Analysis
-
max time kernel
47s -
max time network
151s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
18-02-2024 14:33
Behavioral task
behavioral1
Sample
test.exe
Resource
win7-20240215-en
General
-
Target
test.exe
-
Size
3.3MB
-
MD5
fbeec3a99ddfa31e7aac9b09f4ca8158
-
SHA1
2b66e39b1e98320db37578a317021f870a39302b
-
SHA256
6aada60dd11d7a1157b24ccffa3d6ef2b5200487779ea648c36a92ffdba93af8
-
SHA512
62bc3ee9f312d341116c37c8c0e781896699aa598e7904c2eb6fe5374aa17eda77fa053346e9909bf5677b4ccd59e7ea8e6d4ac5c637f434532abd040f24f88d
-
SSDEEP
49152:KvyI22SsaNYfdPBldt698dBcjHdffaBxtFoGdKTHHB72eh2NT:Kvf22SsaNYfdPBldt6+dBcjHRfK
Malware Config
Extracted
quasar
1.4.1
Office04
192.168.0.220:1234
1086eee1-251e-49e1-b643-b2a2bc0e42ea
-
encryption_key
A0937AB413B78114B0DA85D9EA95BA3AF9187438
-
install_name
Updater.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Application Frame Handler
-
subdirectory
Security
Signatures
-
Quasar payload 5 IoCs
resource yara_rule behavioral1/memory/2880-0-0x0000000000960000-0x0000000000CB8000-memory.dmp family_quasar behavioral1/files/0x000d00000001231c-6.dat family_quasar behavioral1/memory/2580-8-0x0000000000D20000-0x0000000001078000-memory.dmp family_quasar behavioral1/files/0x000a000000016a6f-666.dat family_quasar behavioral1/memory/1672-667-0x00000000002F0000-0x0000000000648000-memory.dmp family_quasar -
Executes dropped EXE 1 IoCs
pid Process 2580 Updater.exe -
Creates scheduled task(s) 1 TTPs 2 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
pid Process 2524 schtasks.exe 2908 schtasks.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2724 chrome.exe 2724 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeDebugPrivilege 2880 test.exe Token: SeDebugPrivilege 2580 Updater.exe Token: SeShutdownPrivilege 2724 chrome.exe Token: SeShutdownPrivilege 2724 chrome.exe Token: SeShutdownPrivilege 2724 chrome.exe Token: SeShutdownPrivilege 2724 chrome.exe Token: SeShutdownPrivilege 2724 chrome.exe Token: SeShutdownPrivilege 2724 chrome.exe Token: SeShutdownPrivilege 2724 chrome.exe Token: SeShutdownPrivilege 2724 chrome.exe Token: SeShutdownPrivilege 2724 chrome.exe Token: SeShutdownPrivilege 2724 chrome.exe Token: SeShutdownPrivilege 2724 chrome.exe Token: SeShutdownPrivilege 2724 chrome.exe Token: SeShutdownPrivilege 2724 chrome.exe Token: SeShutdownPrivilege 2724 chrome.exe Token: SeShutdownPrivilege 2724 chrome.exe Token: SeShutdownPrivilege 2724 chrome.exe Token: SeShutdownPrivilege 2724 chrome.exe Token: SeShutdownPrivilege 2724 chrome.exe Token: SeShutdownPrivilege 2724 chrome.exe Token: SeShutdownPrivilege 2724 chrome.exe Token: SeShutdownPrivilege 2724 chrome.exe Token: SeShutdownPrivilege 2724 chrome.exe Token: SeShutdownPrivilege 2724 chrome.exe Token: SeShutdownPrivilege 2724 chrome.exe Token: SeShutdownPrivilege 2724 chrome.exe Token: SeShutdownPrivilege 2724 chrome.exe Token: SeShutdownPrivilege 2724 chrome.exe Token: SeShutdownPrivilege 2724 chrome.exe Token: SeShutdownPrivilege 2724 chrome.exe Token: SeShutdownPrivilege 2724 chrome.exe Token: SeShutdownPrivilege 2724 chrome.exe Token: SeShutdownPrivilege 2724 chrome.exe Token: SeShutdownPrivilege 2724 chrome.exe Token: SeShutdownPrivilege 2724 chrome.exe Token: SeShutdownPrivilege 2724 chrome.exe Token: SeShutdownPrivilege 2724 chrome.exe Token: SeShutdownPrivilege 2724 chrome.exe Token: SeShutdownPrivilege 