Malware Analysis Report

2024-12-07 03:01

Sample ID 241113-q4kk4stbkp
Target Screenshot 2024-11-13 7.48.42 AM.png
SHA256 99a5938fc480970658f6a7823d41da49a0bce42862d54de92d6003b16791e611
Tags
discovery
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

99a5938fc480970658f6a7823d41da49a0bce42862d54de92d6003b16791e611

Threat Level: Likely malicious

The file Screenshot 2024-11-13 7.48.42 AM.png was found to be: Likely malicious.

Malicious Activity Summary

discovery

Downloads MZ/PE file

Checks computer location settings

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

Browser Information Discovery

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Modifies registry class

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-13 13:48

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-13 13:48

Reported

2024-11-13 13:59

Platform

win10v2004-20241007-en

Max time kernel

600s

Max time network

560s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\Screenshot 2024-11-13 7.48.42 AM.png"

Signatures

Downloads MZ/PE file

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Crashpad\metadata C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe N/A
File opened for modification C:\Program Files\Crashpad\settings.dat C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133759793901783016" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4436 wrote to memory of 1068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 1068 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 1500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 1500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 1500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 1500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 1500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 1500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 1500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 1500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 1500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 1500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 1500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 1500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 1500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 1500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 1500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 1500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 1500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 1500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 1500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 1500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 1500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 1500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 1500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 1500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 1500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 1500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 1500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 1500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 1500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 1500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 3440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 3440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 1168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 1168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 1168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 1168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 1168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 1168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 1168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 1168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 1168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 1168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 1168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 1168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 1168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 1168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 1168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 1168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 1168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 1168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 1168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 1168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 1168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 1168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 1168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 1168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 1168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 1168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 1168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 1168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 1168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4436 wrote to memory of 1168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\Screenshot 2024-11-13 7.48.42 AM.png"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff8e76fcc40,0x7ff8e76fcc4c,0x7ff8e76fcc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1924,i,14415003178522068715,3479793120193319518,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1920 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2200,i,14415003178522068715,3479793120193319518,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2244 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2264,i,14415003178522068715,3479793120193319518,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2328 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,14415003178522068715,3479793120193319518,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3184 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3220,i,14415003178522068715,3479793120193319518,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3208 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3800,i,14415003178522068715,3479793120193319518,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4516 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4716,i,14415003178522068715,3479793120193319518,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4712 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3892,i,14415003178522068715,3479793120193319518,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4844 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4840,i,14415003178522068715,3479793120193319518,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4576 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4860,i,14415003178522068715,3479793120193319518,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4420 /prefetch:8

C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level

C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x284,0x288,0x28c,0x214,0x290,0x7ff6830f4698,0x7ff6830f46a4,0x7ff6830f46b0

