| URL: | https://farmexpressmachine.com/bWBBjSLDS.js |
| Full analysis: | https://app.any.run/tasks/c62cf70e-ad12-4372-b28c-2bf3b4b6b777 |
| Verdict: | Malicious activity |
| Analysis date: | November 08, 2023, 00:01:25 |
| OS: | Windows 10 Professional (build: 19044, 64 bit) |
| Indicators: | |
| SHA1: | 89DBC182329F94C56F278F4EF51D84AAD82C8439 |
| SHA256: | 491B3E1CF6060A624EF6A61297E5DB1FC0F025C20D465C1B18D9FD494395CFA9 |
| SSDEEP: | 3:N8U8KHe2Zn:2H0 |
MALICIOUS
No malicious indicators.SUSPICIOUS
No suspicious indicators.INFO
The process uses the downloaded file
- chrome.exe (PID: 6896)
- chrome.exe (PID: 6820)
- chrome.exe (PID: 5064)
Application launched itself
- chrmstp.exe (PID: 6896)
- chrmstp.exe (PID: 7000)
- chrome.exe (PID: 6200)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
Total processes
149
Monitored processes
23
Malicious processes
0
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 1800 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3036 --field-trial-handle=1956,i,14094573111166403107,2319157450003722943,131072 /prefetch:8 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Exit code: 0 Version: 112.0.5615.50 Modules
| |||||||||||||||
| 2268 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5080 --field-trial-handle=1956,i,14094573111166403107,2319157450003722943,131072 /prefetch:8 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 112.0.5615.50 Modules
| |||||||||||||||
| 5064 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 --field-trial-handle=1956,i,14094573111166403107,2319157450003722943,131072 /prefetch:8 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Exit code: 0 Version: 112.0.5615.50 Modules
| |||||||||||||||
| 5132 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5084 --field-trial-handle=1956,i,14094573111166403107,2319157450003722943,131072 /prefetch:8 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 112.0.5615.50 Modules
| |||||||||||||||
| 6200 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --disk-cache-dir=null --disk-cache-size=1 --media-cache-size=1 --disable-gpu-shader-disk-cache --disable-background-networking "https://farmexpressmachine.com/bWBBjSLDS.js" | C:\Program Files\Google\Chrome\Application\chrome.exe | explorer.exe | ||||||||||||
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Exit code: 0 Version: 112.0.5615.50 Modules
| |||||||||||||||
| 6208 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=112.0.5615.50 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdce55aa60,0x7ffdce55aa70,0x7ffdce55aa80 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Exit code: 0 Version: 112.0.5615.50 Modules
| |||||||||||||||
| 6344 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgACAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1948 --field-trial-handle=1956,i,14094573111166403107,2319157450003722943,131072 /prefetch:2 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 112.0.5615.50 Modules
| |||||||||||||||
| 6356 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1876 --field-trial-handle=1956,i,14094573111166403107,2319157450003722943,131072 /prefetch:8 | C:\Program Files\Google\Chrome\Application\chrome.exe | chrome.exe | ||||||||||||
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Exit code: 0 Version: 112.0.5615.50 Modules
| |||||||||||||||
| 6376 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2204 --field-trial-handle=1956,i,14094573111166403107,2319157450003722943,131072 /prefetch:8 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 112.0.5615.50 Modules
| |||||||||||||||
| 6508 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3004 --field-trial-handle=1956,i,14094573111166403107,2319157450003722943,131072 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google LLC Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 112.0.5615.50 Modules
| |||||||||||||||
Total events
11 919
Read events
11 882
Write events
37
Delete events
0
Modification events
| (PID) Process: | (6200) chrome.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Google\Chrome |
| Operation: | write | Name: | UsageStatsInSample |
Value: 0 | |||
| (PID) Process: | (6200) chrome.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer |
| Operation: | write | Name: | GlobalAssocChangedCounter |
Value: 56 | |||
