cc16768fe66b11c07282c6d5d543701b85b283a44de51fdd4a9bd2a014f37b68

Resubmissions

24-09-2023 13:36

230924-qwaqyafd8s 10

24-09-2023 13:30

230924-qr3k6afd4x 10

Analysis

max time kernel
40s
max time network
100s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
24-09-2023 13:36

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

EXPENSIVE LOADER.exe
Size

1.3MB
MD5

bfb9334833749790c0df81ab1489c5a9
SHA1

b38e3080dfb1d35ae303b9f0c14a7cf12621de7c
SHA256

cc16768fe66b11c07282c6d5d543701b85b283a44de51fdd4a9bd2a014f37b68
SHA512

e41a66d9932f7853c9015ef0361cfbf4702a31d356e97dae1fb9ece085b808cac0e9a5d6d70a2763d08b3f940aacc074181bae6755077933d97f9a92b93c65d1
SSDEEP

24576:bw3SBs2Mhfs2OcpIi5aO9z1dn7Az8Zk61NlPXYpky7vKCB/nO:E3P2MhkPTaz1tswiKPXYpkyjKCB/O

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{649BB161-5ADF-11EE-8F6B-76BD0C21823E} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

2984 chrome.exe
2984 chrome.exe

Suspicious use of AdjustPrivilegeToken 28 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

Processes:

iexplore.exechrome.exe

pid	process
2964	iexplore.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exe

pid	process
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe

Suspicious use of SetWindowsHookEx 7 IoCs

Processes:

EXPENSIVE LOADER.exeiexplore.exeIEXPLORE.EXE

pid process

2220 EXPENSIVE LOADER.exe
2964 iexplore.exe
2964 iexplore.exe
2780 IEXPLORE.EXE
2780 IEXPLORE.EXE
2780 IEXPLORE.EXE
2780 IEXPLORE.EXE

pid	process
2220	EXPENSIVE LOADER.exe
2964	iexplore.exe
2964	iexplore.exe
2780	IEXPLORE.EXE
2780	IEXPLORE.EXE
2780	IEXPLORE.EXE
2780	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