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4768,i,14415003178522068715,3479793120193319518,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4900 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5244,i,14415003178522068715,3479793120193319518,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4696 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5236,i,14415003178522068715,3479793120193319518,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5112 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5232,i,14415003178522068715,3479793120193319518,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5368 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5324,i,14415003178522068715,3479793120193319518,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5184 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4876,i,14415003178522068715,3479793120193319518,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4388 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4048,i,14415003178522068715,3479793120193319518,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3172 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3284,i,14415003178522068715,3479793120193319518,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3332 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5404,i,14415003178522068715,3479793120193319518,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5464 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5732,i,14415003178522068715,3479793120193319518,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5396 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5728,i,14415003178522068715,3479793120193319518,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5768 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=4484,i,14415003178522068715,3479793120193319518,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6032 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5804,i,14415003178522068715,3479793120193319518,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6000 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5900,i,14415003178522068715,3479793120193319518,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3408 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5296,i,14415003178522068715,3479793120193319518,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3412 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.213.10:443 ogads-pa.googleapis.com tcp
GB 216.58.204.78:443 apis.google.com tcp
GB 216.58.213.10:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.46:443 play.google.com tcp
US 8.8.8.8:53 clients2.google.com udp
GB 216.58.204.78:443 clients2.google.com tcp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 clients2.googleusercontent.com udp
GB 216.58.212.193:443 clients2.googleusercontent.com tcp
US 8.8.8.8:53 193.212.58.216.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.201.106:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 dns-tunnel-check.googlezip.net udp
US 8.8.8.8:53 tunnel.googlezip.net udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 216.58.213.10:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 157.34.239.216.in-addr.arpa udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 142.250.200.46:443 play.google.com tcp
GB 142.250.200.46:443 play.google.com udp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 www.hitmanpro.com udp
US 8.8.8.8:53 cdn.cookielaw.org udp
GB 2.22.249.20:443 www.hitmanpro.com tcp
GB 2.22.249.20:443 www.hitmanpro.com tcp
GB 2.22.249.20:443 www.hitmanpro.com tcp
GB 2.22.249.20:443 www.hitmanpro.com tcp
GB 2.22.249.20:443 www.hitmanpro.com tcp
GB 2.22.249.20:443 www.hitmanpro.com tcp
US 104.18.86.42:443 cdn.cookielaw.org tcp
US 104.18.86.42:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 20.249.22.2.in-addr.arpa udp
US 104.18.86.42:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 pricingapi.cleverbridge.com udp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 104.16.242.229:443 pricingapi.cleverbridge.com tcp
US 104.18.32.137:443 geolocation.onetrust.com tcp
GB 2.22.249.20:443 www.hitmanpro.com tcp
US 8.8.8.8:53 42.86.18.104.in-addr.arpa udp
US 8.8.8.8:53 137.32.18.104.in-addr.arpa udp
US 8.8.8.8:53 sophos-privacy.my.onetrust.com udp
US 104.18.32.137:443 sophos-privacy.my.onetrust.com tcp
US 8.8.8.8:53 scripts.demandbase.com udp
DE 52.85.92.6:443 scripts.demandbase.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 232.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 6.92.85.52.in-addr.arpa udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 api.company-target.com udp
US 8.8.8.8:53 s.company-target.com udp
US 8.8.8.8:53 id.rlcdn.com udp
US 34.96.71.22:443 s.company-target.com tcp
US 35.244.174.68:443 id.rlcdn.com tcp
DE 18.155.153.51:443 api.company-target.com tcp
US 8.8.8.8:53 dsum-sec.casalemedia.com udp
US 8.8.8.8:53 partners.tremorhub.com udp
US 8.8.8.8:53 tag-logger.demandbase.com udp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 172.64.151.101:443 dsum-sec.casalemedia.com tcp
US 54.210.225.82:443 partners.tremorhub.com tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
DE 18.155.153.68:443 tag-logger.demandbase.com tcp
US 172.64.151.101:443 dsum-sec.casalemedia.com udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 22.71.96.34.in-addr.arpa udp
US 8.8.8.8:53 68.174.244.35.in-addr.arpa udp
US 8.8.8.8:53 51.153.155.18.in-addr.arpa udp
US 8.8.8.8:53 101.151.64.172.in-addr.arpa udp
US 8.8.8.8:53 148.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 68.153.155.18.in-addr.arpa udp
US 8.8.8.8:53 82.225.210.54.in-addr.arpa udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 edge.fullstory.com udp
US 35.201.112.186:443 edge.fullstory.com tcp
US 34.96.71.22:443 s.company-target.com udp
US 35.244.174.68:443 id.rlcdn.com udp
US 35.201.112.186:443 edge.fullstory.com udp
US 8.8.8.8:53 rs.fullstory.com udp
US 35.186.194.58:443 rs.fullstory.com tcp
US 35.186.194.58:443 rs.fullstory.com udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 186.112.201.35.in-addr.arpa udp
US 35.201.112.186:443 edge.fullstory.com udp
US 8.8.8.8:53 58.194.186.35.in-addr.arpa udp
US 35.186.194.58:443 rs.fullstory.com udp
US 8.8.8.8:53 download.sophos.com udp
GB 2.23.221.234:443 download.sophos.com tcp
GB 2.23.221.234:443 download.sophos.com tcp
US 8.8.8.8:53 234.221.23.2.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 216.58.213.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
GB 216.58.213.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 85.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 rs.fullstory.com udp
US 35.186.194.58:443 rs.fullstory.com udp
GB 216.58.213.3:443 beacons.gcp.gvt2.com udp

Files

\??\pipe\crashpad_4436_XUHMHACZZAVPPUSG

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Temp\69394c6c-27c8-4e5e-9e25-123cbf3a3389.tmp

MD5 da75bb05d10acc967eecaac040d3d733
SHA1 95c08e067df713af8992db113f7e9aec84f17181
SHA256 33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2
SHA512 56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef

C:\Users\Admin\AppData\Local\Temp\scoped_dir4436_819851047\CRX_INSTALL\_locales\en_CA\messages.json

