Malware Analysis Report

2025-01-19 02:12

Sample ID 241205-kab4zswnbs
Target http://qnb-xp.ru.com
Tags
discovery phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file http://qnb-xp.ru.com was found to be: Known bad.

Malicious Activity Summary

discovery phishing

A potential corporate email address has been identified in the URL: [email protected]

Drops file in Windows directory

Browser Information Discovery

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Modifies data under HKEY_USERS

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-05 08:23

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-05 08:23

Reported

2024-12-05 08:27

Platform

win11-20241007-en

Max time kernel

209s

Max time network

204s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://qnb-xp.ru.com

Signatures

A potential corporate email address has been identified in the URL: [email protected]

phishing

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133778606219772811" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3648 wrote to memory of 1832 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 1832 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 4036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 4036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 4036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 4036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 4036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 4036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 4036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 4036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 4036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 4036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 4036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 4036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 4036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 4036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 4036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 4036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 4036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 4036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 4036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 4036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 4036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 4036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 4036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 4036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 4036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 4036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 4036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 4036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 4036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 4036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 1592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 1592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 1792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 1792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 1792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 1792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 1792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 1792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 1792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 1792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 1792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 1792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 1792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 1792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 1792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 1792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 1792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 1792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 1792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 1792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 1792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 1792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 1792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 1792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 1792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 1792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 1792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 1792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 1792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 1792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 1792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3648 wrote to memory of 1792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://qnb-xp.ru.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff801f2cc40,0x7ff801f2cc4c,0x7ff801f2cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1928,i,1086658732036708261,1083395794488876327,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1920 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1748,i,1086658732036708261,1083395794488876327,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1976 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2084,i,1086658732036708261,1083395794488876327,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2180 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2992,i,1086658732036708261,1083395794488876327,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3148 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2996,i,1086658732036708261,1083395794488876327,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3184 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=2988,i,1086658732036708261,1083395794488876327,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4428 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3460,i,1086658732036708261,1083395794488876327,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4652 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4652,i,1086658732036708261,1083395794488876327,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4876 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 qnb-xp.ru.com udp
US 104.21.81.64:443 qnb-xp.ru.com tcp
US 104.21.81.64:80 qnb-xp.ru.com tcp
US 104.21.81.64:80 qnb-xp.ru.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 104.21.81.64:443 qnb-xp.ru.com udp
US 151.101.193.229:443 cdn.jsdelivr.net tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
GB 142.250.180.10:443 content-autofill.googleapis.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com udp
US 151.101.193.229:443 cdn.jsdelivr.net udp
US 104.17.24.14:443 cdnjs.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
GB 142.250.187.195:443 beacons.gcp.gvt2.com tcp
IT 34.154.74.59:443 e2c59.gcp.gvt2.com tcp
GB 142.250.187.195:443 beacons.gcp.gvt2.com udp
US 34.0.132.167:443 e2c82.gcp.gvt2.com tcp

Files

\??\pipe\crashpad_3648_RCWIOYBXCWMJILQI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 b02589757420b2bb98199656fa3c68c3
SHA1 e0d1a64d220ff676463622026d520331b6ebe3fa
SHA256 7bd1d72f2149f85fc8bf9fd636c207aed02f48e8b18856d727c3f084d84982cf
SHA512 2b9f913522eba7e43ad460bc06f7a8d9ed170148a2c493b62747f1651b73ac88f6f7c78aa5cc7e7a303b0780be55fda4872b9b4f9cabd21b0a592652ff3fa653

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 8727d98e5740ddaffa462370df41fbec
SHA1 af6577293ce0ce3048b9275b04275935ad398160
SHA256 3eb05da3dddb4b3548a5842f9c18c1192341da966be59fc686c5cb0430cce69e
SHA512 81e171b1d0f6e9b53cb34369b8e27e5013e1817c34078f924a70f02a4f60e33a9f676e3201556bf680c864ca181f98eb8fb6adfe0757d18699e0d57ba16e733f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cc072fe634b13c8bb4d63cd798af9bd3
SHA1 7a496ba2644f46b33e8298bae1845c56b4f635ef
SHA256 0ac516fd7af35b5dd87f8639e5bf7dd3285b167378e7af3e1af1d113fa4dd23a
SHA512 1c87a82f283621ea8abf136ce399a75b924d8c3254a8a5a10ab30c3e39cd744306b3dc13267f3902d2681772416d4c9c9eb138abd5b385d4846db935ce7a274b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 05ee8515dea81c651c996b97bf77bd8c
SHA1 6080257e97e2faa44defe0c8b97ed208029ce9e2
SHA256 44cc5d522c1e5c048a862a3c05689e7b5d50a76c9eb62e8a7f61fd279ce662b1
SHA512 9bdfca11ea0d7e3f61c4e6795ca7aa2d0a0ae08693336ba96d3f69acbdb165b1a5bd698ec5314c9f8364009880e273237c5a7aa2a5c9ff0b42ddc171eb5a9497

