.119.204.85:443 | www.kahusecurity.com | tcp |
| US | 75.119.204.85:443 | www.kahusecurity.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 226.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.204.119.75.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| FR | 142.250.179.99:443 | id.google.com | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 8.8.8.8:53 | bazaar.abuse.ch | udp |
| US | 151.101.130.49:443 | bazaar.abuse.ch | tcp |
| US | 151.101.130.49:443 | bazaar.abuse.ch | tcp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 49.130.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.214.58.216.in-addr.arpa | udp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| FR | 216.58.213.74:443 | ogads-pa.googleapis.com | tcp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| FR | 142.250.201.174:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 35.215.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.58.20.217.in-addr.arpa | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | tcp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | tcp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | tcp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | 116.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bazaar.abuse.ch | udp |
| FR | 216.58.213.74:443 | ogads-pa.googleapis.com | udp |
| FR | 142.250.201.174:443 | www.youtube.com | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
Files
\??\pipe\crashpad_3960_PVIKGEYQXILKSXGP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\14f3c6d8-e340-442e-a3b4-02ad7fb81900.tmp
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
| MD5 | 3e552d017d45f8fd93b94cfc86f842f2 |
| SHA1 | dbeebe83854328e2575ff67259e3fb6704b17a47 |
| SHA256 | 27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6 |
| SHA512 | e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | eeaa98d870d746ba7778dc2732baf2a7 |
| SHA1 | 0d007244b82117c6a57c1a9f21f4b72fd5eeca88 |
| SHA256 | 04b8f9ff7b4c48d69e352db457ea995ff94f17461a6bd6c5fab0ccfe80a1837c |
| SHA512 | 2ea0bb006227d608394933236b48c85128490d3b03c94ad137026875853fb510f39c1a7d77d764206c58dce321857e8380685c24246e3a7790c7cfecb6d723ee |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | e386be16603ae048557c5cce3b1b0a91 |
| SHA1 | 3c44bb98f827ccba76d01027180ad1379609478c |
| SHA256 | 66338935316ed15bdfcd82cef32a2819320b7052033dcfd584850c4c51e0cb81 |
| SHA512 | a21de73b5e393cd73ee4b26b0816ba43fdf592dbc569af22c333288985ad5b404a29bbb69ce28c0c599763fa1c43ee1cc2d56c3bfb90953a312e3e8a8b901fe1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e4856c24-a3ea-4462-a46f-e5659ce8d1e1.tmp
| MD5 | 8d8c15fab72fb16518af3c404e82793c |
| SHA1 | 524c5fbb1c960b7a0375a4f7d212c17a1b706028 |
| SHA256 | 5322c2081f44b72a6dc9364d2e7bf031b2fe6d3c23701e2b1b4b6f997213abce |
| SHA512 | 1201082871543708b0d58d7f904ab5d88cc48a41b5b2bea061bd6e315f47f98934de83c958d2c9ab02f243d7235703197757f9b55283e29ed9e64359c88ff81b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a39ec3a5a98a468a9e122d21efb779fb |
| SHA1 | 7d87efe33c440f1b881fa6f62fc68c109222b5b9 |
| SHA256 | 155b05367c2ed7efb417cc97cbe9a4fcedf90728a33ba6037acc08ed3fad9a01 |
| SHA512 | 7df0fd8f1277003405e4af911f867ac93330357630712dcac42cee2171f58ff52524e2188eeffb52bed40979ef0f56107794351f702be496a42a8deb43bf01a1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 700b6ba09d4378ee16b424872086c638 |
