Malware Analysis Report

2024-10-23 18:38

Sample ID 220324-qqhvcsecen
Target 252f1a88526683b9dd18c1a7371533e989578b5118975adf93cd8a0891e3cbef
SHA256 252f1a88526683b9dd18c1a7371533e989578b5118975adf93cd8a0891e3cbef
Tags
discovery persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

252f1a88526683b9dd18c1a7371533e989578b5118975adf93cd8a0891e3cbef

Threat Level: Known bad

The file 252f1a88526683b9dd18c1a7371533e989578b5118975adf93cd8a0891e3cbef was found to be: Known bad.

Malicious Activity Summary

discovery persistence

Registers COM server for autorun

Executes dropped EXE

Downloads MZ/PE file

Checks installed software on the system

Drops file in Program Files directory

Enumerates physical storage devices

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Suspicious use of SetWindowsHookEx

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2022-03-24 13:28

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2022-03-24 13:27

Reported

2022-03-24 14:20

Platform

win10v2004-en-20220113

Max time kernel

2639s

Max time network

2669s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\Win32\Backdoor.Win32.APT34.PoisonFrogC2.7z

Signatures

Registers COM server for autorun

persistence

Downloads MZ/PE file

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\7z2107-x64.exe N/A
N/A N/A C:\Users\Admin\Downloads\7z2107-x64.exe N/A

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\7-Zip\Lang\sk.txt C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\va.txt C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7zFM.exe C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\kk.txt C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\yo.txt C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\th.txt C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\de.txt C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\et.txt C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ja.txt C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\kab.txt C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tk.txt C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tr.txt C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ug.txt C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\af.txt C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\gl.txt C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\vi.txt C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ar.txt C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ps.txt C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\License.txt C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mng.txt C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sl.txt C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tt.txt C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\el.txt C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\az.txt C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\bg.txt C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\zh-cn.txt C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\History.txt C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\si.txt C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sq.txt C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\nn.txt C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tg.txt C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\nl.txt C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sr-spc.txt C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File created C:\Program Files\7-Zip\Lang\tg.txt C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\lv.txt C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ko.txt C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ru.txt C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.dll C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.exe C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\en.ttt C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\lij.txt C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pl.txt C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sa.txt C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fy.txt C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\io.txt C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\lt.txt C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7-zip32.dll C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\cy.txt C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\bn.txt C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File created C:\Program Files\7-Zip\Lang\tk.txt C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\an.txt C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\da.txt C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ast.txt C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mr.txt C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fa.txt C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\hy.txt C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sr-spl.txt C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sv.txt C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mk.txt C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ca.txt C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\gu.txt C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ne.txt C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sw.txt C:\Users\Admin\Downloads\7z2107-x64.exe N/A
File created C:\Program Files\7-Zip\Lang\uz-cyrl.txt C:\Users\Admin\Downloads\7z2107-x64.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\Downloads\7z2107-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2107-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2107-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2107-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2107-x64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 C:\Users\Admin\Downloads\7z2107-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" C:\Users\Admin\Downloads\7z2107-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 C:\Users\Admin\Downloads\7z2107-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip C:\Users\Admin\Downloads\7z2107-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll" C:\Users\Admin\Downloads\7z2107-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll" C:\Users\Admin\Downloads\7z2107-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2107-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} C:\Users\Admin\Downloads\7z2107-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\Downloads\7z2107-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2107-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2107-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2107-x64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000} C:\Users\Admin\Downloads\7z2107-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" C:\Users\Admin\Downloads\7z2107-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip C:\Users\Admin\Downloads\7z2107-x64.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Users\Admin\Downloads\7z2107-x64.exe N/A
N/A N/A C:\Users\Admin\Downloads\7z2107-x64.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3228 wrote to memory of 4368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3228 wrote to memory of 4368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4072 wrote to memory of 4232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4072 wrote to memory of 4232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3228 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3228 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3228 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3228 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3228 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3228 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3228 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3228 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3228 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3228 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3228 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3228 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3228 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3228 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3228 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3228 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3228 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3228 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3228 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3228 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3228 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3228 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3228 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3228 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3228 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3228 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3228 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3228 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3228 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3228 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3228 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3228 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3228 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3228 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3228 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3228 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3228 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3228 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3228 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3228 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4072 wrote to memory of 4136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4072 wrote to memory of 4136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4072 wrote to memory of 4136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4072 wrote to memory of 4136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4072 wrote to memory of 4136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4072 wrote to memory of 4136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4072 wrote to memory of 4136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4072 wrote to memory of 4136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4072 wrote to memory of 4136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4072 wrote to memory of 4136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4072 wrote to memory of 4136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4072 wrote to memory of 4136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4072 wrote to memory of 4136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4072 wrote to memory of 4136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4072 wrote to memory of 4136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4072 wrote to memory of 4136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4072 wrote to memory of 4136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4072 wrote to memory of 4136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4072 wrote to memory of 4136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4072 wrote to memory of 4136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\Win32\Backdoor.Win32.APT34.PoisonFrogC2.7z