cmd.exeiexplore.exechrome.exe

description	pid	process	target process
PID 2624 wrote to memory of 2964	2624	cmd.exe	iexplore.exe
PID 2624 wrote to memory of 2964	2624	cmd.exe	iexplore.exe
PID 2624 wrote to memory of 2964	2624	cmd.exe	iexplore.exe
PID 2964 wrote to memory of 2780	2964	iexplore.exe	IEXPLORE.EXE
PID 2964 wrote to memory of 2780	2964	iexplore.exe	IEXPLORE.EXE
PID 2964 wrote to memory of 2780	2964	iexplore.exe	IEXPLORE.EXE
PID 2964 wrote to memory of 2780	2964	iexplore.exe	IEXPLORE.EXE
PID 2984 wrote to memory of 528	2984	chrome.exe	chrome.exe
PID 2984 wrote to memory of 528	2984	chrome.exe	chrome.exe
PID 2984 wrote to memory of 528	2984	chrome.exe	chrome.exe
PID 2984 wrote to memory of 768	2984	chrome.exe	chrome.exe
PID 2984 wrote to memory of 768	2984	chrome.exe	chrome.exe
PID 2984 wrote to memory of 768	2984	chrome.exe	chrome.exe
PID 2984 wrote to memory of 768	2984	chrome.exe	chrome.exe
PID 2984 wrote to memory of 768	2984	chrome.exe	chrome.exe
PID 2984 wrote to memory of 768	2984	chrome.exe	chrome.exe
PID 2984 wrote to memory of 768	2984	chrome.exe	chrome.exe
PID 2984 wrote to memory of 768	2984	chrome.exe	chrome.exe
PID 2984 wrote to memory of 768	2984	chrome.exe	chrome.exe
PID 2984 wrote to memory of 768	2984	chrome.exe	chrome.exe
PID 2984 wrote to memory of 768	2984	chrome.exe	chrome.exe
PID 2984 wrote to memory of 768	2984	chrome.exe	chrome.exe
PID 2984 wrote to memory of 768	2984	chrome.exe	chrome.exe
PID 2984 wrote to memory of 768	2984	chrome.exe	chrome.exe
PID 2984 wrote to memory of 768	2984	chrome.exe	chrome.exe
PID 2984 wrote to memory of 768	2984	chrome.exe	chrome.exe
PID 2984 wrote to memory of 768	2984	chrome.exe	chrome.exe
PID 2984 wrote to memory of 768	2984	chrome.exe	chrome.exe
PID 2984 wrote to memory of 768	2984	chrome.exe	chrome.exe
PID 2984 wrote to memory of 768	2984	chrome.exe	chrome.exe
PID 2984 wrote to memory of 768	2984	chrome.exe	chrome.exe
PID 2984 wrote to memory of 768	2984	chrome.exe	chrome.exe
PID 2984 wrote to memory of 768	2984	chrome.exe	chrome.exe
PID 2984 wrote to memory of 768	2984	chrome.exe	chrome.exe
PID 2984 wrote to memory of 768	2984	chrome.exe	chrome.exe
PID 2984 wrote to memory of 768	2984	chrome.exe	chrome.exe
PID 2984 wrote to memory of 768	2984	chrome.exe	chrome.exe
PID 2984 wrote to memory of 768	2984	chrome.exe	chrome.exe
PID 2984 wrote to memory of 768	2984	chrome.exe	chrome.exe
PID 2984 wrote to memory of 768	2984	chrome.exe	chrome.exe
PID 2984 wrote to memory of 768	2984	chrome.exe	chrome.exe
PID 2984 wrote to memory of 768	2984	chrome.exe	chrome.exe
PID 2984 wrote to memory of 768	2984	chrome.exe	chrome.exe
PID 2984 wrote to memory of 768	2984	chrome.exe	chrome.exe
PID 2984 wrote to memory of 768	2984	chrome.exe	chrome.exe
PID 2984 wrote to memory of 768	2984	chrome.exe	chrome.exe
PID 2984 wrote to memory of 768	2984	chrome.exe	chrome.exe
PID 2984 wrote to memory of 768	2984	chrome.exe	chrome.exe
PID 2984 wrote to memory of 768	2984	chrome.exe	chrome.exe
PID 2984 wrote to memory of 1544	2984	chrome.exe	chrome.exe
PID 2984 wrote to memory of 1544	2984	chrome.exe	chrome.exe
PID 2984 wrote to memory of 1544	2984	chrome.exe	chrome.exe
PID 2984 wrote to memory of 1796	2984	chrome.exe	chrome.exe
PID 2984 wrote to memory of 1796	2984	chrome.exe	chrome.exe
PID 2984 wrote to memory of 1796	2984	chrome.exe	chrome.exe
PID 2984 wrote to memory of 1796	2984	chrome.exe	chrome.exe
PID 2984 wrote to memory of 1796	2984	chrome.exe	chrome.exe
PID 2984 wrote to memory of 1796	2984	chrome.exe	chrome.exe
PID 2984 wrote to memory of 1796	2984	chrome.exe	chrome.exe
PID 2984 wrote to memory of 1796	2984	chrome.exe	chrome.exe
PID 2984 wrote to memory of 1796	2984	chrome.exe	chrome.exe
PID 2984 wrote to memory of 1796	2984	chrome.exe	chrome.exe
PID 2984 wrote to memory of 1796	2984	chrome.exe	chrome.exe
PID 2984 wrote to memory of 1796	2984	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\EXPENSIVE LOADER.exe
"C:\Users\Admin\AppData\Local\Temp\EXPENSIVE LOADER.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2220

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2624

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https:/kaspersky.com/downloads/free-antivirus
2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2964

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2964 CREDAT:275457 /prefetch:2
3⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5f29758,0x7fef5f29768,0x7fef5f29778
2⤵
PID:528

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1428 --field-trial-handle=1224,i,18422534583387729111,6972861456840752136,131072 /prefetch:8
2⤵
PID:1544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1120 --field-trial-handle=1224,i,18422534583387729111,6972861456840752136,131072 /prefetch:2
2⤵
PID:768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1624 --field-trial-handle=1224,i,18422534583387729111,6972861456840752136,131072 /prefetch:8
2⤵
PID:1796