MD5 558659936250e03cc14b60ebf648aa09
SHA1 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825
SHA256 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b
SHA512 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json

MD5 4ec1df2da46182103d2ffc3b92d20ca5
SHA1 fb9d1ba3710cf31a87165317c6edc110e98994ce
SHA256 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6
SHA512 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json

MD5 07ffbe5f24ca348723ff8c6c488abfb8
SHA1 6dc2851e39b2ee38f88cf5c35a90171dbea5b690
SHA256 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c
SHA512 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 07a1f11ce1bb03b68f9e29ce2ff67102
SHA1 1925442e57271aea9806ec26b189b8b1a941699f
SHA256 ba59de2f60b842d69c2afe2e654a6fcc7ddee3da5e6e21ac7e61ea1313e0d6cb
SHA512 02620103b0dbea64c119b97a1acde2088ff2b88751dd3a4d8627f9d15d56703b723c25c4296274f05dc2ce2e29356916a51be3a57f5fde05152a9b422099bca4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

MD5 e579aca9a74ae76669750d8879e16bf3
SHA1 0b8f462b46ec2b2dbaa728bea79d611411bae752
SHA256 6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf
SHA512 df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 af5741aef7c980c1e6bb18c97ad62725
SHA1 3cab970576d6dcd0543430510312b111deeb20ec
SHA256 57821f96e451bb2dcfecfd2b1eefb476f534c30f95cceb7d25bfbbc42d5bdc0a
SHA512 54d2d48d734ba3c32dd2faf023904ea61e0b3984bccb4788f2324afa1ac66055210db94a82ad619fe3c45b3177d229612d298081d44ddb2537d2b7194e61d766

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7cdb9852efb93131ca9dcb7a1c7b4be1
SHA1 6c6e627ff924c3008aeb873790360a27783ee2b7
SHA256 04d5f345bcafdf4964bd819bb61dbe72df00c747da5cd01e327e9790226a8f3a
SHA512 559c6e1ecdaa6df94e48070eec0c204aaa3d43d768995b8ee71a133fceb14eaf951aa9a9ea572677c0b484453b7f5e3aa70fc0f035a66fe2f49ca98f54d40baf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8af96e0096d661d90cc8d970cc3e48d9
SHA1 861b0fa81880b85a0da32c3005e8a6cc4e9354f6
SHA256 749ff7196229b42fcf2ed392c2332405d741ca13d521644af97eedbd11ea170c
SHA512 577fea93a1733a8650e6909828ee4cc4883593379d9bf93d84e1e7d4aa10b49dcd7b9cd77b175fdc6bf4ffbae052a9d089be6ed112274e1ca485ae53dc391747

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\2bd1c70f-cddd-41ab-8e3c-52605f493dca.tmp

MD5 c24ae1b967d09eadaecdc25c17f36bed
SHA1 059ef4a5d12170f6f94a94f5ab9d6cd125932e99
SHA256 6b336001c63ff732f57d1add4b1d3b49fabb6f877ecbf428437a09b8348d0897
SHA512 ce291c2dde868d67d3614f4342b5944d13fa6601eefd71623cfda5f3568021360614dc066d22e60d8fa7f7d2758e22ce5c8698f6299baf75d872dd4ddd23d813

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 57e1705e9e421947797f81d8cd1f29f2
SHA1 bc14df85eda4b32717606aae884d7ccdba1137fc
SHA256 def6d93fe4cbbd45c2afaaf43b8b217696675ab4d6d7196dd25043a8029693a9
SHA512 0033326e0f0509c1e9838ae11b429d799e3c531325250a6c99403ffdf648dfa99de4877789ed6ca9708dedcd46e6cfdcd15d820b074312e7d6d4ebb5ccfc6a1e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0a3e3879df7ac5e98d01fc9516f23ec6
SHA1 dc01da3f41cfd0ed59524dfac4550151d12ce1ab
SHA256 d536738efec9eb570d2992fcd09168fd054a43a343d89dde842407d5aebc7d09
SHA512 5c9fbf841f0db608049df4ce38998a9766cfd0d90efb0ba0fc14eaf49068e1114a4ab8f84cbf4eeb30b6b72e76e97c5cfd05a2d885684d5897a795d89e1d455d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 eb1ad787ab0c0d0eea095b3e7d804c89
SHA1 c19487e9e2e329924fb3abc70700ad4795f22dbe
SHA256 24d2d05e1084a065552591f92fc75e3096a82c2488d111b61527faf6336c4ab0
SHA512 908ae86b1100d29d7f88e8e2bcbb6e0fef55ea8a58be4a022a78d49edf7b3b2eb12089f20c6e9d539612a8aebdf7a020096d09071149e22495a1a2cba37301f9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a2fc7462fbdf814360fdfc6cf34404a7
SHA1 c9a629cdcb06423c169b9ae9e3624b25c40c38e5
SHA256 b2ed21cc4310f04acec6ee806f0a43d989c079d2b29b88bc58e4292822939683
SHA512 205cf697b0e37e563ce7192a1d9494b567729f59ef11f92c8f9f53c0416040605be5305571b99186e9f34c70a21f1abd2da8b4a2647a49aabe6fefc5851b4988

