hxxps://jamehacks[.]com/

Analysis

max time kernel
172s
max time network
166s
platform
windows10-2004_x64
resource
win10v2004-20231222-it
resource tags

arch:x64arch:x86image:win10v2004-20231222-itlocale:it-itos:windows10-2004-x64systemwindows
submitted
18-02-2024 17:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://jamehacks.com/

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2236 set thread context of 684	2236	Pаssw_jame_Filе 24.1.exe	123

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133527508137409798"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
892	chrome.exe
892	chrome.exe
5324	chrome.exe
5324	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeCreatePagefilePrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeCreatePagefilePrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeCreatePagefilePrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeCreatePagefilePrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeCreatePagefilePrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeCreatePagefilePrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeCreatePagefilePrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeCreatePagefilePrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeCreatePagefilePrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeCreatePagefilePrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeCreatePagefilePrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeCreatePagefilePrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeCreatePagefilePrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeCreatePagefilePrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeCreatePagefilePrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeCreatePagefilePrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeCreatePagefilePrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeCreatePagefilePrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeCreatePagefilePrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeCreatePagefilePrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeCreatePagefilePrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeCreatePagefilePrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeCreatePagefilePrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeCreatePagefilePrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeCreatePagefilePrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeCreatePagefilePrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeCreatePagefilePrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeCreatePagefilePrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeCreatePagefilePrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeCreatePagefilePrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeCreatePagefilePrivilege	892	chrome.exe
Token: SeShutdownPrivilege	892	chrome.exe
Token: SeCreatePagefilePrivilege	892	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe
892	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 892 wrote to memory of 5404	892	chrome.exe	85
PID 892 wrote to memory of 5404	892	chrome.exe	85
PID 892 wrote to memory of 2136	892	chrome.exe	87
PID 892 wrote to memory of 2136	892	chrome.exe	87
PID 892 wrote to memory of 2136	892	chrome.exe	87
PID 892 wrote to memory of 2136	892	chrome.exe	87
PID 892 wrote to memory of 2136	892	chrome.exe	87
PID 892 wrote to memory of 2136	892	chrome.exe	87
PID 892 wrote to memory of 2136	892	chrome.exe	87
PID 892 wrote to memory of 2136	892	chrome.exe	87
PID 892 wrote to memory of 2136	892	chrome.exe	87
PID 892 wrote to memory of 2136	892	chrome.exe	87
PID 892 wrote to memory of 2136	892	chrome.exe	87
PID 892 wrote to memory of 2136	892	chrome.exe	87
PID 892 wrote to memory of 2136	892	chrome.exe	87
PID 892 wrote to memory of 2136	892	chrome.exe	87
PID 892 wrote to memory of 2136	892	chrome.exe	87
PID 892 wrote to memory of 2136	892	chrome.exe	87
PID 892 wrote to memory of 2136	892	chrome.exe	87
PID 892 wrote to memory of 2136	892	chrome.exe	87
PID 892 wrote to memory of 2136	892	chrome.exe	87
PID 892 wrote to memory of 2136	892	chrome.exe	87
PID 892 wrote to memory of 2136	892	chrome.exe	87
PID 892 wrote to memory of 2136	892	chrome.exe	87
PID 892 wrote to memory of 2136	892	chrome.exe	87
PID 892 wrote to memory of 2136	892	chrome.exe	87
PID 892 wrote to memory of 2136	892	chrome.exe	87
PID 892 wrote to memory of 2136	892	chrome.exe	87
PID 892 wrote to memory of 2136	892	chrome.exe	87
PID 892 wrote to memory of 2136	892	chrome.exe	87
PID 892 wrote to memory of 2136	892	chrome.exe	87
PID 892 wrote to memory of 2136	892	chrome.exe	87
PID 892 wrote to memory of 2136	892	chrome.exe	87
PID 892 wrote to memory of 2136	892	chrome.exe	87