2724 chrome.exe Token: SeShutdownPrivilege 2724 chrome.exe Token: SeShutdownPrivilege 2724 chrome.exe Token: SeShutdownPrivilege 2724 chrome.exe Token: SeShutdownPrivilege 2724 chrome.exe Token: SeShutdownPrivilege 2724 chrome.exe Token: SeShutdownPrivilege 2724 chrome.exe Token: SeShutdownPrivilege 2724 chrome.exe Token: SeShutdownPrivilege 2724 chrome.exe Token: SeShutdownPrivilege 2724 chrome.exe Token: SeShutdownPrivilege 2724 chrome.exe Token: SeShutdownPrivilege 2724 chrome.exe Token: SeShutdownPrivilege 2724 chrome.exe Token: SeShutdownPrivilege 2724 chrome.exe Token: SeShutdownPrivilege 2724 chrome.exe Token: SeShutdownPrivilege 2724 chrome.exe Token: SeShutdownPrivilege 2724 chrome.exe Token: SeShutdownPrivilege 2724 chrome.exe Token: SeShutdownPrivilege 2724 chrome.exe Token: SeShutdownPrivilege 2724 chrome.exe Token: SeShutdownPrivilege 2724 chrome.exe Token: SeShutdownPrivilege 2724 chrome.exe Token: SeShutdownPrivilege 2724 chrome.exe Token: SeShutdownPrivilege 2724 chrome.exe Token: SeShutdownPrivilege 2724 chrome.exe -
Suspicious use of FindShellTrayWindow 34 IoCs
pid Process 2724 chrome.exe 2724 chrome.exe 2724 chrome.exe 2724 chrome.exe 2724 chrome.exe 2724 chrome.exe 2724 chrome.exe 2724 chrome.exe 2724 chrome.exe 2724 chrome.exe 2724 chrome.exe 2724 chrome.exe 2724 chrome.exe 2724 chrome.exe 2724 chrome.exe 2724 chrome.exe 2724 chrome.exe 2724 chrome.exe 2724 chrome.exe 2724 chrome.exe 2724 chrome.exe 2724 chrome.exe 2724 chrome.exe 2724 chrome.exe 2724 chrome.exe 2724 chrome.exe 2724 chrome.exe 2724 chrome.exe 2724 chrome.exe 2724 chrome.exe 2724 chrome.exe 2724 chrome.exe 2724 chrome.exe 2724 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 2724 chrome.exe 2724 chrome.exe 2724 chrome.exe 2724 chrome.exe 2724 chrome.exe 2724 chrome.exe 2724 chrome.exe 2724 chrome.exe 2724 chrome.exe 2724 chrome.exe 2724 chrome.exe 2724 chrome.exe 2724 chrome.exe 2724 chrome.exe 2724 chrome.exe 2724 chrome.exe 2724 chrome.exe 2724 chrome.exe 2724 chrome.exe 2724 chrome.exe 2724 chrome.exe 2724 chrome.exe 2724 chrome.exe 2724 chrome.exe 2724 chrome.exe 2724 chrome.exe 2724 chrome.exe 2724 chrome.exe 2724 chrome.exe 2724 chrome.exe 2724 chrome.exe 2724 chrome.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2580 Updater.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2880 wrote to memory of 2524 2880 test.exe 29 PID 2880 wrote to memory of 2524 2880 test.exe 29 PID 2880 wrote to memory of 2524 2880 test.exe 29 PID 2880 wrote to memory of 2580 2880 test.exe 30 PID 2880 wrote to memory of 2580 2880 test.exe 30 PID 2880 wrote to memory of 2580 2880 test.exe 30 PID 2580 wrote to memory of 2908 2580 Updater.exe 31 PID 2580 wrote to memory of 2908 2580 Updater.exe 31 PID 2580 wrote to memory of 2908 2580 Updater.exe 31 PID 2724 wrote to memory of 2872 2724 chrome.exe 34 PID 2724 wrote to memory of 2872 2724 chrome.exe 34 PID 2724 wrote to memory of 2872 2724 chrome.exe 34 PID 2724 wrote to memory of 2132 2724 chrome.exe 36 PID 2724 wrote to memory of 2132 2724 chrome.exe 36 PID 2724 wrote to memory of 2132 2724 chrome.exe 36 PID 2724 wrote to memory of 2132 2724 chrome.exe 36 PID 2724 wrote to memory of 2132 2724 chrome.exe 36 PID 2724 wrote to memory of 2132 2724 chrome.exe 36 PID 2724 wrote to memory of 2132 2724 chrome.exe 36 PID 2724 wrote to memory of 2132 2724 chrome.exe 36 PID 2724 wrote