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 119119939b8901e2a971f18ed59d34ed
SHA1 0ddc87b33e8b7bd3071cf819b28cacd1a09fa5ca
SHA256 24ee3adfe96659b00ee2a481a344d960ce4a1635fe6fff44245677def0b044bd
SHA512 c66d88dd86e06eeeec2037d15b2dbba896d4e47406e52b26b6b262d9a6c37ec663e65af578e9ea7498bf2be5077983a0fa1c720b59673e3b7e86fd2215ae2972

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7bfe5b7fffa90b2607146be6b60b43c6
SHA1 f2c91085a128213e417cc9465606ffee943c13c8
SHA256 1303b86188e55d5552b153ade1329d43b627031d50039cf0419510026e0f271b
SHA512 2fe6904e393feaffc8c353f8736e823364d9c6604f74bf078ad9a59b6e028699b16cb3c20485646d876f449cda583f34bd35e18800589b5df0ff8fbc0ecaff32

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1cc090e9f9259e7d4a9d609d198456fd
SHA1 dd1af2ee7ed3f5c050c02dcdcde697193a789910
SHA256 c24ed8d1803fabcba6e3446c5bed31a408e0581ceb00410e2547e2a48f3fcf46
SHA512 7fad4194e4e89154dffc9c2263e08ab691b7fbb6fc7556c037a0316d9d3cd92c0044baa291fe7791d8a65ea989f97098ae10dde1d2f073cf2836ee43634a7b41

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 944bf25ef0ddaf700eedf9289a781ad4
SHA1 52ba4014db46a21eb6867b6c1e79315972c085e8
SHA256 0caaf90ba4b831804e049a1b1bfe3597a4a586ba485d8107fdd2e77b71232460
SHA512 ad3a281fb070db1913f84ccd9426985f5d36312b2304dc04475434b384bc6dd0c60aa37d8cdc393f7bff61d3923aedf03d7235547c80c22dadd30d066837a177

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3be8f8d306b2cc252a1c40fd318c8079
SHA1 67f2312e6a874425bf0eb7b4e2bc1038410093a7
SHA256 8553f9e239ee9129d97d6f60c08c4712ac46014304e27849ca0be42d1164f62c
SHA512 34b832c78d72f35c4fad848c03942e9cf16f68bb928349b9612b92b00dd8bb917795cb56d1b7f814c44b7f56a7ceb44ee40376544c50af2602643c5ac850ebd6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 fa0ff84e5b40113a8f7d92df480883af
SHA1 eb3c8aa776caa639c0825e3aefa73da8cef13f8a
SHA256 9070d8ec332dafe6e5b02d239458010b423b4f07f69eefd8329f893b70493dec
SHA512 19dabc8127ee733da76844a50565fef129e3cdee09c527ac208fa0d961e015d9112af7d1f62c683e236bec8dd157aa3aa580f382c6cdaa0bb22e7d46b4d4ae59

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cf92869697243aaa69ff196e0a7b9182
SHA1 9658c682a13b5dad2c1041a88d84235ad07bc1e7
SHA256 e982b3b94650dd6d169674d29e8611b71dfd68c6d32aea861dda375cc1427878
SHA512 658795cb3618215dd79807a0fc8f5a9221e6973a4c3b0d20406e2d41792c8999b14aac56ced3fdeb7f7df85c6ec575613f68eeb19198eee1b8d40719017456f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b597fd9855072ea8d55f475e456ea2ac
SHA1 2281649170cb4736621e8580f76514237865ec74
SHA256 9a48da1b17a04b7730ebeb1045b10eef65db8df8beb0d0b06cfda88882bbdac3
SHA512 cbce1ed34106ddf2b8c577c4579c89e598b278faaf89dc4911208924c35ff9c099db6fe60be72382e70349d1abd98f1ab5208bc42e72216b26de2e57f89b5749

