hxxps://wetransfer[.]com/downloads/460073eab5c989aa50c5078ecdd0ba1320231103143901/ac1d866900e65697add653e053b24f4c20231103143928/a51a27

Analysis

max time kernel
149s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
06/11/2023, 20:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://wetransfer.com/downloads/460073eab5c989aa50c5078ecdd0ba1320231103143901/ac1d866900e65697add653e053b24f4c20231103143928/a51a27

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133437779043591155"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
4040	vlc.exe
1100	vlc.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
688	chrome.exe
688	chrome.exe
3904	chrome.exe
3904	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
4040	vlc.exe
1100	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeCreatePagefilePrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeCreatePagefilePrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeCreatePagefilePrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeCreatePagefilePrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeCreatePagefilePrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeCreatePagefilePrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeCreatePagefilePrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeCreatePagefilePrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeCreatePagefilePrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeCreatePagefilePrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeCreatePagefilePrivilege	688	chrome.exe
Token: 33	1976	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1976	AUDIODG.EXE
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeCreatePagefilePrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeCreatePagefilePrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeCreatePagefilePrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeCreatePagefilePrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeCreatePagefilePrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeCreatePagefilePrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeCreatePagefilePrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeCreatePagefilePrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeCreatePagefilePrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeCreatePagefilePrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeCreatePagefilePrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeCreatePagefilePrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeCreatePagefilePrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeCreatePagefilePrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeCreatePagefilePrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeCreatePagefilePrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeCreatePagefilePrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeCreatePagefilePrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeCreatePagefilePrivilege	688	chrome.exe
Token: SeShutdownPrivilege	688	chrome.exe
Token: SeCreatePagefilePrivilege	688	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe

Suspicious use of SendNotifyMessage 37 IoCs

pid	Process
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
688	chrome.exe
4040	vlc.exe
4040	vlc.exe
4040	vlc.exe
4040	vlc.exe
4040	vlc.exe
4040	vlc.exe
4040	vlc.exe
4040	vlc.exe
4040	vlc.exe
1100	vlc.exe
1100	vlc.exe
1100	vlc.exe
1100	vlc.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
4040	vlc.exe
4040	vlc.exe
4040	vlc.exe
4040	vlc.exe
1100	vlc.exe
1100	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 688 wrote to memory of 3020	688	chrome.exe	83
PID 688 wrote to memory of 3020	688	chrome.exe	83
PID 688 wrote to memory of 4260	688	chrome.exe	87
PID 688 wrote to memory of 4260	688	chrome.exe	87
PID 688 wrote to memory of 4260	688	chrome.exe	87
PID 688 wrote to memory of 4260	688	chrome.exe	87
PID 688 wrote to memory of 4260	688	chrome.exe	87
PID 688 wrote to memory of 4260	688	chrome.exe	87
PID 688 wrote to memory of 4260	688	chrome.exe	87
PID 688 wrote to memory of 4260	688	chrome.exe	87
PID 688 wrote to memory of 4260	688	chrome.exe	87
PID 688 wrote to memory of 4260	688	chrome.exe	87
PID 688 wrote to memory of 4260	688	chrome.exe	87
PID 688 wrote to memory of 4260	688	chrome.exe	87
PID 688 wrote to memory of 4260	688	chrome.exe	87
PID 688 wrote to memory of 4260	688	chrome.exe	87
PID 688 wrote to memory of 4260	688	chrome.exe	87
PID 688 wrote to memory of 4260	688	chrome.exe	87
PID 688 wrote to memory of 4260	688	chrome.exe	87
PID 688 wrote to memory of 4260	688	chrome.exe	87
PID 688 wrote to memory of 4260	688	chrome.exe	87
PID 688 wrote to memory of 4260	688	chrome.exe	87
PID 688 wrote to memory of 4260	688	chrome.exe	87
PID 688 wrote to memory of 4260	688	chrome.exe	87
PID 688 wrote to memory of 4260	688	chrome.exe	87
PID 688 wrote to memory of 4260	688	chrome.exe	87
PID 688 wrote to memory of 4260	688	chrome.exe	87
PID 688 wrote to memory of 4260	688	chrome.exe	87
PID 688 wrote to memory of 4260	688	chrome.exe	87
PID 688 wrote to memory of 4260	688	chrome.exe	87
PID 688 wrote to memory of 4260	688	chrome.exe	87
PID 688 wrote to memory of 4260	688	chrome.exe	87
PID 688 wrote to memory of 4260	688	chrome.exe	87
PID 688 wrote to memory of 4260	688	chrome.exe	87
PID 688 wrote to memory of 4260	688	chrome.exe	87
PID 688 wrote to memory of 4260	688	chrome.exe	87
PID 688 wrote to memory of 4260	688	chrome.exe	87
PID 688 wrote to memory of 4260	688	chrome.exe	87
PID 688 wrote to memory of 4260	688	chrome.exe	87
PID 688 wrote to memory of 4260	688	chrome.exe	87
PID 688 wrote to memory of 5076	688	chrome.exe	88
PID 688 wrote to memory of 5076	688	chrome.exe	88
PID 688 wrote to memory of 4864	688	chrome.exe	89
PID 688 wrote to memory of 4864	688	chrome.exe	89
PID 688 wrote to memory of 4864	688	chrome.exe	89
PID 688 wrote to memory of 4864	688	chrome.exe	89
PID 688 wrote to memory of 4864	688	chrome.exe	89
PID 688 wrote to memory of 4864	688	chrome.exe	89
PID 688 wrote to memory of 4864	688	chrome.exe	89
PID 688 wrote to memory of 4864	688	chrome.exe	89
PID 688 wrote to memory of 4864	688	chrome.exe	89
PID 688 wrote to memory of 4864	688	chrome.exe	89
PID 688 wrote to memory of 4864	688	chrome.exe	89
PID 688 wrote to memory of 4864	688	chrome.exe	89
PID 688 wrote to memory of 4864	688	chrome.exe	89
PID 688 wrote to memory of 4864	688	chrome.exe	89
PID 688 wrote to memory of 4864	688	chrome.exe	89
PID 688 wrote to memory of 4864	688	chrome.exe	89
PID 688 wrote to memory of 4864	688	chrome.exe	89
PID 688 wrote to memory of 4864	688	chrome.exe	89
PID 688 wrote to memory of 4864	688	chrome.exe	89
PID 688 wrote to memory of 4864	688	chrome.exe	89
PID 688 wrote to memory of 4864	688	chrome.exe	89
PID 688 wrote to memory of 4864	688	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://wetransfer.com/downloads/460073eab5c989aa50c5078ecdd0ba1320231103143901/ac1d866900e65697add653e053b24f4c20231103143928/a51a27
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd50749758,0x7ffd50749768,0x7ffd50749778
  2⤵
  PID:3020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1704 --field-trial-handle=1784,i,17002520247622888090,17180089261329905295,131072 /prefetch:2
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1784,i,17002520247622888090,17180089261329905295,131072 /prefetch:8
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1784,i,17002520247622888090,17180089261329905295,131072 /prefetch:8
  2⤵
  PID:4864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2976 --field-trial-handle=1784,i,17002520247622888090,17180089261329905295,131072 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2944 --field-trial-handle=1784,i,17002520247622888090,17180089261329905295,131072 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 --field-trial-handle=1784,i,17002520247622888090,17180089261329905295,131072 /prefetch:8
  2⤵
  PID:4136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5400 --field-trial-handle=1784,i,17002520247622888090,17180089261329905295,131072 /prefetch:8
  2⤵
  PID:1712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 --field-trial-handle=1784,i,17002520247622888090,17180089261329905295,131072 /prefetch:8
  2⤵
  PID:420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5604 --field-trial-handle=1784,i,17002520247622888090,17180089261329905295,131072 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4824 --field-trial-handle=1784,i,17002520247622888090,17180089261329905295,131072 /prefetch:1
  2⤵
  PID:5620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5976 --field-trial-handle=1784,i,17002520247622888090,17180089261329905295,131072 /prefetch:1
  2⤵
  PID:5820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5876 --field-trial-handle=1784,i,17002520247622888090,17180089261329905295,131072 /prefetch:1
  2⤵
  PID:5888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 --field-trial-handle=1784,i,17002520247622888090,17180089261329905295,131072 /prefetch:8
  2⤵
  PID:1660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6184 --field-trial-handle=1784,i,17002520247622888090,17180089261329905295,131072 /prefetch:8
  2⤵
  PID:5400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3944 --field-trial-handle=1784,i,17002520247622888090,17180089261329905295,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3904

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1740

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f4 0x52c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1976

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5736

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\wetransfer_cef-noviembre_2023-11-03_1439\CEF NOVIEMBRE\1-CELO-Nueva Smart Clamp ABT para clavadora.mp4"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4040

