hxxp://pureftpd[.]org/

Analysis

max time kernel
197s
max time network
199s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
18/01/2024, 20:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://pureftpd.org/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133500842712488380"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
3492	chrome.exe
3492	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe

Suspicious use of FindShellTrayWindow 54 IoCs

pid	Process
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe

Suspicious use of SetWindowsHookEx 9 IoCs

pid	Process
2732	OpenWith.exe
2732	OpenWith.exe
2732	OpenWith.exe
2732	OpenWith.exe
2732	OpenWith.exe
2732	OpenWith.exe
2732	OpenWith.exe
2732	OpenWith.exe
2732	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2584 wrote to memory of 1544	2584	chrome.exe	49
PID 2584 wrote to memory of 1544	2584	chrome.exe	49
PID 2584 wrote to memory of 852	2584	chrome.exe	90
PID 2584 wrote to memory of 852	2584	chrome.exe	90
PID 2584 wrote to memory of 852	2584	chrome.exe	90
PID 2584 wrote to memory of 852	2584	chrome.exe	90
PID 2584 wrote to memory of 852	2584	chrome.exe	90
PID 2584 wrote to memory of 852	2584	chrome.exe	90
PID 2584 wrote to memory of 852	2584	chrome.exe	90
PID 2584 wrote to memory of 852	2584	chrome.exe	90
PID 2584 wrote to memory of 852	2584	chrome.exe	90
PID 2584 wrote to memory of 852	2584	chrome.exe	90
PID 2584 wrote to memory of 852	2584	chrome.exe	90
PID 2584 wrote to memory of 852	2584	chrome.exe	90
PID 2584 wrote to memory of 852	2584	chrome.exe	90
PID 2584 wrote to memory of 852	2584	chrome.exe	90
PID 2584 wrote to memory of 852	2584	chrome.exe	90
PID 2584 wrote to memory of 852	2584	chrome.exe	90
PID 2584 wrote to memory of 852	2584	chrome.exe	90
PID 2584 wrote to memory of 852	2584	chrome.exe	90
PID 2584 wrote to memory of 852	2584	chrome.exe	90
PID 2584 wrote to memory of 852	2584	chrome.exe	90
PID 2584 wrote to memory of 852	2584	chrome.exe	90
PID 2584 wrote to memory of 852	2584	chrome.exe	90
PID 2584 wrote to memory of 852	2584	chrome.exe	90
PID 2584 wrote to memory of 852	2584	chrome.exe	90
PID 2584 wrote to memory of 852	2584	chrome.exe	90
PID 2584 wrote to memory of 852	2584	chrome.exe	90
PID 2584 wrote to memory of 852	2584	chrome.exe	90
PID 2584 wrote to memory of 852	2584	chrome.exe	90
PID 2584 wrote to memory of 852	2584	chrome.exe	90
PID 2584 wrote to memory of 852	2584	chrome.exe	90
PID 2584 wrote to memory of 852	2584	chrome.exe	90
PID 2584 wrote to memory of 852	2584	chrome.exe	90
PID 2584 wrote to memory of 852	2584	chrome.exe	90
PID 2584 wrote to memory of 852	2584	chrome.exe	90
PID 2584 wrote to memory of 852	2584	chrome.exe	90
PID 2584 wrote to memory of 852	2584	chrome.exe	90
PID 2584 wrote to memory of 852	2584	chrome.exe	90
PID 2584 wrote to memory of 852	2584	chrome.exe	90
PID 2584 wrote to memory of 4940	2584	chrome.exe	91
PID 2584 wrote to memory of 4940	2584	chrome.exe	91
PID 2584 wrote to memory of 4560	2584	chrome.exe	92
PID 2584 wrote to memory of 4560	2584	chrome.exe	92
PID 2584 wrote to memory of 4560	2584	chrome.exe	92
PID 2584 wrote to memory of 4560	2584	chrome.exe	92
PID 2584 wrote to memory of 4560	2584	chrome.exe	92
PID 2584 wrote to memory of 4560	2584	chrome.exe	92
PID 2584 wrote to memory of 4560	2584	chrome.exe	92
PID 2584 wrote to memory of 4560	2584	chrome.exe	92
PID 2584 wrote to memory of 4560	2584	chrome.exe	92
PID 2584 wrote to memory of 4560	2584	chrome.exe	92
PID 2584 wrote to memory of 4560	2584	chrome.exe	92
PID 2584 wrote to memory of 4560	2584	chrome.exe	92
PID 2584 wrote to memory of 4560	2584	chrome.exe	92
PID 2584 wrote to memory of 4560	2584	chrome.exe	92
PID 2584 wrote to memory of 4560	2584	chrome.exe	92
PID 2584 wrote to memory of 4560	2584	chrome.exe	92
PID 2584 wrote to memory of 4560	2584	chrome.exe	92
PID 2584 wrote to memory of 4560	2584	chrome.exe	92
PID 2584 wrote to memory of 4560	2584	chrome.exe	92
PID 2584 wrote to memory of 4560	2584	chrome.exe	92
PID 2584 wrote to memory of 4560	2584	chrome.exe	92
PID 2584 wrote to memory of 4560	2584	chrome.exe	92