| (PID) Process: | (6200) chrome.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96} |
| Operation: | write | Name: | dr |
Value: 1 | |||
| (PID) Process: | (7000) chrmstp.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband |
| Operation: | write | Name: | FavoritesResolve |
Value: B20200004C0000000114020000000000C00000000000004683008000200000002A04B02FAAB7D801B3D1B42FAAB7D80155FC7D2FAAB7D8014209000000000000010000000000000000000000000000001E013A001F80C827341F105C1042AA032EE45287D668260001002600EFBE12000000E9E9C368AF27D3012EDF76ACA9B7D801F568B22FAAB7D8011400560031000000000018555D5911005461736B42617200400009000400EFBE274B1B4018555D592E000000058A0200000005000000000000000000000000000000D6C802005400610073006B00420061007200000016008C0032004209000018555D5920004D4943524F537E312E4C4E4B0000560009000400EFBE18555D5918555D592E0000006FC50000000004000000000000000000000000000000ABD034004D006900630072006F0073006F0066007400200045006400670065002E006C006E006B0000001C001A0000001D00EFBE02004D005300450064006700650000001C0000009D0000001C000000010000001C0000002D000000000000009C0000001100000003000000FA99B7261000000000433A5C55736572735C61646D696E5C417070446174615C526F616D696E675C4D6963726F736F66745C496E7465726E6574204578706C6F7265725C517569636B204C61756E63685C557365722050696E6E65645C5461736B4261725C4D6963726F736F667420456467652E6C6E6B000060000000030000A058000000000000006465736B746F702D6A676C6C6A6C640064D4FD8DD0913E488A778CA768B799805F4440C69C23ED11B4AB18F7786F96EE64D4FD8DD0913E488A778CA768B799805F4440C69C23ED11B4AB18F7786F96EE45000000090000A03900000031535053B1166D44AD8D7048A748402EA43D788C1D000000680000000048000000725E5C2FA985EB1190A89A9B76358421000000000000000000000000210300004C0000000114020000000000C00000000000004683008000200000007D43EB6CAF27D3017D43EB6CAF27D301DD21942857DFD1019701000000000000010000000000000000000000000000008E013A001F80C827341F105C1042AA032EE45287D668260001002600EFBE12000000E9E9C368AF27D301FEE1E86CAF27D301FEE1E86CAF27D30114005600310000000000274B1B4011005461736B42617200400009000400EFBE274B1B40274B1B402E000000A88E0100000001000000000000000000000000000000833BF4005400610073006B0042006100720000001600FC00320097010000F048555D200046494C4545587E312E4C4E4B00007C0009000400EFBE274B1B40274B1B402E000000A98E01000000010000000000000000005200000000002383CF00460069006C00650020004500780070006C006F007200650072002E006C006E006B00000040007300680065006C006C00330032002E0064006C006C002C002D003200320030003600370000001C00220000001E00EFBE02005500730065007200500069006E006E006500640000001C00420000001D00EFBE02004D006900630072006F0073006F00660074002E00570069006E0064006F00770073002E004500780070006C006F0072006500720000001C0000009C0000001C000000010000001C0000002D000000000000009B0000001100000003000000FA99B7261000000000433A5C55736572735C61646D696E5C417070446174615C526F616D696E675C4D6963726F736F66745C496E7465726E6574204578706C6F7265725C517569636B204C61756E63685C557365722050696E6E65645C5461736B4261725C46696C65204578706C6F7265722E6C6E6B000060000000030000A058000000000000006465736B746F702D6A676C6C6A6C640064D4FD8DD0913E488A778CA768B79980ABF5E88CA293E711B4245254004AAD1164D4FD8DD0913E488A778CA768B79980ABF5E88CA293E711B4245254004AAD1145000000090000A03900000031535053B1166D44AD8D7048A748402EA43D788C1D000000680000000048000000B52F24F3000000000000501F00000000000000000000000000000000D10200004C0000000114020000000000C0000000000000468300800020000000EFB59A0A457AD701EFB59A0A457AD70139686D0A457AD701ED030000000000000100000000000000000000000000000044013A001F80C827341F105C1042AA032EE45287D668260001002600EFBE12000000E9E9C368AF27D301929B4CECC1D0D301929B4CECC1D0D30114005600310000000000F052496A11005461736B42617200400009000400EFBE274B1B40F052496A2E00000058CC0300000003000000000000000000000000000000119300005400610073006B0042006100720000001600B2003200ED030000F052496A200046697265666F782E6C6E6B00480009000400EFBEF052496AF052496A2E000000ABAB0000000004000000000000000000000000000000C7E02D00460069007200650066006F0078002E006C006E006B0000001A00220000001E00EFBE02005500730065007200500069006E006E006500640000001A002E0000001D00EFBE0200330030003800300034003600420030004100460034004100330039004300420000001A000000960000001C000000010000001C0000002D00000000000000950000001100000003000000FA99B7261000000000433A5C55736572735C61646D696E5C417070446174615C526F616D696E675C4D6963726F736F66745C496E7465726E6574204578706C6F7265725C517569636B204C61756E63685C557365722050696E6E65645C5461736B4261725C46697265666F782E6C6E6B000060000000030000A058000000000000006465736B746F702D6A676C6C6A6C640064D4FD8DD0913E488A778CA768B799804A4DEABB37E6EB11B47718F7786F96EE64D4FD8DD0913E488A778CA768B799804A4DEABB37E6EB11B47718F7786F96EE45000000090000A03900000031535053B1166D44AD8D7048A748402EA43D788C1D000000680000000048000000725E5C2FA985EB1190A89A9B76358421000000000000000000000000 | |||
