ab646958ed57b0da1300350ec36f070a7c7af5fef87475bf57b3b9898ea46500

Analysis

max time kernel
1799s
max time network
1692s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
11/11/2023, 22:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

image_2023-11-11_220731593.png
Size

45KB
MD5

0e5a4467c0281ca81ff4d3feb82b9887
SHA1

b8a19d00e8247ed5117649b193efb66212c87b0b
SHA256

ab646958ed57b0da1300350ec36f070a7c7af5fef87475bf57b3b9898ea46500
SHA512

ec1162cde826fb88325726bc7840063859c92b5ab0c6da9428ab732e6f047aad8c9b1edfaed5d983d1fc5d9ff4e6012309addbc6921cc3b837378e5a124b3e31
SSDEEP

768:vCuqOmvN9q51+5SAMWqukPrZRvKBdyK/VBbur9QkJMuY9KkH5Fc6HetiQrU:vCu1C9q51+5kskPrZRvKuK/rbu5QoMuQ

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
6072	main.exe
5344	main.exe

Loads dropped DLL 42 IoCs

pid	Process
6072	main.exe
6072	main.exe
6072	main.exe
6072	main.exe
6072	main.exe
6072	main.exe
6072	main.exe
6072	main.exe
6072	main.exe
6072	main.exe
6072	main.exe
6072	main.exe
6072	main.exe
6072	main.exe
6072	main.exe
6072	main.exe
6072	main.exe
6072	main.exe
6072	main.exe
6072	main.exe
6072	main.exe
5344	main.exe
5344	main.exe
5344	main.exe
5344	main.exe
5344	main.exe
5344	main.exe
5344	main.exe
5344	main.exe
5344	main.exe
5344	main.exe
5344	main.exe
5344	main.exe
5344	main.exe
5344	main.exe
5344	main.exe
5344	main.exe
5344	main.exe
5344	main.exe
5344	main.exe
5344	main.exe
5344	main.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133442140868529552"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2112	chrome.exe
2112	chrome.exe
5732	chrome.exe
5732	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 42 IoCs

