c64f5ce15455d3d903b44d40d13abf79cae697acabef70e5b9f5036618c3d5d7

Analysis

max time kernel
56s
max time network
152s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
19-04-2023 22:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FurkUltra.exe
Size

954KB
MD5

f5c2389ccd8333dffd0de7a83dcbb851
SHA1

80fbe6926bbfe743a8ab2b6cc96026ceb3d445fd
SHA256

c64f5ce15455d3d903b44d40d13abf79cae697acabef70e5b9f5036618c3d5d7
SHA512

150e3dd47b5850c2d4f24366a5c9eb76c0d8af980b2fb8ba0ebef1e6260fc12067572041d63b3ef537ae4d66fd8c7d85bab0962476cb05fd3783f697f0651df6
SSDEEP

12288:YnljabtvyU7RBv4XpnMQ9Nx3Ug+YL4UIHDPJKDbn2mFX1WpZOVXfTpU4n81yyUG:Yn+UUbG9zE5YLv29K+mFX1WLkbpUPyV

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1900	1624	WerFault.exe	25

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 25 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2697A7D1-DF0F-11ED-BDE6-EE84389A6D8F} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1914912747-3343861975-731272777-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1312	chrome.exe
1312	chrome.exe

Suspicious use of AdjustPrivilegeToken 38 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe
Token: SeShutdownPrivilege	1312	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
1908	iexplore.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe
1312	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1908	iexplore.exe
1908	iexplore.exe
1720	IEXPLORE.EXE
1720	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1624 wrote to memory of 1900	1624	FurkUltra.exe	26
PID 1624 wrote to memory of 1900	1624	FurkUltra.exe	26
PID 1624 wrote to memory of 1900	1624	FurkUltra.exe	26
PID 1624 wrote to memory of 1900	1624	FurkUltra.exe	26
PID 1908 wrote to memory of 1720	1908	iexplore.exe	29
PID 1908 wrote to memory of 1720	1908	iexplore.exe	29
PID 1908 wrote to memory of 1720	1908	iexplore.exe	29
PID 1908 wrote to memory of 1720	1908	iexplore.exe	29
PID 1312 wrote to memory of 1808	1312	chrome.exe	31
PID 1312 wrote to memory of 1808	1312	chrome.exe	31
PID 1312 wrote to memory of 1808	1312	chrome.exe	31
PID 1312 wrote to memory of 2032	1312	chrome.exe	33
PID 1312 wrote to memory of 2032	1312	chrome.exe	33
PID 1312 wrote to memory of 2032	1312	chrome.exe	33
PID 1312 wrote to memory of 2032	1312	chrome.exe	33
PID 1312 wrote to memory of 2032	1312	chrome.exe	33
PID 1312 wrote to memory of 2032	1312	chrome.exe	33
PID 1312 wrote to memory of 2032	1312	chrome.exe	33
PID 1312 wrote to memory of 2032	1312	chrome.exe	33
PID 1312 wrote to memory of 2032	1312	chrome.exe	33
PID 1312 wrote to memory of 2032	1312	chrome.exe	33
PID 1312 wrote to memory of 2032	1312	chrome.exe	33
PID 1312 wrote to memory of 2032	1312	chrome.exe	33
PID 1312 wrote to memory of 2032	1312	chrome.exe	33
PID 1312 wrote to memory of 2032	1312	chrome.exe	33
PID 1312 wrote to memory of 2032	1312	chrome.exe	33
PID 1312 wrote to memory of 2032	1312	chrome.exe	33
PID 1312 wrote to memory of 2032	1312	chrome.exe	33
PID 1312 wrote to memory of 2032	1312	chrome.exe	33
PID 1312 wrote to memory of 2032	1312	chrome.exe	33
PID 1312 wrote to memory of 2032	1312	chrome.exe	33
PID 1312 wrote to memory of 2032	1312	chrome.exe	33
PID 1312 wrote to memory of 2032	1312	chrome.exe	33
PID 1312 wrote to memory of 2032	1312	chrome.exe	33
PID 1312 wrote to memory of 2032	1312	chrome.exe	33
PID 1312 wrote to memory of 2032	1312	chrome.exe	33
PID 1312 wrote to memory of 2032	1312	chrome.exe	33
PID 1312 wrote to memory of 2032	1312	chrome.exe	33
PID 1312 wrote to memory of 2032	1312	chrome.exe	33
PID 1312 wrote to memory of 2032	1312	chrome.exe	33
PID 1312 wrote to memory of 2032	1312	chrome.exe	33
PID 1312 wrote to memory of 2032	1312	chrome.exe	33
PID 1312 wrote to memory of 2032	1312	chrome.exe	33
PID 1312 wrote to memory of 2032	1312	chrome.exe	33
PID 1312 wrote to memory of 2032	1312	chrome.exe	33
PID 1312 wrote to memory of 2032	1312	chrome.exe	33
PID 1312 wrote to memory of 2032	1312	chrome.exe	33
PID 1312 wrote to memory of 2032	1312	chrome.exe	33
PID 1312 wrote to memory of 2032	1312	chrome.exe	33
PID 1312 wrote to memory of 2032	1312	chrome.exe	33
PID 1312 wrote to memory of 696	1312	chrome.exe	34
PID 1312 wrote to memory of 696	1312	chrome.exe	34
PID 1312 wrote to memory of 696	1312	chrome.exe	34
PID 1312 wrote to memory of 1508	1312	chrome.exe	35
PID 1312 wrote to memory of 1508	1312	chrome.exe	35
PID 1312 wrote to memory of 1508	1312	chrome.exe	35
PID 1312 wrote to memory of 1508	1312	chrome.exe	35
PID 1312 wrote to memory of 1508	1312	chrome.exe	35
PID 1312 wrote to memory of 1508	1312	chrome.exe	35
PID 1312 wrote to memory of 1508	1312	chrome.exe	35
PID 1312 wrote to memory of 1508	1312	chrome.exe	35
PID 1312 wrote to memory of 1508	1312	chrome.exe	35
PID 1312 wrote to memory of 1508	1312	chrome.exe	35
PID 1312 wrote to memory of 1508	1312	chrome.exe	35

