e7da5a22bdb69e9a59ceea92c346096c8e47506df736ee77f8b470648e672d51

Analysis

max time kernel
48s
max time network
153s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
24/08/2023, 01:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dni (pdf.io).pdf
Size

345KB
MD5

5ad47b1b3ad5ae401d03ba5a81e0fcb1
SHA1

2ea2eddb1897822cd28bdb2c148bf016f9b935df
SHA256

e7da5a22bdb69e9a59ceea92c346096c8e47506df736ee77f8b470648e672d51
SHA512

c4536254a4b44eaf4461064c74192ba1889dc6b4fa6657fba6f36558abbc9bc27a72c24f8248259bbe72e501417bd12681f71d51685910fca0722c360f4ae4cf
SSDEEP

6144:E2eRlE/XnWYeip80vc7lCHipV4CA4rbieQUkfmrH0J+EJQ7Ym2OzpSVg2M:E7RlE/G8q3phj+7q7h/pQg2M

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2352	chrome.exe
2352	chrome.exe

Suspicious use of AdjustPrivilegeToken 24 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2780	AcroRd32.exe
2780	AcroRd32.exe
2780	AcroRd32.exe
2780	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2352 wrote to memory of 3064	2352	chrome.exe	31
PID 2352 wrote to memory of 3064	2352	chrome.exe	31
PID 2352 wrote to memory of 3064	2352	chrome.exe	31
PID 2352 wrote to memory of 576	2352	chrome.exe	34
PID 2352 wrote to memory of 576	2352	chrome.exe	34
PID 2352 wrote to memory of 576	2352	chrome.exe	34
PID 2352 wrote to memory of 576	2352	chrome.exe	34
PID 2352 wrote to memory of 576	2352	chrome.exe	34
PID 2352 wrote to memory of 576	2352	chrome.exe	34
PID 2352 wrote to memory of 576	2352	chrome.exe	34
PID 2352 wrote to memory of 576	2352	chrome.exe	34
PID 2352 wrote to memory of 576	2352	chrome.exe	34
PID 2352 wrote to memory of 576	2352	chrome.exe	34
PID 2352 wrote to memory of 576	2352	chrome.exe	34
PID 2352 wrote to memory of 576	2352	chrome.exe	34
PID 2352 wrote to memory of 576	2352	chrome.exe	34
PID 2352 wrote to memory of 576	2352	chrome.exe	34
PID 2352 wrote to memory of 576	2352	chrome.exe	34
PID 2352 wrote to memory of 576	2352	chrome.exe	34
PID 2352 wrote to memory of 576	2352	chrome.exe	34
PID 2352 wrote to memory of 576	2352	chrome.exe	34
PID 2352 wrote to memory of 576	2352	chrome.exe	34
PID 2352 wrote to memory of 576	2352	chrome.exe	34
PID 2352 wrote to memory of 576	2352	chrome.exe	34
PID 2352 wrote to memory of 576	2352	chrome.exe	34
PID 2352 wrote to memory of 576	2352	chrome.exe	34
PID 2352 wrote to memory of 576	2352	chrome.exe	34
PID 2352 wrote to memory of 576	2352	chrome.exe	34
PID 2352 wrote to memory of 576	2352	chrome.exe	34
PID 2352 wrote to memory of 576	2352	chrome.exe	34
PID 2352 wrote to memory of 576	2352	chrome.exe	34
PID 2352 wrote to memory of 576	2352	chrome.exe	34
PID 2352 wrote to memory of 576	2352	chrome.exe	34
PID 2352 wrote to memory of 576	2352	chrome.exe	34
PID 2352 wrote to memory of 576	2352	chrome.exe	34
PID 2352 wrote to memory of 576	2352	chrome.exe	34
PID 2352 wrote to memory of 576	2352	chrome.exe	34
PID 2352 wrote to memory of 576	2352	chrome.exe	34
PID 2352 wrote to memory of 576	2352	chrome.exe	34
PID 2352 wrote to memory of 576	2352	chrome.exe	34
PID 2352 wrote to memory of 576	2352	chrome.exe	34
PID 2352 wrote to memory of 576	2352	chrome.exe	34
PID 2352 wrote to memory of 2676	2352	chrome.exe	33
PID 2352 wrote to memory of 2676	2352	chrome.exe	33
PID 2352 wrote to memory of 2676	2352	chrome.exe	33
PID 2352 wrote to memory of 2144	2352	chrome.exe	35
PID 2352 wrote to memory of 2144	2352	chrome.exe	35
PID 2352 wrote to memory of 2144	2352	chrome.exe	35
PID 2352 wrote to memory of 2144	2352	chrome.exe	35
PID 2352 wrote to memory of 2144	2352	chrome.exe	35
PID 2352 wrote to memory of 2144	2352	chrome.exe	35
PID 2352 wrote to memory of 2144	2352	chrome.exe	35
PID 2352 wrote to memory of 2144	2352	chrome.exe	35
PID 2352 wrote to memory of 2144	2352	chrome.exe	35
PID 2352 wrote to memory of 2144	2352	chrome.exe	35
PID 2352 wrote to memory of 2144	2352	chrome.exe	35
PID 2352 wrote to memory of 2144	2352	chrome.exe	35
PID 2352 wrote to memory of 2144	2352	chrome.exe	35
PID 2352 wrote to memory of 2144	2352	chrome.exe	35
PID 2352 wrote to memory of 2144	2352	chrome.exe	35
PID 2352 wrote to memory of 2144	2352	chrome.exe	35
PID 2352 wrote to memory of 2144	2352	chrome.exe	35
PID 2352 wrote to memory of 2144	2352	chrome.exe	35
PID 2352 wrote to memory of 2144	2352	chrome.exe	35