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 848f95e308390fb2db0cf16a580e428c
SHA1 d27da790dd3e086d1278ced6a2cc67be9540c2d8
SHA256 7703e286f95752a8f56c82302cf5cf1639d57c6f689736e0cc17dc1dbd795c83
SHA512 beb43897d82cc295e989b93068159f6d39efba0d3a149bbb649cf38eb59a2ec2e97c661fdff2309f56c48c6411a55ce6fd05a226fb3d4544d4c287d7a0d5cfb9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 fd487e8833b3da6c88071f281ba43e52
SHA1 4ae7d3ebac593080a0386b3523262acb54958907
SHA256 f55f4474ccb9b6efb8d911504accf3bd2faf15348b71c0b9e86d46c523383074
SHA512 bc0133c145fba1d539f2d7f3627b10403b5f4c9ba8c046299dbbc2143aa1d562a419a9d236d771bc6ddc2653a452c2307e0e56b8d17856866bc6d45a0bbd0cf9

C:\Users\Admin\Downloads\Unconfirmed 239898.crdownload

MD5 10dc710dd495e9078ce79b26e18591e0
SHA1 aef434d6b77158dd2accd746bbc727bbc3367adc
SHA256 be5389a28e952d7ab2d9447c1bdb8eb7d11b24cb02e4b18da367715c2acfdd15
SHA512 959c5cb47b9d1c21ddfe2eaac14e0c99c758aab85036705c072525e70255957abc97412ab0ceadd2adbebc1b176699614f71bf50689cf9ff97891e6216a15dc5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a641de2a4abe3f0cc1aeae70e5620b80
SHA1 b7d949f672b5d9f3d7943c1cd6b175314efcec15
SHA256 20008e50cfb8508f66d14b1d99a6839a0eeee0d3d52267a37ce5a9242eee896b
SHA512 1d2c5543fa7359aeb8a9652b031b0e5fa513589d4494f84d721093126163ed5b98868add48dcd7c55344232c600ec2cd394b5fde367be246b7ae8cf7e0211e75

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 643db01ef90b3200820dc5e66b811152
SHA1 ef187b8794366f63d9d7e85283860d27d52aa2b1
SHA256 4c3e5f2e680854f75c4404d8428424a607ddc835324362128623a993b82a91f6
SHA512 36d4bbad1dc9cfeaece44daf184ea8e183d21c612b0eb47f479093c6b794ce4a46576d6bcba17879e782879d4ad97064e7b1305ea8a9818b845c9ae0f79acd8d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 deef9cc0e04ff1198038d4b33e1a1ff4
SHA1 3b5d3579571695647f5d4376abdc15e80966e217
SHA256 1c17d70d3af1eddcba771c3891d73b467642ead25f3340880c261fbb0e6a2de2
SHA512 8cbc44ae7a8728745339819886f935b30345d64c6889d03233f54b22cf1088173144245379a29b27fcbc28b7ef475cf7018a92c9a6bcdbff3087c5ebb114a9aa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 01b5376fe5f860a9cea07b9f075405c7
SHA1 6a2da487e5fdfd09197d785e73a1945216ab7b07
SHA256 a7c960a6756c1635adc43b1c49aca330c14d65dd3e676f6e3e03886b4f34335e
SHA512 4893c3517ba3a062c8978a17196cc38aefeafaa1d0844106d1efc75dfe9562baa85909e1fb54087be3044733545a35e993f5a91af5dad54cd997bbb67725acd5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 15ab2acbf95e8fad69a691328c242566
SHA1 73f75990d98351ee0bd921bfaef49192391068f9
SHA256 a4a0fa54becf270a36f5a2ab59d6f923783a67cb18c981083c8842774c6e7728
SHA512 8323abf1ff103c7e3219f72471d1138d8aade5606b59fef8920714015d036ea3b3174c35e44e75419b666045edfd6d95ca5525996454c6a37421b4de46930b06