PID 892 wrote to memory of 2136	892	chrome.exe	87
PID 892 wrote to memory of 2136	892	chrome.exe	87
PID 892 wrote to memory of 2136	892	chrome.exe	87
PID 892 wrote to memory of 2136	892	chrome.exe	87
PID 892 wrote to memory of 2136	892	chrome.exe	87
PID 892 wrote to memory of 2136	892	chrome.exe	87
PID 892 wrote to memory of 4104	892	chrome.exe	89
PID 892 wrote to memory of 4104	892	chrome.exe	89
PID 892 wrote to memory of 2348	892	chrome.exe	91
PID 892 wrote to memory of 2348	892	chrome.exe	91
PID 892 wrote to memory of 2348	892	chrome.exe	91
PID 892 wrote to memory of 2348	892	chrome.exe	91
PID 892 wrote to memory of 2348	892	chrome.exe	91
PID 892 wrote to memory of 2348	892	chrome.exe	91
PID 892 wrote to memory of 2348	892	chrome.exe	91
PID 892 wrote to memory of 2348	892	chrome.exe	91
PID 892 wrote to memory of 2348	892	chrome.exe	91
PID 892 wrote to memory of 2348	892	chrome.exe	91
PID 892 wrote to memory of 2348	892	chrome.exe	91
PID 892 wrote to memory of 2348	892	chrome.exe	91
PID 892 wrote to memory of 2348	892	chrome.exe	91
PID 892 wrote to memory of 2348	892	chrome.exe	91
PID 892 wrote to memory of 2348	892	chrome.exe	91
PID 892 wrote to memory of 2348	892	chrome.exe	91
PID 892 wrote to memory of 2348	892	chrome.exe	91
PID 892 wrote to memory of 2348	892	chrome.exe	91
PID 892 wrote to memory of 2348	892	chrome.exe	91
PID 892 wrote to memory of 2348	892	chrome.exe	91
PID 892 wrote to memory of 2348	892	chrome.exe	91
PID 892 wrote to memory of 2348	892	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://jamehacks.com/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffab0de9758,0x7ffab0de9768,0x7ffab0de9778
  2⤵
  PID:5404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1808,i,17331944400661459937,12169710054853676002,131072 /prefetch:2
  2⤵
  PID:2136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1808,i,17331944400661459937,12169710054853676002,131072 /prefetch:8
  2⤵
  PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2852 --field-trial-handle=1808,i,17331944400661459937,12169710054853676002,131072 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1808,i,17331944400661459937,12169710054853676002,131072 /prefetch:8
  2⤵
  PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2860 --field-trial-handle=1808,i,17331944400661459937,12169710054853676002,131072 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5072 --field-trial-handle=1808,i,17331944400661459937,12169710054853676002,131072 /prefetch:8
  2⤵
  PID:4296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 --field-trial-handle=1808,i,17331944400661459937,12169710054853676002,131072 /prefetch:8
  2⤵
  PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5300 --field-trial-handle=1808,i,17331944400661459937,12169710054853676002,131072 /prefetch:1
  2⤵
  PID:5964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5672 --field-trial-handle=1808,i,17331944400661459937,12169710054853676002,131072 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5752 --field-trial-handle=1808,i,17331944400661459937,12169710054853676002,131072 /prefetch:1
  2⤵
  PID:5236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5948 --field-trial-handle=1808,i,17331944400661459937,12169710054853676002,131072 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5416 --field-trial-handle=1808,i,17331944400661459937,12169710054853676002,131072 /prefetch:1
  2⤵
  PID:1864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5396 --field-trial-handle=1808,i,17331944400661459937,12169710054853676002,131072 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5204 --field-trial-handle=1808,i,17331944400661459937,12169710054853676002,131072 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6152 --field-trial-handle=1808,i,17331944400661459937,12169710054853676002,131072 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6432 --field-trial-handle=1808,i,17331944400661459937,12169710054853676002,131072 /prefetch:8
  2⤵
  PID:5324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6608 --field-trial-handle=1808,i,17331944400661459937,12169710054853676002,131072 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6800 --field-trial-handle=1808,i,17331944400661459937,12169710054853676002,131072 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6532 --field-trial-handle=1808,i,17331944400661459937,12169710054853676002,131072 /prefetch:8
  2⤵
  PID:1912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4740 --field-trial-handle=1808,i,17331944400661459937,12169710054853676002,131072 /prefetch:8
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6136 --field-trial-handle=1808,i,17331944400661459937,12169710054853676002,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5324

