hxxps://telegra[.]ph/Privat-Soft-2023-03-06

Analysis

max time kernel
151s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
11-04-2023 18:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://telegra.ph/Privat-Soft-2023-03-06

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133257189840242110"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1888	chrome.exe
1888	chrome.exe
4580	chrome.exe
4580	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1888 wrote to memory of 3300	1888	chrome.exe	83
PID 1888 wrote to memory of 3300	1888	chrome.exe	83
PID 1888 wrote to memory of 228	1888	chrome.exe	85
PID 1888 wrote to memory of 228	1888	chrome.exe	85
PID 1888 wrote to memory of 228	1888	chrome.exe	85
PID 1888 wrote to memory of 228	1888	chrome.exe	85
PID 1888 wrote to memory of 228	1888	chrome.exe	85
PID 1888 wrote to memory of 228	1888	chrome.exe	85
PID 1888 wrote to memory of 228	1888	chrome.exe	85
PID 1888 wrote to memory of 228	1888	chrome.exe	85
PID 1888 wrote to memory of 228	1888	chrome.exe	85
PID 1888 wrote to memory of 228	1888	chrome.exe	85
PID 1888 wrote to memory of 228	1888	chrome.exe	85
PID 1888 wrote to memory of 228	1888	chrome.exe	85
PID 1888 wrote to memory of 228	1888	chrome.exe	85
PID 1888 wrote to memory of 228	1888	chrome.exe	85
PID 1888 wrote to memory of 228	1888	chrome.exe	85
PID 1888 wrote to memory of 228	1888	chrome.exe	85
PID 1888 wrote to memory of 228	1888	chrome.exe	85
PID 1888 wrote to memory of 228	1888	chrome.exe	85
PID 1888 wrote to memory of 228	1888	chrome.exe	85
PID 1888 wrote to memory of 228	1888	chrome.exe	85
PID 1888 wrote to memory of 228	1888	chrome.exe	85
PID 1888 wrote to memory of 228	1888	chrome.exe	85
PID 1888 wrote to memory of 228	1888	chrome.exe	85
PID 1888 wrote to memory of 228	1888	chrome.exe	85
PID 1888 wrote to memory of 228	1888	chrome.exe	85
PID 1888 wrote to memory of 228	1888	chrome.exe	85
PID 1888 wrote to memory of 228	1888	chrome.exe	85
PID 1888 wrote to memory of 228	1888	chrome.exe	85
PID 1888 wrote to memory of 228	1888	chrome.exe	85
PID 1888 wrote to memory of 228	1888	chrome.exe	85
PID 1888 wrote to memory of 228	1888	chrome.exe	85
PID 1888 wrote to memory of 228	1888	chrome.exe	85
PID 1888 wrote to memory of 228	1888	chrome.exe	85
PID 1888 wrote to memory of 228	1888	chrome.exe	85
PID 1888 wrote to memory of 228	1888	chrome.exe	85
PID 1888 wrote to memory of 228	1888	chrome.exe	85
PID 1888 wrote to memory of 228	1888	chrome.exe	85
PID 1888 wrote to memory of 228	1888	chrome.exe	85
PID 1888 wrote to memory of 4036	1888	chrome.exe	86
PID 1888 wrote to memory of 4036	1888	chrome.exe	86
PID 1888 wrote to memory of 1828	1888	chrome.exe	87
PID 1888 wrote to memory of 1828	1888	chrome.exe	87
PID 1888 wrote to memory of 1828	1888	chrome.exe	87
PID 1888 wrote to memory of 1828	1888	chrome.exe	87
PID 1888 wrote to memory of 1828	1888	chrome.exe	87
PID 1888 wrote to memory of 1828	1888	chrome.exe	87
PID 1888 wrote to memory of 1828	1888	chrome.exe	87
PID 1888 wrote to memory of 1828	1888	chrome.exe	87
PID 1888 wrote to memory of 1828	1888	chrome.exe	87
PID 1888 wrote to memory of 1828	1888	chrome.exe	87
PID 1888 wrote to memory of 1828	1888	chrome.exe	87
PID 1888 wrote to memory of 1828	1888	chrome.exe	87
PID 1888 wrote to memory of 1828	1888	chrome.exe	87
PID 1888 wrote to memory of 1828	1888	chrome.exe	87
PID 1888 wrote to memory of 1828	1888	chrome.exe	87
PID 1888 wrote to memory of 1828	1888	chrome.exe	87
PID 1888 wrote to memory of 1828	1888	chrome.exe	87
PID 1888 wrote to memory of 1828	1888	chrome.exe	87
PID 1888 wrote to memory of 1828	1888	chrome.exe	87
PID 1888 wrote to memory of 1828	1888	chrome.exe	87
PID 1888 wrote to memory of 1828	1888	chrome.exe	87
PID 1888 wrote to memory of 1828	1888	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://telegra.ph/Privat-Soft-2023-03-06
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffec8919758,0x7ffec8919768,0x7ffec8919778
  2⤵
  PID:3300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 --field-trial-handle=1832,i,17871565914988619807,10550217981608476898,131072 /prefetch:2
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1832,i,17871565914988619807,10550217981608476898,131072 /prefetch:8
  2⤵
  PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1832,i,17871565914988619807,10550217981608476898,131072 /prefetch:8
  2⤵
  PID:1828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3148 --field-trial-handle=1832,i,17871565914988619807,10550217981608476898,131072 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3160 --field-trial-handle=1832,i,17871565914988619807,10550217981608476898,131072 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5052 --field-trial-handle=1832,i,17871565914988619807,10550217981608476898,131072 /prefetch:8
  2⤵
  PID:3120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4632 --field-trial-handle=1832,i,17871565914988619807,10550217981608476898,131072 /prefetch:8
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=2180 --field-trial-handle=1832,i,17871565914988619807,10550217981608476898,131072 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4676 --field-trial-handle=1832,i,17871565914988619807,10550217981608476898,131072 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1596 --field-trial-handle=1832,i,17871565914988619807,10550217981608476898,131072 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4992 --field-trial-handle=1832,i,17871565914988619807,10550217981608476898,131072 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=748 --field-trial-handle=1832,i,17871565914988619807,10550217981608476898,131072 /prefetch:8
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3840 --field-trial-handle=1832,i,17871565914988619807,10550217981608476898,131072 /prefetch:1
  2⤵
  PID:3408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5604 --field-trial-handle=1832,i,17871565914988619807,10550217981608476898,131072 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4592 --field-trial-handle=1832,i,17871565914988619807,10550217981608476898,131072 /prefetch:8
  2⤵
  PID:2588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4552 --field-trial-handle=1832,i,17871565914988619807,10550217981608476898,131072 /prefetch:8
  2⤵
  PID:3272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5340 --field-trial-handle=1832,i,17871565914988619807,10550217981608476898,131072 /prefetch:8
  2⤵
  PID:2116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2756 --field-trial-handle=1832,i,17871565914988619807,10550217981608476898,131072 /prefetch:8
  2⤵
  PID:744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2776 --field-trial-handle=1832,i,17871565914988619807,10550217981608476898,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4580

