550321da5b10c472bc719bca2c0df74b240f80eff828079eb5253598fe112ae3

Resubmissions

06-09-2023 13:47

230906-q3vppafh36 3

06-09-2023 13:44

230906-q1771afg78 3

Analysis

max time kernel
265s
max time network
337s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
06-09-2023 13:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sa-mp-0.3.7-R5-1-install.exe
Size

14.8MB
MD5

f7874cc8637e5ddb98b07ed40a24de58
SHA1

0a9eac60f516a8661b5b2ae9f1d5d798ee7fecef
SHA256

550321da5b10c472bc719bca2c0df74b240f80eff828079eb5253598fe112ae3
SHA512

c0e2078d8bd1d6aeb8d6cc77ea935e41fb31c271f6503a3625d2bcbebf9a8b142a1d7856816381fb4be79a45e1ea6dbe8cdb8efa027f29c32faf52794c49f2b1
SSDEEP

393216:suNmflaNtY7G8t+LdFyBV9DVimtbA9yRbABehQtAuGuSwcBk:3NklUt3Nd2VvimtbeGbbhQtWBk

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 12 IoCs

installer

resource	yara_rule
behavioral1/files/0x000b000000019bfd-384.dat	nsis_installer_1
behavioral1/files/0x000b000000019bfd-384.dat	nsis_installer_2
behavioral1/files/0x000b000000019bfd-402.dat	nsis_installer_1
behavioral1/files/0x000b000000019bfd-402.dat	nsis_installer_2
behavioral1/files/0x000b000000019bfd-401.dat	nsis_installer_1
behavioral1/files/0x000b000000019bfd-401.dat	nsis_installer_2
behavioral1/files/0x000b000000019bfd-400.dat	nsis_installer_1
behavioral1/files/0x000b000000019bfd-400.dat	nsis_installer_2
behavioral1/files/0x000b000000019bfd-399.dat	nsis_installer_1
behavioral1/files/0x000b000000019bfd-399.dat	nsis_installer_2
behavioral1/files/0x000b000000019bfd-397.dat	nsis_installer_1
behavioral1/files/0x000b000000019bfd-397.dat	nsis_installer_2

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2392	chrome.exe
2392	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1508	sa-mp-0.3.7-R5-1-install.exe