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5368

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:964

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Pаssw_jame_Filе 24.1\Readmе.txt
1⤵
PID:5664

C:\Users\Admin\Downloads\Pаssw_jame_Filе 24.1\Pаssw_jame_Filе 24.1.exe
"C:\Users\Admin\Downloads\Pаssw_jame_Filе 24.1\Pаssw_jame_Filе 24.1.exe"
1⤵
- Suspicious use of SetThreadContext
PID:2236
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
a43c5442720748bc3520106b9b6d4737

SHA1
3ae6a4bbe5cc3acc29b02debfe78a366e7d046ab

SHA256
0e33c15bae9de0161695319643a4e46b888255d6b11af246e2050f7863708e3c

SHA512
9167b7a8ad92b7b82119edc9591c28d53b18256cf2259b6bbccc7c5c1833d20be514393845c6acce3dddc44d71a2c258ae27da3ea0ced8cded56e689f0b4479b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002f

Filesize
61KB

MD5
a1eb05b2e53b4908558d8ff04593ba0d

SHA1
cf7fc2706462d69876d05b3a8485a5b5ff71bfdd

SHA256
d95fd728438d7db547d3f5aa714b2bc81add8cce4dd03b0ce479d2dcfc61bd52

SHA512
108ab871d7bb98b5feb0fcbf6705710b34976da63ffe1033c8b3fe9ef2723238d9686f3a1d49f64b6f11dacb69953effd81badcf4ff42d3506bf0e85fcbe9b1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000033

Filesize
19KB

MD5
1d757185702fbe7fa84a4111f5181b71

SHA1
698a8aea1e118511ca54889f14b87a8d1b60027e

SHA256
fc97c936be26233cf9bb68bb5d7e7b9fedf1c21ac186e1b837b7077dc39b3c64

SHA512
42e5b81dd11ef0632174dbecb3fb161e15f204e9160082d9911675e7914ed20c8b8c136d9a8322c5f4d61882f87651470dbef7fcbfba2046c53d6ad035688148

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000034

Filesize
33KB

MD5
c15d33a9508923be839d315a999ab9c7

SHA1
d17f6e786a1464e13d4ec8e842f4eb121b103842

SHA256
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

SHA512
959490e7ae26d4821170482d302e8772dd641ffbbe08cfee47f3aa2d7b1126dccd6dec5f1448ca71a4a8602981966ef8790ae0077429857367a33718b5097d06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000039

Filesize
54KB

MD5
33aef02f8bc762fedcadec865dbec52a

SHA1
05a87b47cbd4d74461bb4b92a74ffc95c83d7646

SHA256
deb2997c90e4a1c6c5c4036eecb8b95c9a48cd2b0bd5cb78e9e6f6c3fd94e8d3

SHA512
b29a6500db747c16a034b3c5c96353d62e9b8e306ec93e38d8cecbeea58104b84f43cef432e41dc314eba9502b4de1dd35ca3c6e983ed6b61575d68c490dffbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a

Filesize
28KB

MD5
59f8eff1ffeb4078a4062754a681c32e

SHA1
304619e65e17f2d645ada5becfd3a811d462a5ac

SHA256
d1337cb00374453833e64cce10b1ad5a3c5b65aca5df4183aeed933032a1853b

SHA512
c63eba826088fab758dddc43e48e060cac8e256858db32a179fdae3c12c0faf21f7d681f01e06b7ace634642641cbdec4636fe8d01b52625c2b714ca8614a74e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
57a809834ce7706282e2d5b76726ee83

SHA1
d138c217d9584d919747613911595f6d91479010

SHA256
af07100034351843c8ad5300f5cf085883faf598c1a7fcdc0859f5a4391642b5

SHA512
fb710b6893ea00a6b59d9b671e2729ef5d00e341789e9db34e36520ea6a0b4ad00dfd09fd63cdbc59f6f8981d2adb9360e5b38c3fe5c12aae344e318af879e17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b3b73bed7b6433bc2ab341bbbf6e996a

