43f43bc1cabe913c58d9dc83503b4711eef4c7028098db545ea3e95849801eaa

max time kernel
26s
max time network
108s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
27-03-2023 18:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fighter.jpg
Size

7KB
MD5

b4ab5bbc090eb4ff916fbb48dc9d3a40
SHA1

b2c8e91298fd8ac51cab4228617db1b469641ab7
SHA256

43f43bc1cabe913c58d9dc83503b4711eef4c7028098db545ea3e95849801eaa
SHA512

edbd4475c6ccfbfe476727511e2546d41b7d039c133df200009c58cd6d350c0eff69d4f4db66f36011e3e9206e55a7e41919fd6342f639f48427dba08ecb791d
SSDEEP

192:uAkBa3UqVX8M08LcJYUaxm3ENPY3h9vY6MDiHbt:rkBa341haxmIY3DY6M2p

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

968 chrome.exe
968 chrome.exe

Suspicious use of AdjustPrivilegeToken 18 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

Processes:

rundll32.exechrome.exe

pid	process
1428	rundll32.exe
1428	rundll32.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exe

pid	process
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 968 wrote to memory of 472	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 472	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 472	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 556	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 556	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 556	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 556	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 556	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 556	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 556	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 556	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 556	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 556	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 556	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 556	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 556	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 556	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 556	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 556	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 556	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 556	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 556	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 556	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 556	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 556	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 556	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 556	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 556	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 556	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 556	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 556	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 556	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 556	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 556	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 556	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 556	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 556	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 556	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 556	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 556	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 556	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 556	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 688	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 688	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 688	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 604	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 604	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 604	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 604	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 604	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 604	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 604	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 604	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 604	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 604	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 604	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 604	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 604	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 604	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 604	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 604	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 604	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 604	968	chrome.exe	chrome.exe
PID 968 wrote to memory of 604	968	chrome.exe	chrome.exe

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\fighter.jpg
1⤵
- Suspicious use of FindShellTrayWindow
PID:1428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef70a9758,0x7fef70a9768,0x7fef70a9778
2⤵
PID:472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1184 --field-trial-handle=1252,i,2763297570618985581,12184112304531338114,131072 /prefetch:2
2⤵
PID:556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1476 --field-trial-handle=1252,i,2763297570618985581,12184112304531338114,131072 /prefetch:8
2⤵
PID:688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1612 --field-trial-handle=1252,i,2763297570618985581,12184112304531338114,131072 /prefetch:8
2⤵
PID:604

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2356 --field-trial-handle=1252,i,2763297570618985581,12184112304531338114,131072 /prefetch:1
2⤵
PID:1484

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2236 --field-trial-handle=1252,i,2763297570618985581,12184112304531338114,131072 /prefetch:1
2⤵
PID:1916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1416 --field-trial-handle=1252,i,2763297570618985581,12184112304531338114,131072 /prefetch:2
2⤵
PID:2096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1520 --field-trial-handle=1252,i,2763297570618985581,12184112304531338114,131072 /prefetch:1
2⤵
PID:2176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3800 --field-trial-handle=1252,i,2763297570618985581,12184112304531338114,131072 /prefetch:8
2⤵
PID:2196

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3920 --field-trial-handle=1252,i,2763297570618985581,12184112304531338114,131072 /prefetch:8
2⤵
PID:2236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3836 --field-trial-handle=1252,i,2763297570618985581,12184112304531338114,131072 /prefetch:1
2⤵
PID:2404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4296 --field-trial-handle=1252,i,2763297570618985581,12184112304531338114,131072 /prefetch:1
2⤵
PID:2516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4600 --field-trial-handle=1252,i,2763297570618985581,12184112304531338114,131072 /prefetch:1
2⤵
PID:2836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2404 --field-trial-handle=1252,i,2763297570618985581,12184112304531338114,131072 /prefetch:1
2⤵
PID:2360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3720 --field-trial-handle=1252,i,2763297570618985581,12184112304531338114,131072 /prefetch:1
2⤵
PID:2384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4736 --field-trial-handle=1252,i,2763297570618985581,12184112304531338114,131072 /prefetch:8
2⤵
PID:2400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4904 --field-trial-handle=1252,i,2763297570618985581,12184112304531338114,131072 /prefetch:8
2⤵
PID:2484

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5208 --field-trial-handle=1252,i,2763297570618985581,12184112304531338114,131072 /prefetch:1
2⤵
PID:2760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4644 --field-trial-handle=1252,i,2763297570618985581,12184112304531338114,131072 /prefetch:1
2⤵
PID:2172

