Analysis Overview
SHA256
975de22c2a3ea0f56f30563cd43ee194bb940356c1044c066451f29e86fc2ae1
Threat Level: Likely malicious
The file 1690932220238958592-01.jpg was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Executes dropped EXE
Reads data files stored by FTP clients
Event Triggered Execution: Component Object Model Hijacking
Loads dropped DLL
Checks installed software on the system
Enumerates connected drives
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Browser Information Discovery
Enumerates physical storage devices
Enumerates system info in registry
Uses Volume Shadow Copy service COM API
Uses Task Scheduler COM API
Suspicious use of SetWindowsHookEx
Modifies registry class
Uses Volume Shadow Copy WMI provider
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-27 15:51
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-27 15:51
Reported
2024-10-27 16:22
Platform
win7-20241023-en
Max time kernel
1276s
Max time network
1698s
Command Line
Signatures
Downloads MZ/PE file
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| N/A | N/A | C:\Program Files\FileZilla FTP Client\filezilla.exe | N/A |
Loads dropped DLL
Reads data files stored by FTP clients
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\D: | C:\Program Files\FileZilla FTP Client\filezilla.exe | N/A |
| File opened (read-only) | \??\F: | C:\Program Files\FileZilla FTP Client\filezilla.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\FileZilla FTP Client\resources\blukis\16x16\disconnect.png | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\resources\blukis\16x16\folderback.png | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\resources\cyril\16x16\showhidden.png | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\resources\minimal\16x16\queueview.png | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\resources\tango\16x16\compare.png | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\resources\tango\48x48\upload.png | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\GPL.html | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\resources\default\480x480\queueview.png | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\resources\blukis\48x48\download.png | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\resources\flatzilla\48x48\leds.png | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\locales\co\filezilla.mo | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\locales\zh_TW\libfilezilla.mo | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\resources\default\480x480\bookmarks.png | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\resources\blukis\32x32\find.png | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\resources\lone\48x48\folder.png | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\resources\opencrystal\16x16\filter.png | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\resources\opencrystal\48x48\folderclosed.png | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\locales\nl\libfilezilla.mo | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\resources\default\480x480\help.png | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\resources\flatzilla\32x32\leds.png | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\resources\minimal\16x16\file.png | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\locales\ca\filezilla.mo | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\locales\an\libfilezilla.mo | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\resources\default\480x480\close.png | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\resources\flatzilla\32x32\auto.png | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\resources\blukis\32x32\uploadadd.png | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\resources\blukis\48x48\file.png | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\resources\classic\16x16\remotetreeview.png | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\resources\classic\16x16\speedlimits.png | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\resources\flatzilla\16x16\compare.png | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\resources\flatzilla\16x16\lock.png | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\resources\default\480x480\folder.png | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\resources\blukis\16x16\refresh.png | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\resources\lone\48x48\lock.png | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\resources\lone\48x48\processqueue.png | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\resources\sun\48x48\upload.png | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\locales\ku\filezilla.mo | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\resources\flatzilla\32x32\folderclosed.png | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\resources\lone\16x16\disconnect.png | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\resources\opencrystal\16x16\help.png | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\resources\opencrystal\32x32\compare.png | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\resources\tango\48x48\binary.png | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\locales\sv\libfilezilla.mo | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\resources\classic\16x16\upload.png | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\resources\flatzilla\48x48\download.png | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\resources\flatzilla\48x48\lock.png | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\resources\minimal\16x16\sitemanager.png | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\resources\tango\16x16\localtreeview.png | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\resources\tango\48x48\filter.png | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\locales\is\filezilla.mo | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\locales\ar\libfilezilla.mo | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\libfilezilla-45.dll | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\resources\classic\16x16\lock.png | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\resources\flatzilla\32x32\disconnect.png | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\resources\minimal\16x16\remotetreeview.png | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\resources\opencrystal\32x32\upload.png | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\locales\ar\filezilla.mo | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\resources\default\480x480\synchronize.png | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\resources\blukis\16x16\uploadadd.png | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\resources\default\480x480\download.png | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\resources\cyril\16x16\sitemanager.png | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\resources\opencrystal\16x16\logview.png | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\resources\tango\48x48\bookmark.png | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| File created | C:\Program Files\FileZilla FTP Client\locales\el\libfilezilla.mo | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DB70412E-EEC9-479C-BBA9-BE36BFDDA41B}\ = "FileZilla 3 Shell Extension" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DB70412E-EEC9-479C-BBA9-BE36BFDDA41B}\InProcServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DB70412E-EEC9-479C-BBA9-BE36BFDDA41B}\InProcServer32\ = "C:\\Program Files\\FileZilla FTP Client\\fzshellext_64.