C:\Users\Admin\AppData\Local\Temp\FurkUltra.exe
"C:\Users\Admin\AppData\Local\Temp\FurkUltra.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1624
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 664
  2⤵
  - Program crash
  PID:1900

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1908
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1908 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefb6e9758,0x7fefb6e9768,0x7fefb6e9778
  2⤵
  PID:1808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1196 --field-trial-handle=1220,i,2838266085797999891,3634184154258614419,131072 /prefetch:2
  2⤵
  PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1464 --field-trial-handle=1220,i,2838266085797999891,3634184154258614419,131072 /prefetch:8
  2⤵
  PID:696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1644 --field-trial-handle=1220,i,2838266085797999891,3634184154258614419,131072 /prefetch:8
  2⤵
  PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2228 --field-trial-handle=1220,i,2838266085797999891,3634184154258614419,131072 /prefetch:1
  2⤵
  PID:528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2232 --field-trial-handle=1220,i,2838266085797999891,3634184154258614419,131072 /prefetch:1
  2⤵
  PID:864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1284 --field-trial-handle=1220,i,2838266085797999891,3634184154258614419,131072 /prefetch:2
  2⤵
  PID:1908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3800 --field-trial-handle=1220,i,2838266085797999891,3634184154258614419,131072 /prefetch:1
  2⤵
  PID:2160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3904 --field-trial-handle=1220,i,2838266085797999891,3634184154258614419,131072 /prefetch:8
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3912 --field-trial-handle=1220,i,2838266085797999891,3634184154258614419,131072 /prefetch:8
  2⤵
  PID:2228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3960 --field-trial-handle=1220,i,2838266085797999891,3634184154258614419,131072 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4124 --field-trial-handle=1220,i,2838266085797999891,3634184154258614419,131072 /prefetch:1
  2⤵
  PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2548 --field-trial-handle=1220,i,2838266085797999891,3634184154258614419,131072 /prefetch:1
  2⤵
  PID:908

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1916

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2852

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
d5fef5ce59c26aa2e8e05c2ae1e56157

SHA1
2ee3ab67b5c6844e19e6165bdc69b3f2e147f07e

SHA256
bc1d4b6b4e249ad183e54db0a0f8c3d9a1e76ffb8624dfa65d8db548b215aa6a

SHA512
98195934de414f1d8a385e20ecadf7dc411d72e798f4d05275e55ee235e98b148054a5faedec04c0c5dcb0552dc19eacec32f74bfb92fbd9353a4a1e217a857d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
56c5b618818ef70f8a30b9f7f2d4c6d0

SHA1
91304e4aff60f3c66f032bdb083f34cfb03969d1

SHA256
efc1ba9804aa29eeca6547e259eef96ed5d60405f2a6b351085712c1684c5a5a

SHA512
41356a4a54cd022f6e11e5249836232aec1fe98e815942926833739290d9eace91af04f6e780f7eb1b884d53be02f6a18d2f0724743a1582cfb7fe532cb6954a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7d4019cf76105271b4babe4bafa09f6d

SHA1
532a94beb8fb2727e228799d58dd371103449136

SHA256
197b1dd661cf9be7718d832e8e42b50edc11e187268590493ca43ce0529f75c5

SHA512
0e2b5a7d8051fb0369db30a9de8f8fe6bc3281df7e2e45162f9c75af1e8f227429e47afadc7f9c269b9cc1c1dc4d7164f8247e5a1463d326faedb1524b031b04

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7b98c5dd66218121c5146412c25f088b

SHA1
309c0449c356b8b7eb23d3ba6a4d40744ab064dd

SHA256
2f600a2534c382ac77b19cff3721b7c9a860e473a949c0817965098d8677d911

SHA512
9ed1e8ea113e157976db7744a72af0a360f4bbbb464129076961a0e20edf8a2433c28f25da63169ae02a6d177b5a58ec9bfc25853180ac8d2999230a801d4915

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1c08adee2650125a934ee9437849a8f4

SHA1
5b381c91147ca00b371796015f564e6e31cb6199

SHA256
960460bbdd00fefc002a79758e12d5d81ee8a257b3787400af4cc3e6192cc535

SHA512
b012dbb018997c85148d4521a602bf94e87ceb21b1c5dcb00a79ba19207d49f5f8aa9fa32feeccd0cb0a76f67b0bfa3c348be65fbfd2dc6ec71f74c5f7e0f264

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
761ed63045ee1f6b2094558aead54ea5

SHA1
8d2f3ae58b8ee28b3efd53510b247027469b1c2e

SHA256
47b88f15e572050169e58419551a80c429e9e870bbea306c0d91b6f8076da6c1

SHA512
6ffb6bc0e77a29cb9a4337ca6934d296ceb1b2a9e641b9f6d5f1572766068fa70a0387c74da4f830cb71b522da7bab3279a19c7f60782ef6782a9baee759c523

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d

Filesize
49KB

MD5
c12075d6afcfce79df001ecba960cc0a

SHA1
f11913a40353bc451298b24b47642c65d591c2b8

SHA256
3d738adbbd4904e038babeab34d1481963921df6d8e7fe721e84649f1518cf05

SHA512
b4732bb0b6c5edb0f9d42e1f3d3facb8752c81bb70c3c7982ab14d7380b2bac31c367b77a11163592a511ac13ef894009846760a0a1246eaeb9df11c6408132c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000098

Filesize
51KB

MD5
588ee33c26fe83cb97ca65e3c66b2e87

SHA1
842429b803132c3e7827af42fe4dc7a66e736b37

SHA256
bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760

SHA512
6f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT~RF6e7e64.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ec1946463e4ee71eade190e78831e016

SHA1
13d5af25fff506b8b3790439c6f4e81f000df222

SHA256
e42c5e2d981b10aa5bb0a43f3c0c2b756bcf2fd67fdd1ec11e4b420d0f8be892

SHA512
17ba3ef171beb511b600caa73eb28b25367fd50b842c934758adc416befc5a3ca78dfad4bfb8859c7e06309e2bb0f140dfa4507b7818527bf5ed3bb0a11563f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
29fff89d415fd8dc49f79cbaf615a45a

SHA1
b3bd8aa02fb6a8a7a1f6e495c764767e4cfb3b5b

SHA256
d80b5ee1c7d9eaeb9a0a7e4555e2cfc89eed8e08c500304b866b0f8d481b2632

SHA512
8fe649d191fe9c30888e88b5cff8f4d4ddedf43cdf69eed8b89f2591f32cdfd51cdbb3d30b9ddf55d698eba58f09fade9dd501bba3cd6b92e204014bc90a4e1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3934bb2b98e8771f3910ad5b9b5bf908

SHA1
efe7d601fec7a7f40f5ab273046be95d7a268783

SHA256
541b9d0b66b49406cd185a1df6a282ae8854dc26834eb1095fb42f336be5cc87

SHA512
b508eadfec6c80424bab8675a7f3b11ca4fae73e510169fa3d7e4e24afa2a1bf118be0b0fcb4144ad0ce4a97218dced91ddf93cb57c530e3606a6e3d9734e33a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
e90e1d36be16db97efaa20f1ce28642b

SHA1
d963810ba1b0cc03eb8737c0b15c6bbeef0f7d61

SHA256
88bad737ec661e776e5727c50d4b50cf4cd002978c6c5863c22b92eb2f0e0130

SHA512
b67a0bb16b21b389a20bdadd4da28d1ce9d4d0e550157ab2ebbcd99915809d40a8f754b2f56edb3d7e61e4af9ff503e96a801298e0a145c97386688d26708bbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4fb1f4b53c98ee7832b60db5fd415108

SHA1
5ab8e95f2a129d212fe4862add1032b144531f45

SHA256
8cbd00571defbf85fdd88d9df4fc1eaf2cf15d149b57e528b4ecb6a1d20e435a

SHA512
d235280dfb4a716275105f3145f90bf1b4f9ee2e5f29df3033140770a43987b8c196521583e083cfbfd356f007b0b79111f84e4d4bae8f5735ee748427e9037f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
31cae34bab9ead132b2ea66306d2d09e

SHA1
f7c729650df0d5029c3d9a7cee4d8eaac9fe3ac8

SHA256
dd75a5529f9b176a238d7459c25f55f879beea9d754167e4de23af448a6102fb

SHA512
1813292df3f98cf8881fdde424e2437dbdb41db7c22c2aee72f5569a56b8ff4ae3056df795208e81841cf2e94caa3b755eb6a3813ebc5b17a8b293e62f131186

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5affd89a7f7d9c5d5a82b103c33f1d64

SHA1
f485d5a3864e8011fdfdce0540d72bca0e54dd5c

SHA256
e0861a7f33d1ae757b3bfc3d33d6d199e6c5b65a5cc53b4ab45ee39f4b5163ec

SHA512
49523f07dd571a44fe6d58a4ce2653ff4bdf1de836153749eba515e4915b1dabe00a166466ff6fe05b17dac308b9dc2fa4c7684e3dea60a71cdd5bbdce4a1cd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8b1948346dc450bd9ed11ad48ac1a2c8

SHA1
202b33df65c38e7dd595f70f649fffe6208ff101

SHA256
e451735ac877adf07e948fa2b89c2485900a2c8cd7799f68496c03128c2b020c

SHA512
fcc670a646b7ce56ffd71f7cadc06f45ae599dc203ed1e1b6118eed40969345b8b68afb9bb02b908613ec92f953fc3766a0889d68869d3345cd5ece55ac22a55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
18e86ed287ee7afa5bda2ebf624765cd

SHA1
ef9127320f8f572bbe8deb97058ad7033867ded8

SHA256
1dfd624b0a9816d782fed18b2ed4e6d5ba6de2c8cb29e64db934ec9bc399e7e1

SHA512
6f234bfa473f5a70878d5ace982acbc2796f3d19cbd6c47c21d555b873331f7b3b90627365bebe88a09e5352fdf9346bd70bf44dba3351ccd8923cba52cf1b2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
5dc64956d226f3af586a1b7c2ed6f149

SHA1
1ae6ed1a7c6249e0ca6e1fb28c69071cffaecb1a

SHA256
b9a2e1a08f7a7af0ca9735ec6ef26f66b401f542ea126d1dc825f70b39d491c6

SHA512
fcdaed2a968e7914d58ebfae2d55b0cac94d60f14d30103f3772e0b66ee2dce06c1b5b4e76ff50b921a28f6bfaafd86b193cb2734ebacc32469b8e2eb25f9812

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
5b15f8218b0437dfb5bbb1d52c3e2e01

SHA1
cc724210fee5f6645f21066716ebdb9bafe09b04

SHA256
68ac3f237fd1bd8c79aa03f1fb6d2ca6a25083b316a6793a53beedd08a9b7d03

SHA512
f4a6194688ebb78f4febecb9ad5c94429408fb4c943597765efebb20a9fafe366974d1eefb2340f926926689832b0ce29868bd23a561ac7e2a17cdfa8fe15fb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
e938dff79180ee6d8f8b249fd4d86eca

SHA1
96587c2ed6d9258f4aeace86796b8d01d59f6876

SHA256
2027d00f3c9072bbe97d41c5a4d2f096b93b3340c6775ce0d10ec096f6d10db4

SHA512
248f00463002aa51c1543cff4712b1e4a5cdb157f7cd01212a381c57304cba1570093ca1d761c89d477184c39d0631a17deadb3e6da044da7e7930ff466cb5a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
bac2672e5c3565f16ed0daddb63bac29

SHA1
822504d9aba58de8d1050a1fe15c72fcc5aba74b

SHA256
6a3479fb10d8738bea6cc95ef1d54b4bf1224cb295872eb52b224eb4ee24deab

SHA512
ec4e33de0509a2e768a4335d21a8f821e87e180d27e52590ba911f0c849c84f78f36d65cc320fc8f714e162f1625528086328af2580031b3790056c4c17fc155

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000004.dbtmp

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\cff986b8-6d46-41c6-ac4c-9068520d7f4d.tmp

Filesize
5KB

MD5
d32b170f247c6d695f336ce3ead1f31f

SHA1
d16e58182a401fec7c69e68030cd1ac7424e3ec9

SHA256
13761939cc9e9ab17999854d6433d26c5489a1956a4d2e3683eaaec552abcfb5

SHA512
24a17606474122384b6d81f4489c7134b54d51c131dad63a26c1022a55eb1d7c157871ca3f57fb9db8f7bc379b4b9417fc02bca767e03dcca36b76432ef5029b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar267E.tmp

Filesize
161KB

MD5
be2bec6e8c5653136d3e72fe53c98aa3

SHA1
a8182d6db17c14671c3d5766c72e58d87c0810de

SHA256
1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

SHA512
0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

Download Submit
memory/1624-55-0x0000000004DA0000-0x0000000004DE0000-memory.dmp

Filesize
256KB

Download
memory/1624-54-0x0000000000880000-0x0000000000974000-memory.dmp

Filesize
976KB

Download