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5052 --field-trial-handle=1252,i,2763297570618985581,12184112304531338114,131072 /prefetch:1
2⤵
PID:2628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5236 --field-trial-handle=1252,i,2763297570618985581,12184112304531338114,131072 /prefetch:1
2⤵
PID:916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6336 --field-trial-handle=1252,i,2763297570618985581,12184112304531338114,131072 /prefetch:8
2⤵
PID:2796

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6232 --field-trial-handle=1252,i,2763297570618985581,12184112304531338114,131072 /prefetch:8
2⤵
PID:2784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1940 --field-trial-handle=1252,i,2763297570618985581,12184112304531338114,131072 /prefetch:8
2⤵
PID:2876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4036 --field-trial-handle=1252,i,2763297570618985581,12184112304531338114,131072 /prefetch:8
2⤵
PID:2492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5040 --field-trial-handle=1252,i,2763297570618985581,12184112304531338114,131072 /prefetch:8
2⤵
PID:668

C:\Users\Admin\Downloads\python-3.11.2-amd64.exe
"C:\Users\Admin\Downloads\python-3.11.2-amd64.exe"
2⤵
PID:2224

C:\Windows\Temp\{D0C713FC-DBF6-402C-A9D2-FADC616B2E47}\.cr\python-3.11.2-amd64.exe
"C:\Windows\Temp\{D0C713FC-DBF6-402C-A9D2-FADC616B2E47}\.cr\python-3.11.2-amd64.exe" -burn.clean.room="C:\Users\Admin\Downloads\python-3.11.2-amd64.exe" -burn.filehandle.attached=180 -burn.filehandle.self=188
3⤵
PID:2264

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" C:\Users\Admin\AppData\Local\Temp\Python 3.11.2 (64-bit)_20230327202322.log
4⤵
PID:2936

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1236

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
f731085a9e6ec681320284c1260716ed

SHA1
6c8a46ccfb4685440915a308e7d2eb551d770e53

SHA256
2cc4b95f69f190dec5230922170a855810e118e0ea09b895e9c8a00052a44fc3

SHA512
2495666f3edd5051850a36bfb7adace6034ce2f98bbe6bc2bd34a44a939fdaa1a711cc296b98caac56e8f03d36871579e974c1557fdf89cd1a8bcbc3bb65f763

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
Filesize
37KB

MD5
47ae9b25af86702d77c7895ac6f6b57c

SHA1
f56f78729b99247a975620a1103cac3ee9f313a5

SHA256
9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224

SHA512
72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000004.dbtmp
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
8234a4bf826f78c75e648e39c9086886

SHA1
ca579b6f5b5bcf147aa60cd3bda9dd893f514047

SHA256
540e4b186af18651a3d0f6448ef31557161df93f72c89f28b9769573b0626d02

SHA512
9b4ebaf4e7638e38b40c7e4ea220a5d8e66a45fda37a2e79a9c0c7eec649c3e299274cd95663714156e0af952a93f61d262c139fcb1fc10bdef3810a475674c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
8a298fc81f188d1efb5f987764519394

SHA1
d43221c3b3e2439cdd68a0b307831df1c178468b

SHA256
6bda28543a021d1962c3654470dfa9d5730f4f000f1f4a5c3c141ce86abbef8d

SHA512
85d539aea7432997159b4b8f20ff5c0b9cd6ba789dbd62c0142b782d0062514fc3ffc4c6f0e13765783abf8489bcf06ba3668140e79a43dfedcda3458b3fa9fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
527B

MD5
dec3611f1eaf6b06410c8cee0cf88f2b

SHA1
78b03fcf14f14439da31772a3d2023ef15a6ed51

SHA256
7ca61b64b438d8543a4fd7fd4bae92d70f431e365112ee4e137feb5f7bd5ce0f

SHA512
177ea5224d25dbf076d4acb4f621248d40c9cbfb7975619131f4cc85cf8cb9d8b26b0e14db2b6beb2714cd6042780e7225dfe9d1f0ed3c51c4e64bd2dd00abd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
fb385bd6dffd626f38d289fc9c559592

SHA1
27b20258fca53f25409b6b09000af70ae8b1de49

SHA256
9b19e67f36adf432bc620c492e2653d15ad665073d2574cd51dbafa7e11f4c53

SHA512
cc2c8731c383f1259a16d5ded3873232cd5ad33c36a70ecad53233ce3abcb3b050202472f2c4b87e3cd7891a497b3ee09e3185056715caee8d3478fdd712bbfd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
4KB

MD5
22c19171b63b6bb177116938f68e5e2c

SHA1
9b685335d27006264497737f0457838f1c883922

SHA256
45ee476443dae402950a7b03b93c3806105df7083489aa1bab360def2faf648f

SHA512
f2769daef3dde23536d2850642b4aa456be18756501322d7d860adb7e9c25d325daf190ed446963078b7c380cb765922ee1fe2a4489d88f7f932cdd4d8635b6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
d27cd112c52d37f2360ee3f7cf729eec