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DB70412E-EEC9-479C-BBA9-BE36BFDDA41B}\InProcServer32\ThreadingModel = "Apartment" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\directory\shellex\CopyHookHandlers\FileZilla3CopyHook | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\FileZilla3CopyHook\ = "{DB70412E-EEC9-479C-BBA9-BE36BFDDA41B}" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DB70412E-EEC9-479C-BBA9-BE36BFDDA41B} | C:\Windows\system32\regsvr32.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\FileZilla FTP Client\filezilla.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\FileZilla FTP Client\filezilla.exe | N/A |
| N/A | N/A | C:\Program Files\FileZilla FTP Client\filezilla.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Processes
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\1690932220238958592-01.jpg
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6f79758,0x7fef6f79768,0x7fef6f79778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1160 --field-trial-handle=1136,i,16826517715159960742,12627084148572152158,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1496 --field-trial-handle=1136,i,16826517715159960742,12627084148572152158,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1580 --field-trial-handle=1136,i,16826517715159960742,12627084148572152158,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2144 --field-trial-handle=1136,i,16826517715159960742,12627084148572152158,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2152 --field-trial-handle=1136,i,16826517715159960742,12627084148572152158,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1288 --field-trial-handle=1136,i,16826517715159960742,12627084148572152158,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1368 --field-trial-handle=1136,i,16826517715159960742,12627084148572152158,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3408 --field-trial-handle=1136,i,16826517715159960742,12627084148572152158,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3404 --field-trial-handle=1136,i,16826517715159960742,12627084148572152158,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3420 --field-trial-handle=1136,i,16826517715159960742,12627084148572152158,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3696 --field-trial-handle=1136,i,16826517715159960742,12627084148572152158,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3500 --field-trial-handle=1136,i,16826517715159960742,12627084148572152158,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4000 --field-trial-handle=1136,i,16826517715159960742,12627084148572152158,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3956 --field-trial-handle=1136,i,16826517715159960742,12627084148572152158,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4044 --field-trial-handle=1136,i,16826517715159960742,12627084148572152158,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4100 --field-trial-handle=1136,i,16826517715159960742,12627084148572152158,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3668 --field-trial-handle=1136,i,16826517715159960742,12627084148572152158,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4248 --field-trial-handle=1136,i,16826517715159960742,12627084148572152158,131072 /prefetch:8
C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe
"C:\Users\Admin\Downloads\FileZilla_3.67.1_win64_sponsored2-setup.exe"
C:\Windows\system32\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\FileZilla FTP Client\fzshellext_64.dll"
C:\Program Files\FileZilla FTP Client\filezilla.exe
"C:\Program Files\FileZilla FTP Client\filezilla.exe"
C:\Windows\system32\notepad.exe
"C:\Windows\system32\notepad.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.169.36:443 | www.google.com | udp |
| GB | 172.217.169.36:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| GB | 216.58.212.234:443 | ogads-pa.googleapis.com | udp |