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://pureftpd.org/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff932b19758,0x7ff932b19768,0x7ff932b19778
  2⤵
  PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1900,i,2222714568866848709,15420680750644971714,131072 /prefetch:2
  2⤵
  PID:852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1900,i,2222714568866848709,15420680750644971714,131072 /prefetch:8
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2252 --field-trial-handle=1900,i,2222714568866848709,15420680750644971714,131072 /prefetch:8
  2⤵
  PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3156 --field-trial-handle=1900,i,2222714568866848709,15420680750644971714,131072 /prefetch:1
  2⤵
  PID:560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2948 --field-trial-handle=1900,i,2222714568866848709,15420680750644971714,131072 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4696 --field-trial-handle=1900,i,2222714568866848709,15420680750644971714,131072 /prefetch:1
  2⤵
  PID:2496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 --field-trial-handle=1900,i,2222714568866848709,15420680750644971714,131072 /prefetch:8
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 --field-trial-handle=1900,i,2222714568866848709,15420680750644971714,131072 /prefetch:8
  2⤵
  PID:2556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 --field-trial-handle=1900,i,2222714568866848709,15420680750644971714,131072 /prefetch:8
  2⤵
  PID:3804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 --field-trial-handle=1900,i,2222714568866848709,15420680750644971714,131072 /prefetch:8
  2⤵
  PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4988 --field-trial-handle=1900,i,2222714568866848709,15420680750644971714,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1700 --field-trial-handle=1900,i,2222714568866848709,15420680750644971714,131072 /prefetch:8
  2⤵
  PID:3820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1676 --field-trial-handle=1900,i,2222714568866848709,15420680750644971714,131072 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 --field-trial-handle=1900,i,2222714568866848709,15420680750644971714,131072 /prefetch:8
  2⤵
  PID:848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4016 --field-trial-handle=1900,i,2222714568866848709,15420680750644971714,131072 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2388 --field-trial-handle=1900,i,2222714568866848709,15420680750644971714,131072 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5416 --field-trial-handle=1900,i,2222714568866848709,15420680750644971714,131072 /prefetch:8
  2⤵
  PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5560 --field-trial-handle=1900,i,2222714568866848709,15420680750644971714,131072 /prefetch:8
  2⤵
  PID:5068

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2884

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument ftp://admin:[email protected]/
  2⤵
  PID:1268
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff932b19758,0x7ff932b19768,0x7ff932b19778
    3⤵
    PID:2660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
da720017583df8212fd69f8fcd7b6b6e

SHA1
0ea9e35cd6c6dd27a9601b0ec3a30cc8283dd738

SHA256
7ae143ff4808674a468026efd4944dc2007b3f6424ad789d88c0a3d31a625e1a

SHA512
4f526d979a5e772bc7cc8692fec922332ab8aa932573f93225dcb7908b55f42daeddf3f9d4b54ee47b042843d82483caee91a0273bdded58dc2a41b60b4ce0d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
73269c2162dba6d10f0210a374578f48

SHA1
45bab607e516bb40013c5d7525bac0579bc0d84f

SHA256
845e3b2f7b2eb4d23bc6a7f91d279e556296d0a4be132bb7198194f20740370c

SHA512
fc99c5f739dbdfe023d4e5dcf8c73f0e19f81531945a4e36799fe3cfcba25a1b012d069789a23bb6b6d5cfa1ccbea79ac7e93eedaab5156c3461b72a435ba093

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
31511e967ff005ff437f5cd073181e6d