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 a22ac95c1020ded039bac3aa942fc07e
SHA1 665f88e1813efc6c460f767eef4db66857dae2ca
SHA256 813a91d2238154fb09e689935e605bbbc6e267da19810b94d557e9fe542644a8
SHA512 2814190bd87b3e977a6b2947ea3a9720bac040292849a90d772c885db451d95addf5724961caf6fc2848e7fa33ee7dcd5aad92a2d4c6dc265c67aa64fa8b6111

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e848e48e7bf3034f28e31014e86c229e
SHA1 79cfd330cbf7457a5dfc5a84302ab232aca0bd8a
SHA256 665fa092554a8737792b1c308679d15e3a9bad09e966f2e0962613231597e542
SHA512 aff63a6d647f1ee04847122920aadc8d51cad32abcb770b86f052cd9570e034946680eca9dcc52ff6c1025a54d44eabd9efbef955431d9c46a93d01b5e0bc197

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 21e58bf034c7af531e9ab1cb0e122724
SHA1 b34b999d46336a4f5c0d6e5773058c02206b4a7e
SHA256 81c3c8162cb9cbd2215007b7f5a625bd14e1791099775c6fa04b99d3a0b144b0
SHA512 69aca54fbf2fe9264881d0869a50ba5f792f6bc60cf2b72493bf05884d2637af5f30350a898ee7062dc5adbac4515720bfcfae6c06ec16857eccba7561aca177

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b1ee2a54a8d4dffcf970e2871eea9e35
SHA1 1d572da332575c6405602dd565a3bb51693d0f25
SHA256 9e43c01927bf949e380431a7e2723a7ac5dff05287c2fa6537f9112aa61730e0
SHA512 9de49fc5015688950c7f305c8cd3989a237c6527eb4f1d2a0d6636948f9f2c01f7fe8e4643a3e408d17cc5f43fa6a8f4770a281cb458caa5dfa390790675babf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 26a1fa51f511d0eac2e41652ce6663f0
SHA1 2051a688577b4d1e28291c79907bc5915edc28ac
SHA256 856faf52d0c434f1bdeb2f56f2bc6faa2b2e3d3393166c826886ed034002b887
SHA512 c9464412fe1b4f3909ebcfe5dbe9393b1bac08e0346d6b80d4a4df87780eaeb949b9109d3c444d4c7d0eb7bd08a5b362170a93a2d4cd9163da00da0f1d18035c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 193df43653c6e12f04a49df77143a855
SHA1 3e5213c9f1affcf64b7113e83ecc4b00e4346c45
SHA256 a161dd40a9728de65633c8f89d186b986ecd768f2e12041f1a87e7b1e1b80424
SHA512 4bddd77fda51dbc9af89009616822c8fb535c404ea406a8a08b05cd8a7bb9c70b35a218957fb277c932599da2c05d67273f95df5eac4bdd9fb1d06005f7f442d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ece5c49f24f3e769befcb30944344cb3
SHA1 acfbc7af5c67b7e52e8a51b5ae7da514752cba41
SHA256 b46af40855c4f82166ff4168921b397aa0180980d886d9ab91e7f81c971bc908
SHA512 107424e7e039bdc1344a972e49a1dc2e3850e82f0c8b76685eb053efce9ef88c5ca83f3fb4044f2d873da3b6e7e64bfb9003f8b5bf4b07a668a80dce2e93884e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 323de47149a9f768b0d76e9e449284ba
SHA1 9562095e2f62174a45597c7e0579e41220a6eeb2
SHA256 e3666ef01a3cd431b7b068787a7d5fee49474b60b4a333d32ed73152fe7aae30
SHA512 2152af8066f4c4cf9878e9ea37a9ad9793097d9eb67fcd7d3d1c6d9f4a2c9278e94c86d590570b9fe7aaeebaeeb7273d45eabee3bd255eaa26e7a3c975c6c3d7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8bcded5b603b65fdbcf63c6f8bb144b4
SHA1 e8ee71290a13ddb9d9b76df7129156143e5ceaf2
SHA256 39c6367b1e131a35d180996abdc8f87d6e220030d91d540da47a6cf0cab190bf
SHA512 dc6815bddf48d268c3ef624f9046c08dcc12f8d101d18a3a578b5d3212f11465683e6b6a4414fcc5b1c6aaa2246d26a18e4d11cf2b6674ebc76e1d7e96561a36

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6aa24fe9b96b3b14cfaf9a1f1f2c3058
SHA1 b46e8159c515d8b83db73c1278cce8da488e0cfa
SHA256 6c699b1467e85dec14f3a5600057c2b53aaba8edb695b07915a5169187bffe7f
SHA512 19df35f244fe535d460cad087a517c1c058fddfd8e8d6aea47f294dd807d05f49ea8f27ea735833eae7709d779f0d7f2fc14d5eadfc26f31448627a7319b9c1e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ad95d16f2447527ed2983e27e18d6ba3
SHA1 34922eaf1615101822a5b24a9e0be10a2f1cac61
SHA256 c0d49af13c1c6b0de908814d7dae3ed6478155e9fe8b3b350728c2c8f441c99d
SHA512 6e707aafe7196b5d8b5cb9acdfd2c67828b6bdeb77be26ca552822e000cf373af5382d17c64a4b732d9884899eb12739e7e6ce7c25f9a234d8c0e286e474d468

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 76d55a6513b1a11d64670734b3c10ade
SHA1 5d823be0f2367f6e7f14cda1465c07c87d9da67f
SHA256 4cef4f84bb118a784059fe98b5cb82692110614a9340af34192235870f08de66
SHA512 9e52d6c37f9134ac50435163cac29b7c50dda059543d4c5f1d7fd6155e778b1a10e1e80ba52d2dcc1c59452472807bbcd5d9d25381ad71b1570f6fbfe07d8e4f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c681be29921a60192cf653355fed8e8d
SHA1 5516bdcb7a3d878395586fb5d0ab0d47bdd76a43
SHA256 24a65d85b342b2ac0678b189408ff88f522fa94567622c8783d28fd3152edf78
SHA512 578206e6b55b476fb9adae215eecf7be677598378781f8e6ed7f45331093ac1c4ac21966cf1b1e68199d079e9586537d78b3cf799e47a92df47997df6d02e0cd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 26cfe200f045d6f81b7d695fa79273d5
SHA1 8e50e32dd7127a36c8b21ca52e286b2c9fb15373
SHA256 ef9c5f33a483d2cef292126cc9c76d4742e61a1713e70ff3b49bd52849634a72
SHA512 d3881ed9c9e5aeb5340801890f4031465fd0349cb08fd4b0c23d602b215660c28a49af4ce3a60d201a10bbbe981dacb37e31c8bafe704d32bc46b4ad54343f1a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 289579ff93db217a678176292df31614
SHA1 40c195ba82c1cb9d9f22fe296100a4fc954ae06e
SHA256 741abac03399bcfcf8e53fb87c0dea9a2bc37147100edfd95d992dc86fa6399e
SHA512 9502f85a6e1aa41fceb19891fb839c54e3cfa910ed2f15247ba6ec0b6c12e1897abfd6c87dd1f8caaa19e5dd7177a04caf946abd01c00e3304e34528def4e442

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5f91dd238c32114d236f7a87d382cf32
SHA1 e67a31835872811d10614546a2c7de19cc30b4da
SHA256 551f146e59da9a24c44e4fa49354a53f6c6458e31c8fad6644039afa6cbc97e6
SHA512 470e375a594030566d76361719c133369a20d53bd1a7560c32d3757398b69d37cb5d9bc32a751478ae8e86fb3f7c9ae86a4c4d2eca878f9fc0beaa996bb14431

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d44ccfc31c91cc97a2cdd482c5c71ec9
SHA1 03771c1b641a0bc751850fd6bafaea94c16a9bc3
SHA256 a37a03d9c0463fc84006e8646b94deb8804fa2736129461a41501d36adf04823
SHA512 ddd3d2af9a3d25ecf4d06df0fba6746924738bbe3f2cffbfe97eb03806130bbec75d17c2b8b2579001b4203e7c76d0dc6960e72bb32302ba04ddde9665034965

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 72cc3fe4f93c88e162f78f921ba9730b
SHA1 b5ef54c0277d7f61c63be1d7278d41c7083ec9db
SHA256 fc6f20c59fd01c060dc13a76e5e966d05d461caf05886096ec726e6ccb37d204
SHA512 c8dea1d29b65fcddcc41b2141212ee9fb827caa7cc639612242900eec277995c683263213283ae7a8dbdead09492c342948a203f346a26cbe6a14b4778dd96b9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ee241b4a1f64248df736f6aba037773f
SHA1 219edc7a61fd0f2d199168681071fb9975d6fd11
SHA256 8d2437fece07e33a2b98b1e0bd46334061c1c186c1688c5c0f7a0542ceb4043d
SHA512 abc0cf665ead3ddc89f15ded00740638c78abc682c22a70bb149bd467c1eee2b89b8ec1147e3dce951ca85ad5b4088f8bb6ad6ac6cf88da68f214ce05bb6b1b3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 13e5ad08533a67f956f3abbd8a1794d9
SHA1 9c54850fb0bb6bb4f7d4b35f2fd8e2164c9e0f07
SHA256 3b455577e236e7a105e6415bf34f504ccc8afc05c3dc98efd9f32fe49f579518
SHA512 9f0d73e09603c2fcd8c7db9a1da0bdc8f63c89f339a4f9dd3200234eacfb7410acecc82e2c523c315ed33a0cfcd38ab620c5c92a83001abff9c68e6510e10aa6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7bef03035cb24050a3d6598866b5a9a6
SHA1 9a6fe6cd99b4080870f51f6f8d274698a3cb90ce
SHA256 d79b051692f4d3e15bba51bac6d5810b67f8b7212b14b40198af3c32e7ce9112
SHA512 72a2f89ae9d018943a7a6b8617a38c612446601dcee168c14744dec7253ae9f98777109d603f349e3ca08297d2f5c9a602192e0d9da2e26216bf8d0b932adbab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 174c2745dcd8b3c47d75a0b8e438f6af
SHA1 634db304600b002b26b8e22518d3605e84e91ca7
SHA256 f524e7bda94f43f87e0fa5b88fc8da63877e391a6b3f2232e00a98f4cb4213ba
SHA512 b52cb0630f0e4ed8020f266ccb8eaf7b8b4fe7258fb83112bbe7abf0a64d7bf7ee7742a3b27667cbf269ee855724be36a255c04d8edde0688e146a912e3cc39c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b7efa38f345a6d587b79285c7c9cdf29
SHA1 0b4e668a880867081069b84cea6099d04c63b8f7
SHA256 f046938c64552d748ad2c93b4e35d4ae1777ed4471ab7dd7a963db9aa4260fd9
SHA512 24c280ab6e71899c00a67967c2be6e7a25dfec9c7f49d61ceb8062fefc82d5852799c1407fd787534249d99702f3bc5df96f675193d2824c95c1dded5c3fe26e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3f424b0d69d29c5a65e56e6807bc013b
SHA1 29895be9c1e311aacfa9e8497bd0f69637578e98
SHA256 38c484244815812b8aeed6c110cb696d9191e82fc0d344db2d1598bdb1cd9b7f
SHA512 aa54d97e3096c2addcdd2e7839c692ab1720fb545aa67d024771394a19e8f0acae8b6d9d9b6344d26990a3c1d54fb9d54cf0ab9f99ee06db1bab3b7b31bccd9e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ec684247a0f60e02cd857556fb7afd08
SHA1 968c1dd5d0e13316c7456c2bf66be84bafa4ac2d
SHA256 4620253fe059f476c2a0cfdc2f7d73c2efd786b7253912690039ff77bd7ae7d4
SHA512 fe2ded6668ace51bee655b07408bee2911b449bda0fb1a769600372bf412751f67c6140bc8432ed88a631dd91eccd0b3062b55027dbafc74035d38d1797235bf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 dbd534b8e161015c97573fc280a61173
SHA1 23a05f80da4443c3e7488006ac1d55fc2c672fbb
SHA256 3dc80c2eb0090166f482d0168c86ff67818d6c2add8df872b38c274397878947
SHA512 9eca1da8e68c0010382e3236b642550b8710398965cd8f07f0252338e058058b9d52d2b3a5ae8c1b2d72a5a7c52cec6d7debcd3c3563184b87b252db5830da8b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ed8312dba72ef02fa0009332357eb880
SHA1 20a910a5d30bc79665ef392d3dd8e164ec1c86ca
SHA256 b5b5c96a337cdbd6a04db27aa9468c4b8ba61a67cf710707cd6414bffe12b3c1
SHA512 c4cba7552e898e4dee929ebd21c0b3fca2d0b494ff82096aa3bb4dbe68c936cf2dd43f4b8361da4f8fad7e27f12bd2182dd5c0dfb57e79c7dcd13b6f87708a82