| GB | 216.58.212.234:443 | ogads-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.187.206:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 172.217.169.42:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | filezilla-project.org | udp |
| DE | 49.12.121.47:443 | filezilla-project.org | tcp |
| DE | 49.12.121.47:443 | filezilla-project.org | tcp |
| US | 8.8.8.8:53 | ads.filezilla-project.org | udp |
| DE | 49.12.121.47:443 | ads.filezilla-project.org | tcp |
| DE | 49.12.121.47:443 | ads.filezilla-project.org | tcp |
| US | 8.8.8.8:53 | download.filezilla-project.org | udp |
| DE | 49.12.121.47:443 | download.filezilla-project.org | tcp |
| DE | 49.12.121.47:443 | download.filezilla-project.org | tcp |
| US | 8.8.8.8:53 | update.filezilla-project.org | udp |
| DE | 49.12.121.47:443 | update.filezilla-project.org | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | tcp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | ftpupload.net | udp |
| GB | 185.27.134.11:21 | ftpupload.net | tcp |
| GB | 185.27.134.11:21 | ftpupload.net | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | udp |
Files
memory/2404-0-0x0000000001F50000-0x0000000001F51000-memory.dmp
memory/2404-1-0x0000000001F50000-0x0000000001F51000-memory.dmp
\??\pipe\crashpad_2856_HNYHVHQURSKRIWFW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9bf6b58c49438e5771eaee4a5c887152 |
| SHA1 | 1d6f90324bb1564822857249d016ac388f6dcd4d |
| SHA256 | f8c542d90ddfdd2b86bb8a00255bbe841877351cff7a346c15d782ca90d7e373 |
| SHA512 | a2f405e079342fe9d7793adc3e98f650780c7c68d6827062b3e5831412773ee67aec352ef2e239825743cab9c8a18d87701588f8ebe83d0acc283af8b04057b5 |
C:\Users\Admin\Downloads\Unconfirmed 592116.crdownload
| MD5 | b209df2951e29ab5eab4009579b10b8d |
| SHA1 | 99ed6135defff6e675d626f742389d6280abdb60 |
| SHA256 | 76491df69a26019139ac11117cd21bf5d0257a5ebd3d67837f558c8c9c3483d8 |
| SHA512 | 27ecf0e4f51501df27b770729ab8d15d020da3a41c626a41b82f908ee0494ed95b3752f9c70567826925d0bb87ec18e9592a226a78f83ac4e30c6bde3eeb9553 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0059d03708430be12e7f2b09a6d06caa |
| SHA1 | bed951110f32cba39284138864a9c8e14c4e622e |
| SHA256 | ce19925f9b192fea3d0694f5c088ee3d714b5e9f7894bc98f64771e76cbbf3d7 |
| SHA512 | e2cbae0de90e0ed1597d66989bd5964b6fc20d48eb4c1d5c0543984a810b218c5bfea789834dc62a8c60812e303b25646504cb9e9daaf837de8e4a506446b7ec |
C:\Users\Admin\AppData\Local\Temp\nsy3CB4.tmp\System.dll
| MD5 | 4add245d4ba34b04f213409bfe504c07 |
| SHA1 | ef756d6581d70e87d58cc4982e3f4d18e0ea5b09 |
| SHA256 | 9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706 |
| SHA512 | 1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d |
\Users\Admin\AppData\Local\Temp\nsy3CB4.tmp\UserInfo.dll
| MD5 | d458b8251443536e4a334147e0170e95 |
| SHA1 | ba8d4d580f1bc0bb2eaa8b9b02ee9e91b8b50fc3 |
| SHA256 | 4913d4cccf84cd0534069107cff3e8e2f427160cad841547db9019310ac86cc7 |
| SHA512 | 6ff523a74c3670b8b5cd92f62dcc6ea50b65a5d0d6e67ee1079bdb8a623b27dd10b9036a41aa8ec928200c85323c1a1f3b5c0948b59c0671de183617b65a96b1 |
\Users\Admin\AppData\Local\Temp\nsy3CB4.tmp\UAC.dll
| MD5 | adb29e6b186daa765dc750128649b63d |
| SHA1 | 160cbdc4cb0ac2c142d361df138c537aa7e708c9 |
| SHA256 | 2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08 |
| SHA512 | b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada |
\Users\Admin\AppData\Local\Temp\nsy3CB4.tmp\nsDialogs.dll
| MD5 | 1d8f01a83ddd259bc339902c1d33c8f1 |
| SHA1 | 9f7806af462c94c39e2ec6cc9c7ad05c44eba04e |
| SHA256 | 4b7d17da290f41ebe244827cc295ce7e580da2f7e9f7cc3efc1abc6898e3c9ed |
| SHA512 | 28bf647374b4b500a0f3dbced70c2b256f93940e2b39160512e6e486ac31d1d90945acecef578f61b0a501f27c7106b6ffc3deab2ec3bfb3d9af24c9449a1567 |
\Users\Admin\AppData\Local\Temp\nsy3CB4.tmp\StartMenu.dll