pid	Process
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe
Token: SeShutdownPrivilege	2112	chrome.exe
Token: SeCreatePagefilePrivilege	2112	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe
2112	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2112 wrote to memory of 4496	2112	chrome.exe	90
PID 2112 wrote to memory of 4496	2112	chrome.exe	90
PID 2112 wrote to memory of 4960	2112	chrome.exe	92
PID 2112 wrote to memory of 4960	2112	chrome.exe	92
PID 2112 wrote to memory of 4960	2112	chrome.exe	92
PID 2112 wrote to memory of 4960	2112	chrome.exe	92
PID 2112 wrote to memory of 4960	2112	chrome.exe	92
PID 2112 wrote to memory of 4960	2112	chrome.exe	92
PID 2112 wrote to memory of 4960	2112	chrome.exe	92
PID 2112 wrote to memory of 4960	2112	chrome.exe	92
PID 2112 wrote to memory of 4960	2112	chrome.exe	92
PID 2112 wrote to memory of 4960	2112	chrome.exe	92
PID 2112 wrote to memory of 4960	2112	chrome.exe	92
PID 2112 wrote to memory of 4960	2112	chrome.exe	92
PID 2112 wrote to memory of 4960	2112	chrome.exe	92
PID 2112 wrote to memory of 4960	2112	chrome.exe	92
PID 2112 wrote to memory of 4960	2112	chrome.exe	92
PID 2112 wrote to memory of 4960	2112	chrome.exe	92
PID 2112 wrote to memory of 4960	2112	chrome.exe	92
PID 2112 wrote to memory of 4960	2112	chrome.exe	92
PID 2112 wrote to memory of 4960	2112	chrome.exe	92
PID 2112 wrote to memory of 4960	2112	chrome.exe	92
PID 2112 wrote to memory of 4960	2112	chrome.exe	92
PID 2112 wrote to memory of 4960	2112	chrome.exe	92
PID 2112 wrote to memory of 4960	2112	chrome.exe	92
PID 2112 wrote to memory of 4960	2112	chrome.exe	92
PID 2112 wrote to memory of 4960	2112	chrome.exe	92
PID 2112 wrote to memory of 4960	2112	chrome.exe	92
PID 2112 wrote to memory of 4960	2112	chrome.exe	92
PID 2112 wrote to memory of 4960	2112	chrome.exe	92
PID 2112 wrote to memory of 4960	2112	chrome.exe	92
PID 2112 wrote to memory of 4960	2112	chrome.exe	92
PID 2112 wrote to memory of 4960	2112	chrome.exe	92
PID 2112 wrote to memory of 4960	2112	chrome.exe	92
PID 2112 wrote to memory of 4960	2112	chrome.exe	92
PID 2112 wrote to memory of 4960	2112	chrome.exe	92
PID 2112 wrote to memory of 4960	2112	chrome.exe	92
PID 2112 wrote to memory of 4960	2112	chrome.exe	92
PID 2112 wrote to memory of 4960	2112	chrome.exe	92
PID 2112 wrote to memory of 4960	2112	chrome.exe	92
PID 2112 wrote to memory of 4844	2112	chrome.exe	93
PID 2112 wrote to memory of 4844	2112	chrome.exe	93
PID 2112 wrote to memory of 4376	2112	chrome.exe	94
PID 2112 wrote to memory of 4376	2112	chrome.exe	94
PID 2112 wrote to memory of 4376	2112	chrome.exe	94
PID 2112 wrote to memory of 4376	2112	chrome.exe	94
PID 2112 wrote to memory of 4376	2112	chrome.exe	94
PID 2112 wrote to memory of 4376	2112	chrome.exe	94
PID 2112 wrote to memory of 4376	2112	chrome.exe	94
PID 2112 wrote to memory of 4376	2112	chrome.exe	94
PID 2112 wrote to memory of 4376	2112	chrome.exe	94
PID 2112 wrote to memory of 4376	2112	chrome.exe	94
PID 2112 wrote to memory of 4376	2112	chrome.exe	94
PID 2112 wrote to memory of 4376	2112	chrome.exe	94
PID 2112 wrote to memory of 4376	2112	chrome.exe	94
PID 2112 wrote to memory of 4376	2112	chrome.exe	94
PID 2112 wrote to memory of 4376	2112	chrome.exe	94
PID 2112 wrote to memory of 4376	2112	chrome.exe	94
PID 2112 wrote to memory of 4376	2112	chrome.exe	94
PID 2112 wrote to memory of 4376	2112	chrome.exe	94
PID 2112 wrote to memory of 4376	2112	chrome.exe	94
PID 2112 wrote to memory of 4376	2112	chrome.exe	94
PID 2112 wrote to memory of 4376	2112	chrome.exe	94
PID 2112 wrote to memory of 4376	2112	chrome.exe	94

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\image_2023-11-11_220731593.png
1⤵
PID:3352

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe1f559758,0x7ffe1f559768,0x7ffe1f559778
  2⤵
  PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:2
  2⤵
  PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:8
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2272 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:8
  2⤵
  PID:4376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3116 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3156 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4736 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:8
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4904 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:1
  2⤵
  PID:3924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5056 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:8
  2⤵
  PID:4528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5132 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:8
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5116 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:8
  2⤵
  PID:2696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4576 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:8
  2⤵
  PID:3884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4796 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:8
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2576 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:8
  2⤵
  PID:5720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1080 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:8
  2⤵
  PID:5760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5096 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:8
  2⤵
  PID:5780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5492 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:8
  2⤵
  PID:5828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5520 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5132 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:1
  2⤵
  PID:5888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:8
  2⤵
  PID:5680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5548 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3432 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:1
  2⤵
  PID:5448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5872 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:1
  2⤵
  PID:5396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4796 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:1
  2⤵
  PID:3248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6180 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:1
  2⤵
  PID:3280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5848 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:1
  2⤵
  PID:5380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6796 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:1
  2⤵
  PID:1396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6760 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6552 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:1
  2⤵
  PID:116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6496 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6368 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=7160 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:1
  2⤵
  PID:3956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=7380 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:1
  2⤵
  PID:5216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=7396 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:1
  2⤵
  PID:5912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7708 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7564 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:8
  2⤵
  PID:5664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7556 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:8
  2⤵
  PID:6084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8124 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:8
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7588 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:8
  2⤵
  PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=8288 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:1
  2⤵
  PID:5324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=7616 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:1
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8620 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:8
  2⤵
  PID:2444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=8860 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:1
  2⤵
  PID:316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=7660 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=8892 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=9228 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=9388 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:1
  2⤵
  PID:3728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=9520 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:1
  2⤵
  PID:5636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9732 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:8
  2⤵
  PID:5264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=8660 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:1
  2⤵
  PID:3284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=8184 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:1
  2⤵
  PID:2444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=8204 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:1
  2⤵
  PID:1340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=2700 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=7632 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=9788 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:1
  2⤵
  PID:1996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=6528 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=6964 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:1
  2⤵
  PID:5676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=9704 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:1
  2⤵
  PID:5588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=8064 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:1
  2⤵
  PID:5568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=8076 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=9292 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=9264 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:1
  2⤵
  PID:5728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=6540 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:1
  2⤵
  PID:5768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=8976 --field-trial-handle=1912,i,7299749783981236288,13107053250155300325,131072 /prefetch:1
  2⤵
  PID:1384