| (PID) Process: | (7000) chrmstp.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband |
| Operation: | write | Name: | Favorites |
Value: 00400100003A001F80C827341F105C1042AA032EE45287D668260001002600EFBE12000000E9E9C368AF27D3012EDF76ACA9B7D801F568B22FAAB7D8011400560031000000000018555D5911005461736B42617200400009000400EFBE274B1B4018555D592E000000058A0200000005000000000000000000000000000000D6C802005400610073006B0042006100720000001600AE0032004209000018555D5920004D4943524F537E312E4C4E4B0000560009000400EFBE18555D5918555D592E0000006FC50000000004000000000000000000000000000000ABD034004D006900630072006F0073006F0066007400200045006400670065002E006C006E006B0000001C001A0000001D00EFBE02004D005300450064006700650000001C00220000001E00EFBE02005500730065007200500069006E006E006500640000001C00000000920100003A001F80C827341F105C1042AA032EE45287D668260001002600EFBE12000000E9E9C368AF27D301FEE1E86CAF27D301FEE1E86CAF27D30114005600310000000000274B1B4011005461736B42617200400009000400EFBE274B1B40274B1B402E000000A88E0100000001000000000000000000000000000000833BF4005400610073006B00420061007200000016000001320097010000F048555D200046494C4545587E312E4C4E4B00007C0009000400EFBE274B1B40274B1B402E000000A98E01000000010000000000000000005200000000002383CF00460069006C00650020004500780070006C006F007200650072002E006C006E006B00000040007300680065006C006C00330032002E0064006C006C002C002D003200320030003600370000001C00420000001D00EFBE02004D006900630072006F0073006F00660074002E00570069006E0064006F00770073002E004500780070006C006F0072006500720000001C00260000001E00EFBE0200530079007300740065006D00500069006E006E006500640000001C00000000440100003A001F80C827341F105C1042AA032EE45287D668260001002600EFBE12000000E9E9C368AF27D301929B4CECC1D0D301929B4CECC1D0D30114005600310000000000F052496A11005461736B42617200400009000400EFBE274B1B40F052496A2E00000058CC0300000003000000000000000000000000000000119300005400610073006B0042006100720000001600B2003200ED030000F052496A200046697265666F782E6C6E6B00480009000400EFBEF052496AF052496A2E000000ABAB0000000004000000000000000000000000000000C7E02D00460069007200650066006F0078002E006C006E006B0000001A00220000001E00EFBE02005500730065007200500069006E006E006500640000001A002E0000001D00EFBE0200330030003800300034003600420030004100460034004100330039004300420000001A000000FF | |||
| (PID) Process: | (7000) chrmstp.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband |
| Operation: | write | Name: | FavoritesChanges |
Value: 13 | |||
| (PID) Process: | (7000) chrmstp.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband |
| Operation: | write | Name: | FavoritesVersion |
Value: 3 | |||
| (PID) Process: | (7000) chrmstp.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer |
| Operation: | write | Name: | GlobalAssocChangedCounter |
Value: 57 | |||
| (PID) Process: | (6896) chrome.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
| Operation: | write | Name: | ProxyBypass |
Value: 1 | |||
| (PID) Process: | (6896) chrome.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
| Operation: | write | Name: | IntranetName |
Value: 1 | |||
Executable files
0
Suspicious files
56
Text files
72
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 6200 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\First Run | — | |
MD5:— | SHA256:— | |||
| 6200 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\History-journal | — | |
MD5:— | SHA256:— | |||
| 6200 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences | binary | |
MD5:000C910C2FDF3B954C523A0FFA3C1794 | SHA256:79677DC35F3BA050D4AD3DCEE016378DB04C9212611BF2DCA5F8396CFE45A570 | |||
| 6200 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat | binary | |
MD5:FC81892AC822DCBB09441D3B58B47125 | SHA256:FB077C966296D02D50CCBF7F761D2A3311A206A784A7496F331C2B0D6AD205C8 | |||
| 6200 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\MANIFEST-000001 | binary | |