| MD5 | a8c86996c4230c2209f5927f21321377 |
| SHA1 | 45ce0ab93cb6a3a594e54878cce05df724024393 |
| SHA256 | 110545415a59402635e1c9439acba15b44bab268ed02ad2a262ce12604a47855 |
| SHA512 | 69ee73496b916777936b0dddd2cc4a4f916e393f7d0b167cba77a4a239ee1e3f645d9b90dee1627c42a23eb6c3403e4d086546b9f78b3a2e4999c8f92f6a3bc3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9b03ccd9ffeac5be3733dee789d66501 |
| SHA1 | 06ca79fda6dc06e6912571cdd6061660c03280ea |
| SHA256 | 635a693f334a68861b5f50c466df7381d9a0b16bd688e6207e332ee92861bf84 |
| SHA512 | 5ec2ae5e0ad5aecf8233f0a991d3d971abe2c95aa99fa6c158e012aadd10b4e44c50db1cecae9c493e93158ded84c89c0281ddc186df85de4f5f7f10b1fc9841 |
\Program Files\FileZilla FTP Client\uninstall.exe
| MD5 | 876ea9087d9a61d5a30bfa0e20dc6536 |
| SHA1 | 7b27ee0095d9447b4de56baff28c263871910a61 |
| SHA256 | 31a8675aba5f63423939e361ecd09f3a5d0922af5f7a102000e0cd81b8eb0bb9 |
| SHA512 | 696627812512fdaa0791e8c8eadbc5d56d82b8ac1affe128650e669d1fc8f608a1704ca7b18159137f7a8f97ce3ee3786532cd8908858f3bb464cad918fc2c4a |
\Program Files\FileZilla FTP Client\filezilla.exe
| MD5 | 71e87d8f4ab33dd57bff41f76c339e64 |
| SHA1 | d202fea4df82d26fabbfe3bdb9515a08d021cd09 |
| SHA256 | 96816c715a54e596a9d12527d9bb0d2dbcbc02d2a73ce72a1fd36d634d3587cd |
| SHA512 | 79dd39320f7e5abf261555959058508b0b1c5dfc72310df90b61f76849421139c4466e071212d9ca4fbcbbb442aa36ce2ddfd5306660be5e48d1a0f5cc0c0b21 |
\Users\Admin\AppData\Local\Temp\nsy3CB4.tmp\nsis_appid.dll
| MD5 | 19071761e91c43c115a16b52458869b7 |
| SHA1 | 75ddb807157f1aa31a08f87be0270f60990bcbbc |
| SHA256 | e9e1ba410636698d666b328eea71346b8287248d262e44da07ce8b5fa24c5e5f |
| SHA512 | bc0eab51cf27f657cd3fd62a47894ee13f3f561feaa565f16ba15088be39be73c9839a3cf35b538219ec83a03d48970b89258c5f20c37bcaf76438998437786c |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client\FileZilla.lnk
| MD5 | 369e4efa69fcc91a44f2ae3acbf8e6d5 |
| SHA1 | cedac7f406cff66677bdb07fcbaa0f0c9fd8805a |
| SHA256 | 69aecc3d438d15a1749c2986bef4e1eb9c66a33643782229da7d70032a4de589 |
| SHA512 | 26a025eedf86be5d495b444c0174aaf0867032ef364f824824f4896ab45fcb20ab4bf29f321e8eed5e184c7d34ee7198bcd29d89a292bf067defd70889ac14e8 |
\Program Files\FileZilla FTP Client\fzshellext.dll
| MD5 | bdf18c4b774cd7b55207f1e9d82012f3 |
| SHA1 | a3d14ebab51a40b2bff8ab47705277e5479e66ea |
| SHA256 | 37947c00a9bd815aecbec34bee41393346627e6f4fa4297b2bba832539c206e5 |
| SHA512 | d4baaceef7d74cc9f50e6cb905333bb3b3ef1b8e8da213cfe36f56677c6cc0e52b1e353904175f28dd9599eb38be56f5f681f6b4b2dc48e53b0a0610b911fe11 |
\Program Files\FileZilla FTP Client\fzshellext_64.dll
| MD5 | 6e52ea74a11270107d488865a6c39283 |
| SHA1 | 327dc43a89d12dce20d221854ee8a3edffac7143 |
| SHA256 | d673c94a31126c3daa8be38a11a8fbb82771d5351278a9bdea78f1800f4d5f82 |
| SHA512 | f4c20cd6e6ba7783f58a571006529e6fb5c0bb297135f02a5f6be90ec4a704c03845b85e20275de54bb63994ffa5a971acf7b4de34f0ead94e2acaa00bcfde71 |
C:\Users\Public\Desktop\FileZilla Client.lnk
| MD5 | 0e44abd2b69ed85be9a5b2206f0386ac |
| SHA1 | cb803ec2899a4a01fce81e620b51cddef52fc402 |
| SHA256 | 98bb6b255925210ecf44ff43dcb8d4b0a3c6d58a609a6cda2cab52fe78fa7916 |
| SHA512 | 0f3e304bb3cc23b840fe0728a21107d970e2b41719003242ddb5214d3ad9803babad089701b7d7ff6c50f2617995c89ecceea4b33258b7a4475fe52c6a72772b |
C:\Program Files\FileZilla FTP Client\libgnutls-30.dll
| MD5 | cc70f76637a27f170ebdaf76765f52d3 |
| SHA1 | 3e7cecbc6e76663351667e017cb2a7852d36f104 |
| SHA256 | 60f5d6ce87af2c2811348f8e38a4e02b5b1d472c754d8c8f4bceb50f7f18ab98 |
| SHA512 | 012007388bda61cf9feb7bf25278300efac7a2927472e46e3446b5c428beaef523884b888a1a9d0ae83460559d504271e1321c7d6a3d9dcd19912e3648b61822 |
\Program Files\FileZilla FTP Client\libgmp-10.dll
| MD5 | c0ca8705ba9db5fdc359c1096e25e37f |
| SHA1 | 8a6856095c7d5d5329200ba5e16fef60d5190504 |