to memory of 2132 2724 chrome.exe 36 PID 2724 wrote to memory of 2132 2724 chrome.exe 36 PID 2724 wrote to memory of 2132 2724 chrome.exe 36 PID 2724 wrote to memory of 2132 2724 chrome.exe 36 PID 2724 wrote to memory of 2132 2724 chrome.exe 36 PID 2724 wrote to memory of 2132 2724 chrome.exe 36 PID 2724 wrote to memory of 2132 2724 chrome.exe 36 PID 2724 wrote to memory of 2132 2724 chrome.exe 36 PID 2724 wrote to memory of 2132 2724 chrome.exe 36 PID 2724 wrote to memory of 2132 2724 chrome.exe 36 PID 2724 wrote to memory of 2132 2724 chrome.exe 36 PID 2724 wrote to memory of 2132 2724 chrome.exe 36 PID 2724 wrote to memory of 2132 2724 chrome.exe 36 PID 2724 wrote to memory of 2132 2724 chrome.exe 36 PID 2724 wrote to memory of 2132 2724 chrome.exe 36 PID 2724 wrote to memory of 2132 2724 chrome.exe 36 PID 2724 wrote to memory of 2132 2724 chrome.exe 36 PID 2724 wrote to memory of 2132 2724 chrome.exe 36 PID 2724 wrote to memory of 2132 2724 chrome.exe 36 PID 2724 wrote to memory of 2132 2724 chrome.exe 36 PID 2724 wrote to memory of 2132 2724 chrome.exe 36 PID 2724 wrote to memory of 2132 2724 chrome.exe 36 PID 2724 wrote to memory of 2132 2724 chrome.exe 36 PID 2724 wrote to memory of 2132 2724 chrome.exe 36 PID 2724 wrote to memory of 2132 2724 chrome.exe 36 PID 2724 wrote to memory of 2132 2724 chrome.exe 36 PID 2724 wrote to memory of 2132 2724 chrome.exe 36 PID 2724 wrote to memory of 2132 2724 chrome.exe 36 PID 2724 wrote to memory of 2132 2724 chrome.exe 36 PID 2724 wrote to memory of 2132 2724 chrome.exe 36 PID 2724 wrote to memory of 2132 2724 chrome.exe 36 PID 2724 wrote to memory of 1140 2724 chrome.exe 38 PID 2724 wrote to memory of 1140 2724 chrome.exe 38 PID 2724 wrote to memory of 1140 2724 chrome.exe 38 PID 2724 wrote to memory of 1032 2724 chrome.exe 37 PID 2724 wrote to memory of 1032 2724 chrome.exe 37 PID 2724 wrote to memory of 1032 2724 chrome.exe 37 PID 2724 wrote to memory of 1032 2724 chrome.exe 37 PID 2724 wrote to memory of 1032 2724 chrome.exe 37 PID 2724 wrote to memory of 1032 2724 chrome.exe 37 PID 2724 wrote to memory of 1032 2724 chrome.exe 37 PID 2724 wrote to memory of 1032 2724 chrome.exe 37 PID 2724 wrote to memory of 1032 2724 chrome.exe 37 PID 2724 wrote to memory of 1032 2724 chrome.exe 37 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\test.exe"C:\Users\Admin\AppData\Local\Temp\test.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2880 -
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Application Frame Handler" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\Security\Updater.exe" /rl HIGHEST /f2⤵
- Creates scheduled task(s)
PID:2524
-
-
C:\Users\Admin\AppData\Roaming\Security\Updater.exe"C:\Users\Admin\AppData\Roaming\Security\Updater.exe"2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2580 -
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Application Frame Handler" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\Security\Updater.exe" /rl HIGHEST /f3⤵
- Creates scheduled task(s)
PID:2908
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2724 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef26f9758,0x7fef26f9768,0x7fef26f97782⤵PID:2872
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1168 --field-trial-handle=1184,i,14723140680550990481,2933290232399372915,131072 /prefetch:22⤵PID:2132