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\wetransfer_cef-noviembre_2023-11-03_1439\CEF NOVIEMBRE\8-Roblan-Luminarias TROCO de ROBLAN, nominadas a los Premios AÚNA 2023.mp4"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
74dc939254016d763d1e43b7611f477f

SHA1
f131254c5c20bfcab1789f448ad46c1611bafffd

SHA256
37329223ec2f17f95aef7c6735ffc00101ed47e64758500a7cd1fbc82c30d72e

SHA512
4d9d44e79d3782310d1629581a217d4de794af3b17c9565662a8be4ad817d672a42106791aae2827cfd976fecf4e4ba506628e1d9a9c2598fab900857cbd0d9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
8425ef1b6d9f4288486a7a8d689a571d

SHA1
2654b892bf6b003ea550d30e72d97dbba4347e41

SHA256
026c1ff929117efcb480b8259e03929d7d500060f40f7a3ae99b684d8c70180a

SHA512
599096dbd5195e333659a7898bceac3f4db3c02acc2295c2f8a99786ae89b6669f84802a73e1dd4348e6451b82fb2c41995e904757e7841b5d6ee088642c5894

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
5d06e25c7d8a5931a9df7b7b07c9720a

SHA1
f2424782fc1eef7b8a99d834085abb9de3ee17b6

SHA256
f395c2590c7b53532960acf612609fffe83c733a33aba6746d0eeeca4b8cea15

SHA512
7a59b0e6c4c74b12fe377fbf22d1ea5b0daa5f04fd06e82052719aeb0f01d6a35c138f5b88a62a3da8e1b760500cbf425268bb27acbcaa12ef0b00af92278bad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
ae0308a13c39d6fe347135669e8676b3

SHA1
f349abffbc86304548c71cc29140f9c48d1b4b81

SHA256
c4d2ae63f6518a02d1e326b94efb054763fbbfb47b384bc67e82b14fe850e239

SHA512
d99eb467bd68db2e4fd408e38ab7b48aa46ca25060388b0a7db97f58a3d985d147d7773e36da0c16a59af08ae990b6bae9e2250ac1cc36bf5e259187accbb50f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
6d056fd93f8f20efe334367580e375c8

SHA1
3a91279acdbee620988d1d4a73f51c833b8828b6

SHA256
07e9a2c9cf131a3cc71ff605fbe5438227e06e24e0469e2e6e02045bb736862b

SHA512
93964c2365406c999f3fcb7b399a620d6cc475b90833336ebdb792df8482895f174d1096a2b5aaa9d27c809edc28fd513ac6b8a65e3973e3e27b4bf87f391078

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
249d2abf65ec277216e4e3d52944d743

SHA1
65cf76b1bf4653083bce17fb8ec37045c4e033da

SHA256
f6870babc7e284574e37d46e0aae033f09b13925abb0c806d6a7d3b2d6e4dc67

SHA512
84e844302953f94a79b349040297a170fe46a4794842df94d1526f96e2f062b495a639080cdcbfba3522fab7ae78e12153bc3a273c2f075eb0a29f020e30e35c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
6374379f6afdcc2c0c4e3b15c5a91a5f

SHA1
0d086f114ec78630d2bf4d1b546cc0602438dae9

SHA256
94e5bda1ff0552baa54b7861b64f18896ddc53a59f59ec220ef54ec94adf0161

SHA512
724ba4efe219664d1eb985a5ef1d1139569a5b846e56d207b8aead7e2ee0254e622a35484500f31ea493d48eacd056f8f89adcd1b1fe2186a195cf61d9b69369

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
89daea07d6c96f7a9dddbeef8a8b2fb5

SHA1
70e77865606553090e9c1f41e93b0668df0c8824

SHA256
708558bf1b45cad4467e4aabe47655d5363cdd485d0a78bd21be725e3c2cde3b

SHA512
9022aa1456df22e7351da51f885313bada96e852ada47bd6c6eb0ed3d72f31edcdf0ceed2dc3ffe11e72856a3fd43490f69ca561fa61a5bee7fb587f3242a324

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
1c754087a02923e5ee6464b3d3e1cddf

SHA1
8051ae7cb58d7c13f45614f1578ca0b75a90296d

SHA256
008612b54cb0a7b7cb3d11021e07c96073c72cc549b7ef8e2f2c3cb5d777b1af

SHA512
5c3a7214630361828e875b0bebb8a9a7d89dd52e450c24cfd451dcea413716e68f5d8669afc6ddbc131e29ba4bce52979172c8f1a767af84d1773b3d8bb3522f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d02883c652b9db97b6ee2a64d90b2fc9

SHA1
63ac45bc5314cb229df5bcdb261c658413568b01

SHA256
aaae8c23bc71c042b503c6d22c7eff37fdffe2ccf0cc369fadc41b9ad6b135b7

SHA512
5fe90fe1dc3c66fae451c8bbafbbdd069f5c2d5b2cf71b0e648cad07df01d511ef35507ecb6e61c87838acb377682dceadfb09349cbf6088e1ec5a4b8206e69c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
60cdb0f9c27a8e59738955d5edf06a48

SHA1
d56a9f31d327fa169b6206a151d034c34ac9c7ab

SHA256
f41d0e64ba8fbcb8aa6fb2e54025a72875c72e89e7c7c52d9af07cf4c035465b

SHA512
dfc0471b89d5b0b53b51627456a62d6550c390b1e00233e4887aec1e1a25c2e592f4890b7491f9ed75b9bc70a7e44c355343fccd76fcac92ddd2e311beedb49d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d6e55189becb62b9cc253f5121cb3163

SHA1
d0bb794fa1b0d8c422e8a8f3a85bb65afaba5a54

SHA256
c9c3d9320e4643ddda56ab6c0d4fb00d0918f2278073970e39f7c5a24484556a

SHA512
1616a6e53163ae12d210a45fc4b1931e963f0898407810f52ff7f292118a03332670419f2dec4e31ded0f3ab318588613f172e5afa1dd093219b83f5daa2f35c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
214KB

MD5
3c9fd74f92e959dbbddbcb5224a30466

SHA1
c0b9159c19572494db68fd56a5c5757b4e2b75de

SHA256
ad46509851d05e2705f019a11d8a3bcf9764e21268aa429ef9304fd75dbd7000

SHA512
84e0a630ce795eabca83ecf0e0a567027d5f5efe2b53e7f4c4a701c9f4d53a189a934700f92aaf9fa0d13ee33d96a279a04c611b1c9b95be52a5053f92cce0be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
d4cddf073b47f120c90b9d4e4cfae7b7

SHA1
f3c766c17b4bb1c0d4b48a3af01c8ff284bc47b8

SHA256
6d14cfaba18089af47a3772255d314b948e867125bec5c86d0f170e7a77cc52a

SHA512
04a3b78c89e7aa015c2d7e95e827513c507c0be7b82f8a52de1d4b718ea0d8c4538fd86442eeaa0c2852bd6667054dacca0ae906124379ec3ae720c72bc30d3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58de16.TMP

Filesize
107KB

MD5
bccdf337cd1439fa8ef2b8b0b63f27d3

SHA1
a586a122622f850740a8dd0708a0c2a301338719

SHA256
311f5ee8bbff882d6655f442119253429c4e5ba0e9470c175ee84f6563db608c

SHA512
9e6d31ad2b48fc2dd2c0a94ddc306a6cb21af7793fefc0bdd61d0924bef9753fb5ed2f281080f1efa73e21310e14aada8da75fd6a08b769b1f2175cc931078fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\ml.xspf

Filesize
304B

MD5
781602441469750c3219c8c38b515ed4

SHA1
e885acd1cbd0b897ebcedbb145bef1c330f80595

SHA256
81970dbe581373d14fbd451ac4b3f96e5f69b79645f1ee1ca715cff3af0bf20d

SHA512
2b0a1717d96edb47bdf0ffeb250a5ec11f7d0638d3e0a62fbe48c064379b473ca88ffbececb32a72129d06c040b107834f1004ccda5f0f35b8c3588034786461

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
659B

MD5
0bcff4a326265020eee7a1121aaad8d3

SHA1
3b0f1220a0b76deee150d45f65cd0459fdc716a1

SHA256
e23da3b120fbae73803258e0b9e01e0743f1d7650b920d1c2127d73d6a9d69ba

SHA512
541acbff783f0204d1bdda2e38313b1832af05a7407c3f8bae12e3d994d9f260b500d63a3551fd358efdc010fb7d05271f3ce5036b51cef6bfe6659e492b7e16

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlcrc

Filesize
93KB

MD5
478a4a09f4f74e97335cd4d5e9da7ab5

SHA1
3c4f1dc52a293f079095d0b0370428ec8e8f9315

SHA256
884b59950669842f3c45e6da3480cd9a553538b951fb155b435b48ff38683974

SHA512
e96719663cd264132a8e1ea8c3f8a148c778a0c68caa2468ba47629393605b197dd9e00efad91f389de9fcc77b04981a0cf87f785f3c645cdc9e4ebd98060ca1

Download Submit
C:\Users\Admin\Downloads\wetransfer_cef-noviembre_2023-11-03_1439.zip

Filesize
429.4MB

MD5
8b496fa88e78a2abf96392845aeccdec

SHA1
dc9b6ba0e6cf58c26d1e1cf75aa94c676cc85f16

SHA256
f9c272c2d54005f3b78117b32337e0c5c2ac911d909ad1410a1baec778513553

SHA512
ac6f1984fdfe89ac1b3576df3b1bc6a1974291130eddf5d632f5b5de0b6e8b33837a8153356b2f90a18f5e008d56fd857282f0a84c7c99e36b016350fb542e32

Download Submit
memory/4040-341-0x00007FFD3ADB0000-0x00007FFD3AF28000-memory.dmp

Filesize
1.5MB

Download
memory/4040-351-0x00007FFD56D00000-0x00007FFD56D10000-memory.dmp

Filesize
64KB

Download
memory/4040-323-0x00007FFD3D8A0000-0x00007FFD3D8BD000-memory.dmp

Filesize
116KB

Download
memory/4040-322-0x00007FFD418C0000-0x00007FFD418D1000-memory.dmp

Filesize
68KB

Download
memory/4040-321-0x00007FFD419C0000-0x00007FFD419D7000-memory.dmp

Filesize
92KB

Download
memory/4040-318-0x00007FFD503D0000-0x00007FFD503E8000-memory.dmp

Filesize
96KB

Download
memory/4040-326-0x00007FFD3D4B0000-0x00007FFD3D4EF000-memory.dmp

Filesize
252KB

Download
memory/4040-330-0x00007FFD3B140000-0x00007FFD3B151000-memory.dmp

Filesize
68KB

Download
memory/4040-331-0x00007FFD3B120000-0x00007FFD3B131000-memory.dmp

Filesize
68KB

Download
memory/4040-332-0x00007FFD3B100000-0x00007FFD3B11B000-memory.dmp

Filesize
108KB

Download
memory/4040-335-0x00007FFD3B090000-0x00007FFD3B0C0000-memory.dmp

Filesize
192KB

Download
memory/4040-334-0x00007FFD3B0C0000-0x00007FFD3B0D8000-memory.dmp

Filesize
96KB

Download
memory/4040-333-0x00007FFD3B0E0000-0x00007FFD3B0F1000-memory.dmp

Filesize
68KB

Download
memory/4040-329-0x00007FFD3C010000-0x00007FFD3C021000-memory.dmp

Filesize
68KB

Download
memory/4040-328-0x00007FFD3D490000-0x00007FFD3D4A8000-memory.dmp

Filesize
96KB

Download
memory/4040-327-0x00007FFD3D850000-0x00007FFD3D871000-memory.dmp

Filesize
132KB

Download
memory/4040-325-0x00007FFD3C030000-0x00007FFD3C230000-memory.dmp

Filesize
2.0MB

Download
memory/4040-337-0x00007FFD3B020000-0x00007FFD3B087000-memory.dmp

Filesize
412KB

Download
memory/4040-338-0x00007FFD3AFB0000-0x00007FFD3B01F000-memory.dmp

Filesize
444KB

Download
memory/4040-339-0x00007FFD3AF90000-0x00007FFD3AFA1000-memory.dmp

Filesize
68KB

Download
memory/4040-340-0x00007FFD3AF30000-0x00007FFD3AF86000-memory.dmp

Filesize
344KB

Download
memory/4040-320-0x00007FFD50330000-0x00007FFD50341000-memory.dmp

Filesize
68KB

Download
memory/4040-336-0x00007FFD345D0000-0x00007FFD3567B000-memory.dmp

Filesize
16.7MB

Download
memory/4040-342-0x00007FFD3AD90000-0x00007FFD3ADA7000-memory.dmp

Filesize
92KB

Download
memory/4040-344-0x00007FFD3AD70000-0x00007FFD3AD82000-memory.dmp

Filesize
72KB

Download
memory/4040-345-0x00007FFD3A140000-0x00007FFD3A182000-memory.dmp

Filesize
264KB

Download
memory/4040-343-0x00007FFD3A190000-0x00007FFD3A300000-memory.dmp

Filesize
1.4MB

Download
memory/4040-346-0x00007FFD3A0F0000-0x00007FFD3A13C000-memory.dmp

Filesize
304KB

Download
memory/4040-347-0x00007FFD39130000-0x00007FFD3929B000-memory.dmp

Filesize
1.4MB

Download
memory/4040-348-0x00007FFD3A090000-0x00007FFD3A0E7000-memory.dmp

Filesize
348KB

Download
memory/4040-349-0x00007FFD38C30000-0x00007FFD38E7B000-memory.dmp

Filesize
2.3MB

Download
memory/4040-324-0x00007FFD3D880000-0x00007FFD3D891000-memory.dmp

Filesize
68KB

Download
memory/4040-352-0x00007FFD3AD40000-0x00007FFD3AD6F000-memory.dmp

Filesize
188KB

Download
memory/4040-350-0x00007FFD32360000-0x00007FFD33B10000-memory.dmp

Filesize
23.7MB

Download
memory/4040-354-0x00007FFD39FB0000-0x00007FFD39FC6000-memory.dmp

Filesize
88KB

Download
memory/4040-355-0x00007FFD38B60000-0x00007FFD38C25000-memory.dmp

Filesize
788KB

Download
memory/4040-353-0x00007FFD3A070000-0x00007FFD3A081000-memory.dmp

Filesize
68KB

Download
memory/4040-356-0x00007FFD38960000-0x00007FFD389D5000-memory.dmp

Filesize
468KB

Download
memory/4040-358-0x00007FFD38880000-0x00007FFD388ED000-memory.dmp

Filesize
436KB

Download
memory/4040-357-0x00007FFD388F0000-0x00007FFD38952000-memory.dmp

Filesize
392KB

Download
memory/4040-360-0x00007FFD390F0000-0x00007FFD39104000-memory.dmp

Filesize
80KB

Download
memory/4040-359-0x00007FFD39110000-0x00007FFD39123000-memory.dmp

Filesize
76KB

Download
memory/4040-362-0x00007FFD38610000-0x00007FFD3882D000-memory.dmp

Filesize
2.1MB

Download
memory/4040-361-0x00007FFD38830000-0x00007FFD38880000-memory.dmp

Filesize
320KB

Download
memory/4040-366-0x00007FFD38450000-0x00007FFD385CA000-memory.dmp

Filesize
1.5MB

Download
memory/4040-367-0x00007FFD38430000-0x00007FFD38445000-memory.dmp

Filesize
84KB

Download
memory/4040-370-0x00007FFD382E0000-0x00007FFD383D4000-memory.dmp

Filesize
976KB

Download
memory/4040-372-0x00007FFD38290000-0x00007FFD382A3000-memory.dmp

Filesize
76KB

Download
memory/4040-373-0x00007FFD38270000-0x00007FFD3828B000-memory.dmp

Filesize
108KB

Download
memory/4040-375-0x00007FFD38230000-0x00007FFD38245000-memory.dmp

Filesize
84KB

Download
memory/4040-377-0x00007FFD381F0000-0x00007FFD38204000-memory.dmp

Filesize
80KB

Download
memory/4040-378-0x00007FFD381D0000-0x00007FFD381E2000-memory.dmp

Filesize
72KB

Download
memory/4040-376-0x00007FFD38210000-0x00007FFD38223000-memory.dmp

Filesize
76KB

Download
memory/4040-374-0x00007FFD38250000-0x00007FFD38262000-memory.dmp

Filesize
72KB

Download
memory/4040-371-0x00007FFD382B0000-0x00007FFD382DA000-memory.dmp

Filesize
168KB

Download
memory/4040-369-0x00007FFD383E0000-0x00007FFD383F3000-memory.dmp

Filesize
76KB

Download
memory/4040-368-0x00007FFD38400000-0x00007FFD38423000-memory.dmp

Filesize
140KB

Download
memory/4040-365-0x00007FFD385D0000-0x00007FFD385E2000-memory.dmp

Filesize
72KB

Download
memory/4040-364-0x00007FFD385F0000-0x00007FFD38601000-memory.dmp

Filesize
68KB

Download
memory/4040-363-0x00007FFD39070000-0x00007FFD39085000-memory.dmp

Filesize
84KB

Download
memory/4040-319-0x00007FFD50350000-0x00007FFD50367000-memory.dmp

Filesize
92KB

Download
memory/4040-317-0x00007FFD3C230000-0x00007FFD3C4E4000-memory.dmp

Filesize
2.7MB

Download
memory/4040-316-0x00007FFD55230000-0x00007FFD55264000-memory.dmp

Filesize
208KB

Download
memory/4040-315-0x00007FF600E10000-0x00007FF600F08000-memory.dmp

Filesize
992KB

Download