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2512

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5684

C:\Users\Admin\Downloads\Proton_AIO_Cracked\main.exe
"C:\Users\Admin\Downloads\Proton_AIO_Cracked\main.exe"
1⤵
PID:5560
- C:\Users\Admin\AppData\Local\Temp\onefile_5560_133442142576561547\main.exe
  "C:\Users\Admin\Downloads\Proton_AIO_Cracked\main.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6072
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:1632
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:4380

C:\Users\Admin\Downloads\Proton_AIO_Cracked\main.exe
"C:\Users\Admin\Downloads\Proton_AIO_Cracked\main.exe"
1⤵
PID:5388
- C:\Users\Admin\AppData\Local\Temp\onefile_5388_133442142865965660\main.exe
  "C:\Users\Admin\Downloads\Proton_AIO_Cracked\main.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5344
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:4308
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:3880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
2aaa77df3afd2fdff4d74811c329ccdb

SHA1
11f5b699a11405dca1a2ec1cec21b08678c9308b

SHA256
eb31832d00a77a8a1e9dc015abb6d5180fe51fe7377e04d54db3d36f066f9c1b

SHA512
b8f43b633b96bb58bc1882710f4e9e27ad4bb8bb95b9fe0068630ef874f572ef530f1e2ea968018f60b40d2ec94d37d2c41349709d920c1479f35af9798383bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
f7bdd4852c0d1e609d421036e180231f

SHA1
1a95f5fdfed5ec536536c9739f96d68395657ea9

SHA256
2e457e52badb59d9ef51af2e4497a0d914aaffe82e94393e9deb17f231e0a977

SHA512
2d5285a11ca23ec10299a018b8de6a8667d8bdf64c8a396bcf2694c97f3020539d02f1d36a475e62374371bc7ace0453a80eaed975c0fd19fe3df0292a78e4b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
f0fd4fa27191320512755fde61844fb2

SHA1
0f7eac3cc1c24f48c46e1d7df87f9bffce67765f

SHA256
cd5b10414121580287c8d4fe200abc5ad7bed979a055264166e97fb3d5b57977

SHA512
5c07be85b074ce188db9ddf9a1ef0167edb16d506012648c743b651008a7af17275f38abf50ce05c56e01c2125080438aafa924ad40f1e85d9909d7238fbd101

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
11KB

MD5
421a13b4085a66651cad3af9bcd216b0

SHA1
0525da65425b45a97c12d522b5c30cab14b010e9

SHA256
31d0659a686792c9d7119fd4986b15c4c4aea38de0f8b4277d9544a3d4bc68bc

SHA512
a09e4d79dfe9c654a14d768d11ed38919775189cd899780f1aa64fd98c2ef6a3e5139e206989b9c7840866d362366977006e8c426ad69b2888a659969049c907

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
24bd7cf4f5c188a876e8416e1fd5ac07

SHA1
77e6c1bc1a5f5b319b527ed8146d486d4f983cb7

SHA256
c3318805aee5d2d707ac069f1771c403cd005f4d1d39581e9474dd779e095760

SHA512
d938e71c5543ec1939c6e564e07ebf8dfaa33581a5280f2b76b1fc89c575cb6669424d11701e68546e39529fe1c09a0bbdbd82af620da55524fba0d5955a943e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
367B

MD5
8203435438c8ce29f567a1a6b1d13712

SHA1
1a115f8eeae154198a578a3ea94a9ddfaba6e62b

SHA256
bec5dc524a4ec25ccde63217a67f704ba1f2598e366e7a69ae0478031f960f29

SHA512
a0fc444d53e896a43cacb45aca1d3556a9a09ab114fdd278fc235b7bed00130a06258b30cd9a88670ec531660b6f9981e886e8fa78008563ee1542d6872a5c0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
571894584b688d1484706754df010ca0