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1192

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3792

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Soft\" -spe -an -ai#7zMap6388:70:7zEvent22003
1⤵
PID:4584

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\377f8907-3186-41c7-a6b8-8abfab5dc054.tmp

Filesize
199KB

MD5
dea44642d503c552035a5ab8e5f00227

SHA1
da66e243016c7f5c87be3a880772d0044a47c39f

SHA256
95ab0e41223f248be58c4b489b98660b9b37df87618387219cefe3cae789da94

SHA512
3f20b1fdbed83a1a153c3bf3326d1d8a1756a63c4ad5523ea416963b860f62b874044c2e1fb794ec7d331725322900394dfab506ca94fbb1044d7e67d32b0d1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
f467c9749ef29433b7fe3e4a129ba407

SHA1
292f0ade3abdcc92844e5dccd65f6ae1b96e522b

SHA256
166e2a78d32f6be252064e35f1ddc318adb49f06c3f19ff2c9556f598603e9e3

SHA512
89c17c0f8d9ea263d3ead74b95755d81a14fde4d4e3eb7aa8818abd7c84507615955e0d72919795045c65ca6ce522794a6e31967ec6f286ad95d5ce96366adcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
19b68b736e7d1c677e7e591dd861abb1

SHA1
2d28daa552bc55034669cf5a89bf079884f1f314

SHA256
9fde214df383c9338e38201d41f2cc8e4895d1ed857d106597473950c19b4826

SHA512
f1753174d4f2ef38225707c16facc1a9aa0a165b3b780963b12a5726a102aef85d64837ab818103bbf420ddd1349879b2e6cf94c0b155bb1a27b366853fc6dfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b41293672d7e1889fda740f3172dde3e

SHA1
f7e6b1d68a8e90b8751124ebbd91024ad1da1fbe

SHA256
1e076cea01ce02ffdba3f97ef9592a6ccd075585ef205c4d051f977438b4c77e

SHA512
6c077cf329a00ea1a0c3d2438c8fb87dceefeea28ec5b49debcbbca7be6810b061eee9682f886458a98d2a4c79feca83a21f8491f3bba2e225423825ad338147

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
1406f53f5a7e45a7216aa699ff70cd22