SHA1
262205f6d939e7069d83b2eb854968593fc22219

SHA256
fdbfc3b733a2cb3e2e909f1e57c88bce2260de3cc3bda7cc86124e46ea48e701

SHA512
0960c95d6b2e726ecd4627151a87d6898ee565d4bfcf883765ba69b4f30950b4b5897e5e926db8f2d50b3082639676ddc1077028b2838d7dbca907f50b07f2f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
d77dba71f938613fc9027f48cfd99f03

SHA1
2732f82c8c3f4207e5eba4e37b2faf8edb6818f3

SHA256
b2281203da7fdcaaad64e25aa1c634566d1b1d9cc72b513dc0de4e372659a95a

SHA512
6b8d31a705098362ccd2fcf2e07475a7f1a1d208ab8fb652362ad62a6dedfe701d4824ba18f815b421030fecd8030f6117d97a3fed107b7b1f1011ffecee70c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
58f3f08dd8efdf06269dd21c43da9da2

SHA1
20e26fadc7c850e629a75ce133945837c83527e8

SHA256
046930cb0d47052517ad7fb05867462e986ce8bb336d4e2167030df321dba269

SHA512
b20373a13f0f352c733d395c171788f8b3676613bec6b4e621cfff9caed85371f4765393e8c2e440279731d4666e2f29a76afb57c0b366a8317a5b56d054701b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
9df34141710db3ae08bb5fa653543d27

SHA1
5cec50aaae6a1b71833800b1f15801f648c25c12

SHA256
95bb59dfad89909fa5e673f762013ddab325d916ede038c657b30703e148447f

SHA512
074c27fc932856697327a41fb45bff2de302fa2e1be77340b98f40f738786fff4b8586598bd6831c84b347ceb50beeb17555698fb00809ebf2e3307b10c906ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
06dcd0ceb524c149f98896685df3b2ca

SHA1
1dd6750d78c388dbc7c037586adeec5105eaefa8

SHA256
854ffe3b2b3be505e5c12ab79ea638d56767673709ec8b783ac0f0cef5ab2f63

SHA512
8ffc8be983b41667756a2890ee9c8751a33d0e141af974e84508ab0674ee86beae4ca2d4af41c989de8f952019aae43f767234082111cbdace361913569f3aa2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
52ccef937d17bb8feb2394f6980f2906

SHA1
b3dc6f38b76c04c9a90cbf8d4bf48cb418ac2029

SHA256
41e7247c843eb0f45f96cd173e1ef1efe10893664bb2ba75fa8f65ba7ea2056b

SHA512
a589bcf82f152e00aa1ac60162d0e33e8a1b75b6f982ff18adb9a281f29884ea4674943025bc56d75cbb6a8eee2cf673e3e3307c530266158de709c339039a67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
603386a3e47ac6a36fc3f0826e33803d

SHA1
b70d5c9ed73b6515ecc9137e68189be42864a6d2

SHA256
edccfe95e89d63db17f3a4e0803d27b3ace4087ce3c1a1eda921a56295e7b541

SHA512
dab5a76f3a04ee63288c34e4f6c81b98e2e5e4f71b8a921ceac4d784550669f574f9989368b9f94c6796d6eaccf2d56ddac76dca5db774656f40e44e71bb6109

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a611e771219d7e7d93df7bf43c240cfc

SHA1
f217263033e23692fe0555b975a59ba64619307d

SHA256
dda536c8056535ba5af6edb721db516e34c2867d9974b413e880ece739583037

SHA512
b48b9f8dbee4f71398a027aa806c2780d7191416af71dcfb52beb540082a6e19c3692c2453692e5b61e917978ccc3a92cd70357d05e7bf04e36e964dc8102d9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
135KB

MD5
03fd21c323c74b9b9ccc9d21437b04c0

SHA1
8a91ae49f9a83bfa5e97e81a97790984f0024bbe

SHA256
9def1ece48a45d59b3bb3ab0404dff66f53eb222f4459ffcda8501cdd5e5665a

SHA512
0f494ef917e4936ff87d876c259641af4c6224816b0320431b736d99a821807b2ea24b92f204d778ec0e8facf0b3bcf38b23dd2710e5c52a2f956a25c8fe74fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
4ce1b378a27b24840dc7e1b190226191