SHA1
02a2cb4721ce45d340caf79aa46897143110a145

SHA256
32f6ceb709d953c35091be83d529f112458dc89d0855ba1b473160278083434a

SHA512
5fe7bd890f11ae2d45fa1f44c76f2640b6f05fcfbad1a741d2bea0f121cf31f0c5f8a6d28c2a07dccbd7e0eb00da69799c93d91d2272e54a2c28d80e4daa6d3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
828c79d1bde0c6a7828f85920acd8eea

SHA1
cc28284c6b8f9e600548f6372d1c741ca3f4b170

SHA256
aa525bff80c971e0216b518d90f341398238504f287edd65a80c38bc1fd5b0ad

SHA512
79a02e3fe76813f62d67cf40826dfc94659b7d93ea5861376e749b1e3ba25e3ac9130a2c8c584b470b77e7b9cb1ce5968b8a267ddf26b7e10803b4168eef2ad6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
1f7e24263a7f193ab78e1a8628eb53e6

SHA1
be5cb40d938aba23fa0aa54524841a2fa2a53898

SHA256
4dd8fef062592aa1dd68901b05b5d6ab7f15728ce2709ba1d63ee6d151a1e687

SHA512
e42344d529644bee0c4a20d46def91b133fbe5117b1f5b9c9a1d7019ddab6839ccdf9d8e389bb028ae8ed9d4619e31fd8995f1dc2a0c3da56c2a97b924a4d32c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
367B

MD5
6cb74ba58551012d85493b8e7560b4c2

SHA1
b3201079c6a66976496249b175a0e30b12853113

SHA256
e1fe6e405fa411e6f4d84935d2912c11b74f1ec6bacafa4f12e4edc0ad5e52cf

SHA512
19169f719f57bf3f645ad94dee439aced2bdb5179880466f9576edb600fbdcb34bddfb425f64746a86f535c546bca491bfc9760e3996b96e9b7c7a17b2410b0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ac630ce34c757c18759ecfe96634397c

SHA1
8976893da18f4eabffd826f4c99e58e45c713f5b

SHA256
2cf4034ebbee9897a75c4ce8613cec479450cd8a76f43de6303b7eee03a487f7

SHA512
bac8cef071fac3edb153a0329c3c26fd164a643a925a6c9f87443e814bc4a4e405e307611faf3e0e123f132a31f0ab9c1426b292ff495f44c54b6a98119c55b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
05ecf640e1a1a8bbaa2343aa953210dc

SHA1
8dc755faac0437962804455acf44f6054c92bb10

SHA256
9f2049493a5e2d2b44b07f8b45d5fef060505adab5e5a3b7a6923ce1898a0429

SHA512
c4b4853eab57898b2e9ddaf450f79f75200b8519df360f6501f3c3b649e365fa798ae7e45ac90b68a21c17049414161d447c08b5d21b77b05e6be65a10e85f45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f8b56a34fbe9f8b81ccb078371a8d719

SHA1
5563de94e8d33f94c7ecb736a5601e0c22ef251e

SHA256
b40e6d4bbabc60d4119e7ef3bc9a89a7b34e2cd353224140a2e95fc40a0fddf6

SHA512
2056ac2c1c49ac7bc49e6b6392edfb05e009e737e918beb1624a587ed984acd0cc1ab74b202eaf940e06c3d5d6f5caba697d4962001dc604ff7f984a2508dc63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
1c79e77569f9c3588f74a46ac798b315

SHA1
08aea885d69e876882bf6be4a796f5e3042db293

SHA256
a028614fe2bb1b8610839c9489d80d1846fe1a75d72aed2ef2d0dc16facd6cd3

SHA512
295158f78c8dfc1ecd25dc1460640e98352f7f38afd217041cdf4c3085a83932fb633e8e900f12fdb54d2c6b170511dbaffdbe7343c9e8af52f2446e2d4c1486

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
16cb8378e5868198f8f9b07e0e033518

SHA1
6775622d10906d3f99b956678b03a3ba70259785

SHA256
ce3ad2bbc163d964d892cd027395bef6b63e4f9a86623ea41c4e6ab4a8e0168b

SHA512
d905f51e168e2d7c60cf94acc7d5396e284be6b1cb15e794401eac0ff5a386f314fa2c4596c07bfc1c0ae0f1ad4f308010434aefcbff389ac669a9fc25a1efb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Search Logos\logo

Filesize
57KB

MD5
477feedb27cc33b43e4216a10bac629f

SHA1
de9bbf8f580bb7079e96c6b61b30e18c40cb597d

SHA256
61894766c34ae2f42bf6b4dd681379b37909ee5a0399222d369530f61cc3eba7

SHA512
bf530eb4eb2618dfde36a16dd42d72bf303ff23253a845cd3520efa5fcc6221080e80c231c1aaebe9e6b29822eba5a040237658d00b8c21687a8d0c544cfb3fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
220KB

MD5
a2b878c37045f40ee3a2545847ab29fb

SHA1
978f9f31ae8d510c3193f665a4f7ae78f8be4733

SHA256
aed57f9845182df8c8955f25779868fd502389c58432334546f268a492b902c1

SHA512
046968bf2c4f545041c01f7443922b15986f92a018fdec1103e9e70b20449d3621586f55476aa1f231e331f6a953dfca3de3974d2ac658c98d953207276d0c3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
220KB

MD5
e693a2327a614a67a9332a60036d2864

SHA1
c8a63c2b63034af210f160a7e21e9c8b20f8e9e8

SHA256
c7312603ff14e81dde973432b43982cd88fb8b1ebebd92f3749e826a4c2839fe

SHA512
578af18c7a5b127c528460e7fe68436486ffb66fb8519d6e6c12ac1a00c075776ac8c54189c0448b4cc006a5eaa84a0586e5528444c539acdec561e97897f028

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
220KB

MD5
39f63fc62c95767d59ee05c14a9ea614

SHA1
a194cf5ba8eb0c8e780dcd7d2da129e5e6ea050e

SHA256
428c130f014fbe9b967272fbfd230272c1360620b8de84e18ce2ad6a076b5e8a

SHA512
06728bf875079edde6881d59af0ea78780dbdf93d58030f9aa8c49393418f1fb912c747b838fbd037751fc0ca1ba0b1716ef552ea3578c59a9a753ab4e11e669

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
18eab46377aea11254e20b6b5dedd643

SHA1
20ca35094e9e5f3d8da77cd643c84d99cb10f74d

SHA256
17ae0ab3de78496c73be6aecc4633677b04b687821bff27a95641e4d34131aad

SHA512
2ec25d874009d4a9d0d08d9c95682c21a1715b7c4dde9ad2bd836e0d7e22d9a619fb27cc4e59a00c12a577f23ffae13fc0524e91514ce99deedde0486107dea1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
113KB

MD5
3a4c8a92cc28421d52fe544a8f357c87

SHA1
88e33c7924c09a93181eb89a41bfbabd387f7842

SHA256
8ba28d0c5301684b8c0288be9996ade1bc0cdb14f15369cd09ed6ff3a9b22a60

SHA512
d1503578ea5c65d3714e412a77e98f6eeae98e1e55628aa9fc73a8db29586812238a592179af130f196bbbd67d441e520a1041132b3f1ab2c3ce5060d812a1d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5a4a2a.TMP

Filesize
98KB

MD5
1613425baad27752a6de735cde75798a

SHA1
7ad300fb58722b59bf016524a748063cd05aad31

SHA256
0956c3ee86d6f4585807c71a576de33d15c7656748f402fbeb5f005b7b185f1f

SHA512
a7f2c1106da591eee7b5355f51dc2bedf1a6a59b45c741f9867acca52157e449d81880ec03ac05b0b6058d34d061580de22f517074b992c9f0252c4697a8f2a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_ctypes.pyd

Filesize
117KB

MD5
3fc444a146f7d667169dcb4f48760f49

SHA1
350a1300abc33aa7ca077daba5a883878a3bca19

SHA256
b545db2339ae74c523363b38835e8324799720f744c64e7142ddd48e4b619b68

SHA512
1609f792583c6293abddf7f7376ffa0d33a7a895de4d8b2ecebaede74e8850b225b3bf0998b056e40e4ebffb5c97babccf52d3184b2b05072c0dbb5dcb1866f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\libffi-7.dll

Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\tls_client\dependencies\tls-client-64.dll

Filesize
14.6MB

MD5
ca6f87a8724b884d1093fe41d3a41de0

SHA1
135d1d01a8c836d838ca7782b28921f6011bad79

SHA256
1e2f9490bf3871eec075c50b1ab70978495489b4580a0edee0b32ad2e6fb3973

SHA512
684df717ee9a4056c5e8a163b016f4b07c2df1a978932be1ab3758182593600620a813ec234e18bcf8b029c07ba32a775587acf1e847327cc2b57d1a7ad71c26