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\dni (pdf.io).pdf"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef70c9758,0x7fef70c9768,0x7fef70c9778
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1408 --field-trial-handle=1488,i,1783262309128536689,18192273726662143674,131072 /prefetch:8
  2⤵
  PID:2676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1164 --field-trial-handle=1488,i,1783262309128536689,18192273726662143674,131072 /prefetch:2
  2⤵
  PID:576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1460 --field-trial-handle=1488,i,1783262309128536689,18192273726662143674,131072 /prefetch:8
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2292 --field-trial-handle=1488,i,1783262309128536689,18192273726662143674,131072 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2280 --field-trial-handle=1488,i,1783262309128536689,18192273726662143674,131072 /prefetch:1
  2⤵
  PID:744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1740 --field-trial-handle=1488,i,1783262309128536689,18192273726662143674,131072 /prefetch:2
  2⤵
  PID:676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3268 --field-trial-handle=1488,i,1783262309128536689,18192273726662143674,131072 /prefetch:1
  2⤵
  PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3504 --field-trial-handle=1488,i,1783262309128536689,18192273726662143674,131072 /prefetch:8
  2⤵
  PID:1900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3624 --field-trial-handle=1488,i,1783262309128536689,18192273726662143674,131072 /prefetch:8
  2⤵
  PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3708 --field-trial-handle=1488,i,1783262309128536689,18192273726662143674,131072 /prefetch:8
  2⤵
  PID:1300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3724 --field-trial-handle=1488,i,1783262309128536689,18192273726662143674,131072 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2472 --field-trial-handle=1488,i,1783262309128536689,18192273726662143674,131072 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2776 --field-trial-handle=1488,i,1783262309128536689,18192273726662143674,131072 /prefetch:1
  2⤵
  PID:888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3448 --field-trial-handle=1488,i,1783262309128536689,18192273726662143674,131072 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3772 --field-trial-handle=1488,i,1783262309128536689,18192273726662143674,131072 /prefetch:8
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4028 --field-trial-handle=1488,i,1783262309128536689,18192273726662143674,131072 /prefetch:8
  2⤵
  PID:600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1800 --field-trial-handle=1488,i,1783262309128536689,18192273726662143674,131072 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4204 --field-trial-handle=1488,i,1783262309128536689,18192273726662143674,131072 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2508 --field-trial-handle=1488,i,1783262309128536689,18192273726662143674,131072 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4552 --field-trial-handle=1488,i,1783262309128536689,18192273726662143674,131072 /prefetch:1
  2⤵
  PID:1312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4672 --field-trial-handle=1488,i,1783262309128536689,18192273726662143674,131072 /prefetch:8
  2⤵
  PID:2824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4828 --field-trial-handle=1488,i,1783262309128536689,18192273726662143674,131072 /prefetch:8
  2⤵
  PID:1360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4808 --field-trial-handle=1488,i,1783262309128536689,18192273726662143674,131072 /prefetch:8
  2⤵
  PID:3068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4204 --field-trial-handle=1488,i,1783262309128536689,18192273726662143674,131072 /prefetch:8
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4896 --field-trial-handle=1488,i,1783262309128536689,18192273726662143674,131072 /prefetch:8
  2⤵
  PID:1308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4880 --field-trial-handle=1488,i,1783262309128536689,18192273726662143674,131072 /prefetch:8
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2604 --field-trial-handle=1488,i,1783262309128536689,18192273726662143674,131072 /prefetch:8
  2⤵
  PID:1868
- C:\Users\Admin\Downloads\ovisetup.exe
  "C:\Users\Admin\Downloads\ovisetup.exe"
  2⤵
  PID:2040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=4304 --field-trial-handle=1488,i,1783262309128536689,18192273726662143674,131072 /prefetch:1
  2⤵
  PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=3452 --field-trial-handle=1488,i,1783262309128536689,18192273726662143674,131072 /prefetch:1
  2⤵
  PID:2704

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2784

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
61KB

MD5
e56ec378251cd65923ad88c1e14d0b6e

SHA1
7f5d986e0a34dd81487f6439fb0446ffa52a712e

SHA256
32ccf567c07b62b6078cf03d097e21cbf7ef67a4ce312c9c34a47f865b3ad0a0

SHA512
2737a622ca45b532aebc202184b3e35cde8684e5296cb1f008e7831921be2895a43f952c1df88d33011a7b9586aafbd88483f6c134cb5e8e98c236f5abb5f3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a5b80cbf683b5b22ae7eebd5af0dad97

SHA1
792843eb14b66030deabb9670d39ebb71a47485e

SHA256
52603d2c70aaf2d75712a943f95198c04b91f6c6b370b40b44d65595d1707780

SHA512
3b054470154d9e16831c781573a7325d5b3952228c743f357ad40e7a27cbbd0ea17b71167108464bcb0dbe7f26aea562e1517e9cdee2f34db6c05b7989ed877f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
762a0cb8294d1e270f691e830180dfc0

SHA1
b3a234f770913ee046e5b9cae34f76290c5c2833

SHA256
4810b271f9f7b91f6ca72dca8f12364bd61017e9eb10f83821c7f6ec38f09c02

SHA512
c69a848d9bce5df80c47563fec63ba182b2909066a94c4f1204eae488f270f8a2276180a35e3452fbb66031f2ff7f11cb8930f58664d341a22801663bca728a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
08a0ef6f63d6ad751a6193bc38cf8eb8

SHA1
cf820214f94d62e25c8175322d1d1ed3789dfd5f

SHA256
6157a05ef0e2225ebb859a1d27e51d926955dbabb1ffb4789dc158cb5a46f2e1

SHA512
e77e178fa0c4118290e988fa0f076a015535c73073b008defe917c81bde2b8d03dfac6340e8005425c5445321556dc484fb4a8307e36b979d16fad5ce10f4909

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
54KB

MD5
4b7545a49975f23208f17517c365ead9

SHA1
9fb9b377b4232027ab2b5dcdf2b0143c2cc41f3d

SHA256
4a91856f7f14a8c9dc0caf46aa2ea41679d3824126c1b8856b91a79d56bd5627

SHA512
1a307c7b103736891e0836eee4d1aef407e96533f87271a1264ff4e88f894db133543c6f19b15000ec0d38459e930c7fa5ba2f3a0f4909e8898d5e4010a56e2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
48KB

MD5
59618ff98df07e2d30397a1246ddbada

SHA1
801d58595bb07dc866bd3ef19d4201cf9c7a7a24

SHA256
bfc610eb11db785fb58500feb4e66800a574ac8d6e51c0751ad437e660cbf8b5

SHA512
fae736b720848cebbed5942039a6cb97b5054899e601accfc39f48833f3395df5b2def333b1c5ca43e3630eca9b69c35d8f858ac6d386d5fbe0e71286a011c5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

Filesize
32KB

MD5
bf7b3ba44fba9f62bb43499f025baee1

SHA1
72123d63f9eec8aba75161fbeb30853c20bac031

SHA256
23cf56976a1bd51f856f6b9ad0e8c72ba557d8496f7067c798374ec2cf169f16

SHA512
1666168d459ae349d4a565151473a4e59680432610a32fa89b059522212251822469c4b22e274e03753c2c24003232d844bcc52803e2637a55afcfa5866042b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000038

Filesize
4.4MB

MD5
1692aec61ddcdda471defa199c62d25a

SHA1
484af221468ddb534b74e12970de80d5dfee2b28

SHA256
84bde632c5bfd2a7ff84e579e6f7561543ca0aad6d8e7275dae5926ba4f561c1

SHA512
19155d0770fc0931ab8ac1bf35f56b32c8c122379adac6866b07cebec28932f92be124638cd7bb9fdaff5edd091f3af0c1fbd0757a99de44e24f11214f13329a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf77757e.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
5d772fd6535a7a62b5a533ce3622574d

SHA1
74dee453105a1142adce4acd5c758652eb337601

SHA256
4c485440be4a5263daa22d4e38d8baa0c648fc9d2162bdba129746b4fb082493

SHA512
a83494eb458828ccf63c928adc6b50f9d2c1cfa9d72d35838c4a343a3640a4a57701c45de3da460be04bed901f1b7ee9b0fff1947529d501bda71c1ff8400d74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1017B

MD5
dd77656eefafbaecfe04f6059780aa74

SHA1
cdcde52f842d26c813ddd42d2a5e62dfb0092e52

SHA256
77932a30e4b5f6d88c5624771c375d411f41bf0ad87dd315b2bae74881a526d9

SHA512
b3580fcc85aec181edc0b3427468db1b95dba82aa02a778532faaac24f777e91543b7a5c8b2ec0f3fd289ff8b60760ea5fba72d51244b2d28d69a859d311674a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
8a3b9b4b809ac992d6f50b8aa6032162

SHA1
5b041202d8348d057c2fc46429942858fdd0fb6a

SHA256
3c5dc4db8e24f315a651e9b869512061a98fa56f2819390cfbfe864f648eee62

SHA512
4a12f6bf55b8be79b566e5a1cb77849f4836170a9cbb8e314f7e3c88066ea965adb25e3837ad047929c58dcaff9cd517bb132a3816ef94712ca9a48cbb627a72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
b5378783c7165b01b1955312303615b8

SHA1
93873878107534b561268d804dfcd1a362b87787

SHA256
01c5046aef2a67b2a0df7d9f2c58e4523db7262871b889531c23765ea9856da9

SHA512
d55b7a161e77b8a8d3aa91c48d5fe33322e14c5eab7d4f686376ba7de8294e6f9216031eb1e9c68a28a3db8e03ec35c9ac1a6356e6691873e2b13aa741339ec3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
4f8afb5c271f02b283d822c767366f5c

SHA1
9fbc2c4ce372a25a57f83a59525f5fb3e94797e3

SHA256
59dae1af69aa31285467f5c264a57c875333f9ab865684408f66d253c08a2721

SHA512
383ebe828daa12bbb91e9b0e8709032b9edcc46baea40ee02b6748d2cfa13aebd37668eedcaaba136264f8ca800b9f7b3f78922241081694c5af10f6ba49b429

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
a2af8f93e3ca41a43c1518dcdb5180d2

SHA1
dd9d7afe2b47e9f128f2b4d3e3d0796414bc4961

SHA256
48204af62f0397628076aa993329043acb854c7b9d66686964df54becae93672

SHA512
2af7c0871724aa8f4110c7db314f72b6f5d73e333c3a5a24088f340bccdd3864f8f86278ae07bc7a32793fe20f5bfd3bfe3b84347aac7664951ec19f7b77ff00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ddb74e41f4d51c01c8703b1690d9db6c