SHA1
720544a41794bf81f48b1f6d0a05c9606219a05c

SHA256
6a149a423bb84183340bba43b80b9a18ffb41bd151a93f7b94c5b5dd442eeca5

SHA512
ff7dfcef9b6ea0cb9d0eec5fbdcc3ee26e219fab0a9d7b708be630ff184130f008ced28ec3ffb48da54dc7b2ca7539ccf398b5feb46ec64ed2b6caeb3e75669d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
bce98741c03da8ba66fe1a5efab42579

SHA1
2928f519b3d7d829f0c65d08ba3530cd532b6499

SHA256
79a102b54b41f9ba12d94e90bcb6be21370c6036737a76a9547015a73c54edb9

SHA512
a07347b08712c3e2faa9a337a8f695561175590f20f93ebcf43896bbd5124007df2b915ccfd94e06704a04e2fc607d43082644f98e82349f5de257711a568248

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
09aed9ad53d513cd9fb7dc0351e8f700

SHA1
27554736ef707c7ee6c548310222290d68370cf9

SHA256
927a04b92c92371e93c89379016c64dc4a87107c5824cd9ff33fc5314438ae12

SHA512
1ece78c2861d10bc9e3f8cba961c29722f331ea9a7d0997d96ca6b4515179fb4f10cb507d9fb911a0dc4067fcefb0f44f4d4f015da75c04fd7c3ec506179e75c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
80753eb2bf755d8c9bc0979a62caf1b8

SHA1
12ba1a9ddc1bdba5c785f402fd728d484d85a34d

SHA256
2acdbc0f0a320a4fc36320553016a913cd480f52c0d962b3342aaefd0c3bc632

SHA512
bf67b0898e57f3a046b1998504d87c7f2e8287f34bf6eb14d60188d23428ac03e83ff180e9f0ce6d823de5017d135c2c0c2f5fb2387396544b06f99b94e03623

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
133KB

MD5
04f340d197159ae21bea82a07e819038

SHA1
131d2504239068ff5d89f865c9c256e550b84c5c

SHA256
4bcec5a925893ed9a8cadb0c745ba2653084034ee2e5f4251e6b1a67f23fa795

SHA512
5a075b3f42ebbc5c6beb142eda55fcf6278633f03c23d4204970809d906fd851c5387f85a14f029558de5f4e8fd6b49561af13e646f38344c7db899f3ecb4ac1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
102KB

MD5
4756d617569ff5576e7bbb8b307a3f11

SHA1
38b577c9e8f0f5f2151af76353b1f3b1de321777

SHA256
b6c3591c80b96ef1e663e7869b7e9ae5ea7b1268a0d4629d5d5aebdfaf105138

SHA512
11a6a0cc233c6bf84a2ea7f119d2f663639c6e72a16d8d098f7aacdd67d8354fafd8cb6ce0483a9019e24bf52d6967c7e117589f089e8315ec11f9d20ab7b2b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
109KB

MD5
7ba17131b7f2e1d5867f396122c89aa4

SHA1
fcb3b37dfae476fc5991e6d71d7562bde6a5d001

SHA256
c33d0f314a22910ac4bf10a7778176124b683b6c58e31a860c68b254e4423350

SHA512
aa9ab9a0d5b4b333aeddb0eaa2afd326b2e6f7e0d3c25226cb9ba62e9275c0451cf454fe313fa887a95434f9fef81f6279d38794f3c5346d292e354bd6ece51c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59b7bd.TMP

Filesize
101KB

MD5
0f24bd3e73e95575b2b7e6bf68e91319

SHA1
cd55eaa1c8e30e38aad6441989a40e78ce14bd45

SHA256
17651c550ae793fcce1b5d464452ebcee3858f1fc910ad18ffd180048f1472e6

SHA512
7b43bd570ad376c1be568c077e6929dbe7b620b3b42c5e89dd23cd99719239b0031739a9d9b4175d722adb183970d2a799077f3f929ea02c39636e23ab25d5cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
c35569a8986690d35040ff8c3df84fee

SHA1
c00a5eb14d7cfcfb0785f897bf81e3861b892c91

SHA256
98fb8ee699e6956abb5c70b85967e9b40c5cac8b9327cf7691ea7d448693367b

SHA512
08ff3336b902497cee53c9871c31276e10c49db7c3317c680d901ffd31461d5f4c1d2bcfccc25f08bc5c66018a3697e6be436c1076598bc36176885aa5963f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit