Malware Analysis Report

2025-04-03 09:43

Sample ID 230405-ylp2wabc2x
Target a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9.zip
SHA256 19363b70d7ccdbf10eb7633628f1e0d08fb0f85cff897fd758cf2b61c93abd81
Tags
systembc trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

19363b70d7ccdbf10eb7633628f1e0d08fb0f85cff897fd758cf2b61c93abd81

Threat Level: Known bad

The file a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9.zip was found to be: Known bad.

Malicious Activity Summary

systembc trojan

Systembc family

SystemBC

Executes dropped EXE

Drops file in Windows directory

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Suspicious use of FindShellTrayWindow

Modifies data under HKEY_USERS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-04-05 19:52

Signatures

Systembc family

systembc

Analysis: behavioral2

Detonation Overview

Submitted

2023-04-05 19:52

Reported

2023-04-05 19:56

Platform

win10v2004-20230220-en

Max time kernel

195s

Max time network

201s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9.exe"

Signatures

SystemBC

trojan systembc

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133252052291863213" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4740 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4740 wrote to memory of 548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9.exe

"C:\Users\Admin\AppData\Local\Temp\a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff90f4c9758,0x7ff90f4c9768,0x7ff90f4c9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 --field-trial-handle=1832,i,6986312130113181635,4053376214327080810,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1832,i,6986312130113181635,4053376214327080810,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1408 --field-trial-handle=1832,i,6986312130113181635,4053376214327080810,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3212 --field-trial-handle=1832,i,6986312130113181635,4053376214327080810,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3340 --field-trial-handle=1832,i,6986312130113181635,4053376214327080810,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4580 --field-trial-handle=1832,i,6986312130113181635,4053376214327080810,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4720 --field-trial-handle=1832,i,6986312130113181635,4053376214327080810,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4896 --field-trial-handle=1832,i,6986312130113181635,4053376214327080810,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4936 --field-trial-handle=1832,i,6986312130113181635,4053376214327080810,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 --field-trial-handle=1832,i,6986312130113181635,4053376214327080810,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 --field-trial-handle=1832,i,6986312130113181635,4053376214327080810,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5084 --field-trial-handle=1832,i,6986312130113181635,4053376214327080810,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3816 --field-trial-handle=1832,i,6986312130113181635,4053376214327080810,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5136 --field-trial-handle=1832,i,6986312130113181635,4053376214327080810,131072 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9.exe

C:\Users\Admin\AppData\Local\Temp\a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9.exe start

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3820 --field-trial-handle=1832,i,6986312130113181635,4053376214327080810,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3232 --field-trial-handle=1832,i,6986312130113181635,4053376214327080810,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3240 --field-trial-handle=1832,i,6986312130113181635,4053376214327080810,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=940 --field-trial-handle=1832,i,6986312130113181635,4053376214327080810,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3980 --field-trial-handle=1832,i,6986312130113181635,4053376214327080810,131072 /prefetch:8

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9\" -spe -an -ai#7zMap25031:190:7zEvent12167

C:\Users\Admin\Downloads\a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9\a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9.exe

"C:\Users\Admin\Downloads\a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9\a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5800 --field-trial-handle=1832,i,6986312130113181635,4053376214327080810,131072 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 84.150.43.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 167.129.198.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 assets.msn.com udp
GB 184.28.198.211:443 assets.msn.com tcp
US 8.8.8.8:53 211.198.28.184.in-addr.arpa udp
US 8.8.8.8:53 99.113.223.173.in-addr.arpa udp
US 8.8.8.8:53 42.220.44.20.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 250.255.255.239.in-addr.arpa udp
US 8.8.8.8:53 0.77.109.52.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 170.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 138.238.32.23.in-addr.arpa udp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 240.232.229.192.in-addr.arpa udp
US 8.8.8.8:53 5.233.140.95.in-addr.arpa udp
US 8.8.8.8:53 163.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
NL 172.217.168.206:443 apis.google.com tcp
US 8.8.8.8:53 206.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 42.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
NL 142.251.36.46:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 46.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 bazaar.abuse.ch udp
US 151.101.2.49:443 bazaar.abuse.ch tcp
US 8.8.8.8:53 49.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 210.108.222.173.in-addr.arpa udp
NL 172.217.168.206:443 apis.google.com udp
US 8.8.8.8:53 play.google.com udp
NL 142.250.179.206:443 play.google.com tcp
NL 142.250.179.206:443 play.google.com udp
US 8.8.8.8:53 130.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 206.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 200.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 254.136.241.8.in-addr.arpa udp
US 8.8.8.8:53 126.131.241.8.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
NL 142.251.36.42:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 42.36.251.142.in-addr.arpa udp
RO 185.198.56.2:4171 tcp
US 8.8.8.8:53 2.56.198.185.in-addr.arpa udp
US 93.184.221.240:80 tcp
US 93.184.221.240:80 tcp
US 93.184.221.240:80 tcp
NL 142.251.36.42:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 216.58.208.99:443 beacons.gcp.gvt2.com tcp
GB 216.58.208.99:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 e2c14.gcp.gvt2.com udp
US 8.8.8.8:53 99.208.58.216.in-addr.arpa udp
BE 35.240.1.200:443 e2c14.gcp.gvt2.com tcp
US 8.8.8.8:53 200.1.240.35.in-addr.arpa udp
US 8.8.8.8:53 beacons3.gvt2.com udp
GB 216.58.208.99:443 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp

Files

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 51bf86678757b7d65995666a2774c0f2
SHA1 a5bd413bf0046e4dddcda5b83d3c1f57c6136a13
SHA256 703e06d65919c2587706c1174651b9ef01acfb58c2e7a0263490db1c9ed39caa
SHA512 f15f022a2bb2f7bd7a85a09ef3b779574e960724045215a4c7d84efa95c49d64ebe72eefecde97959a90ae7a35c23680817d1a1f61b88b5dc1cf54683c5aa0a4

\??\pipe\crashpad_4740_JYUUNQPCGWDMSBKZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f0dc66a92d28facb04db910f8a91f3ad
SHA1 87b2c314d3f629bf22a84ad3f7ac090f38175316
SHA256 7348a52cc2d7736edf4acc08c8989a49883908692c84a6ba12df8d8dfd228fb5
SHA512 7434f93835d26122619e8eb70c79632d52932329557675f445970f50d0e0c7bb97fafda0dd688290f8268c7306f1578882b3842ead012ebd344b21ee6584f752

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1e852eb1e26daf5eb73156e9225130f9
SHA1 431e269e0ae209c1685f1fc12225790ce812e81a
SHA256 a3c732a347f926fdc7ef20514150ff12a705499ce5f290088b23bfad3dfc99bc
SHA512 9152f336901e99e13e32b3a42d7f103d4c92c347f23e011b0af595a5895724f08db0854fc0b16c4f593f0d5a1c92f6b5570b51b1853940ff180e8c83e194e389

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 261c2147428b9698022934ed615f5426
SHA1 dbbecaceb8c35598b2bc81fcb6f2fc120d103094
SHA256 a749e9c6e358578260badb757349c2c7ed59426d756bee6ed3f34d1632518938
SHA512 b99b7ef457eb7169199d15bf70e17f72c565593507e13b4496976790ba53eab45f781c9e5cb5c0dd83acdc06f7fb8ffeb39fed7d307cd6790863195aba245e1b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8a03b3f4b0bbad857c55237656cefb9c
SHA1 3193498fa246d92d58a39ed2469def770331b375
SHA256 79a3c302ec6be23141730f271a460816a21f5285e72ff7b8c46457b081de978a
SHA512 94cda64ee468115b31aee3cb681a85cdedcc5ae1911fdb2ea840b5c16e888c3cef1d1a443d44c50b723d844b501e41b85243a0cd6a80efa6cb869f88fca75bf6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 68905cde7b78ce9ef3f08794b94127b6
SHA1 7b2c0764bd7f72a3858f14d1fe054c1a41e013ba
SHA256 d94d540822116ad906a5d1f8f0970e22d519e4c85161212617a2d0642baa7ee7
SHA512 f916e0561e1735d09b049f9c23c3dc606fb8084a673abeff274beb539dbb1e7cdb83c2c196a44e76b2e466dfddd299b2b85fdb388144e36489946525d07c5ec2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e1c7b83232c9dece215e6a013b4c5376
SHA1 24425346d93b42fb07711b3a6a9753bb2f2b3319
SHA256 e48c81c1dbe733104682419535d9f6fb92dfd082224604048b428b0a1645d153
SHA512 f6c063a6277b8e6a98546a6b510179cd8b8896a8b739722866cd7c181a5eaa9810940faf46d380ecea47f6fb7baabf31a70ab54faf9219fe3e64262c69c57efc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0118a625439aeda2ea5123983de7d92d
SHA1 0a0f0f2e2aff70742fb49ad1717ca0c15bc7d6b3
SHA256 5f3c2543f8d6d23e7106dfda4eb7775c3796b0520810fb35ac1dda7646ee21b1
SHA512 9f4555d979d133011a4109d35a0c4e28f29d377756d5bf097aef651f828771f5b0155e6a239aae9d0653ec5be1c975791237443ab342ccedba753b420ba0d7a7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