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k appmodel -p -s camsvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc82aa4f50,0x7ffc82aa4f60,0x7ffc82aa4f70

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc82aa4f50,0x7ffc82aa4f60,0x7ffc82aa4f70

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1628,14119137766818691516,9107991870973119008,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1976 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1624,1521678806352944995,4777820227792589599,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1640 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1628,14119137766818691516,9107991870973119008,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1640 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1624,1521678806352944995,4777820227792589599,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1988 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1628,14119137766818691516,9107991870973119008,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2428 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,14119137766818691516,9107991870973119008,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2948 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,14119137766818691516,9107991870973119008,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2912 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,14119137766818691516,9107991870973119008,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4252 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,14119137766818691516,9107991870973119008,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4180 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,14119137766818691516,9107991870973119008,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,14119137766818691516,9107991870973119008,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5276 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,14119137766818691516,9107991870973119008,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5276 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1628,14119137766818691516,9107991870973119008,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5620 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,14119137766818691516,9107991870973119008,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1684 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,14119137766818691516,9107991870973119008,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1544 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,14119137766818691516,9107991870973119008,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,14119137766818691516,9107991870973119008,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4516 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1628,14119137766818691516,9107991870973119008,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4508 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1628,14119137766818691516,9107991870973119008,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2384 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1628,14119137766818691516,9107991870973119008,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4500 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,14119137766818691516,9107991870973119008,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5788 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,14119137766818691516,9107991870973119008,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4804 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,14119137766818691516,9107991870973119008,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5824 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,14119137766818691516,9107991870973119008,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5324 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,14119137766818691516,9107991870973119008,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2348 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,14119137766818691516,9107991870973119008,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,14119137766818691516,9107991870973119008,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5492 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1628,14119137766818691516,9107991870973119008,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6136 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1628,14119137766818691516,9107991870973119008,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4928 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1628,14119137766818691516,9107991870973119008,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4956 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1628,14119137766818691516,9107991870973119008,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4944 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1628,14119137766818691516,9107991870973119008,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4828 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1628,14119137766818691516,9107991870973119008,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4980 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,14119137766818691516,9107991870973119008,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4656 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,14119137766818691516,9107991870973119008,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4640 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,14119137766818691516,9107991870973119008,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1628,14119137766818691516,9107991870973119008,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4256 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1628,14119137766818691516,9107991870973119008,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6316 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1628,14119137766818691516,9107991870973119008,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2940 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,14119137766818691516,9107991870973119008,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1

C:\Users\Admin\Downloads\7z2107-x64.exe

"C:\Users\Admin\Downloads\7z2107-x64.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\7z2107-x64.exe

"C:\Users\Admin\Downloads\7z2107-x64.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,14119137766818691516,9107991870973119008,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5276 /prefetch:8

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,Control_RunDLL C:\Windows\System32\srchadmin.dll ,

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,14119137766818691516,9107991870973119008,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4712 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,14119137766818691516,9107991870973119008,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5248 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,14119137766818691516,9107991870973119008,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4356 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,14119137766818691516,9107991870973119008,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4960 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,14119137766818691516,9107991870973119008,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1076 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,14119137766818691516,9107991870973119008,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4968 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,14119137766818691516,9107991870973119008,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4304 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,14119137766818691516,9107991870973119008,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5888 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,14119137766818691516,9107991870973119008,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4400 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,14119137766818691516,9107991870973119008,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3128 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,14119137766818691516,9107991870973119008,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3372 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,14119137766818691516,9107991870973119008,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3320 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,14119137766818691516,9107991870973119008,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6116 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,14119137766818691516,9107991870973119008,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2380 /prefetch:8

Network

Country Destination Domain Proto
US 52.182.141.63:443 tcp
DE 67.24.27.254:80 tcp
DE 67.24.27.254:80 tcp
US 8.8.8.8:53 api.msn.com udp
US 204.79.197.203:443 api.msn.com tcp
DE 67.24.27.254:80 tcp
US 204.79.197.200:443 tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
NL 142.250.179.174:443 clients2.google.com tcp
US 8.8.8.8:53 dns.google udp
NL 172.217.168.237:443 accounts.google.com tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google udp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
NL 172.217.168.193:443 clients2.googleusercontent.com tcp
NL 142.250.179.131:443 ssl.gstatic.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google udp
NL 142.250.179.142:443 apis.google.com tcp
NL 142.250.179.142:443 tcp
NL 142.251.39.110:443 play.google.com tcp
NL 142.251.39.110:443 udp
NL 172.217.168.206:443 encrypted-tbn0.gstatic.com tcp
NL 172.217.168.206:443 tcp
GB 159.65.89.65:443 tcp
GB 159.65.89.65:443 tcp
NL 172.217.168.206:443 udp
US 35.227.221.109:443 beacons.gcp.gvt2.com tcp
US 8.8.4.4:443 dns.google udp
NL 142.250.179.163:443 update.googleapis.com tcp
US 8.8.8.8:53 dns.google udp
DE 49.12.202.237:443 d3.7-zip.org tcp
US 8.8.8.8:53 dns.google udp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
GB 159.65.89.65:443 tcp
US 8.8.4.4:443 dns.google tcp
NL 142.250.179.163:443 udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google udp
NL 142.250.179.202:443 safebrowsing.googleapis.com tcp
US 8.8.4.4:443 dns.google udp
US 204.79.197.200:443 tcp
US 8.8.4.4:443 dns.google udp
US 8.8.8.8:53 dns.google udp
US 204.79.197.222:443 fp.msedge.net tcp
US 8.8.8.8:53 dns.google udp
US 13.107.3.254:443 s-ring.msedge.net tcp
US 8.8.8.8:53 dns.google udp
US 13.107.253.254:443 t-ring.msedge.net tcp
US 8.8.8.8:53 dns.google udp
US 13.107.12.254:443 c-ring.msedge.net tcp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
US 8.8.4.4:443 dns.google udp
NL 142.250.179.163:443 udp
US 204.79.197.222:443 fp.msedge.net tcp
US 204.79.197.200:443 www.bing.com tcp
US 8.8.8.8:53 dns.google udp
US 204.79.197.200:443 www.bing.com tcp
US 8.8.8.8:53 dns.google udp
US 204.79.197.200:443 www2.bing.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 13.107.12.254:443 c-ring.msedge.net tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
IN 52.140.48.131:443 d49e42c880572b13f33adb8eb621de64.clo.footprintdns.com tcp
US 13.107.253.254:443 t-ring.msedge.net tcp
US 8.8.8.8:53 dns.google udp
US 13.107.42.254:443 l-ring.msedge.net tcp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
NL 142.250.179.163:443 udp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google udp
NL 142.250.179.163:443 udp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
NL 142.250.179.163:443 udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google udp
NL 142.250.179.163:80 update.googleapis.com tcp
NL 142.250.179.163:443 udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google udp
NL 142.250.179.202:443 udp

Files

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 7bd7cb2ee623db5effb11919a9366f15
SHA1 3070a4ddd03b67d5b3cf7137c40866be2cebff63
SHA256 f1cb00994c79572be4d7fb91e38c2ff65227ded8166b68c1c2f1272f3f6cd43f
SHA512 96a957f29bf40bd818edfdb4ba70f8f0a8275e0374b9c7ae21eebc8fd8f4d290d7366d5a492ec0d99d9ad456eb852083b0bc50aa0677f4271277160c09af51fc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 7bd7cb2ee623db5effb11919a9366f15
SHA1 3070a4ddd03b67d5b3cf7137c40866be2cebff63
SHA256 f1cb00994c79572be4d7fb91e38c2ff65227ded8166b68c1c2f1272f3f6cd43f
SHA512 96a957f29bf40bd818edfdb4ba70f8f0a8275e0374b9c7ae21eebc8fd8f4d290d7366d5a492ec0d99d9ad456eb852083b0bc50aa0677f4271277160c09af51fc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 7bd7cb2ee623db5effb11919a9366f15
SHA1 3070a4ddd03b67d5b3cf7137c40866be2cebff63
SHA256 f1cb00994c79572be4d7fb91e38c2ff65227ded8166b68c1c2f1272f3f6cd43f
SHA512 96a957f29bf40bd818edfdb4ba70f8f0a8275e0374b9c7ae21eebc8fd8f4d290d7366d5a492ec0d99d9ad456eb852083b0bc50aa0677f4271277160c09af51fc

\??\pipe\crashpad_3228_GATSVWTXPEBLASWA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\crashpad_4072_DLBCOMQHOEKLIUWU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 7bd7cb2ee623db5effb11919a9366f15
SHA1 3070a4ddd03b67d5b3cf7137c40866be2cebff63
SHA256 f1cb00994c79572be4d7fb91e38c2ff65227ded8166b68c1c2f1272f3f6cd43f
SHA512 96a957f29bf40bd818edfdb4ba70f8f0a8275e0374b9c7ae21eebc8fd8f4d290d7366d5a492ec0d99d9ad456eb852083b0bc50aa0677f4271277160c09af51fc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 17e9549dd5ba1ccec3c80cf5363c3de4
SHA1 23d8265b634acf2a4424390b3f83081a135061ba
SHA256 4a1f85c05848f4bc766dc7a5d086a37aa4af425ce893521722eac76aa76bf64d
SHA512 f479a901dc55bf962898fbea429ed04cfd8fe86f00c690fc7661abafe1399ba462a0d62ca8ff0f911acfda6ef9ba9efc2ddb7c9d040ac3997464430d5433765e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 2167e53d9f3a7e3b29ded1bece216d77
SHA1 e48dbad9cc80a57e6865ea8b9f942c5c2af2f143
SHA256 07274ca3fb04bf0c3174e6f706e4e36c178fb4251b6d9063083e5ee7ce31d49c
SHA512 c8a16120ef447241dd70c65f98207e2d03fb1c9bfa627e2ee8c31c893ccde58ffff40ea2c9716a2ba6681622499645bf60bf82ba0b9322a4273992d89a746429

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 17e9549dd5ba1ccec3c80cf5363c3de4
SHA1 23d8265b634acf2a4424390b3f83081a135061ba
SHA256 4a1f85c05848f4bc766dc7a5d086a37aa4af425ce893521722eac76aa76bf64d
SHA512 f479a901dc55bf962898fbea429ed04cfd8fe86f00c690fc7661abafe1399ba462a0d62ca8ff0f911acfda6ef9ba9efc2ddb7c9d040ac3997464430d5433765e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Caches

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/4856-140-0x0000000000000000-mapping.dmp

C:\Users\Admin\Downloads\7z2107-x64.exe

MD5 49839f0c227b5f9399b59f6ae94a7c7b
SHA1 332620e2e360d471736d714f3f5781354702d9a1
SHA256 0b461f0a0eccfc4f39733a80d70fd1210fdd69f600fb6b657e03940a734e5fc1
SHA512 4d406ddd257a28ab1521e0e28c20699a764d7a3d3c3651e9b080cbdb6dae2f7c348452b2946a1e16b00424f67b769fe44c54a9b94e9124fa219bbe2a544ee82b

C:\Users\Admin\Downloads\7z2107-x64.exe

MD5 49839f0c227b5f9399b59f6ae94a7c7b
SHA1 332620e2e360d471736d714f3f5781354702d9a1
SHA256 0b461f0a0eccfc4f39733a80d70fd1210fdd69f600fb6b657e03940a734e5fc1
SHA512 4d406ddd257a28ab1521e0e28c20699a764d7a3d3c3651e9b080cbdb6dae2f7c348452b2946a1e16b00424f67b769fe44c54a9b94e9124fa219bbe2a544ee82b

C:\Users\Admin\Downloads\7z2107-x64.exe

MD5 49839f0c227b5f9399b59f6ae94a7c7b
SHA1 332620e2e360d471736d714f3f5781354702d9a1
SHA256 0b461f0a0eccfc4f39733a80d70fd1210fdd69f600fb6b657e03940a734e5fc1
SHA512 4d406ddd257a28ab1521e0e28c20699a764d7a3d3c3651e9b080cbdb6dae2f7c348452b2946a1e16b00424f67b769fe44c54a9b94e9124fa219bbe2a544ee82b

Analysis: behavioral1

Detonation Overview

Submitted

2022-03-24 13:27

Reported

2022-03-24 13:36

Platform

win7-20220310-en

Max time kernel

4294176s

Max time network

136s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\Win32\Backdoor.Win32.APT34.PoisonFrogC2.7z

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2932610838-281738825-1127631353-1000_CLASSES\7z_auto_file\shell\Read\command C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2932610838-281738825-1127631353-1000_Classes\Local Settings C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2932610838-281738825-1127631353-1000_CLASSES\7z_auto_file\ C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2932610838-281738825-1127631353-1000_CLASSES\.7z C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2932610838-281738825-1127631353-1000_CLASSES\7z_auto_file\shell\Read C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2932610838-281738825-1127631353-1000_CLASSES\7z_auto_file\shell C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2932610838-281738825-1127631353-1000_CLASSES\7z_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\AcroRd32.exe\" \"%1\"" C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2932610838-281738825-1127631353-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2932610838-281738825-1127631353-1000_CLASSES\7z_auto_file C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2932610838-281738825-1127631353-1000_CLASSES\.7z\ = "7z_auto_file" C:\Windows\system32\rundll32.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\Win32\Backdoor.Win32.APT34.PoisonFrogC2.7z

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Win32\Backdoor.Win32.APT34.PoisonFrogC2.7z

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe

"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Win32\Backdoor.Win32.APT34.PoisonFrogC2.7z"

Network

N/A

Files

memory/1628-54-0x000007FEFBA61000-0x000007FEFBA63000-memory.dmp

memory/288-76-0x0000000000000000-mapping.dmp

memory/1940-81-0x0000000000000000-mapping.dmp

memory/1940-82-0x0000000075CA1000-0x0000000075CA3000-memory.dmp