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2308 --field-trial-handle=1224,i,18422534583387729111,6972861456840752136,131072 /prefetch:1
2⤵
PID:1540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2336 --field-trial-handle=1224,i,18422534583387729111,6972861456840752136,131072 /prefetch:1
2⤵
PID:3008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1596 --field-trial-handle=1224,i,18422534583387729111,6972861456840752136,131072 /prefetch:2
2⤵
PID:2392

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1348 --field-trial-handle=1224,i,18422534583387729111,6972861456840752136,131072 /prefetch:1
2⤵
PID:2876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3460 --field-trial-handle=1224,i,18422534583387729111,6972861456840752136,131072 /prefetch:8
2⤵
PID:2520

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3600 --field-trial-handle=1224,i,18422534583387729111,6972861456840752136,131072 /prefetch:8
2⤵
PID:1988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3460 --field-trial-handle=1224,i,18422534583387729111,6972861456840752136,131072 /prefetch:1
2⤵
PID:848

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3568 --field-trial-handle=1224,i,18422534583387729111,6972861456840752136,131072 /prefetch:1
2⤵
PID:2232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 --field-trial-handle=1224,i,18422534583387729111,6972861456840752136,131072 /prefetch:8
2⤵
PID:2692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1604 --field-trial-handle=1224,i,18422534583387729111,6972861456840752136,131072 /prefetch:1
2⤵
PID:1716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3540 --field-trial-handle=1224,i,18422534583387729111,6972861456840752136,131072 /prefetch:1
2⤵
PID:2876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2716 --field-trial-handle=1224,i,18422534583387729111,6972861456840752136,131072 /prefetch:1
2⤵
PID:1332

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3948 --field-trial-handle=1224,i,18422534583387729111,6972861456840752136,131072 /prefetch:1
2⤵
PID:2628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1972 --field-trial-handle=1224,i,18422534583387729111,6972861456840752136,131072 /prefetch:1
2⤵
PID:2768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3968 --field-trial-handle=1224,i,18422534583387729111,6972861456840752136,131072 /prefetch:1
2⤵
PID:1500

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4012 --field-trial-handle=1224,i,18422534583387729111,6972861456840752136,131072 /prefetch:1
2⤵
PID:1996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3992 --field-trial-handle=1224,i,18422534583387729111,6972861456840752136,131072 /prefetch:1
2⤵
PID:2520

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2616

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
1⤵
PID:2892

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x1
1⤵
PID:796

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\44\Browsers\Firefox\Bookmarks.txt

Filesize
105B

MD5
2e9d094dda5cdc3ce6519f75943a4ff4

SHA1
5d989b4ac8b699781681fe75ed9ef98191a5096c

SHA256
c84c98bbf5e0ef9c8d0708b5d60c5bb656b7d6be5135d7f7a8d25557e08cf142

SHA512
d1f7eed00959e902bdb2125b91721460d3ff99f3bdfc1f2a343d4f58e8d4e5e5a06c0c6cdc0379211c94510f7c00d7a8b34fa7d0ca0c3d54cbbe878f1e9812b7

Download Submit
C:\ProgramData\44\Process.txt

Filesize
599B

MD5
e957bff81a17f9ef8794e404d4fb06bf

SHA1
debc7830506ecf846bb45a86551385d1cd9bca8c

SHA256
25caf31ad4fb9fdda4f0ff4f69e3b4cbbe5bffa34ccdc49cee3e710c6b0ab0b9

SHA512
a411dca38e9c7fc984766dbc943afe29f3aafdb43a36c02108da731de9f7a76a53eb6ed6ffb26404ed604fb0ea0a02c6c7ffb8bc7dfbd213542b73e06922c70b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2b78af1ef72878ee31242bbb15721a17

SHA1
4e491e94710663bec30908de2db1fe60488d36a7

SHA256
ccc11d196e750aef169db39779ee0e90d8799df7240d92d0ecbf3217fe0d56a0

SHA512
9f8175025c9c6be7abad823a1b44a414f2648f6e70edbf50a4e04de18d3b42cd6cdd23469d5cabcc159e244eb0d95d041a324221e8094a0c68edf1e0d950001a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5285b2ea3761a712472cb394cfcead71