SHA1
ac438ba7e020e8ea51ae155bcf204486da912f52

SHA256
b05e45b57ae8029951d4fcc884625306e75ba2ff86c7cb2af1721e2119639acb

SHA512
749d43ff92c7a0aea59022e7aa7dc55484cea1d5db607b6717cccd4d5ce7379d40e3fbebe07dd259a2fcd23a55151d32c2e09c8d2f932a42ff238a80cda9a4f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
68dec178560cb240fc8838cc583f53a9

SHA1
95fe39b14d4884b8906ca500befb5c87d7ead396

SHA256
5313cae3db29a6dd1ce080f0746c53c417a1ee8d9f64299529dddf705cde77dc

SHA512
16183c9414d24c0474925e0179a20cd4a876a49fd569a17330217ac6da4e3d9c0323aba8200f822cbb43b682bc90431723fad43c9413682ea60f33616dd84983

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
14a2f4f7aaf7aecc477eaa72b680fc66

SHA1
24bab8cf40e7a10598f37fd3128ae3a3f5b423ea

SHA256
915be4781e22b4e04e4e59965e40e3479e49f8b711f89a97ce66fd20d795dc6a

SHA512
cba97c92ad4e056feb0c30d7328acbe6d150bc9081d408516f2998cd824eb12c897b6f1ac6ec5ee98c1f537c7b4856045526c11008ed09b39569528944250c72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
13264349043058db0a5284559e2337d4

SHA1
0dc616678207ebb53ab549f1864769ada7e286ba

SHA256
e2ea2eacc24920e01220b0d87c2f8838499d43d0d67552fc8e26309e41d79531

SHA512
9a608094e54830ba6aea12b892d99a4b38ccda93009fc40a49fc5bf679ee31e96bdb8dfefd1e389f3c6ef61a021faca98e17830e1505c7814a4f71de6633e14b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
3320b6803f20833071aa9d03d9d873e3

SHA1
3cdfba38ddb963cf0ac8fb135c3078166c55ef63

SHA256
9eda994d3a298eab759662028e79d470b292b600aa42fb439faee7c51bf28c3d

SHA512
2826b8c5f46e4fded464b7cb3994fbe6bc96a86400b0e38474a72ab59babd8f265b98b3a75d398f6c5c632287f232b019f664ad1ddf051b6d875c9683e6ce785

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
035bbea969c3c66f15bc697d510733ff

SHA1
350b58cb4f2ea981ebc8b7d5d4ee3c03c5cf9069

SHA256
c3932753425728e13533289e9a1ffcfc19a57f6e65d20d44e633cc87144e8105

SHA512
adfdfa78fc1c3968bac64e085e74e8764c35e6d63e99fd0887414eab77a97eb4a0d29408d6bb0ecacf920d0aaf33354d5622bec206579470ad138cbbba1bde81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
bb3536f7d97aec97f83c6fa7cf91df89

SHA1
84c2f8d39727b546c1a6a2aefcbde6363eb9235c

SHA256
fb7e4bd80053d521bf9091c21b273cc7ed4e67983dfa4a0f9e803e650d5af2cc

SHA512
ff124e6fe486ff501f4c5af0486b3f095ca53223ff6b04636ac670089d5c6eb191ffcb9bc8ea956e2da23542f57480925ed4d4e6f127fe417853c11b0ce468ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
63de00d730f6a9da62805f91c1517dd9

SHA1
a6a7cdd23c25a5578b7928d73c40256794c486e2

SHA256
4f996c7b53efd257658e1588348b1b533ed33d6cf217422f3e9f0dba451c55f0

SHA512
862b4e5de189cb5b622a95a916d2c792013ebc11926a47e6d5453d0ad6f19b3d4531eb1211104062aa9be46b2770af308051bda234f37e2ced708617963ba5a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4370595f2f8a9412159546f8423bd77c