| SHA1 | 49a14fc8f213d568d87abe38825fae9b57b3f4db |
| SHA256 | 3e531032bb48427cd2614702576834de17a870c03736d813b548ffaaa625fde6 |
| SHA512 | f5872f0d7b5cde8a646f650dfa4a3629cafaf22b727d2365fbe1d5da50a129b894c5e78191bd4f61c61120e85bd09ccb46e547c0dcdfcdf779ec491d82a85120 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 410754658afec01e13a5afa518c283f3 |
| SHA1 | 2a59a0db7e1bcd23406ec0ee8d3c77c784edc74a |
| SHA256 | 96752f6fe04ed7eaeab23980d22bf267aa3670105fc0f95e4effe189b17ee013 |
| SHA512 | 637ddd0494b9f6fcdbb9ddc49b58472da9c9f2047ae9bc7c16cdaf8b088b08322a256739584c4aaa4ff4059de85323545fd227c67d39f1f5eec52d4bfbcf099b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a56772adefaf7079cb508de4bdaaed12 |
| SHA1 | a162e990482eb4951988eeeb22fdbf6049032bdd |
| SHA256 | 222fd64aecb046c88594df9fd794c7bfa722a4cbad520e396f495361f42277b1 |
| SHA512 | 8439eeb5049c21e84d6bae04bdd312cb4e791a56b992bf727037083181c3ace8b8d2e95f44d61106593bf4d036b465515b04dfe057c262d9fe2488071a8f3093 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4d8af1c388252271ddc792050d32d9d8 |
| SHA1 | 3a0f5ab084c5d7a457455740486d95449d85417e |
| SHA256 | 9736a3613927a537734a9e05d109838b4855c9edc3244fb6ded8f0e613eac875 |
| SHA512 | ed993ca687e0d17ca9793be5dc94fde2a71bf794790fcf5a67a037fca91813dd94eb04eb287b08dc053bda3b2ec633a2b50ce214fe1cfecb4f01481e7797467c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ba84a686a2d9f01825de6c379f8a31eb |
| SHA1 | 695c3292f90c097fd04212945c15146eac2fdf87 |
| SHA256 | 8f914640e95a33f703febc12925057bba91dcf05416665997159d9d89563896e |
| SHA512 | e778d9f76e2bbb96b2124a33cce1371fe7b727205c9753d378777a09e4254e82f1f68e65caf639dd032ad724fc841ddb71f3165a4f6763757464262ad593edf1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d
| MD5 | c594a826934b9505d591d0f7a7df80b7 |
| SHA1 | c04b8637e686f71f3fc46a29a86346ba9b04ae18 |
| SHA256 | e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610 |
| SHA512 | 04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f517cd13587654b467cb38b0156a5d04 |
| SHA1 | 2d61b2fd7881fe8f0425175c619e34a3e68b9fed |
| SHA256 | 139d473f286398a80376b1d78263ac3cad245a95943bfd4d05b543c62084614c |
| SHA512 | 8f5010d06501e53296bc6b474b1ba8a9be4eaa3b7c32f697a258f0414ce32c584595c247440a75452eb58d5995d52390da2800230afd6dba8de3d9d31f39acb9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d88581680d48ebf7ff18feab84691ffc |
| SHA1 | b66a95ca05eee996df0477c094308366001396c1 |
| SHA256 | 378b0d4ecc87226733775e01a6df872edbad9c1867c50f71c93608ce03a230a4 |
| SHA512 | ecb33a92ce5d520fe5a3746603a42e412abfe390eeca9829a2920cd82986e69ff2caee565b36ee6435ed09acf9763e9741371b178e4ac74362dd506f8d7acf8b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | cb1343dbb4651f3940b2364b404ce230 |
| SHA1 | 9d151855dec1b6f787335ea89fce70a616b4b3b0 |
| SHA256 | 451bc0767a87e9e5ff075e0214393e62b74da3addf98ef1b0c95c0539a226931 |
| SHA512 | 4b80aa8f1631d40e8db80a3311c159f60c7c0e192f5d929a5e015462f9dccdabbf8d4f62f948d5704e9c3aedee50d0871fe61e9977bddd91c5f5157c07903305 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0710d1370404c8e73bbde1e2cf654a3d |
| SHA1 | 50bd0e0007706f02770128ec3fe990c3c3e0a192 |
| SHA256 | 03efcf78e2f9a17742f1d6f88c8d1a7cc8451c7c7414785e750a6ca00b8a1571 |
| SHA512 | e4e3f7d5843ade9c4c3106311718dcfe399db8060f498daf01760320ed7e1254801d1124d0de47bb986a32fcb0bf0d7ba3480ed0c7b00e02cea047f93894a607 |