SHA1
91b16bc7cc43357f6136f892e1fde4e8649d28d4

SHA256
e36d9e935e4d82fb003d56a05afabec69b97c3e0cac2f564ceaa278163382bc6

SHA512
aee70c04f6e2676a5a38aa257660a4844f95cf2af876b04ce4b0dcc874faaa77b937a530e29c41b22a44d1ad165437c7d2ec8b3753e4f1cf1b70e1928901d6c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0985acc7-d604-47b6-b0f4-03e4c2536757\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
8cfc4ce58591dfae929704b3151f85f7

SHA1
9a25a5440cab3622f56e9f7dd4e56e7c301564c7

SHA256
bfb4e081e3d80260719c21f90bde06f2e0bb8170ec87113554df098be1e569fd

SHA512
846f4e59c605686b9282982f50577ba6833e41fad4c907e1275a9ff1ba28991b5c6346d8802b363f99f196fea756d508d109637f9f4949bb86f0be8e71469653

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
9eab141fe2e606f994fb211b2de2b00a

SHA1
40851cdef70001c3a425accaa25699c8ca660241

SHA256
62cd157b3654b5f0a1c2a2bb726284d14ce8ea4852e17a3016cccbc56e025365

SHA512
e7ef698f0cb174564fbef8120be0726ac02246fa7f27572625b1df837aedab928d6673a5e0e18c58dddc62459e5c6fcf33a327b2fd4b2896bc5f6667ce80be60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
f9fb4df05d3e99e30ed438e66e158a39

SHA1
1b93bfbc21e4646595471369976be1846813d1b0

SHA256
edfc1ec0c190eba4114c6e8e847f32be1acf1cab9e4786ae69068d2a39c50946

SHA512
cf7f032e1ceb64314becb8b9b8d079d96a19960b18b1e80fc94861108bcd352512ac469b3b06f7469ce3b1ffd50a1a797b904c127fd93b60681f4bad644c33f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
44fc570be4c1879f2cc47722a90ece08

SHA1
0fb21a3b2c073af399e981c93cbbfe5d2a228475

SHA256
9e43fce0fe4f81c8efd1bc0b66c873f62d65bad87783f19b74dffda3025dbe96

SHA512
8446fecb8ea82bbc11ba324455d7326832e72c75a3d212e2d268b981496004bdcadfe987ebc2698d941b7d544da8f4aceff78a88a6174b389c1cb827006d1976

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
83KB

MD5
40cf4f3a3569e5a8a3780f8dbb66d62c

SHA1
241c61161bf9802ac5dda785055d17b2ae6abba1

SHA256
ea2f28d018859824f22472b3b0fc4455fa40a7123e4f38230826ba4d134cb525

SHA512
f3365f4385b0812669bac5a65d96e0610332a8f775ddca0c775a4494aefb66a13ef1ee684f02f37e379761a45f19c7398ccca9f9ea7a9e4152e676148732909f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
76KB

MD5
918d0256e33d49fd757e35cfad91d776

SHA1
33b89c9cc971817d1d792cc9d2af48833166cc9d

SHA256
7e43215f98707aa9faa491469decb79c23a081a18a0b2f0edcbf09bf2336b557

SHA512
360694edf3136e83005fba255355120d906a7ce158166e543ee8c56d407e7c440b520229113346bd9fb5e17a28fdb84f80866e0da778cd23d86ba89a2609fbe4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab88D1.tmp

Filesize
62KB

MD5
3ac860860707baaf32469fa7cc7c0192

SHA1
c33c2acdaba0e6fa41fd2f00f186804722477639

SHA256
d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

SHA512
d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

Download Submit
C:\Users\Admin\AppData\Local\Temp\OpenIV_Setup_Install.log

Filesize
622B

MD5
e3de317d045f28acfe98cb164bf46fba

SHA1
259e3a42f0a9e2626890f76fa5d92aea146392d7

SHA256
f9c538705ac81800c2aaf518f4c511d7554958a3a82293317cfe7743ce6fddb1

SHA512
8515b7d1f517c37d729a7d7ee3baac90113335cf546acf383a7e0a065964b281d8747eda062949e5c86b1a0fe0994b4340bbe20fb9b77390ace6b215c88ce7f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\OpenIV_Setup_Install.log