SHA1
d14885b4445692b4c6d21a020bac4331fc2bebf9

SHA256
504610025c0606fb9b96be0a87e54bcec6b99865292d9cbe72ce7acbec0513da

SHA512
3d05b3feba5fd023c775caa1b0382f7b0d7b37435f63e8548d14c2bfe5b7dd7689ab8bdfba42a52841eac1e8d8293becca82b8fbaba5aa305e1c4af7c384001d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
572b61b49d0c2f40e12b38ab426aee56

SHA1
a75608e32c5ebeac1069398cbf929137387338d1

SHA256
bbfa2f0265eeeb448dc2e5800bb0e73bb7bbe9f5b23b11eb345e4644d393635e

SHA512
73b36ab49bec4bc3b599b34ddbff77e6e34cdfeb123e89f2f28562ff6b111e0dff9d9660d8bea0543832962ebc74f9299f9f0d5a6f8f2fbaecf34e32e47d3822

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
6e728e875cf7fe540f9fc9024a31d433

SHA1
094cc4e09c8a25affe3af6f63eee8a1cbfc544b9

SHA256
68330053b0436f7d52238413aba5c1ba9b72809e826d2235cc068914ecbbdb02

SHA512
8eb52bebdf2b0ecaf40d9f28dc14e48dc832c05769a4d368a415b9b9985783c7169c90848bdcfaacdff5290f881ad675525057f1c7424a9bc55843cc8630d9ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
f2857ce1621495a71e5392b22ae6bbcd

SHA1
ec8d80f6413dbecba0b349b0eeae002c72c74f8e

SHA256
e97b0f5416650f1a5d4c426ad5c59b6e4e77c2551c00146fa6aa41ad1f4bc468

SHA512
b6abecd55f9885d772340141dd3ae801cc19f8909dd0fa364a0ab42e5ba362a1f683f2194f082911be20694367f0f6d4e6dd6c60b330e827fdcce6db6378187a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8d9b5e0d579bfd87360f3adc630f18f4

SHA1
ec0d71c285f5f42a2c57cc2dba1ce292dadf02d0

SHA256
f0b0499d7e41a2ce9263263b4b872b20803b1cfa8cb85a9d9fd2701e472b921d

SHA512
02ac03286054eaef3de20229d8af850719f852ecbe3b46ed9c63088337bd3e3177039015b573af8a3c20130ebd93fb28086bb5571912df2ddf9943063858abbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
dc7a93aa13a7183456406da5f04d1286

SHA1
87016e8e6e65a93c042423e899f1623ffabe19c5

SHA256
478a4239b9903d7fb160c365668e1dbcf08379424e0b1c25c54424d34751c946

SHA512
0d3af57e8b67edf09a3fd4a236c795159e17d62e2b40776d6ed87cc4b50202304c4839d81a08d7e4afa9613b498cf671d6b60d22545de7c69e8a230a89f998de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
efb30e4b33de5b62bbf47e66e7886d3f

SHA1
0d8271e06d951900a13e457f7e2a137f33489af5

SHA256
222efc7928a31aab529839ab8ec0acf2e1f4d69e45cde983cd059bfd0dd6ad67

SHA512
76f5634477deb9bbe0bf15a1d8a811f5d93b16c7bf623cb8f809368a44efc3dbc268ca044ae374632c1a3e34659feee0892def004755a0bb86fa0f42c8660a17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
a437a07bb342378967a0c70a9f5180a7

SHA1
d2c077bf31492e8dac4ec28a943ea979c3dd02ac

SHA256
0081e5ffee4310556cd0e67181f7d9ee9df23a9473ced946c69e59f00381577c

SHA512
5b54a38603255db0026ba94a1753a25f9bfadc6a825198d8cbbad2fa0cd16c55d4f97b6096fece81fe79bbdc45510042b4b5059defc5e133b7d70bece8047ec3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
974ad7640edbff2ad07a10299d218985

SHA1
552b9089b73bf4520fc66a0ae9ff3252df126f6c

SHA256
e5d4716598ee6a5176798083f1ff4d226c6711dc5db3c2e0beeac84ead8c16b4

SHA512
045b4268fba63dd99643e6ed047a981770b86e89a20e721af885ad77de881fd687465be8ae8884814f121133e9d86d4c7544a469ac1ec005ae968cab46a7c50d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
8f3ef81c4c324d95e602ef71f097fb1b

