e79735e48a7cdaaf0f91cffda247eea8a4bbebaf39aebccad54f4cf23b5e7f8a

Resubmissions

24-02-2024 22:11

240224-138lnagd71 7

24-02-2024 22:08

21-02-2024 02:15

21-02-2024 01:57

21-02-2024 01:53

Analysis

max time kernel
150s
max time network
157s
platform
windows10-1703_x64
resource
win10-20240214-en
resource tags

arch:x64arch:x86image:win10-20240214-enlocale:en-usos:windows10-1703-x64system
submitted
21-02-2024 02:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Myau-240105-cracked (1).jar
Size

1.6MB
MD5

9115e3db16b63fb1a254f3bd57ad5893
SHA1

9c32dfffb1582ad8df15f4464b0a246d81b06f48
SHA256

e79735e48a7cdaaf0f91cffda247eea8a4bbebaf39aebccad54f4cf23b5e7f8a
SHA512

9b6481c30f5a58cdfca9d1702e059a46dfcdcb5773f1f6ef7d324050f287bd503159f316e7b0cedc2fe396326fd9e57685627c8257f4248e5057c0bbac78f77d
SSDEEP

24576:V96G/x8Z/QUTbjvgizYcftFdGmDAhQW3ZV2gDSGuGqZBXOYS8flT6lqYI:V9xxOBPrgGfDfDAKW3ZV2FLbZBeNYB

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
5088	icacls.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
103	camo.githubusercontent.com
104	camo.githubusercontent.com

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133529554863509887"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-455411700-4159991363-783884305-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4212	chrome.exe
4212	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3900	firefox.exe
Token: SeDebugPrivilege	3900	firefox.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe

Suspicious use of FindShellTrayWindow 30 IoCs

pid	Process
3900	firefox.exe
3900	firefox.exe
3900	firefox.exe
3900	firefox.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
3900	firefox.exe
3900	firefox.exe
3900	firefox.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3900	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 232 wrote to memory of 5088	232	java.exe	75
PID 232 wrote to memory of 5088	232	java.exe	75
PID 4668 wrote to memory of 3900	4668	firefox.exe	82
PID 4668 wrote to memory of 3900	4668	firefox.exe	82
PID 4668 wrote to memory of 3900	4668	firefox.exe	82
PID 4668 wrote to memory of 3900	4668	firefox.exe	82
PID 4668 wrote to memory of 3900	4668	firefox.exe	82
PID 4668 wrote to memory of 3900	4668	firefox.exe	82
PID 4668 wrote to memory of 3900	4668	firefox.exe	82
PID 4668 wrote to memory of 3900	4668	firefox.exe	82
PID 4668 wrote to memory of 3900	4668	firefox.exe	82
PID 4668 wrote to memory of 3900	4668	firefox.exe	82
PID 4668 wrote to memory of 3900	4668	firefox.exe	82
PID 3900 wrote to memory of 1804	3900	firefox.exe	83
PID 3900 wrote to memory of 1804	3900	firefox.exe	83
PID 3900 wrote to memory of 2956	3900	firefox.exe	84
PID 3900 wrote to memory of 2956	3900	firefox.exe	84
PID 3900 wrote to memory of 2956	3900	firefox.exe	84
PID 3900 wrote to memory of 2956	3900	firefox.exe	84
PID 3900 wrote to memory of 2956	3900	firefox.exe	84
PID 3900 wrote to memory of 2956	3900	firefox.exe	84
PID 3900 wrote to memory of 2956	3900	firefox.exe	84
PID 3900 wrote to memory of 2956	3900	firefox.exe	84
PID 3900 wrote to memory of 2956	3900	firefox.exe	84
PID 3900 wrote to memory of 2956	3900	firefox.exe	84
PID 3900 wrote to memory of 2956	3900	firefox.exe	84
PID 3900 wrote to memory of 2956	3900	firefox.exe	84
PID 3900 wrote to memory of 2956	3900	firefox.exe	84
PID 3900 wrote to memory of 2956	3900	firefox.exe	84
PID 3900 wrote to memory of 2956	3900	firefox.exe	84
PID 3900 wrote to memory of 2956	3900	firefox.exe	84
PID 3900 wrote to memory of 2956	3900	firefox.exe	84
PID 3900 wrote to memory of 2956	3900	firefox.exe	84
PID 3900 wrote to memory of 2956	3900	firefox.exe	84
PID 3900 wrote to memory of 2956	3900	firefox.exe	84
PID 3900 wrote to memory of 2956	3900	firefox.exe	84
PID 3900 wrote to memory of 2956	3900	firefox.exe	84
PID 3900 wrote to memory of 2956	3900	firefox.exe	84
PID 3900 wrote to memory of 2956	3900	firefox.exe	84
PID 3900 wrote to memory of 2956	3900	firefox.exe	84
PID 3900 wrote to memory of 2956	3900	firefox.exe	84
PID 3900 wrote to memory of 2956	3900	firefox.exe	84
PID 3900 wrote to memory of 2956	3900	firefox.exe	84
PID 3900 wrote to memory of 2956	3900	firefox.exe	84
PID 3900 wrote to memory of 2956	3900	firefox.exe	84
PID 3900 wrote to memory of 2956	3900	firefox.exe	84
PID 3900 wrote to memory of 2956	3900	firefox.exe	84
PID 3900 wrote to memory of 2956	3900	firefox.exe	84
PID 3900 wrote to memory of 2956	3900	firefox.exe	84
PID 3900 wrote to memory of 2956	3900	firefox.exe	84
PID 3900 wrote to memory of 2956	3900	firefox.exe	84
PID 3900 wrote to memory of 2956	3900	firefox.exe	84
PID 3900 wrote to memory of 2956	3900	firefox.exe	84
PID 3900 wrote to memory of 2956	3900	firefox.exe	84
PID 3900 wrote to memory of 2956	3900	firefox.exe	84
PID 3900 wrote to memory of 2956	3900	firefox.exe	84
PID 3900 wrote to memory of 2956	3900	firefox.exe	84
PID 3900 wrote to memory of 2956	3900	firefox.exe	84
PID 3900 wrote to memory of 2956	3900	firefox.exe	84
PID 3900 wrote to memory of 2956	3900	firefox.exe	84
PID 3900 wrote to memory of 2956	3900	firefox.exe	84
PID 3900 wrote to memory of 2956	3900	firefox.exe	84
PID 3900 wrote to memory of 2956	3900	firefox.exe	84
PID 3900 wrote to memory of 3748	3900	firefox.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar "C:\Users\Admin\AppData\Local\Temp\Myau-240105-cracked (1).jar"
1⤵
- Suspicious use of WriteProcessMemory
PID:232
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:5088