Filesize
4KB

MD5
a98eeb319177aca015aca53f6611a813

SHA1
903b604c24eab2e1e926af20711380b674014859

SHA256
bf089acabb891d64f1e710a06c7437146aa06df20c80eefce5b2ae053dcfc66b

SHA512
fa03a9a26854f899112bd2a0aba43932cbbce965a9a5e9f63b2ae9c114858a6d1640b437c2dbf921d7e77408116c245772c36b47466a66a3ca0d512ef75434a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\OpenIV_Setup_Install.log

Filesize
4KB

MD5
a98eeb319177aca015aca53f6611a813

SHA1
903b604c24eab2e1e926af20711380b674014859

SHA256
bf089acabb891d64f1e710a06c7437146aa06df20c80eefce5b2ae053dcfc66b

SHA512
fa03a9a26854f899112bd2a0aba43932cbbce965a9a5e9f63b2ae9c114858a6d1640b437c2dbf921d7e77408116c245772c36b47466a66a3ca0d512ef75434a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar88E4.tmp

Filesize
164KB

MD5
4ff65ad929cd9a367680e0e5b1c08166

SHA1
c0af0d4396bd1f15c45f39d3b849ba444233b3a2

SHA256
c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

SHA512
f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8DAC.tmp

Filesize
163KB

MD5
19399ab248018076e27957e772bcfbab

SHA1
faef897e02d9501146beb49f75da1caf12967b88

SHA256
326842dd8731e37c8c27a08373c7ac341e6c72226cc850084e3a17d26675f3c9

SHA512
6d5b12ec637ef4223fdd0e271cdc9f860b060ff08d380bba546ac6962b1d672003f9ae9556d65282d8083e830d4277bad8d16443720716077e542ab0262b0103

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
adc1ce3e945c21de50c5456f00d150ce

SHA1
151fd57df8551afb15ad301bcc6b1164a90a8fde

SHA256
6f395a88504bf7209c037510e07b931fa5bc4949b84ae26f766e3d6fa306e79b

SHA512
52c70845662d4a508d6e40691260257cebe928a3258a0f709286d02596c1b0ab7358ed83d0d07a8beb9458cb3ed69fae421cc684ff4179e0983eccb67349fc61

Download Submit
C:\Users\Admin\Downloads\ovisetup.exe

Filesize
4.4MB

MD5
1692aec61ddcdda471defa199c62d25a

SHA1
484af221468ddb534b74e12970de80d5dfee2b28

SHA256
84bde632c5bfd2a7ff84e579e6f7561543ca0aad6d8e7275dae5926ba4f561c1

SHA512
19155d0770fc0931ab8ac1bf35f56b32c8c122379adac6866b07cebec28932f92be124638cd7bb9fdaff5edd091f3af0c1fbd0757a99de44e24f11214f13329a

Download Submit
C:\Users\Admin\Downloads\ovisetup.exe

Filesize
4.4MB

MD5
1692aec61ddcdda471defa199c62d25a

SHA1
484af221468ddb534b74e12970de80d5dfee2b28

SHA256
84bde632c5bfd2a7ff84e579e6f7561543ca0aad6d8e7275dae5926ba4f561c1

SHA512
19155d0770fc0931ab8ac1bf35f56b32c8c122379adac6866b07cebec28932f92be124638cd7bb9fdaff5edd091f3af0c1fbd0757a99de44e24f11214f13329a

Download Submit
memory/2040-733-0x0000000000400000-0x0000000000907000-memory.dmp

Filesize
5.0MB

Download
memory/2040-788-0x0000000000400000-0x0000000000907000-memory.dmp

Filesize
5.0MB

Download
memory/2040-780-0x0000000000400000-0x0000000000907000-memory.dmp

Filesize
5.0MB

Download
memory/2040-779-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2040-732-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download