SHA1
01c9c0f851ac4e5af7f29d2b839583fb60a34ad6

SHA256
6d74bd840070b46f47097bcd7809f56ced6a200a83fcf715ee6ebfcb7a51a2eb

SHA512
f860303ef62fd44770a1f7f025a61940a1ab5cf620f0db29a7e967ba17bcb88c8196a343f817c834554c1e00ce4942e37ec9225e050d49e9fc7d0cf8cdf609c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5458e59c6d4f18ed3f2ff1d09a76cd26

SHA1
b30dbbffba9a7ec31af32605ee62defd03687357

SHA256
7ea1e9949865b1c27923b9fb80290782f26a825ee1c69fd94c05557142097b1f

SHA512
ac670b9bf503356a9270497c0d5c743e00ae5f9d34d1db1bc2643b2b48c29f8318c2410f589c662a0599a2ca216e9ac367a7378695b8771e704386523bc66e94

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dfa0fa92e1d72a6a529244b80d8ec1b3

SHA1
4f25e29585c1f4b6c2bed35577b3979be407bd94

SHA256
2e453f9a673706c9cb62308e5ae2a22a5ed8266ba732844b05108108f65715d4

SHA512
49157e9ae47e33e8cfd0491ffe466c1d1f54017f71d6a716baec84e97f232f33ece81a24157e4c01b97ba092138dc66c65c0c4a2f409e76c1c3ae9c2e6747d45

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9d0dc87347250fd7b5ce3481ddbd1c39

SHA1
85ec477c186bcfec031685df20ddf20831431954

SHA256
1cebecb983579134e403a63bf1f2127e09dc491abcdb042af082b92a523d3218

SHA512
f5826b54df61c602c42f9e15eedf8d3e094ab23803e6dbf1fa0fc0e131d6fed0c452c60b6e656926ebe64040d4854a211dd52221d42779caaf54bd260b99b5ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c9fd21f5061b3c9838178a8a17823900

SHA1
a263cff12fbdbb864e4fbe5e00fdb3647bb7bb72

SHA256
eec1d54fb3f0e803078a024b92fc3c5caf471c83bb38ebf84198c38c03347708

SHA512
905d7d5e1a064d1cee00a1b3ec6ed570be783b2c6349211d5d4f153b44cb49bca803894071586f7afad4dcb860464be859366a821df1e29983be440aa342d374

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9543dd29fe4f1b399f90e4c578ba2c4a

SHA1
1b5586c7af673150bd3f5a386772e863cc69f852

SHA256
2450baefb0cf920911c1505d81aaeec666560d3e69c8f7a0575d0c266f627e48

SHA512
7bcc8842f742c85b1ee0caf37a1d37163554944b1e179df0cdde677206ff1f44f6acd4650220f4f830660fbfc1628a3b635b6c3da62ccf0bafb6b6386672894d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7cd3eaff2e9f54e6e7bf926ea72aeb11

SHA1
173d349c9ba86896db303f439380a36bdaac04f1

SHA256
df0e1e4748ea85ebe1325960bcf5339b503f749653ea55a8ecd374cdf8c026b0

SHA512
29fce0a87ed6a9b6ad5e566065c1a11df5545693cb772146fca6a77aa1fb242a56693bcdf7b29b39306699f65828ca9fb0aba5a2342241bfbd782c8fefa138c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
552e93c7e3e3c7cd7627be4810260950

SHA1
3b1c96d721178f74db00a235e3d4337a6286e981

SHA256
493950a18cec6709292e522ef077dcdd25db4173d3116ceed4b36a4585ab3d71

SHA512
c5c4e5d2f1e68ae42d454512c8c0c2f15b5e5ce220d6365015033b306e2e00eed83c21e28ab6acf6c8e5eb08350686d02a08f365f592ee034bec4d6715353419

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c6a9277c10275359a1df5b9f6c5d140e

SHA1
51429cbcc7cc226cb9975c189a6d9e91536f6d83

SHA256
85a60f73f8c72255b63fa1b6b8237bd8bd3858302a6f9a6c964b090ee841de7d

SHA512
3b91b7183aee160936c4559b174810c58a9fba6a44e923f0acc19b31772033bf5415e9733ef9bd265ed7be75d207828c5a81cfb55303629bbc0a47756a94fca1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ff9d11161bfa95f7fdd5e0d86beff10d