C:\Users\Admin\Downloads\CMDWatcher_v0.4.7z.crdownload
| MD5 | 477266ec255352f3e1d183a628e48073 |
| SHA1 | 902219e1756d3c7514d4e115c383658b716dd2b5 |
| SHA256 | df9da98c0e3e6ab223c4bc27290a51dba5628bf9468f4ea0bdd2cdaba673e9e1 |
| SHA512 | 96216f54a2052e94f321bafba0bb62ed161fcc046eccf4e1005144a75e57f01db1cf3b7edeaf0a64e1b05aa1555f6bb27df32434f851e81a20bd06cf3fcac717 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 13a818306cf49d17802d13713ba1fdf0 |
| SHA1 | 7856d5a4f56c4816c4ca18507f7074c8725514ee |
| SHA256 | dcd16989b91228638d76d6a6d6b0ad5b3c483e1930c88931955d0642edbd7e1a |
| SHA512 | 2ddceaa9e76640e53dcc6a70cb1f22d4126dbba680b78b56e24afebb78fbb5bad165bbd0486a5fed8da5ee740c5d178f98cc960ed569717f698caf3092d0af09 |
C:\Users\Admin\Downloads\CMDWatcher_v0.4\CMDWatcher64.exe
| MD5 | 482abbf2fd84a712f565d48e286e034a |
| SHA1 | 7b33ec969cc501e1da26ade98309a544240636f2 |
| SHA256 | babbaa201e5e1bc3c68661e1c9f9a41430044446c127fb544b7294dab84ce6b7 |
| SHA512 | c06e49e0bdd91bff59a038bf466598717f7c7be49b06765a90642e0cce7d424a843939ea21035c53dd15a1a0e33f4e6ee4518f9a563fc0aec75d72cae1426431 |
memory/6060-343-0x0000000000680000-0x000000000157A000-memory.dmp
memory/6060-344-0x0000000000680000-0x000000000157A000-memory.dmp
memory/6060-345-0x0000000000680000-0x000000000157A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Costura\B3ECAF7EF28870C436FCEB7E36B7B685\64\proccmdline64.dll
| MD5 | c591cb11e592d31487c528671d52cc3f |
| SHA1 | 10c424983eb5ef39621574ef9c049a50e9141006 |
| SHA256 | 393b930e2968cd8f1f8cf7fc33645b9f6be24aa6f24d33bf962304b0448b3def |
| SHA512 | a58655975d682c3ee8137f798afebe37bfad62d18d95b8a72fed3f72e31c0024f833bbcbf68e8baba84a59efe1ec91d3ffd36c0e31783662d71f4041bacc3497 |
memory/6060-352-0x000000001EE70000-0x000000001F33E000-memory.dmp
memory/6060-353-0x0000000005400000-0x000000000549C000-memory.dmp
memory/6060-354-0x00000000052A0000-0x00000000052A8000-memory.dmp
memory/6060-355-0x000000001F400000-0x000000001F416000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bfec525c1586d3c8a96c71982f7182a7 |
| SHA1 | 9776d037a581a216d4bb50470ca84f0b2972541f |
| SHA256 | fc3dc898b7f34033d3f38ac2221fe157797972633370d9a879b66351f803a357 |
| SHA512 | 93b34d4958c66ac86e13d1cb2d4a58c87c080c3cdf5125955edba138b52630709eef0d755ad6aa27eb38646cbaab556b1b26e349f094487cc707fd88a5eccae2 |
memory/6060-369-0x0000000000680000-0x000000000157A000-memory.dmp
memory/6060-376-0x0000000000680000-0x000000000157A000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9627c9d5c242bf24d79fb51ad97a634e |
| SHA1 | bfdd3898dd0e754d0951d74b4b3dd15b70204a1a |
| SHA256 | 6d6a732bb242c12d237658cf6bbc8f460cc5f1795b19ec4a2fa2e1419172ce3d |
| SHA512 | 129c5cf2b93546a33e6588d6fd9bbcea917382fded2e58f816d0af18472893b78afa2e8f2b17674650f00952be71a324c5e4da1cbdc94e0badf0ce27c265c112 |
memory/6060-409-0x0000000000680000-0x000000000157A000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028
| MD5 | 3b5537dce96f57098998e410b0202920 |
| SHA1 | 7732b57e4e3bbc122d63f67078efa7cf5f975448 |
| SHA256 | a1c54426705d6cef00e0ae98f5ad1615735a31a4e200c3a5835b44266a4a3f88 |
| SHA512 | c038c334db3a467a710c624704eb5884fd40314cd57bd2fd154806a59c0be954c414727628d50e41cdfd86f5334ceefcf1363d641b2681c1137651cbbb4fd55d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b