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1528 --field-trial-handle=1184,i,14723140680550990481,2933290232399372915,131072 /prefetch:82⤵PID:1032
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1496 --field-trial-handle=1184,i,14723140680550990481,2933290232399372915,131072 /prefetch:82⤵PID:1140
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2280 --field-trial-handle=1184,i,14723140680550990481,2933290232399372915,131072 /prefetch:12⤵PID:1700
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2272 --field-trial-handle=1184,i,14723140680550990481,2933290232399372915,131072 /prefetch:12⤵PID:820
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1456 --field-trial-handle=1184,i,14723140680550990481,2933290232399372915,131072 /prefetch:22⤵PID:592
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2244 --field-trial-handle=1184,i,14723140680550990481,2933290232399372915,131072 /prefetch:12⤵PID:2936
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3656 --field-trial-handle=1184,i,14723140680550990481,2933290232399372915,131072 /prefetch:82⤵PID:1472
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1868 --field-trial-handle=1184,i,14723140680550990481,2933290232399372915,131072 /prefetch:12⤵PID:2732
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1772 --field-trial-handle=1184,i,14723140680550990481,2933290232399372915,131072 /prefetch:82⤵PID:1768
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2640 --field-trial-handle=1184,i,14723140680550990481,2933290232399372915,131072 /prefetch:12⤵PID:2000
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2068 --field-trial-handle=1184,i,14723140680550990481,2933290232399372915,131072 /prefetch:82⤵PID:1272
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3996 --field-trial-handle=1184,i,14723140680550990481,2933290232399372915,131072 /prefetch:12⤵PID:2472
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3824 --field-trial-handle=1184,i,14723140680550990481,2933290232399372915,131072 /prefetch:12⤵PID:320
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3904 --field-trial-handle=1184,i,14723140680550990481,2933290232399372915,131072 /prefetch:82⤵PID:596
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2540 --field-trial-handle=1184,i,14723140680550990481,2933290232399372915,131072 /prefetch:12⤵PID:2124
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2728 --field-trial-handle=1184,i,14723140680550990481,2933290232399372915,131072 /prefetch:82⤵PID:2824
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3500 --field-trial-handle=1184,i,14723140680550990481,2933290232399372915,131072 /prefetch:82⤵PID:1644
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4148 --field-trial-handle=1184,i,14723140680550990481,2933290232399372915,131072 /prefetch:82⤵PID:584
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3780 --field-trial-handle=1184,i,14723140680550990481,2933290232399372915,131072 /prefetch:82⤵PID:2960
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2644 --field-trial-handle=1184,i,14723140680550990481,2933290232399372915,131072 /prefetch:82⤵PID:1640
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3916 --field-trial-handle=1184,i,14723140680550990481,2933290232399372915,131072 /prefetch:82⤵PID:1716
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4236 --field-trial-handle=1184,i,14723140680550990481,2933290232399372915,131072 /prefetch:82⤵PID:3056
-
-
C:\Users\Admin\Downloads\test.exe"C:\Users\Admin\Downloads\test.exe"2⤵PID:1672
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:1256
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:2276
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD526185cbab6fbffde7bda2ae752a638bf
SHA16b91da87fa8acaf7ca3a00007e601e38d6a34de6
SHA2569b88d6cd5ac2951913fec13e50e5b333497e4afd2b3b33ffbd05d1790b841992
SHA512c659fa09b73b45d04b82c48e0335506133ff770ea0c1348548dbdde1a047e8c20459929e60740ed6c2e9d1454f0b54f8a15c7983a0e286cbfa8f78759ac21db1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5805c8fce9dd48daf0907da288e2327af
SHA1b2ae137b9d51a9ba9c70e7ac5681a0b76209b5ee
SHA256447712a360f8e251722f15781be2e65d3b9cecafda7f9c5e732589e45b4a6faf
SHA5129091b82a56733619df7fbe909a8bf5cf89c341a4ac7393a8528f6919b9eadd9595aa606c089637e71100d212a1a78b68b9c9a498a30e5c75db7a9901c9dcb132
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD519d144391d9c0c3d6288feaddafc0d1e
SHA1c005e125d2bb4cefc8fcffbe5d11f8327ce7bb89
SHA2568efa38f395f17b4158f9b4f43b15df72ab796bff52cb2e2d15abfec614eb8b63
SHA512b3611f2181345d0fa87bce6472b5a01a1ae8a5deb5339a77fb089772ea685153211cd2105b7cd1df3ceee7bb16aef5b980852eecbf1ea14ea1fc8bfc0b2c3b16
-
Filesize
24KB
MD5b82ca47ee5d42100e589bdd94e57936e
SHA10dad0cd7d0472248b9b409b02122d13bab513b4c
SHA256d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d
SHA51258840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383
-
Filesize
194KB
MD5ac84f1282f8542dee07f8a1af421f2a7
SHA1261885284826281a99ff982428a765be30de9029
SHA256193b8f571f3fd65b98dc39601431ff6e91ade5f90ee7790bfc1fba8f7580a4b0
SHA5129f4f58ab43ddadad903cea3454d79b99a750f05e4d850de5f25371d5bec16fc312015a875b8f418154f1124c400ae1c82e2efd862870cd35c3f0961426c8cd82
-
Filesize
384B
MD579d23b9c2a492de72ab857db5906e602
SHA18773ba764294f05cb13e55561e84211ef1cf5a86
SHA256c16ec6a2412b68aac1b2add5a29a8b57dca2d1a8b61fc9ff1b69f93ad8e32e80
SHA51290e3b04de41570776488b46a660cb4e663c0dcf6c614dbb61f97c64768e30e1a32c57d93f4f144acb8656a1d1a95133dcd65349b52ec1f56a2d2542905345308
-
Filesize
16B
MD5aefd77f47fb84fae5ea194496b44c67a
SHA1dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA2564166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_nzaxr.natallcolumnsto.info_0.indexeddb.leveldb\CURRENT~RFf77055e.TMP
Filesize16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
2KB
MD5d48d6c00286daf0c277828ad9af2787a
SHA109596d15ce96649d0d1857b7d594a6d4117fccf1
SHA25678e01b49e96535d16df0932faf59e8e21d1bcefffa618b16358365f1ec5e4dbc
SHA512a28e4facaa366e888e4ac679bc49eaad75f4ab7c34327cc9596d01fbd48d960b6ba4d4b6081578a64c5f5d31069ca8143e12f1fd88466561061efb348eb40336
-
Filesize
1000B
MD5d97ab9771a6b4ac59c2f2d7855173771
SHA1fa059447eea5672a6fce797ef34abc39be31d3c9
SHA25677078f964c8140593627f6dd0ac045f986fc13c789b11511c6e2c8fc1354650a
SHA5124d4aefbdeb349f98b0f269103fe671c386febdebacc5b6023b9df478303e641db7cd43c586191954e560a44610fadaa9ec67e7407472d29e4f49f50a7bdcb950
-
Filesize
361B
MD51d1c4ceb9ad67671436c0718d530419e
SHA1a3ea2bfdf23a2b0f8838ddcd071a5c8a7e116f24
SHA2565d5d8427d4eb2d46aedb0c721dd7428f1272ecbb3f42aab913db8fa4061e2b7b
SHA512593d92f909694ebf52f3ff69e201fbab11376e1dd454eb8fc615cd8a936036821bdb9e1ac18ce77c7346a9bb18cea9db48be571a2f0dff831dde8e65199b6764
-
Filesize
6KB
MD594f3bdd8755c5153b63c0ff4da206b92
SHA17765e690130084f9e92e90fb317cf77eabef0f67