MD5 3b5537dce96f57098998e410b0202920
SHA1 7732b57e4e3bbc122d63f67078efa7cf5f975448
SHA256 a1c54426705d6cef00e0ae98f5ad1615735a31a4e200c3a5835b44266a4a3f88
SHA512 c038c334db3a467a710c624704eb5884fd40314cd57bd2fd154806a59c0be954c414727628d50e41cdfd86f5334ceefcf1363d641b2681c1137651cbbb4fd55d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

MD5 b81d6636c3ad72c63e532e5180eaf7f9
SHA1 ddcd059999fff6218e98af62dbe3fa9c885a0de8
SHA256 2fb4351c49b47b7cdaa9516237a8b1e690e4448339d09d70a84c658729e461ef
SHA512 4f0b87bbf60061a8efca4906554f958b7c28cf582452e01a8316d8c5ea8c98beda6c3230afff207f0b92d316c4c2e0ca1b4631e7d7364344b4a76394115af06b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7254070c93bf3272314cdaeaf8fb5b8e
SHA1 1d724bf7ce99f71ab60b8df77afd3bc052f12b47
SHA256 77ef52405224153de7808133ff39254e30225e02140f03098494a152dcf8d147
SHA512 d74fb0e536e13bc6be1713f5d347fb3db02c0dcf37904e35f9ceaf92705a926b85175c0eef7cf72929ba7c7ae0e9dc9f4e2e45defd6ebf61690d293f6c33b456

C:\Users\Admin\Downloads\a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9.zip

MD5 d494f04b1ac2db7fe20ee1f314f96c5b
SHA1 21dadf43d21e7341ab8b635ce055bf0a5dca2fe4
SHA256 de914d46c6d1fc285229ed051e14011d52e24a9322f70211db9dbede19918977
SHA512 c663289dc73b969df052961bafc60ecc1be1c1d1bd479b3fccd1a0bfb67da6b029383f632f83a4f4e46965cdcdabc28ff81d59eee885b1d446230d25158e388a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 468d3970184938f0272d6702245bfb11
SHA1 e411d02b549113f5717a3cc7a83d4fa4b9bca698
SHA256 9c9c359bda2dfbfe008fe85475fcc4ea7f37ce668ad2e7824624a7fcffb962b6
SHA512 87a1d3c2e78c985cd98d94538704df81fcd47aa3b014e772ba5aa70f6353db8b7b463e41d6454f6e92ba64c9633fe30b7efcc80738c2a38893c756afabc28a64

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b24b8e6f-58b1-4035-9dce-fe9eecfbee1d.tmp

MD5 4032a30f729619f228a00e2eb795d7b7
SHA1 a271d024e26b85b3d4ecd34fd214d96a3a0ad06c
SHA256 1084cbad50e8f9d3e59f331a18f10dfe09b4d60d8bc6589aeb36bb2f408e7cf6
SHA512 4e487c8fb027b10ca46057e72cbec0791852cff7e98baff237233fede6e485b573c6b2a9dc89eb394c08c70483affb310b04c4e77980965ee75003b3f9977a3a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 d3d794e96e158abe952379fed8b127c1
SHA1 3cdc910de4936fd515f1667bf6552ddfd8de0bb5
SHA256 8ba8325b31c75a01b5b1a2d737799871f74636d669dba77e5423e43014dd95d6
SHA512 1a6ea8c446784a200524c30d46d6e441939372fa6021fb84ab0ccc8e75668023516b99f16d2f9358d21ed69e1d1d9c93184c8de9e3819d5fa64a6c1a41556cea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe580f5d.TMP

MD5 ef15ee2bc7b7c45f4b0d8f7b4f14dacf
SHA1 d33fc93c9b58972f2b90fe30517e54f76680f3b7
SHA256 9a807e657f67a49728ba5c019321823dee50acecae87ae1824072d06177ea236
SHA512 beb792929e4303fc813238e8f4b5e54809dd12929fbec5254ef832a54a9c52362454f879d8f819cc7c65b057416ff07e297fabfa0fa2c76d956e130566f2d61a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 bee9bba62a23cb8689747f18935e3ae0
SHA1 b21719e9a3707f2efd0304d5cd9d651cc9ff538f
SHA256 4545f44e3d19ac9a0b7f3c219eb19d5f8d403779ab5ba253d11c10c717c9c2a6
SHA512 da16f5ecfb349b76bf55a187723d12c6f02accc21b3c37bebb3d444bee57bece9c74c8009581f001b3ec3b31e06f4eb6dd4aa233684007dac8a90a9c7644e981

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 32a8ebf5efe9a8538b41740efb475140
SHA1 1aecfee5f435f3d74415c8838c28e2b399e12029
SHA256 5aa0d7e12757ebfa4f41d5f66031b3bd2d7bf1be92891b409212e986906a89e6
SHA512 131d65831ea8f0ccea07e12ed6d53eba504007c45429ba27839a4e80d505fbd74a293d61a689cb10fc8017e823ad92e840e539aebbd8a9b1be7268dfcb62756a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c490a7dba4053c0d53483cce9fac5c3a
SHA1 9ef2bba8cf3f44bcf16b1ce43361431dd66392a7
SHA256 82b775bd1c15a8b00e4a0dca301920312106f319ad632d32c7bfd5a30445cdde
SHA512 bffccd714b171f508d564ff4dda3433457383063cc7dd6b61273e215b36aa77c68bc2da8609634187fc4158ffa701b598beb826ccde43955f42b9af430c33fd4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 51380d0a331a0c7f38b983b58bc86c45
SHA1 6fe15516dab51c46914aa8a3aee1a9340675629a
SHA256 c9ce169836e91e6bd75a9e87cb41c59dd44a026eac4c549c9292c60e76eb8dd2
SHA512 6e3fb55202088cebb4ab64758682b5a01c4edb4b09ca142b536e5dcde4121dee4891f258fe35180b3074bde74389accc96b40cc7e55f7f1f1a82098c16cba2c8

C:\Users\Admin\Downloads\a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9.zip

MD5 d494f04b1ac2db7fe20ee1f314f96c5b
SHA1 21dadf43d21e7341ab8b635ce055bf0a5dca2fe4
SHA256 de914d46c6d1fc285229ed051e14011d52e24a9322f70211db9dbede19918977
SHA512 c663289dc73b969df052961bafc60ecc1be1c1d1bd479b3fccd1a0bfb67da6b029383f632f83a4f4e46965cdcdabc28ff81d59eee885b1d446230d25158e388a

C:\Users\Admin\Downloads\a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9\a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9.exe

MD5 489e088030eae6acf86c690cb42352b4
SHA1 943a6abb8d2ff25ae6b54c953b211879328a5123
SHA256 a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9
SHA512 78e7d85f57f0b85a71c617d4bea8783b433340a006756064181745a85b3de8d49f66ca3b460414406d1e83b525134aba0f6451c53b95f5ed482604c8395e6b99

C:\Users\Admin\Downloads\a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9\a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9.exe

MD5 489e088030eae6acf86c690cb42352b4
SHA1 943a6abb8d2ff25ae6b54c953b211879328a5123
SHA256 a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9
SHA512 78e7d85f57f0b85a71c617d4bea8783b433340a006756064181745a85b3de8d49f66ca3b460414406d1e83b525134aba0f6451c53b95f5ed482604c8395e6b99

C:\Windows\Tasks\wow64.job

MD5 ed66f8f7c249f3373a07f0f053844bb2
SHA1 7de3e56fc3a6600fe979e95d829e9ef131110ba5
SHA256 afcbb68cc71343c13774a10d74a9a739e8661b2f068beabf8ed1266ab966c18b
SHA512 be5dcab2dd0e39b81533d29fdcb8d20020d64222dcaf16523a8d0e1ffc8b5b8ae89108be4ffd29628ee8b877554ed2105f3de555336c3cd0782a16578a4e4be7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 15fa306707002f1055178ba444a890e9
SHA1 09eeab396c087f5c1e5a513fa981d52b7a6451c9
SHA256 236e665568187db2335eb3df93260151f1a1d37527d7de296f495c8aaac80e65
SHA512 15740a878372c26ae44a08ddeec7a3f593cebf43873281014a013d927613ea3be025608d1b572735855d6bdcb37d111d107e10e52520868ee57d43f1642f3545

Analysis: behavioral1

Detonation Overview

Submitted

2023-04-05 19:52

Reported

2023-04-05 19:55

Platform

win7-20230220-en

Max time kernel

79s

Max time network

141s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9.exe

"C:\Users\Admin\AppData\Local\Temp\a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9.exe"

C:\Windows\system32\taskeng.exe

taskeng.exe {C2AE5A8C-5AA8-47E7-9C04-D4DB3F35E8BA} S-1-5-18:NT AUTHORITY\System:Service:

C:\Users\Admin\AppData\Local\Temp\a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9.exe

C:\Users\Admin\AppData\Local\Temp\a21619b981f4e2b4a1858f0457b42491ef99688278816a66e0652d745e110bb9.exe start

Network

Country Destination Domain Proto
RO 185.198.56.2:4171 tcp

Files

N/A