| SHA256 | ed0ae7d0b532810f5132406228a696f51d59328d0264d552f022563f42f556a1 |
| SHA512 | 28ac7a944d9b1db970e980a1116ec6629f9aec71547bcb61964266bb6de69c9d5e54d5f401a426166788083787a9afb0919391c65f351be1baf899a2d9162b90 |
\Program Files\FileZilla FTP Client\libpng16-16.dll
| MD5 | b601dcebc1773697ed196b2bc2949015 |
| SHA1 | 55d70abbd9e036439886fcbb063748e941f6c4cb |
| SHA256 | 69fe54fd781ff70b752e8cedee29be21e938cc8d85ca08dbdd688469667bf6a8 |
| SHA512 | 70a66d0cb38b110284a80371d6daf8fa80503a948550803129bac9a26caf4bb3eb3201254395a78984e7c8c040762183faf0c125afaa61cf52ef662fc4b7f1ae |
\Program Files\FileZilla FTP Client\wxmsw32u_core_gcc_custom.dll
| MD5 | e7b0fad08fc553c4e3ef11a3d41a732a |
| SHA1 | 37714aaf8dce7df30c7037b39b2920a9d3d8e5af |
| SHA256 | 92cba37dd295068d86fccc307fe2e0ef670b8d2c0e6b91623e56d711f2d237b4 |
| SHA512 | d6d030ac7bc1c60ad2191f2952fb804fb35ea1977fd8681b0e52566f50f605050c4b7960a95b9ba92d5b8392095050e55a804bb5c0e1ec6b04112d0a889703e4 |
\Program Files\FileZilla FTP Client\wxmsw32u_aui_gcc_custom.dll
| MD5 | 42840f69814a9e9caa351f07888abadc |
| SHA1 | 611e6c7881256e2ecfd2d8580c4df63b3e202b4d |
| SHA256 | 140ba3865dee4e02168634bf4c301d81230122e4e60d383ef002e984b8569d23 |
| SHA512 | 23c7a0f8ee4f3eda26bb866bd51e457598a229450d08ec9a4bbef0538b50f02cb088d8be3cf8b82e0b2dd30c034a11a96b87c581166c4b55d88233c088be8dff |
\Program Files\FileZilla FTP Client\zlib1.dll
| MD5 | d71da6dda3cb605282c139c92bcda249 |
| SHA1 | 061047b8b14728c33c0018611f3e3bfebc43cc75 |
| SHA256 | 9962cc2bf97df84feaee0fe917287dc2a369c2ec9ce3955f113526b7d97387a4 |
| SHA512 | 5afa137391ddbce17204e9b7737c6ef42fea176419a224a58583d03363246a27224f26e89344a7d559e885a2b79a45c61c08e092625356b60445ece2b50e47f7 |
\Program Files\FileZilla FTP Client\wxbase32u_gcc_custom.dll
| MD5 | 8427c77d9b6d1caa6cd9cdaba2b5cddd |
| SHA1 | e345bff441e24e545e2700f4c7bc53512a88ad3d |
| SHA256 | 9133664cfb764c1c5e6d7bb61971fdf28ebac39f97f46e4b95d840776cea5104 |
| SHA512 | 5bcc34f45858dce875092769b5cbb965058f74fb47af995c615530b9e6ce3fc1641562c89d3abf37750795d9adf4fa6c1d46bf03a8cd7ea36d695018e41a2016 |
\Program Files\FileZilla FTP Client\libstdc++-6.dll
| MD5 | 2bd65247568adbee336d3a6faa0763ef |
| SHA1 | 8426e07767d12bf2bde5026f7ee050852def9804 |
| SHA256 | e2b48085b5f658d829faf8dd33c690cffd7dff0ab7c35ca999fb3b0be803a3c9 |
| SHA512 | 6604b62791055555ea7bba8d833b15a2af8e0cd01a306c2bc2e0ce21ce98bb809c57feee16757fa50ccdeef023e4f7162578d0df6fab9dbae97607ebdcdacbb4 |
\Program Files\FileZilla FTP Client\libgcc_s_seh-1.dll
| MD5 | f590eca82ea34b2d95c782143d45ed33 |
| SHA1 | aec7e70a4e2e1dc86d01686c1560c922fb129a91 |
| SHA256 | 85723f1231608222cafd34d56a542fe041b94db1e691431eeec3449580c2f50f |
| SHA512 | 48b8b68b4fe0f2044fec4f823ccf52fd01beff8b496adc248ab8f3fac627ac63b69268b873ce51002f159e7c83cf505428785c7a069962c0cca0ca3bbc7dd7e3 |
\Program Files\FileZilla FTP Client\libnettle-8.dll
| MD5 | 3ceaec94e5bc7e12f75469f6aa9cb4ef |
| SHA1 | 7449394d432a9ee7cda77323ed0c0dc53d06efd0 |
| SHA256 | 35c65910fcc1fd763ce4d3005b9dea7b79f972f4f1a39ddd650b8545a520d302 |
| SHA512 | ab63e4c950530ed05c9aafa93ebb9834f5d61467b3981c17c7fbc03c10e319f150ae66e63586c9f6608c5f48ead32dc212e8133651d1d32a70e843e093421ccc |
\Program Files\FileZilla FTP Client\libhogweed-6.dll
| MD5 | b9659c9db3020a567895cdf7c488241d |
| SHA1 | e1a66633d5dffe525a7bc9126a9702ac9557efd0 |
| SHA256 | d9357868da3357544a9eea3e00c8e4ac9a658ec57d7ec0991793605c268f4932 |
| SHA512 | 6e1d451430061eda1bbb44aa304d3373ae8b27236985fa834a44c0c9befa719c39e531cc2664aae0a880fb303ba7f82a2ee82d7751c3cdebe0e1498f3e7b0795 |
\Program Files\FileZilla FTP Client\libfilezilla-45.dll
| MD5 | 1c56464f91cd70ccb7b4d52cd79f836a |
| SHA1 | 84a33a7af1643d5bb6b87f66d48d75525cde1b0a |
| SHA256 | 59c06c05fd3994c6c83108bd1d5c857beb835d4648bf1d706513b8579f6fdcd2 |