| MD5 | be8473ddb50896abc7955c5f162ab80a |
| SHA1 | 61535f7917713bbe2d7b023b55c5bd07a6fe1a2b |
| SHA256 | f2943a57d99477653a8ac0a0bba69820f4faa96c86bb8512ea47e41715eac04f |
| SHA512 | 4e4c39d8258fe5cc29350d08a23014ad2251aafb2f7b304a77aee0790d762c4f3a1e380a0426ff2c87b90b54393da16d5f291b4b349f8dd45d6edc1e9c950d73 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 40cb179bd9c6fa49736f015413267858 |
| SHA1 | b2021a124b504a1e93fafe861f62a5b801a3d8e6 |
| SHA256 | 0094420d1416c205f3695b7a033ade7836a2b0e320878cb123cdd35dfc84dab7 |
| SHA512 | 5f12ea87a9e7e53b2e15125d14bef89ca9d8be3390bda4db200a4e91a577810e440391e562cdb0349b3955938ea3a8fd7acd0ce79b1e383b6273f821f4f6b006 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | fa446fae119d14516010724b8573943d |
| SHA1 | a7961b79e1ce5dcfba9871a62aeff5faa7433f13 |
| SHA256 | e1d1f5e47e5cf82dd51b4a2c30ec5c6dafc5fa7129eef4b9563da94dc11e5d46 |
| SHA512 | 91ec8a5effb8c45dbea522b20463a1af98cf6aa4f7965b0f0ed39b7d95a9f01297cc3642983a8a8567eebaebbefc931b64530b893aac4bb0e89f48058a0c1602 |
memory/6060-461-0x0000000000680000-0x000000000157A000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | b171bf11f63cf8cd63e6630e251e799c |
| SHA1 | a7b091e374b537fbc2db2e769e0d6b240e5e4a68 |
| SHA256 | 0a8644b9a5e1137441b25f40d9fdf0242ffdb753da04e7902743f2c2ece81382 |
| SHA512 | 3186b369c9a3d393d17770743312ab84145ad80303f0107802cb04e53415d4fc26bdb14bfd08cc382a45778f54ea4f336a279b61a78017603bfc7a5c5301f1d3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | da1d8cc389eec31590091b5b45aff4cd |
| SHA1 | 265d0ed70f6d53aec355a95b1904e60ba25a3540 |
| SHA256 | 61684db092381a9cb699cbf39a4f9c9c78e6ad626baef32403f95d8643ef8920 |
| SHA512 | 9c41d519f9dfbd901a4644ff37345ebb4bd82ed184e17494ec8afcbe72f1de0945884608d82c8bb2e04e5ad2856d03953535b8885644a192977c43de21bb00a3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 84ed943bd79ba4a11124bf4264719c8f |
| SHA1 | a3d49b960a43d2dfa2b8d8ebd0b18975e2b0a37d |
| SHA256 | 7c1a5a17d9e540d081155b36b77f9f1ef193420b7c8eedfa8be7e5f248c97196 |
| SHA512 | d8d8bd0aa88e4a54f6aab32b988720bcaf9f3984d680971ce10bd8b2355dea6f7a785dd12e30eeffb9da857e4f0bd30273fce83c1b7349db402936a6aa9245d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1483cda5405b04296d4c3c0d4060b400 |
| SHA1 | 229c100a7a03070dac1b45762aad7c9a3b9a4e69 |
| SHA256 | b8e2fd5a4d704e74e2cc8147e6e869d6abb25e4e3e031ec3b17c821f8f99e61a |
| SHA512 | 854c06683f131769281a1779703e6731551372f36f1134532712064f11bdc0bd518bcf3d72b1dfc4eb80902697044db551b2a7518a898d6075433d4a10d30074 |
memory/6060-501-0x0000000000680000-0x000000000157A000-memory.dmp
C:\Users\Admin\Downloads\665b8dea01643cce577cc8cc6cc1677e78cbf4559b7c0fbd0446dee65970b4ea.zip
| MD5 | 4a7c384fe037944aa74b4302a40e6906 |
| SHA1 | 5b4713cdb5f322e5cefb1adadb114db4254747dc |
| SHA256 | 51556e55d208f00cfe8ca645d7f49cedcd13835922f7b0e9a0fe1ba47e49f0d3 |
| SHA512 | 172e7efe763e731762866266dfe3e2230663f366cfbddee7740772a7895753dc5e3e8fd13486b9e2eabe1e5038202e8f8a5ec11be4fe8f30c86f038d0cba35ea |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d264842c1e609c91cfd97240040d6a18 |
| SHA1 | fc87469f649efb38ea8d72a26137ee3ed56901fe |
| SHA256 | 2977a1f5a92c9d5ee28433544fc6992c356b748fc784ee0dec26dd87527e3436 |
| SHA512 | d4563addb9e0d4797c4424a3fccc6b4f9e734942bfe5f4bd29909f4848e83d022d7fb037f35e073bf133aa003aebcff37aff2483f4ddfa302f427313d08c00cd |