SHA1
dd2e14bf2574054204a94799827eed13a5f1503b

SHA256
bee646d0d1f51b83e88ed802b249dcb9bcfac02a13cbdd6d2f50bc0a690da63e

SHA512
b36c0516633210d5a2652fe38636636649112002a0a700eb62f56fe33ac24a50245396cf4ec32e4698a25d355e05ed1e46485024c440c23f2be2746aa0a6313b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
114KB

MD5
5b69f1ee1489e468c1efb7caa1a26c0b

SHA1
a3d6c215e13201e219a251d99aa5608887948f5e

SHA256
379e7e2a786b23b2ad1dc9e4b5fe8a588af792a8b3be8d353ec32bdd335bdead

SHA512
89fa3b3fb18e67f3b635311e1618fb58d375606ade49d0d692f6188275b4d7b9154edc9469d7959d8bd7856a4a561c0ace00417eae7c62ba5e135ccb78a40672

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
111KB

MD5
e091b2ba3a0408de4581e07cd99c4e38

SHA1
03a699d97262b92b11de8c7e6704b46f46e2299c

SHA256
cb563ffbf0cecf68dfc3d6e9ee2dea520ce848a836c6b39e6a6987fd27c486e4

SHA512
18a41f8e11aaac44bb6a3eef52f7ac8424e5c343c1b5ccc1ba09a63d24e43dc06b20a46e4d69b6bb4bb4aa665c277186cbd45b67c41c47e4cbb92fb6d9c436c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57da72.TMP

Filesize
105KB

MD5
5d93be4b5f72b95d65621a6aaa86abb4

SHA1
1ad7f85752fc6fdb969f9eccd529f0cc7ecb4584

SHA256
b7154c45909d6140f0adcc6973e9dd1da1909150df6362602557ad384dd388ec

SHA512
e0a9a550c8202f1c15d868cef39d593ac6115d59b8e34b71579e94da0a356c334add328885add3b749d0c382621406b8ac948546feb13fb2fac46ead948887c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
memory/684-651-0x0000000000B60000-0x0000000000B92000-memory.dmp

Filesize
200KB

Download
memory/684-649-0x0000000000B60000-0x0000000000B92000-memory.dmp

Filesize
200KB

Download
memory/684-654-0x0000000000400000-0x0000000000449000-memory.dmp

Filesize
292KB

Download
memory/684-653-0x0000000000B60000-0x0000000000B92000-memory.dmp

Filesize
200KB

Download
memory/684-642-0x0000000000400000-0x0000000000449000-memory.dmp

Filesize
292KB

Download
memory/684-645-0x0000000000400000-0x0000000000449000-memory.dmp

Filesize
292KB

Download
memory/684-650-0x0000000000B60000-0x0000000000B92000-memory.dmp

Filesize
200KB

Download
memory/684-652-0x0000000000B60000-0x0000000000B92000-memory.dmp

Filesize
200KB

Download
memory/2236-648-0x0000000074420000-0x0000000074BD0000-memory.dmp

Filesize
7.7MB

Download
memory/2236-637-0x00000000049F0000-0x0000000004A00000-memory.dmp

Filesize
64KB

Download
memory/2236-636-0x00000000049F0000-0x0000000004A00000-memory.dmp

Filesize
64KB

Download
memory/2236-647-0x0000000002630000-0x0000000004630000-memory.dmp

Filesize
32.0MB

Download
memory/2236-639-0x0000000004FB0000-0x0000000005000000-memory.dmp

Filesize
320KB

Download
memory/2236-638-0x0000000004A00000-0x0000000004FA4000-memory.dmp

Filesize
5.6MB

Download
memory/2236-635-0x0000000074420000-0x0000000074BD0000-memory.dmp

Filesize
7.7MB

Download
memory/2236-634-0x0000000004970000-0x00000000049C2000-memory.dmp

Filesize
328KB

Download