SHA256cea7ba46dd74625c03d3175405b30129173d204042eb9d711015637edf7fad7a
SHA512b2f613ee8d03a47c7b830ba59b23d9041d61dc9017e700473e2d0a1bb1806f89858580dc4956bc9e59c6d6cc23ca52836def92c2fe6489a5767a4b14fa968418
-
Filesize
5KB
MD56b63e1202e3986d3bd412254bcf63fd8
SHA1c5540b96696ed6c529dff0bd8895bb0607f41d3c
SHA256030d62afdc744343accdb9e36bd333b76b3524a195ef2b4fe11338c9b432f26b
SHA51275723c9db07746b40b5cded79a39ac5da77c5b0ba64dacb44190d8223f7243defcfed42485b5c8f0fd9df219b8285b1c357ee7f872ce062a81ed15b686efc1f1
-
Filesize
5KB
MD54c04d16a7321b0b6019ff7f918058cff
SHA1b89c4a0c8538b02c8ed21183c728d35fc0d94eb1
SHA256ca78dc7456e473b152a336cd334a23fa706b18644e393c3d5e9550825bb3fb15
SHA5127f59afb1a8a25235d45797384dd6db480208b14654e9f2ffb7253f340f93f699bb94fc3c2eaee8b62facae52e9fcae519c9eff9934f546f2b81ad4d528940672
-
Filesize
6KB
MD5c6418ab78b956bc6e9dacca0618658c6
SHA1e87228e77ac198fc54afce3002a3f40a5276f8cb
SHA2563608c5ad465f808e745c6f6e178630acda5c2272d85c280055362ceb75177e30
SHA51271efce96f0533f875b6e1da08ecedf530c283443e763bbe1d404e00e2ad06f03fa346bffd299fb7e882cd87788408e14eba258897acd24bcd2eb3cbaf83863eb
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
Filesize
255KB
MD588fff9c400526472b1d7b4c2bcb23274
SHA15e83957167d2e4d1fc35fa3980601fc417bb51c0
SHA256fb8ae89f6e4f908b2030159fb900f0cf687f5d90a7fdca21c5cf3ae399e3e43f
SHA5128f516cd54695742fa6c25a955d48406c7b66e17128b2b9e37dc9367f5ef057d42283132b637eeea37fc5c817d99225422ddfb9a74c01aac90189050e2821d1fc
-
Filesize
255KB
MD5163cb08a88463a9ae1a18e93759e9578
SHA193a6fa2e172664ad93904970da0d3261d8652d97
SHA25625b09860a04ef8f2ac8485afb306ee99bf7732f3fd3676c7952105bb3f968689
SHA5128197e4ec9e0b5aa990c7930322c35ebd60fb3d0f324bc3458a6b080c64ad82ac78419c3e2e4a0b13198ea09df3655bf206859a4754609239ad0aee356fe2d331
-
Filesize
76KB
MD5740c86493810f8facdba43e31ebb466c
SHA1ff06bc2343daf2881b684b655fbfb63a1c1852c3
SHA2561543462ed79997f0280122c4573171a99f072bf1329a686d7caff32fff4f40af
SHA512c6a60aa3d387a6140078ec2efb6588cc7dc7db581ebe8200b21dac9f72af166d66b14a6bb5ff2fb4eb5847120dac96805324f7e758c48f8575459b05d651945b
-
Filesize
78KB
MD542fb4d19963714dd35908343815e769c
SHA16c1acf9da32e8a42330c1ff0ad2dbf1beba70612
SHA256c3a2a3298a19bb656e3ecfab970d509add5f36ca25d8798c25abbd1d5d98e0f6
SHA512c868c7fd1a6cfa52903a2a0427b938208150a25168498775a2bfdc37524cf8562b9aaa293552f3ede6afea4ed3b8c64f8b582ef4db6dbf4a2cb7c569bde67e08
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06
-
Filesize
3.3MB
MD5fbeec3a99ddfa31e7aac9b09f4ca8158
SHA12b66e39b1e98320db37578a317021f870a39302b
SHA2566aada60dd11d7a1157b24ccffa3d6ef2b5200487779ea648c36a92ffdba93af8
SHA51262bc3ee9f312d341116c37c8c0e781896699aa598e7904c2eb6fe5374aa17eda77fa053346e9909bf5677b4ccd59e7ea8e6d4ac5c637f434532abd040f24f88d
-
Filesize
13KB
MD5705f4859bc860db1de0173198ebeaab3
SHA15b74d445bf0d5134a3fd0ff1679c7b37f2b4c84c
SHA256a75c2c3d48e662e05e525e9ae564fb5dd9cc52e60d4206d68e51b82bfc13dd14
SHA5126e87277df2df1ec55330ea439d36f778f51fca8efc5ddb7db72c240122248f3062949fac4dc09ec81175675e462e6d5f791b350782eed33a23e56a6cc05bfd6f
-
Filesize
3.3MB
MD558c3bb571f912b439994a13640a4dffa
SHA152278677f261a328d69096c53131293106083f6a
SHA25695944838927b70991eb6e097cab058137bd37bc201938bebf6dcb1f2cc243dcd
SHA5128a26a7589e09705f50a874b0707ba089d777090b66deeea22b0c024111a239a3216bb4a9b7cd425b3640997f528f285b9d2d84ff0b661ef482939bfe4c8caabf