SHA1
630d6528878c0526dce5f88177fc343f63c69821

SHA256
9470b1ca55cc201b898c89a4c191670fde9ac0683023b87b6d994d557cc2afc3

SHA512
68754f3d36cace16b7cdabaeb7a4c4d8b136f024c1cde0ed008c8f98364792fc6316a0eb7d2c61bbe63a229338187bb72acfab6b734fb4f4b416ee9b340e5348

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
4KB

MD5
969fc1a04d89052a9a99f69a26243eec

SHA1
f51713c2a6e2d0344b28c2a1c73cdda75c818a38

SHA256
0bc18be3fcca54dba4f391954be6583634c7058ad676793847739d3f5894b8ce

SHA512
4035c00546416f22f3887050724eb5dd960384263bb473511fcf4f2080ddfd2f42f6c521f206c8c57d1a64e8e3593dcbb4bf24930c4ec454b6ac9466f79d8cc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
4KB

MD5
e41051a4b154b35cfe20b34ca57c320b

SHA1
1652b6fd3fcdc1e694537aee73d0b3db84d22d7f

SHA256
c6b684093555a73a7159ee77108190d0358edaedbd7421ebe7a6116d0fa67037

SHA512
9ac07e365eb4214e9d6a18ddf2d3bc44c9051c7dc0c7c29a2c685092299b4107a8add92f33f3d61877ee0d4fc25650c4489727f3847021a26373c22f315481f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
5d0228a08809e3dc600b6b3fcc58b45f

SHA1
0f4dcd687db7b4d9bf548b565f6809974175e8e6

SHA256
10335af647ca201028fb036805515cbb5b3a1111d07c5422e0f6389ddbb97c4c

SHA512
de343fe7caa9d0c644b116b9d140a235fb32a5b610b9365324b197811eea80a6c8c24033c763786e498814e59712bd3dc3a088884ba7a4c83d041eebfc666838

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
144KB

MD5
252605973600f1c8b5f662c6ff44e0b2

SHA1
6548a8a758b88593accd1d78b4ddf9eccb587f05

SHA256
aaaf7e3e9b318307775bd9bce7ee374c6c25fd30853cdd01b8d3f105397ebf98

SHA512
6974aa9cb6fa064437841ec9f22fdf21fcef3ee689cefcc76bfc0384248e8046061d0eb1a9d1cc2e6523cc627068c90fde56c7142bea3a1f862163ce39a50119

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
144KB

MD5
e727079694429a83ea758f1798429c7f

SHA1
5dd1029172cfef4274b3fe11bc0a468b9a0045f1

SHA256
09d3f036b7662d81bcc925438d4f2bc408781c0d1b34ab3717a0d3b3a2ca59b5

SHA512
5ae40b7b37f242f41545cd517c9eed80e8aee1070dc4e3c4efa5eda03f00420c76a94384709c96db27b0fc57f33efc963806e5ac6d5b3f606543a40d4f4a9cff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Python 3.11.2 (64-bit)_20230327202322.log
Filesize
6KB

MD5
e5aeae9119766cc18f03ba8047b9ab0d

SHA1
6b400b4fb2a55252b70d6d5f9944b430801232b5

SHA256
389d5f290d4cda545a831467b34f33493df4b2d7f4095e461117fa08fdaa399a

SHA512
d86eab78406776fc8137bb0e3e3b5d776880eecbbdb30fe0c800127ed4f84ef878af2794d3771959ff4e12808381bfd03b6adb58b4f722490891a55a7ad72d64

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarCBFE.tmp
Filesize
161KB

MD5
be2bec6e8c5653136d3e72fe53c98aa3

SHA1
a8182d6db17c14671c3d5766c72e58d87c0810de

SHA256
1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

SHA512
0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

Download Submit
C:\Users\Admin\Downloads\python-3.11.2-amd64.exe
Filesize
24.2MB

MD5
4331ca54d9eacdbe6e97d6ea63526e57

SHA1
374c03f9f9e14b716f616a02c75ae3833930c8f6

SHA256
ebffd8b4b09a27238423cffc17ed9d5f25f0bafaf1ca133791fc3ec5e3f31f63

SHA512
2b04b196f1115f42375e623a35edeb71565dfd090416b22510ec0270fefe86f7d397a98aabbe9ebfe3f6a355fe25c487a4875d4252027d0a61ccb64cacd7631d