SHA1
66a477f33f107d031a0df7d020a4fdd342932d02

SHA256
199c8eb7ed4837a39a1dcc5ad06504059452e864241917a34e8ea092a1024231

SHA512
491b65f292a02254874afdedf0a64e83677d8d8a4ae1a8eff4182a6c6ae50436fadcc1122f03c3e9d1fdf16014035d2f01d6b12207bd3e756b0e39dbb88e1d7b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cc1b60e8bdace6a145765481f88baf23

SHA1
8284ff6857f1f5afb7a87e8098587aa5e6f474d0

SHA256
1891d2263b9eeb55431d62cf9b7d9d92af799e6dad50a044820962e2e8483ea5

SHA512
2849b845e93a8845244302018bd3425ab7e3e7368984e40a1e3bb89cd8e0cfbc7ee427eda30d0b5c65e5ef46667fdb1c604d0efba21a70ab7ded889e1f86d023

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c9da82cbbdaef58a24490ae3a5e04940

SHA1
67f8183e2e2a4a619b0b0b73d9b053fae73dbdf6

SHA256
a1dee34ab4aaac337298a6c528d6c8b374b5ce51abd914788f26bd1ee53f4023

SHA512
a66ea5812a69efe33f7b1217540e80cf45357602d95b24fccd149f1207818413edb730e2f475826b947dcc1cb5a985fabd6b9f6aec3d62ae1c47cc09db39344b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
67cf9edef6818c4d371d03aac9c4520e

SHA1
f21b2fcf6b014b01ac20ac47720812c6f2055b01

SHA256
4bdd4a745f7b00b5cf53dc2fae2c02230c531252d7d92e54c202ec94fa3c5ffa

SHA512
a9f1a8ef4c5b5890168109b1f4eea33e6b6c2ed10269be1a47ad1a143edbba70905dcf9800020ffc0f7a9d82c76fd98ff8552b77d88020914f846b31863cf53a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
32af75387128c1f7be93746998315222

SHA1
f2b66c9b336524a450df7f3dda4dc8db9b70c9cc

SHA256
12e59405fd6022eef2d9f3c18bdde12345ab549d3dd00a5224e3ee60d6df55a0

SHA512
86521aa8acd44e766a7acdcebe5d214c8c6cd43eedb850cb6a2bc66140e128fc5265f39cd5998036d3ef2786e37613c658314fd08e33a2f9b6940793f3a66466

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1f33a9410947459ebfe6f9cdc01b0c48

SHA1
a176082d80dc1af1859286d68924dd1579d1617c

SHA256
7e71eb3269a2cc84d2640fe2d180680de4ae58db30c7994b131c85649288a558

SHA512
66a2dd707eead75b7354075e6c87c34a6fff026f10e333bf5eeea04072b6650c5607ad5c0f9cfd1d1840c513991a97f510311248db8b71f4c4282c512afe04fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7e3c3e8946b22138ced4422e086b9aa0

SHA1
6e9c52e4281d2db2f7eaaec3062a5204ce211cd6

SHA256
0f789e751fb0605639bafc9eeff3cc14ac71bc622b6f7d3edda86d239625ed6f

SHA512
aed320434ce2a2de7dc0e30538f452c132ef7390f53b9af2278be6a233add73b635ed8a8fa92d7414705bbb3268482a8ca65bc4413603fd242e4b93543b33148

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
33f93185167401d458f5a351715bf841

SHA1
63d9581671b52d912789b0309ec21f06aaf1d7cb

SHA256
e6bb5f8a8d6e0be3f2a539734478927891d2cc2eb2395c08ac5a84913ba17aba

SHA512
9a2fcaab6ce4ea2fafa23574cec4b87ba89b05bea3b71ca58848cd1899580c65fd3b86a53f2a11882fc7b1ded5a06a307f6f6d4e446615679dfd7a87e88ee95b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
82e0c17e1d9df5a5d9b6bf136c8dbf9e