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4668
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3900
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3900.0.33447676\478695901" -parentBuildID 20221007134813 -prefsHandle 1748 -prefMapHandle 1724 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1fe454e2-1eb5-478e-ac25-6027faa32543} 3900 "\\.\pipe\gecko-crash-server-pipe.3900" 1828 1a7bfdf2458 gpu
    3⤵
    PID:1804
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3900.1.637132107\49886934" -parentBuildID 20221007134813 -prefsHandle 2156 -prefMapHandle 2152 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e57730e-d74f-4547-8bff-df155b22ece1} 3900 "\\.\pipe\gecko-crash-server-pipe.3900" 2184 1a7bfd03b58 socket
    3⤵
    - Checks processor information in registry
    PID:2956
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3900.2.778609448\533793314" -childID 1 -isForBrowser -prefsHandle 2916 -prefMapHandle 2688 -prefsLen 20866 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8151b1e-11a6-4f9e-80ce-b061327d07ac} 3900 "\\.\pipe\gecko-crash-server-pipe.3900" 3212 1a7c3ecbd58 tab
    3⤵
    PID:3748
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3900.3.925089511\860767117" -childID 2 -isForBrowser -prefsHandle 3476 -prefMapHandle 3468 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb4e1c76-925f-4fa5-96d1-0c042a9b347b} 3900 "\\.\pipe\gecko-crash-server-pipe.3900" 3496 1a7c4c25158 tab
    3⤵
    PID:3892
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3900.4.621151902\801247346" -childID 3 -isForBrowser -prefsHandle 4148 -prefMapHandle 4144 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b28b92ad-5dca-4e44-92b7-c9bddbe716ad} 3900 "\\.\pipe\gecko-crash-server-pipe.3900" 4160 1a7c5c0ca58 tab
    3⤵
    PID:4116
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3900.5.1613283911\1144875478" -childID 4 -isForBrowser -prefsHandle 4812 -prefMapHandle 4768 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {28df201c-6643-41d2-9c53-2ccf820a868f} 3900 "\\.\pipe\gecko-crash-server-pipe.3900" 4752 1a7c611f458 tab
    3⤵
    PID:4988
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3900.7.434133727\1249510012" -childID 6 -isForBrowser -prefsHandle 5132 -prefMapHandle 5136 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {28f5e8b3-13f7-47e5-b35f-3a9506d52b09} 3900 "\\.\pipe\gecko-crash-server-pipe.3900" 4752 1a7c6120c58 tab
    3⤵
    PID:164
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3900.6.2032238447\723114849" -childID 5 -isForBrowser -prefsHandle 4936 -prefMapHandle 4940 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {36bb0901-2210-43d3-98b5-22e51973ec3b} 3900 "\\.\pipe\gecko-crash-server-pipe.3900" 4928 1a7c611f758 tab
    3⤵
    PID:4588
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3900.8.1536661031\1885220533" -childID 7 -isForBrowser -prefsHandle 5656 -prefMapHandle 5620 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2be96c26-0dc0-486d-b591-49785bb6256e} 3900 "\\.\pipe\gecko-crash-server-pipe.3900" 5668 1a7c81d1958 tab
    3⤵
    PID:644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fff15049758,0x7fff15049768,0x7fff15049778
  2⤵
  PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1816 --field-trial-handle=1928,i,10953882626120455129,6642102333537179123,131072 /prefetch:8
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1928,i,10953882626120455129,6642102333537179123,131072 /prefetch:2
  2⤵
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2104 --field-trial-handle=1928,i,10953882626120455129,6642102333537179123,131072 /prefetch:8
  2⤵
  PID:3112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2864 --field-trial-handle=1928,i,10953882626120455129,6642102333537179123,131072 /prefetch:1
  2⤵
  PID:192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2856 --field-trial-handle=1928,i,10953882626120455129,6642102333537179123,131072 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4360 --field-trial-handle=1928,i,10953882626120455129,6642102333537179123,131072 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4860 --field-trial-handle=1928,i,10953882626120455129,6642102333537179123,131072 /prefetch:8
  2⤵
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 --field-trial-handle=1928,i,10953882626120455129,6642102333537179123,131072 /prefetch:8
  2⤵
  PID:1740
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:3056
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x250,0x254,0x258,0x22c,0x25c,0x7ff75bcb7688,0x7ff75bcb7698,0x7ff75bcb76a8
    3⤵
    PID:1080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5020 --field-trial-handle=1928,i,10953882626120455129,6642102333537179123,131072 /prefetch:1
  2⤵
  PID:3336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5084 --field-trial-handle=1928,i,10953882626120455129,6642102333537179123,131072 /prefetch:8
  2⤵
  PID:1188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4852 --field-trial-handle=1928,i,10953882626120455129,6642102333537179123,131072 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5288 --field-trial-handle=1928,i,10953882626120455129,6642102333537179123,131072 /prefetch:1
  2⤵
  PID:4100

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
46b6b6dd22a51d8536604b5e14bc0b31

SHA1
3751216a5d7ba9a0a215d2e130062e1e586a701c

SHA256
08debef31b6c75fedf245a2939161e3a8f036fb5b94ee19c876133bb707885f1

SHA512
8760bb2de3b18187f70ae726e9e4702b7b429ba967767f8250e71414990122ec2b9df1b203b2f9733fa6788d621f2a9a321e9b60049975bfd49549c5e6654889

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\31d57c1b-e22f-4522-b886-08297a2011d9.tmp

Filesize
6KB

MD5
806db86df206dbbd7e0bb0dac1cdf501

SHA1
68b1d567a553dd14ef87b62de6b39dc2d91df333

SHA256
350b92378b1f0e4d2036b0584b249061697a98cc8323c97e1b3a20af666942e1

SHA512
8a42bc00c65a6b6715ccb325d2b27de6b8b6163f47209a760c6e64fccd5f68bfa684097178378f4fbfade5de58e25c2538f3e372844f50d724a56aa33008ed2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
194KB

MD5
ac84f1282f8542dee07f8a1af421f2a7

SHA1
261885284826281a99ff982428a765be30de9029

SHA256
193b8f571f3fd65b98dc39601431ff6e91ade5f90ee7790bfc1fba8f7580a4b0

SHA512
9f4f58ab43ddadad903cea3454d79b99a750f05e4d850de5f25371d5bec16fc312015a875b8f418154f1124c400ae1c82e2efd862870cd35c3f0961426c8cd82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
b38f5f445a8e06394000fa60c3380db0

SHA1
9b372433c58552fd3391dbd6fadd8fe6b5f15345

SHA256
67910ea8b8fc3827db6ea0b75bb961d5181c8af74e6ad2c35efd7c871c6b6662

SHA512
9af933eac25cc1c8cd403e261e759fa74c4bac5983d6c22ce9359bf6071a97354db2004fdd749cd4036826eaca22e972adc738490f99cd64ec7efd1d49d979c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
6d734214c34dcdc5bc234551650aa087

SHA1
9b9688ea284ebfb189a0762ce340cce6d3f685b9

SHA256
86ad3566c291e690132006d26363da6b979a974ffdebcb9f4f8d804692ace8a1

SHA512
c7b14eafc97cc57737fb1c2873a3fdf52992235f2f58d198faafb39d809c634252cf2a1bb42676b9447401451daaf0f6e16ea9647c7e5f7549a49497db2ad8be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
9ad965055c0f6cfed62b84227f00b417

SHA1
6c743fe99cf235662fec4b8b1319fde28b544184

SHA256
dd06f000ef91281568fc796e4e117e72159aa6b9053fea0fb369ffdc7883e838

SHA512
60f0bd0ee920adda47f2e084b3c7bc184b750f56207c56c134bcc3be176b011ae86b1b4bd4ff7b80db25251c3cb8cdf35dd97191e5ab71c050cea322b67f7e96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
2ac6c7a4393081f3695327eec08545d1

SHA1
487c53668398ff7044d283c13a049fcbe5851874

SHA256
982448da843a3283cca58b5c451dad38f3668ba0b9aa497edd4797108d904fbd

SHA512
a9db7dd42122ce1e32cdba7e3de16154f26990181787cf83a099871852b7e0441fd43d7872b98b9f0ad5ebc0720f6c7c1d3b4933a48a7b706e28b7476070814c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
2cbffed2ba53ab4a49afe4573bf0c328

SHA1
7a773a4a163df0e730c688b3d42c582b679b140b

SHA256
b13f421a1cace1b272c23632868928f8f43eb711eb6a11e25429bfdae2db3721

SHA512
807767e8366d130954f0f65caa8d4e4ea789f12228a23eeea8f7d4b853bbe35909d46146db8bb3c67bc55598f0ce63eca3f8aa5999e83dc52bf9853efc66213b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hp78bw39.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
b624e69f653fd214cc4c26832759959d

SHA1
e38cd7a11cb1c111a370aa2a50ea870f81eeae20

SHA256
cf3d1ba9135caf1748b4738e2cba916b3f45ec0448e00b1881953fb7c51c21bd

SHA512
0b7911717204a63b8aa7c979a5d63013be882d67b8cd1299e30adf8ef5c1154883443a61d3b0334d1fa315e12c58cb9b841e71297dd9015212ea269187bfcc09

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hp78bw39.default-release\datareporting\glean\pending_pings\fdeea9b5-2b0a-4f09-877a-aa53374835fa

Filesize
734B

MD5
e8517fa5813590e5996e8528a09d7fb7

SHA1
8ce098fe6df775032f8267ce1357822c34a87f8e

SHA256
5485c4226fe5d58cca0324fbba3756683e96cd923b33883f78c2bb3041518d3d

SHA512
9984acced81413597edae325838579345c6fb30af4fa2a0d71a5d860c6e11216bd1bf32066f3d43649705d32926a5caffd95841ef3e7bbb13e179f74dbae10bc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hp78bw39.default-release\prefs-1.js

Filesize
6KB

MD5
f6e68bdee687a6c607f11056e4b68d9a

SHA1
e5024fc32b2fa8f000b6668e555759d864cd3c13

SHA256
a9ac4c2a08a668daf2e986ca6e13d4a5548d51f38ce4196bd015ea9445e836c3

SHA512
706ab9ec7a96d57aef03889c7cf44338390bdc513e8a309c93dc53c60eca796baaf64334bb154e61cd8a7365ef328cdeeefba2bcafe9997f846584cb47629796

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hp78bw39.default-release\prefs.js

Filesize
6KB

MD5
dacf06ef7b4c13bbe4be098ba75704da

SHA1
0d1fc785d74cafe4c0642a45552d73f07a817daf

SHA256
135a976ca7c53e43da85d9a1650ca389fea1136ac34742639b2f1249c57f4faf

SHA512
be010d74f7d180702d1cbae9781b988bcceb211b503538738db7ec18c2b868111fba6d5275d2094894d6177430170bbc240d28e30d65d6d01543b6f733e68cf8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hp78bw39.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
8180381f6acbbca5697f6a3541f06d23

SHA1
d176bc37420cfb3106b2549177d557b8016a7e48

SHA256
ac8b026be0f249e9e607aae9974d071ae4f0c69a1fc0e94f04d2a10124151613

SHA512
c557474ac6e410ea8bd0424fa947641ced8ca7f8c08a84676812f542723291fb6038e65a7b6ea0f0a8a7d21e696b7ed100612f894d045ca7f426e596d7dcd9a1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hp78bw39.default-release\sessionstore.jsonlz4

Filesize
4KB

MD5
c374b0bfa61e17e2950293023611fcad

SHA1
c6067fc935ef2c10224b33c5652eeeec6ce699a5

SHA256
5a22eeb0a5b88d1631698faf97ebf5371ce4510de74aec278bccd83fb1aa13bf

SHA512
5b36c34d9310ae83939f8828202f55c10d9f68588a709b8ace90e510a9e24f537024efe80fb10c6fc915639c7225db6dd9fa08bf9c72fe2aed976591f05dd9d3

Download Submit
memory/232-4-0x0000023E3EAD0000-0x0000023E3FAD0000-memory.dmp

Filesize
16.0MB

Download
memory/232-13-0x0000023E3EAD0000-0x0000023E3FAD0000-memory.dmp

Filesize
16.0MB

Download
memory/232-11-0x0000023E3EAB0000-0x0000023E3EAB1000-memory.dmp

Filesize
4KB

Download