Download Submit
C:\Users\Admin\Downloads\python-3.11.2-amd64.exe
Filesize
24.2MB

MD5
4331ca54d9eacdbe6e97d6ea63526e57

SHA1
374c03f9f9e14b716f616a02c75ae3833930c8f6

SHA256
ebffd8b4b09a27238423cffc17ed9d5f25f0bafaf1ca133791fc3ec5e3f31f63

SHA512
2b04b196f1115f42375e623a35edeb71565dfd090416b22510ec0270fefe86f7d397a98aabbe9ebfe3f6a355fe25c487a4875d4252027d0a61ccb64cacd7631d

Download Submit
C:\Users\Admin\Downloads\python-3.11.2-amd64.exe
Filesize
24.2MB

MD5
4331ca54d9eacdbe6e97d6ea63526e57

SHA1
374c03f9f9e14b716f616a02c75ae3833930c8f6

SHA256
ebffd8b4b09a27238423cffc17ed9d5f25f0bafaf1ca133791fc3ec5e3f31f63

SHA512
2b04b196f1115f42375e623a35edeb71565dfd090416b22510ec0270fefe86f7d397a98aabbe9ebfe3f6a355fe25c487a4875d4252027d0a61ccb64cacd7631d

Download Submit
C:\Windows\Temp\{10D29819-8377-4419-A458-B1253FB8CFE1}\.ba\SideBar.png
Filesize
50KB

MD5
888eb713a0095756252058c9727e088a

SHA1
c14f69f2bef6bc3e2162b4dd78e9df702d94cdb4

SHA256
79434bd1368f47f08acf6db66638531d386bf15166d78d9bfea4da164c079067

SHA512
7c59f4ada242b19c2299b6789a65a1f34565fed78730c22c904db16a9872fe6a07035c6d46a64ee94501fbcd96de586a8a5303ca22f33da357d455c014820ca0

Download Submit
C:\Windows\Temp\{D0C713FC-DBF6-402C-A9D2-FADC616B2E47}\.cr\python-3.11.2-amd64.exe
Filesize
858KB

MD5
f39d8ce9407fb9fa2691e3a37ef91394

SHA1
13abe8d639aa7d1d3c16d08f85dc413cf6828406

SHA256
2f56a99e06ef25f5ef6d14a9a3dd250f9582a73ee1b6ff3033cf515fa25f9aac

SHA512
a9089ac393d3b53d0d393392e2a06a37275277bf4e4fc332f00c031e922ecd8648520dc35c53856c957331b5c1fb37de94c19e688e7f149f91941b4ee1216e5f

Download Submit
C:\Windows\Temp\{D0C713FC-DBF6-402C-A9D2-FADC616B2E47}\.cr\python-3.11.2-amd64.exe
Filesize
858KB

MD5
f39d8ce9407fb9fa2691e3a37ef91394

SHA1
13abe8d639aa7d1d3c16d08f85dc413cf6828406

SHA256
2f56a99e06ef25f5ef6d14a9a3dd250f9582a73ee1b6ff3033cf515fa25f9aac

SHA512
a9089ac393d3b53d0d393392e2a06a37275277bf4e4fc332f00c031e922ecd8648520dc35c53856c957331b5c1fb37de94c19e688e7f149f91941b4ee1216e5f

Download Submit
\??\pipe\crashpad_968_WMYSDPKWHYDFHSZO
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\Windows\Temp\{10D29819-8377-4419-A458-B1253FB8CFE1}\.ba\PythonBA.dll
Filesize
674KB

MD5
82cfee3fa89dfbe35582ad3d2af5b07f

SHA1
3d97230dbd07f8fffcf2c74d8fb281bfc2cf2f74

SHA256
e6e970c8010a60470244a25989829dd292f14891cd146eae2b6c478fd290ff7a

SHA512
95810561d1a2eb597796df5eaec35934c1a4c2278448c358d3c8b0bca97559d90a886be2b2ca81d187a3bbebf72969ca19c7b16230c9b2328cb978f2862a7915

Download Submit
\Windows\Temp\{D0C713FC-DBF6-402C-A9D2-FADC616B2E47}\.cr\python-3.11.2-amd64.exe
Filesize
858KB

MD5
f39d8ce9407fb9fa2691e3a37ef91394

SHA1
13abe8d639aa7d1d3c16d08f85dc413cf6828406

SHA256
2f56a99e06ef25f5ef6d14a9a3dd250f9582a73ee1b6ff3033cf515fa25f9aac

SHA512
a9089ac393d3b53d0d393392e2a06a37275277bf4e4fc332f00c031e922ecd8648520dc35c53856c957331b5c1fb37de94c19e688e7f149f91941b4ee1216e5f

Download Submit
memory/1428-54-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download