| SHA512 | 1d756165c3ab25bd101754d81fa50ee26b4ef0635ba368b08535ac4a79c2f1b72c31ccb074ad4d58fca1ebad6cc6798d299546e815a2d41d37293a80636cb716 |
\Program Files\FileZilla FTP Client\libfzclient-private-3-67-1.dll
| MD5 | c6974fe4d03e39e7548c0a2af31eec09 |
| SHA1 | 2508ffc125a618f1a5aa7db1032878b07a02fa11 |
| SHA256 | e90b03790c12ae938abb01df86709e546b7e73fe65bc8e4bdc7824c90cd3405d |
| SHA512 | b39326565fabcaf79c6aecb14aae22265e8fd31ea72034c6dc5ff6cdeca4230d2cdbe176616a94145efdd72eba228ce099653c6b70008b229375c881469c977f |
\Program Files\FileZilla FTP Client\libfzclient-commonui-private-3-67-1.dll
| MD5 | 62f7a75c5f8911ed47ef9d6a11b8f059 |
| SHA1 | d0c48daad4cdfb5eae0027bf741e219f930d4a6e |
| SHA256 | 2e4240e824129fe481fa6bad9dafeb61c6cb6f885571fb031b2719b60992e9c7 |
| SHA512 | b7313983ad75d011538e7ae651c205ee6af6a47d48e8e31444c0c2064de5251ac3931cf5de024cd239545b1b331187929fd8e0ead2d4f1bfd1e0b7d4561c2a0e |
memory/1448-1178-0x000007FEF3DB0000-0x000007FEF3FC3000-memory.dmp
memory/1448-1182-0x000007FEF3B10000-0x000007FEF3CF7000-memory.dmp
memory/1448-1190-0x0000000066380000-0x00000000664BB000-memory.dmp
memory/1448-1189-0x000007FEF32A0000-0x000007FEF32E0000-memory.dmp
memory/1448-1187-0x00000000751F0000-0x000000007522F000-memory.dmp
memory/1448-1186-0x000007FEF33A0000-0x000007FEF38A1000-memory.dmp
memory/1448-1185-0x000007FEF38B0000-0x000007FEF3932000-memory.dmp
memory/1448-1184-0x0000000075230000-0x0000000075259000-memory.dmp
memory/1448-1183-0x000007FEF3940000-0x000007FEF3B04000-memory.dmp
memory/1448-1181-0x000007FEFB330000-0x000007FEFB351000-memory.dmp
memory/1448-1180-0x000007FEF3D00000-0x000007FEF3D55000-memory.dmp
memory/1448-1179-0x000007FEF3D60000-0x000007FEF3DA9000-memory.dmp
memory/1448-1177-0x000007FEF4A90000-0x000007FEF4B34000-memory.dmp
memory/1448-1176-0x000007FEF3FD0000-0x000007FEF40BD000-memory.dmp
memory/1448-1175-0x000007FEF40C0000-0x000007FEF421D000-memory.dmp
memory/1448-1174-0x000007FEFB360000-0x000007FEFB3FE000-memory.dmp
memory/1448-1173-0x000000011FD80000-0x000000012018E000-memory.dmp
memory/1448-1188-0x000007FEF32E0000-0x000007FEF339A000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e3d2db9a-cdca-4503-9204-a1f2a0639201.tmp
| MD5 | 6c90212115283bbd98fe6c51e20e0530 |
| SHA1 | 10cace115cc1d498669f88eff0d38bf283881388 |
| SHA256 | 4f4bfac5fec4258f37207fcf6b18dd21ad728be7847f3a86cd1eb153165ed6b5 |
| SHA512 | 93ed7c4d0b06ecff0ad2818a0fa4dd8404d04ea5449e7a47e592fac6f6f7e1c35dd45ddea50dcbec339976cd3588405e89b63c0126bebf71a82fec89e3bdc92c |
memory/1448-1204-0x000000011FD80000-0x000000012018E000-memory.dmp
memory/1448-1214-0x000007FEF3940000-0x000007FEF3B04000-memory.dmp
memory/1448-1217-0x000007FEF33A0000-0x000007FEF38A1000-memory.dmp
memory/1448-1242-0x000007FEF33A0000-0x000007FEF38A1000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | d27e8af2e1a884dac3e749fe7991f5e7 |
| SHA1 | 04073b7eef3924f11a8b086f6e7998bf843a1f70 |
| SHA256 | 09986dfbf6cc3636e2953e4717cf99028cabb6332a91d0da3206bd918d29ad66 |
| SHA512 | ba1ac65cb0b4c218fa77421984c7913b06c23a12642154531482bca5cd9be704b4e0ad2488d29da3e4e9585c9d9919f1970c18113f6aa8dacd46401674c5e806 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 20efe4997f9d7a9cc69b5cbfa281ff6e |
| SHA1 | 8923c2288be59dc85206bc5e33000f6470351b64 |
| SHA256 | f8bd45326948c2879c87e53f3952f88a1d78ac5bfc58cd2e89fbca11536a7651 |
| SHA512 | 71e64053d70e1904d8aa36770bcd3a58088ce90585c08f2b0be14bd0a189998bab5ca8c78256fcff9dacefd9ccf53964eeaf55c3497bddd6a674aa264e24f96f |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-27 15:51
Reported
2024-10-27 16:22
Platform
win10v2004-20241007-en
Max time kernel
1354s
Max time network
1143s
Command Line
Signatures
Enumerates physical storage devices
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\1690932220238958592-01.jpg
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.229.138.52.in-addr.arpa | udp |