Suspicious use of AdjustPrivilegeToken 20 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2392 wrote to memory of 304	2392	chrome.exe	41
PID 2392 wrote to memory of 304	2392	chrome.exe	41
PID 2392 wrote to memory of 304	2392	chrome.exe	41
PID 2392 wrote to memory of 2948	2392	chrome.exe	43
PID 2392 wrote to memory of 2948	2392	chrome.exe	43
PID 2392 wrote to memory of 2948	2392	chrome.exe	43
PID 2392 wrote to memory of 2948	2392	chrome.exe	43
PID 2392 wrote to memory of 2948	2392	chrome.exe	43
PID 2392 wrote to memory of 2948	2392	chrome.exe	43
PID 2392 wrote to memory of 2948	2392	chrome.exe	43
PID 2392 wrote to memory of 2948	2392	chrome.exe	43
PID 2392 wrote to memory of 2948	2392	chrome.exe	43
PID 2392 wrote to memory of 2948	2392	chrome.exe	43
PID 2392 wrote to memory of 2948	2392	chrome.exe	43
PID 2392 wrote to memory of 2948	2392	chrome.exe	43
PID 2392 wrote to memory of 2948	2392	chrome.exe	43
PID 2392 wrote to memory of 2948	2392	chrome.exe	43
PID 2392 wrote to memory of 2948	2392	chrome.exe	43
PID 2392 wrote to memory of 2948	2392	chrome.exe	43
PID 2392 wrote to memory of 2948	2392	chrome.exe	43
PID 2392 wrote to memory of 2948	2392	chrome.exe	43
PID 2392 wrote to memory of 2948	2392	chrome.exe	43
PID 2392 wrote to memory of 2948	2392	chrome.exe	43
PID 2392 wrote to memory of 2948	2392	chrome.exe	43
PID 2392 wrote to memory of 2948	2392	chrome.exe	43
PID 2392 wrote to memory of 2948	2392	chrome.exe	43
PID 2392 wrote to memory of 2948	2392	chrome.exe	43
PID 2392 wrote to memory of 2948	2392	chrome.exe	43
PID 2392 wrote to memory of 2948	2392	chrome.exe	43
PID 2392 wrote to memory of 2948	2392	chrome.exe	43
PID 2392 wrote to memory of 2948	2392	chrome.exe	43
PID 2392 wrote to memory of 2948	2392	chrome.exe	43
PID 2392 wrote to memory of 2948	2392	chrome.exe	43
PID 2392 wrote to memory of 2948	2392	chrome.exe	43
PID 2392 wrote to memory of 2948	2392	chrome.exe	43
PID 2392 wrote to memory of 2948	2392	chrome.exe	43
PID 2392 wrote to memory of 2948	2392	chrome.exe	43
PID 2392 wrote to memory of 2948	2392	chrome.exe	43
PID 2392 wrote to memory of 2948	2392	chrome.exe	43
PID 2392 wrote to memory of 2948	2392	chrome.exe	43
PID 2392 wrote to memory of 2948	2392	chrome.exe	43
PID 2392 wrote to memory of 2948	2392	chrome.exe	43
PID 2392 wrote to memory of 2228	2392	chrome.exe	44
PID 2392 wrote to memory of 2228	2392	chrome.exe	44
PID 2392 wrote to memory of 2228	2392	chrome.exe	44
PID 2392 wrote to memory of 2176	2392	chrome.exe	45
PID 2392 wrote to memory of 2176	2392	chrome.exe	45
PID 2392 wrote to memory of 2176	2392	chrome.exe	45
PID 2392 wrote to memory of 2176	2392	chrome.exe	45
PID 2392 wrote to memory of 2176	2392	chrome.exe	45
PID 2392 wrote to memory of 2176	2392	chrome.exe	45
PID 2392 wrote to memory of 2176	2392	chrome.exe	45
PID 2392 wrote to memory of 2176	2392	chrome.exe	45
PID 2392 wrote to memory of 2176	2392	chrome.exe	45
PID 2392 wrote to memory of 2176	2392	chrome.exe	45
PID 2392 wrote to memory of 2176	2392	chrome.exe	45
PID 2392 wrote to memory of 2176	2392	chrome.exe	45
PID 2392 wrote to memory of 2176	2392	chrome.exe	45
PID 2392 wrote to memory of 2176	2392	chrome.exe	45
PID 2392 wrote to memory of 2176	2392	chrome.exe	45
PID 2392 wrote to memory of 2176	2392	chrome.exe	45
PID 2392 wrote to memory of 2176	2392	chrome.exe	45
PID 2392 wrote to memory of 2176	2392	chrome.exe	45
PID 2392 wrote to memory of 2176	2392	chrome.exe	45

C:\Users\Admin\AppData\Local\Temp\sa-mp-0.3.7-R5-1-install.exe
"C:\Users\Admin\AppData\Local\Temp\sa-mp-0.3.7-R5-1-install.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:1508

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2696

C:\Users\Admin\AppData\Local\Temp\sa-mp-0.3.7-R5-1-install.exe
"C:\Users\Admin\AppData\Local\Temp\sa-mp-0.3.7-R5-1-install.exe"
1⤵
PID:2784

C:\Users\Admin\AppData\Local\Temp\sa-mp-0.3.7-R5-1-install.exe
"C:\Users\Admin\AppData\Local\Temp\sa-mp-0.3.7-R5-1-install.exe"
1⤵
PID:2252

C:\Users\Admin\AppData\Local\Temp\sa-mp-0.3.7-R5-1-install.exe
"C:\Users\Admin\AppData\Local\Temp\sa-mp-0.3.7-R5-1-install.exe"
1⤵
PID:2280