SHA1
83f0a74011e9844ce8d5b1095f0763eb1b933c4d

SHA256
5d0a81c12caf0535cd42ed4e61f5989d5494d6d3250a455b0ac7ab7800203a43

SHA512
491a70ce582502d4bd16bb70f69c0289d6d42b12dd1b65cc2c22d6b32c662904adb0afb4856097192cd5ec2010ef780f292f303936b176869f51f2619d43b034

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ee293b30b6a36a2ed0380ee6fb054dd1

SHA1
ab8114fefe07fc3bc63cf4f3b922a4e41849b518

SHA256
7da70f1faa341f026b43191ad4a35b359975bc116fe0f2836206e1e9b08ab63b

SHA512
e51fb0da9f9e2a1e2c97df63d0f362410788e43a19e1831b0aad39fec641c36d3badc1637ae7a2f51505838633375d95df8aab39201a27a9655b419f5946e1d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ba0f9b430bcbfc21c31eddf3127208b2

SHA1
bd85a1d1673eea6ae7adb7c4f000193cffc886ef

SHA256
7b426d221ecca3b27f69d31bc716db66e385664838b4b799011bd90cadf7e623

SHA512
5b5863a039fad509dd0b47761091da90e05a82780830792e966d79006c228797595a284f1584cdbffb3d05815a3af58f30fc37f1da66e9a6a2c803294f1c164e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c9a47b7820c8e4f9a982f48181749bd3

SHA1
26cdea73d7eba659940303c5e6d489c745badea1

SHA256
db929f906afdebd8a9a461182bf4cc5aa75cb931c218df7ce79b70f3efffc29f

SHA512
ce27e70041aad4e2c076067f0096763d7d7b69ca79c3825df8ea595db9ce75edaa1c20bb96b4cc5296267f6533777c3ce4493a7f87c542438ebe5a2723982f79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f6fe3a3a9c91e73133a40d3f0792ee86

SHA1
ffb52dfda66f1a78f985ab83602b79c08d165bb7

SHA256
d509d60e96655223d7e39791122c57e4a66a3cfe33876243c7451a9c5aceed8d

SHA512
acbaff2d4ee895c0e3115b3f4bab0c4353b819f6c5594817254ae9d12c5fed711eb6207ab711342eda65eb52222a05b627d214d6da5fd7e9e8dcd3142c3549d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bdaed46e42d5a8f6d30478b0a3dd31ab

SHA1
22a81bc49a3c609952a460a67ed96953ef8fd1d1

SHA256
c46a789efd15e66b5a437d080af2f4ecbc189796af244dd2e3641ea90ff2ce97

SHA512
9164992d230fef3eb94a5c387dff50fdd4abac597b4b3f25a4f763cbb17058bae6d3ebcd0630a65cde256eca7ba3d1410f6552ec651fa792a1df8a1df6910245

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\8a24a0bc-d61b-4cee-ac70-d51f949baffe.tmp

Filesize
198KB

MD5
10fff43d077aac783a7237779006bc53

SHA1
bcc30a9910ebb00fab3ae4952ff69a665285454d

SHA256
49a5bdc8e5d54aa343e4e5a0767cffab37790b435fa73412b02d2fdfad731ebe

SHA512
4032cf54301c4d9f578f1683ff5d17aafa7d13965edddd8574a56a462c4ad481ad9f82cc38dc573db15080060a75299a63c9768e08c5d8f30f9946314d2470ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
522B

MD5
da63874f1e49951a95d2a9634e762a36

SHA1
99c1cd4d9384a796d15ff9140eba79d8eb87433a

SHA256
7c552a9319f80cd5570a33b17319f9154ddad85c3188e5d183c24650d43802b8

SHA512
3eef552e052efc889f9d5c682863a5fb05c225e779b9502468c99bfbb4e82793bc1a0e29afc0faa236c3afba4b62e7404ecbdc50e7fadcb4b6739d4b201d778e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
9571e3bd6a746c1a52e2aeb581a2d130

SHA1
d4c7944244214bd6d2130c14b200682f506d39b4

SHA256
386c1669e435a24d2d8f1072f0363f0de05a42f109cc0a0a29528f7e76ad944d

SHA512
5f63a677ad193bbe0330da341a1fafa02d9f596518f80216802ee86bc5c0503d6c388008b00abdbf489387a4c4bd2761c24b1e87276f7229cbd4fe5093d99302