SHA1
f77a32af4476e036b39d0b9aca1928dc86f0a74f

SHA256
110e9120c9982c4c73c9a50764d4c33c1db929d47540ca49cb53f9c3f070b485

SHA512
f137873717269aee657dc049b076047ba792ed3b8a334271cc3d79fe866b50a451f56d7e8a00d5e8826f0f36c2935c80f4b34620a7140f19525a239107cd7ee1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
d97660cba07ae5906ac78c75a5bdbd6e

SHA1
bd5973ecdc50b0f55b8d5349337b719d8e0db7db

SHA256
18a06351af4f64332f22eeabc9503054e20c967bba5604c2b2d9963add7b7a31

SHA512
162c1f9b815a9da275a0c3b9788316a765950890accc6c1f1fbd180032c42c7e2a5857ed779a4e90cc33daa44e22c451f8445192abb7f9ea2f6eb50b16ee9719

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
0861fa944ae49de3a205faf0aea4dadb

SHA1
e9948a4002288630f5f4a0e604bff7faa4d0df5b

SHA256
11c1b6aa5c1f67395c5a39b9645cc39e52a04aedf720bc24e2c5276063b2542a

SHA512
2973787d8fb378ca56ad74db1e643ea87aad8f1de05d8f94803535617c682503cb0858c7b3855937ca2cfe4e0695abbf267cf35196781cd1e115ca6e59ed5c99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
f494dc880786e3460248cadf7a05cf8d

SHA1
bd2ebd63465cfbb893f3d9eb5010c2dba3b6c843

SHA256
e8944b52fdaa04b41ce4371b50f30cbda90548b8268823a74b44a486bb80bbf3

SHA512
af4ef60ebc8dbc8e952aea0a317feb7a6282f86614bb8aabb1919060be04a1c52dcb9793d17c076b9f91515b13e3526a7a99047c63068216c55ef443b57aad24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
07d27dccf8d648a8f8b7db977224c05c

SHA1
46f694c0e7ead6942e2b4fc2072c82ad951660ee

SHA256
ad393a5daf329e9f047677091a63917acf014e25959f8c3bbe99725d7da4e9df

SHA512
cb17330df287762706d3b72a667f662f8b9499706c09b4494dd4d233f377493a220e67da804e1f685084986caeb4a2cc5de4ccdd7d36d308e5417fafcb2a8d05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
266e6463313d842f99de3d0abdb5249f

SHA1
585fb0993f798b50cdfdedc87ea9d3403c6b8576

SHA256
3319bd37855b9ac7bc6bc62099153e5353f267d26bb42f058baaeb2b9a41e7d0

SHA512
67fb8fbe8654f4b4e82cadee87b7d482cb87a46e974fd53c581db7d1e7279f4fc09768c0a4f7b609fc22402f98dd7fbf47e09cfc2e1196ed705ddde6b91db780

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a24b293a6a79a8eb1e7eda03d43ab65b

SHA1
348ddda949af329d6acc476b2b6dcc62849c3f43

SHA256
f71b02ee8f95f8a5ed3203dd740acd706d7fcca68ee228bc70e83efa1e5564b6

SHA512
411fec8c13ec883b0ee5cbe1de59afed7636266106acb7b44cfa2589bab6179cb9d826984ec01172a1d2283ea7ef5e330ad165abbf14303e28d1e0249cbe42c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
095808ba51b6f5a36db0d53f6f028ab3

SHA1
6e679ac5a1f0fefc16f6d4039ce9e7f8e7c1f70a

SHA256
f50501892e85a2554d0a55fb4adf9c028bdba6487a70a7f7e339cba52916a8b0

SHA512
d2f1b474c85f2ac096f047ebc49044a918d5ca36e7ea26f5e06a9aadeb27a77dd5deb8c5609de2dc4e3d8adec1f4f2f33a95f743fc8ef551b2dcc4fe726ab638

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
85153466e78eb2f7e2cef47f8958c10c

SHA1
1a184d0964bc60185c0aa718491303027a7185b9

SHA256
a0730081b62fdfd497fc4ec4c0e494dfe4b26c73f20e7d32370c495860a8ba40

SHA512
9bf7c6affe61a2a6285d4687d96bca8c0b1e75c1e596760f68190ecc4fc76eb923e59008ff5ff07a06561f4022e8de2242a981a799f8c8e9d3989e34ce24c1ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
b5b1493b781bec49e593220cb02540b1

SHA1
b005033e0c6f61f6d7def6f5ad20160b860adffc

SHA256
2a1a7d19b0d1ced126b4eb724c52182c2ba453c7647e0a78f16e4ce07daf8f75

SHA512
296877f9a257b66220ae4d4db2d7e2210e9b9cd890e7550c4c760aa4326371d12094b67c5bd26e759213442a4a41e508a074e0c406a65e01f4f8880b9d34eb3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
f94b0141e8caa18ea78c5d9cb816c3f9

SHA1
30b08e3b0e02746bcc3599fe7853e6f12bbdd4ce

SHA256
fa9335a7e847047c7f58434363de81dc826eebe34e7028ee57efcf0bf82af4ed

SHA512
d5dbf90ea822bbab74a60f92ecb496d7cac624919e6505c4ac7dda29e289e01f0d3f1eb557ad6b162bd41667155baada3f1f5127163539cfe8c0aac52ff7c4c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ef8b10ebb0bdd0b03b1432b696fead11

SHA1
d3c922186fa82b7d76446790d19fa3e474919664

SHA256
fa50179336150179a2293a1a59b0915be142dab5812fbc0aa9cc5a08098cc5e7

SHA512
116676974f4f0da3971a8dcb5062241af5ee08e8578f5a0b58c4004c8a957e6ae282d38cfa6e12c3940c07a1dd2873fc6554715b585ae932e97c21c84a80b9c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d05332b2-c255-4484-b88a-9d3359a02d8c.tmp

Filesize
5KB

MD5
4bd3276b00d14d2b7bbb942d34a01024

SHA1
3578781555e4f7b0ceb20dbda9532837eb3ea101

SHA256
0fef294d113cba78f83c380b87e1963edf1afc5cae5b3030e7b959f8e0b844e6

SHA512
5f8c08cb1eccbfcdd6a506140d53739b97b218ae52bef599e35e061eb2c3a4d4f2169a1c5ed2e85602bfdece43c0fc6f7a730e03e7f846892a1204c78e1336ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
c23f2cfc89497a279082d25435bcc238

SHA1
5d6c6f1822d53bb0a800abe0d80e19e6aaafa92c

SHA256
d716b3cbaa7b82d1891714bbcec63597010f67fa82f063dde2405398438a8734

SHA512
6704aca398c8f355551e54629d460db852feaf9f84efc66b927af2dfed00bac8b38f00fb37f3b6a6f603654b31c958c9371a0fb5cfcf068a63983951292bd037

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
75474ce2cdd0c712d327f616ecd65874

SHA1
0de23d817c19f337e1d0fff2d4ec1bcb310f9d3a

SHA256
358c365a9789c30699e5068bcffa62b83b15597fbcc0ab216530a60d7ee6a08e

SHA512
97e1855e107b99aec0ab734dbe6fbc4f2b49558b63571e7ee4a0b300abc1e9c2ecc0abfa9314555a0c55060f36c1787bb7f7189e6e434b880d2cac6c15b73668

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
108KB

MD5
bdd9d6331d61df988ff667fe391f97b0

SHA1
b407d5355843daf4f3a36fdb6512825f44a90709

SHA256
987a6ac3d3e7d96e04b89ffa0646baf46ddf2ee99d448bbc4504bde8320519ff

SHA512
c563bcbec828cfcbde6102fb71af822a31b23aa5fb45ba2841588d79d908d5f528afea47cb0537ee086552f761aab42120c83d1e3945b969030bd73e59058194

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
8ed42387334131b605c33e71d4ab465c

SHA1
2d2a559e5028277d7a8497b3d784bbde28587733

SHA256
f4ed1fb669a2402fc85dc26ff5cad0914c588ec64170d041537dc5dd3df395d1

SHA512
66e8eb6e46083e8fa41d6941ad4332bd40bb010ceb6f6269d5458412b52c5027c125e43c7b6375726c65c5bdc696aa423b67a768d7dc8e21ca52e37d44e8e017

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57b20a.TMP

Filesize
97KB

MD5
48dfbb3891ee79959821621f43e873a7

SHA1
a0809b9bd613d101c43adf64ad20190eddf135c5

SHA256
9911cc9bc3cc7f542a9aad752938dfc1cc110099d3ffdfaef160329dd0f0a852

SHA512
a75bc7f7268eb852659eb1df86eb7a21233b4848c403dd3e84fd9dd0aa257cdf9f382703fd4b5994a8d38c4c6d358a852002015ee2831fb905806a5d249c91cd

Download Submit
C:\Users\Admin\Downloads\Soft.rar

Filesize
27.4MB

MD5
a63336cbf99d590a0c561014ec30729c

SHA1
287bed7e915c414c6a499734a4b079fa3ac33a7b

SHA256
bc6570f41a4fdf427d034698cf32c05c9372218de8df3a4546e3bc5ed31e47cf

SHA512
1920c8da7a2dff5f638cfa0510b00f04cc887b96fb292b14c4186feb900fa5841fdeaacfb5971fe2e97a157398cb1ace9afe84ffd13008e45f3e28dbe39b7b52

Download Submit