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 67d9a2defed8640cfc769468fc245d47
SHA1 b3018a78bfb78329ff9300a521649568de8b23fc
SHA256 cc9f4a37f0f90875958f29f8498ef73fc8c6941e266add3e750a76aec5eafc38
SHA512 a78422d0d797e7998f0ab9f6a1b75f991010d9c804cc0419b0b9e20539606e1abe61d56e18cd801e457e2ccba1d4509023793df216cf5871c2604ded9b4b9433

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 b5ad5caaaee00cb8cf445427975ae66c
SHA1 dcde6527290a326e048f9c3a85280d3fa71e1e22
SHA256 b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8
SHA512 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 d222b77a61527f2c177b0869e7babc24
SHA1 3f23acb984307a4aeba41ebbb70439c97ad1f268
SHA256 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747
SHA512 d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 dc1e71a23fe47ad25f4cff082e6665e9
SHA1 f91d6074cc6c9bb2bc944cfb50b8af654c4d6d97
SHA256 57aebe63022f106d86b124e5ce7bec708ff4463d556c80fa1d1214dbbe5b1c6f
SHA512 cda0fa4a7ddb809576c33c879c3f0f564ef4604a2d0be4c6666f2880028fd2b20c9687fff2260b666f8e5f31b9736eeaf210195561fec556d40a87117c595ed3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 0b30f711dd49ec6483dfd02f446e6cf9
SHA1 3cb351b35228b7b34775967b51a9b54eb0c4cbf9
SHA256 90560637e1e4df84ff17e120ac8b3b7f115a46eb5d8f6673384dda3fcfb1e344
SHA512 662a4338694f130eb8a4db505bb24796f39b66c244c82b5e7c67ab21cfbb078437c71ae9542e0f86801046d16fb1ceff9a87873297f89cb1cdda9e2d6a9bc581

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3712f0a15ec55c1e854b64ff82787a90
SHA1 74ab20156fc4619362871a490a5d1cb58298932b
SHA256 25fb7a84858a72020309f8faa5854758ab7b949520fed8ff8eaa3126e9505868
SHA512 d0fbc11b9a49b749a332111e673ded8887e1bdf11d470c7347a023615e43db668095ba6531dbfff69c9cbadde0c24515fe600b163701d3f9c817b49a01f80fc0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7e409a403718f80fd2e5ea631c902bf9
SHA1 f1af035993840981aa892b91f2d060e3c907ab95
SHA256 af54e4cef719f3e098ae9bfa5da1528ed0e1d2d5520d5d6e02d63db92807ccf7
SHA512 73d3833fd4013becbf031c4c693d8ff3c08023238f33ef2008a86da38e00fab2fbc16eb49b22bd408a2bd011b929237855f097bd91fc9de0286ee30c3e5f1876

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0f5ce115a95b36064659763d6a405031
SHA1 a463d2d53c2113ae5b0e9794cd3265bfa18c8f7f
SHA256 375ef49a0f7f5aad5aa92ef5101c0b208edd9a873d0fb91e176ea5ff1d3e86d6
SHA512 51ce189d4829796f87deb3337c4f12fa61850a1845147b8dc0c027d12f4e318e2daeec7481015b25386afeaebf2f857ebaf652883f089b4e390268b7b82cee7e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 274a3b3951e99b63ba19b10ff346f056
SHA1 5642f9ad9fc9c41fb07a30581f7be71aed0905c1
SHA256 0dff0ccd7b80d294b473f3b0b79317f7a2b51a85235c6e043599776f75b5bead
SHA512 87afbec32161ff112ae139356cf11db00fef0888119ddd3af196b82d9bce3502a6d99f95819288c807e25a94ee41f441764eae4945ae25441642cb5a06947f8e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 89b15a9bc6344523d0c56ed9925c92c9
SHA1 f6f191f0144fd03b83af3124c1aefd2eeee4ca92
SHA256 f55e6f2041daaa86647aa2b96879eecc56310921b3f7f5c171e8fa0a70869a3f
SHA512 00eccf08588de436eeb2f1b73e625e41af5fdb3ea4cb04f6065f9dd26c4600f9cbe2fe0ce58d1982bc966983dcadbbcc88477ab3ef3b1da52673885ee4482c9b