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0ae7a5e6c74d1d56459e5ae57bd6bcd2
SHA1 1b4e3b61d5341cd981bef0c4d897a1dc196c4373
SHA256 9f61ca5cd0e1542cbffa43bf046224a1fe611d70335d2ffd6e8b1c6b101d7e91
SHA512 d15b89522b933176afac3d669161e5b29f824ad321efaf31e4854c99db625ceb51927dec5deaa6def783e982c316e04ae3123ff7fa364c3eaadeda47d2ae4916

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0181c1f78f5727ee9d110ad4d47dfb7a
SHA1 d3a1c87ea0464f9d63999c8b9eab0bf97e464ebe
SHA256 a9028d1d7d85f6debef44d60d93eb9461c8e023e1a650c87cf4eef8f276ac8e3
SHA512 b471a529bf812aa4772adedd578daeeb5b22c40308a7c7c8b9651726dc020420c19af72241f25d8833ea579eb2bf41facefa94f240f3f33441ea2106a201526f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5a7ccd33913331ec430515dbffb85499
SHA1 3aa10832085adee93e115ea1a15bf08889e86a1d
SHA256 1486adbb9b9219f21827d81dd6a91468776b4d068a9ffec4fcb9d290f5682722
SHA512 2f675d92b9c089398e80086dbfee131b24368804f61cdc59223e95f1ddfadcbe186c06afac33609731a4124c5c10af24a6e907ea5c4c7f7635a8b75f0cfc2707

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b3b1bf742b59813bd3323c4e8d97de8c
SHA1 4458b73a2a7576975f09098bcb0233850d323663
SHA256 1042fb39a3b9372b4f115e5c4ce4bc15953976fe850fa49fbb3edb9b833c910a
SHA512 852a4f2437651d1625bd3ece7f867f8ed220deadff403a054e3fd4bfd5fb76cb52b2cc625595575ad0fb1f8750f0c404094ae9b4255d47d18821f7e8e10af049

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c78ecff85d9e22e14c1d671a4eb58156
SHA1 d8e3221bf83bea6caf851cbbeccc1fbd043b2fd5
SHA256 4210e2e2de3243f733fcce040bb7eec03e610335e5d81057b964b5acf3474382
SHA512 5bd574e17364ad23bb0831b93f1540f7e9bd52de2be810dfd30fdb44315871b410e0a8a1391c5f58be57af756188ab486d43e159b2192ca78b106f32ad9250b3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fdb1525867ec034d29e2d7c26c7c83f5
SHA1 ef89ae6f667f60c398693b23cd6c1ff4660b663f
SHA256 4296d8d36f7cf066e5b1c0b04256958ffc0116a3eb93202a01bdc2881bcdf3c3
SHA512 edcaa9e8b226d79cbf80a00c8e94e4af08ad9b088e29a8f01b99ff766069223536caedd0a5697c46e67269f3e250eddf8e8c90db2eec1de203f360498aebb4f1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9d9a18718cbed86eb71787052a1c560d
SHA1 c583572a1ef3a93f627c467bdcb98144ddd196cc
SHA256 ecd1df0880623f6f1fea8b1dc342034d9b581ef831c34756bb1cc05409b32518
SHA512 c20e2aa5b072817c7b997a90f57b59e10524a9c6aecf11d2923fb4794b4fb79401fcd212e020760362e1f0829fb38739c8f9ba27fb88c3d5b32d73e62501aaad

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-13 13:48

Reported

2024-11-13 13:59

Platform

win10ltsc2021-20241023-en

Max time kernel

419s

Max time network

420s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\Screenshot 2024-11-13 7.48.42 AM.png"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000\Control Panel\International\Geo\Nation C:\Windows\system32\cmd.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\system32\mspaint.exe N/A

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1263212995-3575756360-1418101905-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3128 wrote to memory of 2360 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\mspaint.exe
PID 3128 wrote to memory of 2360 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\mspaint.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\Screenshot 2024-11-13 7.48.42 AM.png"

C:\Windows\system32\mspaint.exe

"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Screenshot 2024-11-13 7.48.42 AM.png"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 89.16.208.104.in-addr.arpa udp

Files

N/A