MD5:5AF87DFD673BA2115E2FCF5CFDB727AB | SHA256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4 | |||
| 6200 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Variations | binary | |
MD5:961E3604F228B0D10541EBF921500C86 | SHA256:F7B24F2EB3D5EB0550527490395D2F61C3D2FE74BB9CB345197DAD81B58B5FED | |||
| 6200 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Version | text | |
MD5:6938856FB4E39ADCAA9D9664D679E7E3 | SHA256:9FC3A390773A9E5326F7731EF4D54D80400FB7C36BAA62CA81AC2CA8141EDBD3 | |||
| 6200 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\d25b9627-f042-40ec-87b7-de17f6733016.tmp | image | |
MD5:EF36A84AD2BC23F79D171C604B56DE29 | SHA256:E9EECF02F444877E789D64C2290D6922BD42E2F2FE9C91A1381959ACD3292831 | |||
| 6200 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts\MANIFEST-000001 | binary | |
MD5:5AF87DFD673BA2115E2FCF5CFDB727AB | SHA256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4 | |||
| 6200 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts\CURRENT | text | |
MD5:46295CAC801E5D4857D09837238A6394 | SHA256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
9
TCP/UDP connections
15
DNS requests
10
Threats
3
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
5048 | SearchApp.exe | POST | 204 | 204.79.197.200:443 | https://www.bing.com/threshold/xls.aspx | unknown | — | — | unknown |
6356 | chrome.exe | GET | 403 | 172.234.25.151:443 | https://farmexpressmachine.com/bWBBjSLDS.js | unknown | html | 93 b | unknown |
6356 | chrome.exe | POST | 200 | 142.250.184.205:443 | https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard | unknown | ini | 17 b | unknown |
6356 | chrome.exe | GET | 200 | 216.58.206.42:443 | https://optimizationguide-pa.googleapis.com/downloads?name=1679317318&target=OPTIMIZATION_TARGET_LANGUAGE_DETECTION | unknown | binary | 258 Kb | unknown |
6356 | chrome.exe | GET | 403 | 172.234.25.151:443 | https://farmexpressmachine.com/favicon.ico | unknown | html | 93 b | unknown |
6356 | chrome.exe | GET | 200 | 216.58.206.42:443 | https://optimizationguide-pa.googleapis.com/downloads?name=1697468522&target=OPTIMIZATION_TARGET_NOTIFICATION_PERMISSION_PREDICTIONS | unknown | binary | 4.97 Kb | unknown |
6356 | chrome.exe | POST | 200 | 216.58.206.42:443 | https://optimizationguide-pa.googleapis.com/v1:GetModels?key=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw | unknown | binary | 1.16 Kb | unknown |
6356 | chrome.exe | GET | 200 | 216.58.206.42:443 | https://optimizationguide-pa.googleapis.com/downloads?name=1699288392&target=OPTIMIZATION_TARGET_PAGE_ENTITIES | unknown | binary | 32.4 Mb | unknown |
6356 | chrome.exe | GET | 200 | 216.58.206.42:443 | https://optimizationguide-pa.googleapis.com/downloads?name=1697468511&target=OPTIMIZATION_TARGET_GEOLOCATION_PERMISSION_PREDICTIONS | unknown | binary | 44.0 Kb | unknown |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
6356 | chrome.exe | 142.250.184.205:443 | accounts.google.com | GOOGLE | US | whitelisted |
3792 | svchost.exe | 239.255.255.250:1900 | — | — | — | whitelisted |
6200 | chrome.exe | 239.255.255.250:1900 | — | — | — | whitelisted |
2836 | msedge.exe | 224.0.0.251:5353 | — | — | — | unknown |
6356 | chrome.exe | 172.234.25.151:443 | farmexpressmachine.com | Akamai International B.V. | US | unknown |
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
4620 | svchost.exe | 20.73.194.208:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
6356 | chrome.exe | 142.250.186.100:443 | www.google.com | GOOGLE | US | whitelisted |
4620 | svchost.exe | 51.124.78.146:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
DNS requests
Domain | IP | Reputation |
|---|---|---|
farmexpressmachine.com |
| malicious |
accounts.google.com |
| shared |
www.google.com |
| whitelisted |
settings-win.data.microsoft.com |
| whitelisted |
optimizationguide-pa.googleapis.com |
| whitelisted |
Threats
PID | Process | Class | Message |
|---|---|---|---|
6356 | chrome.exe | Exploit Kit Activity Detected | ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (farmexpressmachine .com) |
6356 | chrome.exe | Exploit Kit Activity Detected | ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (farmexpressmachine .com) |
6356 | chrome.exe | Exploit Kit Activity Detected | ET EXPLOIT_KIT ZPHP Domain in TLS SNI (farmexpressmachine .com) |