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5389758,0x7fef5389768,0x7fef5389778
  2⤵
  PID:304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1164 --field-trial-handle=1376,i,9227958449723826372,9659269251011171501,131072 /prefetch:2
  2⤵
  PID:2948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1376,i,9227958449723826372,9659269251011171501,131072 /prefetch:8
  2⤵
  PID:2228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1636 --field-trial-handle=1376,i,9227958449723826372,9659269251011171501,131072 /prefetch:8
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2156 --field-trial-handle=1376,i,9227958449723826372,9659269251011171501,131072 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2168 --field-trial-handle=1376,i,9227958449723826372,9659269251011171501,131072 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1164 --field-trial-handle=1376,i,9227958449723826372,9659269251011171501,131072 /prefetch:2
  2⤵
  PID:2476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2376 --field-trial-handle=1376,i,9227958449723826372,9659269251011171501,131072 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3408 --field-trial-handle=1376,i,9227958449723826372,9659269251011171501,131072 /prefetch:8
  2⤵
  PID:2960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3540 --field-trial-handle=1376,i,9227958449723826372,9659269251011171501,131072 /prefetch:8
  2⤵
  PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3660 --field-trial-handle=1376,i,9227958449723826372,9659269251011171501,131072 /prefetch:8
  2⤵
  PID:276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3748 --field-trial-handle=1376,i,9227958449723826372,9659269251011171501,131072 /prefetch:1
  2⤵
  PID:300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3956 --field-trial-handle=1376,i,9227958449723826372,9659269251011171501,131072 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3688 --field-trial-handle=1376,i,9227958449723826372,9659269251011171501,131072 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2220 --field-trial-handle=1376,i,9227958449723826372,9659269251011171501,131072 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 --field-trial-handle=1376,i,9227958449723826372,9659269251011171501,131072 /prefetch:8
  2⤵
  PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3316 --field-trial-handle=1376,i,9227958449723826372,9659269251011171501,131072 /prefetch:8
  2⤵
  PID:2928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1880 --field-trial-handle=1376,i,9227958449723826372,9659269251011171501,131072 /prefetch:1
  2⤵
  PID:1076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3788 --field-trial-handle=1376,i,9227958449723826372,9659269251011171501,131072 /prefetch:8
  2⤵
  PID:1176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3748 --field-trial-handle=1376,i,9227958449723826372,9659269251011171501,131072 /prefetch:8
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3860 --field-trial-handle=1376,i,9227958449723826372,9659269251011171501,131072 /prefetch:8
  2⤵
  PID:1804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3780 --field-trial-handle=1376,i,9227958449723826372,9659269251011171501,131072 /prefetch:8
  2⤵
  PID:2604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4144 --field-trial-handle=1376,i,9227958449723826372,9659269251011171501,131072 /prefetch:8
  2⤵
  PID:632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3820 --field-trial-handle=1376,i,9227958449723826372,9659269251011171501,131072 /prefetch:8
  2⤵
  PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3824 --field-trial-handle=1376,i,9227958449723826372,9659269251011171501,131072 /prefetch:8
  2⤵
  PID:2620
- C:\Users\Admin\Downloads\sa-mp-0.3.7-R5-1-install.exe
  "C:\Users\Admin\Downloads\sa-mp-0.3.7-R5-1-install.exe"
  2⤵
  PID:1404

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9acd7fdd454ff85f8bed2f01fc367702

SHA1
fb16ef0e35dd9f2b6625c8f88bc780407e964d0c

SHA256
ec01fd21222f341ed09fdaaa3985e1500f0f6bf10f657175a0e2326bf9618b95

SHA512
dd2d9dbec74335b574ae3f4f415354705644826475d226a842e7a384d0a526e82457baa1dd62d8780108c2acf9b9c8a5222f0328514dbf9ad514432dc58deca0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\8ef673fc-197e-4413-93aa-d5cf44e4d4ef.tmp

Filesize
5KB

MD5
3eab144ee541e02ed3f35a7453a16588

SHA1
cebb492a70aad6b7846a7161b6efdef9183bef2f

SHA256
e86943f641e0e7f2b30320eceae43b21a27df59513e85c7c3b45d37be6f40e25

SHA512
943965bc90af9f1d3f382340e9cb638fbf64532965849218e57e71cd9a256b624eedfbc5dd6b9610f1cb7d4d9d072176778d9faaab5057d78e28a76588d82785

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf7a6b22.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
527B

MD5
043aa11475f9dc8f9801e359a0351b64

SHA1
29bfc8a822b9d72a68613af24b9d7ce71fab6bf3

SHA256
2736c12444b04a95c7f7101ac9beabc7303bbe6450aefc6871f6968ddf2fb498

SHA512
31a147129e63dce248335af50de205ffacd1b2e72f7ea029d9d3c7ac8bdd6a870f8dba2265770d0e17f07a133ff6f349c5db7627562ef25801d3cb41144b6f6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
f39128a6f663b7c90db77c7dfe0603ef

SHA1
a470c51ed0cc6e9a24a0a79a9cca87aaa9ef20b6

SHA256
a411b2963abc86cbfd6bae044c3adb26d9f35dc145719c0a0030d4205f6d0dda

SHA512
4372b7ceef5e33092ddac428d82b1237760a664f50de4ed8446bcb13dae7e2d78c456154c862353ffe999047f0fa57675a95d74682cb49285032d4f8695016d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ee6830751fce63c193a3127bd2db1a39

SHA1
b87af40f50a65db0b87b4bf338b5170294174ce7

SHA256
9eaf5537bf049775f5af1d6f2a060a90542a53b4fbe33ba52579b14a52ffd374

SHA512
caf347540959d18accced4739b0648c74da6b58c2fa1a737d8a115a4b50be3c2c64bc9e8419377190a14149e4ac7e4ec73a9628ed8f57103f308ab9cb15adb7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f609b6489b820446a02d1b14904800ac

SHA1
aa2bad6b3cd86554e27f1189cc738b9111667230

SHA256
fa015e51de4604ca72fd0fe22df12d0d3ad92c97a585b29b748bdd0a95ff2ad0

SHA512
8750ce3e47b36455abb4ec5b7879582412293cd92dc9396bff2131d32e6a2fcd5c7451fdc2795e141cdf6eccf6f9abcb2811a53a5c55b299babe94c0c6ee7603

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
82KB

MD5
4088ec802d8fe502f0cfcd9b37c038e0

SHA1
72c534668a40d86ab32c7789ca84abe7e3d2cb3c

SHA256
eb5e345f7213a1c58a5474069daba3053d7392b07441901b0dac77b56147971d

SHA512
a108a2c907b92ce0607428a7703eec9bbabc3549ea209da606575b130750c2b394d1ad778280dde1656f84ac18ad04c59d06c56702ad750929a2cfdef46a7433

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
76KB

MD5
7dc291e3516dd6905e86634f4713b147

SHA1
746f1e48ac3cefb33409e8329af6d4ce076c60a2

SHA256
47846b1d8ad88e92a0f343cdb9dcf5defa03db517f18d581766b4deea0359526

SHA512
d51f034f33f44cde03e8378e64b9cab23dedea3bcb5061945fa414beb92f5a5873f3777342e57b00495c5f6585b8ba9f08c07cf13d9a868eea9d82dfc4ab2846

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6D17.tmp

Filesize
61KB

MD5
f3441b8572aae8801c04f3060b550443

SHA1
4ef0a35436125d6821831ef36c28ffaf196cda15

SHA256
6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

SHA512
5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6DD5.tmp

Filesize
163KB

MD5
9441737383d21192400eca82fda910ec

SHA1
725e0d606a4fc9ba44aa8ffde65bed15e65367e4

SHA256
bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

SHA512
7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nskC8AD.tmp\ioSpecial.ini

Filesize
220B

MD5
d372884b8dd9459efc35b54298cc55d9

SHA1
f3e478006bef54dd86bc5e6a1b04e32fe18fdc70

SHA256
d03407eb978b95db34be400689a4049c75662eb7b0b719d2a6a3dc6440d0182e

SHA512
8dc1bc083828236baf000ed53363af497e977ca196fbd9cf773121d4584bd019593725dd95a84e73b78a3fa65d8b2ba7e6e451a6499d75691b9de21cdb3d7048

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspF7C8.tmp\modern-wizard.bmp

Filesize
25KB

MD5
cbe40fd2b1ec96daedc65da172d90022

SHA1
366c216220aa4329dff6c485fd0e9b0f4f0a7944

SHA256
3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

SHA512
62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

Download Submit
C:\Users\Admin\Downloads\sa-mp-0.3.7-R5-1-install.exe

Filesize
14.8MB

MD5
f7874cc8637e5ddb98b07ed40a24de58

SHA1
0a9eac60f516a8661b5b2ae9f1d5d798ee7fecef

SHA256
550321da5b10c472bc719bca2c0df74b240f80eff828079eb5253598fe112ae3

SHA512
c0e2078d8bd1d6aeb8d6cc77ea935e41fb31c271f6503a3625d2bcbebf9a8b142a1d7856816381fb4be79a45e1ea6dbe8cdb8efa027f29c32faf52794c49f2b1

Download Submit
C:\Users\Admin\Downloads\sa-mp-0.3.7-R5-1-install.exe

Filesize
14.8MB

MD5
f7874cc8637e5ddb98b07ed40a24de58

SHA1
0a9eac60f516a8661b5b2ae9f1d5d798ee7fecef

SHA256
550321da5b10c472bc719bca2c0df74b240f80eff828079eb5253598fe112ae3

SHA512
c0e2078d8bd1d6aeb8d6cc77ea935e41fb31c271f6503a3625d2bcbebf9a8b142a1d7856816381fb4be79a45e1ea6dbe8cdb8efa027f29c32faf52794c49f2b1

Download Submit
C:\Users\Admin\Downloads\sa-mp-0.3.7-R5-1-install.exe

Filesize
14.8MB

MD5
f7874cc8637e5ddb98b07ed40a24de58

SHA1
0a9eac60f516a8661b5b2ae9f1d5d798ee7fecef

SHA256
550321da5b10c472bc719bca2c0df74b240f80eff828079eb5253598fe112ae3

SHA512
c0e2078d8bd1d6aeb8d6cc77ea935e41fb31c271f6503a3625d2bcbebf9a8b142a1d7856816381fb4be79a45e1ea6dbe8cdb8efa027f29c32faf52794c49f2b1

Download Submit
\Users\Admin\Downloads\sa-mp-0.3.7-R5-1-install.exe

Filesize
14.8MB

MD5
f7874cc8637e5ddb98b07ed40a24de58

SHA1
0a9eac60f516a8661b5b2ae9f1d5d798ee7fecef

SHA256
550321da5b10c472bc719bca2c0df74b240f80eff828079eb5253598fe112ae3

SHA512
c0e2078d8bd1d6aeb8d6cc77ea935e41fb31c271f6503a3625d2bcbebf9a8b142a1d7856816381fb4be79a45e1ea6dbe8cdb8efa027f29c32faf52794c49f2b1

Download Submit
\Users\Admin\Downloads\sa-mp-0.3.7-R5-1-install.exe

Filesize
14.8MB

MD5
f7874cc8637e5ddb98b07ed40a24de58

SHA1
0a9eac60f516a8661b5b2ae9f1d5d798ee7fecef

SHA256
550321da5b10c472bc719bca2c0df74b240f80eff828079eb5253598fe112ae3

SHA512
c0e2078d8bd1d6aeb8d6cc77ea935e41fb31c271f6503a3625d2bcbebf9a8b142a1d7856816381fb4be79a45e1ea6dbe8cdb8efa027f29c32faf52794c49f2b1

Download Submit
\Users\Admin\Downloads\sa-mp-0.3.7-R5-1-install.exe

Filesize
14.8MB

MD5
f7874cc8637e5ddb98b07ed40a24de58

SHA1
0a9eac60f516a8661b5b2ae9f1d5d798ee7fecef

SHA256
550321da5b10c472bc719bca2c0df74b240f80eff828079eb5253598fe112ae3

SHA512
c0e2078d8bd1d6aeb8d6cc77ea935e41fb31c271f6503a3625d2bcbebf9a8b142a1d7856816381fb4be79a45e1ea6dbe8cdb8efa027f29c32faf52794c49f2b1

Download Submit