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_5388_133442142865965660\main.exe

Filesize
13.6MB

MD5
7ef1acd2992f75b6fda5b9223b5e8803

SHA1
74b8eb7fc1badbba8b3be952e19428dfeeb5f449

SHA256
57d249ceef3b4a6c1bd690febf7cdf363f39d18a2d6a0e38b277416c4b35b3d1

SHA512
37c86194e441aa1acd5ab51436479c4447122dccbdf38b6dba0be369d8332e13b57c79a5650edacbab05ec768ed4f5005635aae4645d9fdeb5a6086bb9f4f679

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_5560_133442142576561547\VCRUNTIME140.dll

Filesize
95KB

MD5
f34eb034aa4a9735218686590cba2e8b

SHA1
2bc20acdcb201676b77a66fa7ec6b53fa2644713

SHA256
9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1

SHA512
d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_5560_133442142576561547\_ctypes.pyd

Filesize
117KB

MD5
3fc444a146f7d667169dcb4f48760f49

SHA1
350a1300abc33aa7ca077daba5a883878a3bca19

SHA256
b545db2339ae74c523363b38835e8324799720f744c64e7142ddd48e4b619b68

SHA512
1609f792583c6293abddf7f7376ffa0d33a7a895de4d8b2ecebaede74e8850b225b3bf0998b056e40e4ebffb5c97babccf52d3184b2b05072c0dbb5dcb1866f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_5560_133442142576561547\libffi-7.dll

Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_5560_133442142576561547\main.exe

Filesize
13.6MB

MD5
7ef1acd2992f75b6fda5b9223b5e8803

SHA1
74b8eb7fc1badbba8b3be952e19428dfeeb5f449

SHA256
57d249ceef3b4a6c1bd690febf7cdf363f39d18a2d6a0e38b277416c4b35b3d1

SHA512
37c86194e441aa1acd5ab51436479c4447122dccbdf38b6dba0be369d8332e13b57c79a5650edacbab05ec768ed4f5005635aae4645d9fdeb5a6086bb9f4f679

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_5560_133442142576561547\main.exe

Filesize
13.6MB

MD5
7ef1acd2992f75b6fda5b9223b5e8803

SHA1
74b8eb7fc1badbba8b3be952e19428dfeeb5f449

SHA256
57d249ceef3b4a6c1bd690febf7cdf363f39d18a2d6a0e38b277416c4b35b3d1

SHA512
37c86194e441aa1acd5ab51436479c4447122dccbdf38b6dba0be369d8332e13b57c79a5650edacbab05ec768ed4f5005635aae4645d9fdeb5a6086bb9f4f679

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_5560_133442142576561547\python310.dll

Filesize
4.2MB

MD5
e9c0fbc99d19eeedad137557f4a0ab21

SHA1
8945e1811ceb4b26f21edcc7a36dcf2b1d34f0bf

SHA256
5783c5c5a3ffce181691f19d27de376a03010d32e41360b72bcdbd28467cfcc5

SHA512
74e1289683642ae2bc3cf780a07af1f27fed2011ef6cc67380f9c066c59d17a2fb2394a45a5c6cd75dad812a61093fdbd0f2108925f5c58fc6644c1c98be5c0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_5560_133442142576561547\python310.dll

Filesize
4.2MB

MD5
e9c0fbc99d19eeedad137557f4a0ab21

SHA1
8945e1811ceb4b26f21edcc7a36dcf2b1d34f0bf

SHA256
5783c5c5a3ffce181691f19d27de376a03010d32e41360b72bcdbd28467cfcc5

SHA512
74e1289683642ae2bc3cf780a07af1f27fed2011ef6cc67380f9c066c59d17a2fb2394a45a5c6cd75dad812a61093fdbd0f2108925f5c58fc6644c1c98be5c0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_5560_133442142576561547\vcruntime140.dll

Filesize
95KB

MD5
f34eb034aa4a9735218686590cba2e8b

SHA1
2bc20acdcb201676b77a66fa7ec6b53fa2644713

SHA256
9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1

SHA512
d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af

Download Submit
memory/5344-499-0x00007FFE19E40000-0x00007FFE1ACB5000-memory.dmp

Filesize
14.5MB

Download
memory/6072-417-0x00007FFE1A290000-0x00007FFE1B105000-memory.dmp

Filesize
14.5MB

Download
memory/6072-428-0x00007FFE1A290000-0x00007FFE1B105000-memory.dmp

Filesize
14.5MB

Download