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
48bc3f1f3e0acca4380241c2e999106b

SHA1
a82d7ecb27d77b8e9ac542ffcb67cf01d9cf9ecc

SHA256
5573e3bf94e2a2bf852e94bf45a5da5cc10a1d259c9e8ac8a72511664297262d

SHA512
b6696415820b487b9696558582c66549c8b10189458281055244fc39a28502f1a7055549f68879e6b7f0c2c13fdd2f3af59bdd11c36978dcc074cd05eca79935

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f8c951394eac817afb21c76b9e65e3b9

SHA1
1b5d846f283eff3fdbcc8a2baf027eea7473eab7

SHA256
dfc7c47133a9fe272801d0990de05b0032644b20663a6f6d6b39c5757a94bef5

SHA512
128e7964d9142b874d168db0825ea12581ab29483912566a056858d9033660f804cf3819682f0e55a6a82aafddc4aa229afcc3ca2e9a751ba41617ab8ed6026c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data

Filesize
92KB

MD5
ae450014466937ad9a307787016de9a1

SHA1
1a89788d2cf5fb53bcdbc0fdc0947338d0bd0088

SHA256
b62fa632adbaa5a466eb26be0c5abbae5ae8463f4a3f02571dced0d741478506

SHA512
d7622cdace9e501617b52f4ae61b924cf7a10916676462f09ca90591e13b9ff44d3023d1f6916efdfb504fb99a54350a24343d302e52b54d9f0a3dc8f9c5e8df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
198KB

MD5
8f98c367d05f0eb167c92554e1ceed0a

SHA1
c6173b4e00843f7d3f9fc7066fc76d264b35306c

SHA256
f51004656aeb2f1bb3b0b0031c723b02916dc2c1af253ac1a042dca67bb0d433

SHA512
1b624506321bc19ac78e199d79f7478ebbb1418787d4001453482210b0a0388a313304d4ceba9a962fb8bc5271f8656f521cf153ce5c1c90f6228f3254b14d51

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab827A.tmp

Filesize
61KB

MD5
f3441b8572aae8801c04f3060b550443

SHA1
4ef0a35436125d6821831ef36c28ffaf196cda15

SHA256
6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

SHA512
5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar831B.tmp

Filesize
163KB

MD5
9441737383d21192400eca82fda910ec

SHA1
725e0d606a4fc9ba44aa8ffde65bed15e65367e4

SHA256
bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

SHA512
7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

Download Submit
\??\PIPE\samr

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\crashpad_2984_ZRZDBZOLYNTRLZGF

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/796-1405-0x00000000026E0000-0x00000000026E1000-memory.dmp

Filesize
4KB

Download
memory/2220-2-0x00000000013A0000-0x00000000017AA000-memory.dmp

Filesize
4.0MB

Download
memory/2220-692-0x0000000077E20000-0x0000000077E21000-memory.dmp

Filesize
4KB

Download
memory/2220-0-0x00000000013A0000-0x00000000017AA000-memory.dmp

Filesize
4.0MB

Download
memory/2220-700-0x0000000071AD0000-0x00000000721BE000-memory.dmp

Filesize
6.9MB

Download
memory/2220-861-0x0000000071AD0000-0x00000000721BE000-memory.dmp

Filesize
6.9MB

Download
memory/2220-1-0x00000000001A0000-0x00000000001A1000-memory.dmp

Filesize
4KB

Download
memory/2220-703-0x0000000004F40000-0x0000000004F80000-memory.dmp

Filesize
256KB

Download
memory/2220-702-0x00000000013A0000-0x00000000017AA000-memory.dmp

Filesize
4.0MB

Download
memory/2220-701-0x00000000013A0000-0x00000000017AA000-memory.dmp

Filesize
4.0MB

Download
memory/2220-853-0x00000000013A0000-0x00000000017AA000-memory.dmp

Filesize
4.0MB

Download
memory/2220-859-0x00000000013A0000-0x00000000017AA000-memory.dmp

Filesize
4.0MB

Download
memory/2892-1404-0x0000000002B40000-0x0000000002B41000-memory.dmp

Filesize
4KB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads