8fb5890f75d501936e90d1891cd97c8b23396525842fd741f9b9a441405cd01f

Resubmissions

26-02-2024 18:15

240226-wv4khsdb8t 3

26-02-2024 18:01

26-02-2024 17:58

26-02-2024 17:47

26-02-2024 17:30

26-02-2024 17:25

26-02-2024 17:07

26-02-2024 16:42

Analysis

max time kernel
583s
max time network
599s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
26-02-2024 17:47

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

gato.jpg
Size

54KB
MD5

cd869039e351b02dde534759ae627caa
SHA1

8c227c8532a3106c82009117500a53fceb8adcda
SHA256

8fb5890f75d501936e90d1891cd97c8b23396525842fd741f9b9a441405cd01f
SHA512

81a5b30497bb3cf7b6257728ef5f04b2e45d1ec23e159035210292b13514a82313e19c68878f50bd10a9382ed5b6a83c6356d2d2c0607a79ec2e8afbc9bc3fc0
SSDEEP

1536:g6taN+v7AZswe0Q4qKjLkvqwWsXcWQeldDrVh5Bh0K4:QEAneazLaMWQWdDJh5vI

Score

7^/10

persistence upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1528-795-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1528-804-0x0000000000400000-0x0000000000420000-memory.dmp	upx

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2503326475 = "C:\\Users\\Admin\\2503326475\\2503326475.exe"	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\2503326475_del = "cmd /c del \"C:\\Users\\Admin\\Desktop\\HMBlocker.exe\""	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\~~CB = "cb.exe"	ColorBug.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 11 IoCs

Web Service

T1102

flow	ioc
61	raw.githubusercontent.com
62	raw.githubusercontent.com
63	camo.githubusercontent.com
64	camo.githubusercontent.com
65	camo.githubusercontent.com
66	camo.githubusercontent.com
67	camo.githubusercontent.com
60	raw.githubusercontent.com
109	raw.githubusercontent.com
68	camo.githubusercontent.com
59	camo.githubusercontent.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 16 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "117"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3304	chrome.exe
3304	chrome.exe
5104	chrome.exe
5104	chrome.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe
1812	taskmgr.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3960	MEMZ.exe
3336	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3304 wrote to memory of 4032	3304	chrome.exe	91
PID 3304 wrote to memory of 4032	3304	chrome.exe	91
PID 3304 wrote to memory of 3756	3304	chrome.exe	93
PID 3304 wrote to memory of 3756	3304	chrome.exe	93
PID 3304 wrote to memory of 3756	3304	chrome.exe	93
PID 3304 wrote to memory of 3756	3304	chrome.exe	93
PID 3304 wrote to memory of 3756	3304	chrome.exe	93
PID 3304 wrote to memory of 3756	3304	chrome.exe	93
PID 3304 wrote to memory of 3756	3304	chrome.exe	93
PID 3304 wrote to memory of 3756	3304	chrome.exe	93
PID 3304 wrote to memory of 3756	3304	chrome.exe	93
PID 3304 wrote to memory of 3756	3304	chrome.exe	93
PID 3304 wrote to memory of 3756	3304	chrome.exe	93
PID 3304 wrote to memory of 3756	3304	chrome.exe	93
PID 3304 wrote to memory of 3756	3304	chrome.exe	93
PID 3304 wrote to memory of 3756	3304	chrome.exe	93
PID 3304 wrote to memory of 3756	3304	chrome.exe	93
PID 3304 wrote to memory of 3756	3304	chrome.exe	93
PID 3304 wrote to memory of 3756	3304	chrome.exe	93
PID 3304 wrote to memory of 3756	3304	chrome.exe	93
PID 3304 wrote to memory of 3756	3304	chrome.exe	93
PID 3304 wrote to memory of 3756	3304	chrome.exe	93
PID 3304 wrote to memory of 3756	3304	chrome.exe	93
PID 3304 wrote to memory of 3756	3304	chrome.exe	93
PID 3304 wrote to memory of 3756	3304	chrome.exe	93
PID 3304 wrote to memory of 3756	3304	chrome.exe	93
PID 3304 wrote to memory of 3756	3304	chrome.exe	93
PID 3304 wrote to memory of 3756	3304	chrome.exe	93
PID 3304 wrote to memory of 3756	3304	chrome.exe	93
PID 3304 wrote to memory of 3756	3304	chrome.exe	93
PID 3304 wrote to memory of 3756	3304	chrome.exe	93
PID 3304 wrote to memory of 3756	3304	chrome.exe	93
PID 3304 wrote to memory of 3756	3304	chrome.exe	93
PID 3304 wrote to memory of 3756	3304	chrome.exe	93
PID 3304 wrote to memory of 3756	3304	chrome.exe	93
PID 3304 wrote to memory of 3756	3304	chrome.exe	93
PID 3304 wrote to memory of 3756	3304	chrome.exe	93
PID 3304 wrote to memory of 3756	3304	chrome.exe	93
PID 3304 wrote to memory of 3756	3304	chrome.exe	93
PID 3304 wrote to memory of 3756	3304	chrome.exe	93
PID 3304 wrote to memory of 1352	3304	chrome.exe	94
PID 3304 wrote to memory of 1352	3304	chrome.exe	94
PID 3304 wrote to memory of 5044	3304	chrome.exe	95
PID 3304 wrote to memory of 5044	3304	chrome.exe	95
PID 3304 wrote to memory of 5044	3304	chrome.exe	95
PID 3304 wrote to memory of 5044	3304	chrome.exe	95
PID 3304 wrote to memory of 5044	3304	chrome.exe	95
PID 3304 wrote to memory of 5044	3304	chrome.exe	95
PID 3304 wrote to memory of 5044	3304	chrome.exe	95
PID 3304 wrote to memory of 5044	3304	chrome.exe	95
PID 3304 wrote to memory of 5044	3304	chrome.exe	95
PID 3304 wrote to memory of 5044	3304	chrome.exe	95
PID 3304 wrote to memory of 5044	3304	chrome.exe	95
PID 3304 wrote to memory of 5044	3304	chrome.exe	95
PID 3304 wrote to memory of 5044	3304	chrome.exe	95
PID 3304 wrote to memory of 5044	3304	chrome.exe	95
PID 3304 wrote to memory of 5044	3304	chrome.exe	95
PID 3304 wrote to memory of 5044	3304	chrome.exe	95
PID 3304 wrote to memory of 5044	3304	chrome.exe	95
PID 3304 wrote to memory of 5044	3304	chrome.exe	95
PID 3304 wrote to memory of 5044	3304	chrome.exe	95
PID 3304 wrote to memory of 5044	3304	chrome.exe	95
PID 3304 wrote to memory of 5044	3304	chrome.exe	95
PID 3304 wrote to memory of 5044	3304	chrome.exe	95

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\gato.jpg
1⤵
PID:5104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffedaf49758,0x7ffedaf49768,0x7ffedaf49778
  2⤵
  PID:4032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1888,i,16115065545120941038,10686901332638568721,131072 /prefetch:2
  2⤵
  PID:3756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1888,i,16115065545120941038,10686901332638568721,131072 /prefetch:8
  2⤵
  PID:1352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1888,i,16115065545120941038,10686901332638568721,131072 /prefetch:8
  2⤵
  PID:5044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3092 --field-trial-handle=1888,i,16115065545120941038,10686901332638568721,131072 /prefetch:1
  2⤵
  PID:388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3232 --field-trial-handle=1888,i,16115065545120941038,10686901332638568721,131072 /prefetch:1
  2⤵
  PID:2440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3728 --field-trial-handle=1888,i,16115065545120941038,10686901332638568721,131072 /prefetch:1
  2⤵
  PID:1188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 --field-trial-handle=1888,i,16115065545120941038,10686901332638568721,131072 /prefetch:8
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5172 --field-trial-handle=1888,i,16115065545120941038,10686901332638568721,131072 /prefetch:8
  2⤵
  PID:3552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 --field-trial-handle=1888,i,16115065545120941038,10686901332638568721,131072 /prefetch:8
  2⤵
  PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3908 --field-trial-handle=1888,i,16115065545120941038,10686901332638568721,131072 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3120 --field-trial-handle=1888,i,16115065545120941038,10686901332638568721,131072 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2544 --field-trial-handle=1888,i,16115065545120941038,10686901332638568721,131072 /prefetch:8
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5668 --field-trial-handle=1888,i,16115065545120941038,10686901332638568721,131072 /prefetch:1
  2⤵
  PID:1704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3140 --field-trial-handle=1888,i,16115065545120941038,10686901332638568721,131072 /prefetch:1
  2⤵
  PID:1000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5660 --field-trial-handle=1888,i,16115065545120941038,10686901332638568721,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3464 --field-trial-handle=1888,i,16115065545120941038,10686901332638568721,131072 /prefetch:8
  2⤵
  PID:572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1012 --field-trial-handle=1888,i,16115065545120941038,10686901332638568721,131072 /prefetch:8
  2⤵
  PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5772 --field-trial-handle=1888,i,16115065545120941038,10686901332638568721,131072 /prefetch:8
  2⤵
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4488 --field-trial-handle=1888,i,16115065545120941038,10686901332638568721,131072 /prefetch:8
  2⤵
  PID:488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 --field-trial-handle=1888,i,16115065545120941038,10686901332638568721,131072 /prefetch:8
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 --field-trial-handle=1888,i,16115065545120941038,10686901332638568721,131072 /prefetch:8
  2⤵
  PID:4448

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4116 --field-trial-handle=2256,i,9172343514068348080,519219714517961765,262144 --variations-seed-version /prefetch:8
1⤵
PID:2472

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3804 --field-trial-handle=2256,i,9172343514068348080,519219714517961765,262144 --variations-seed-version /prefetch:8
1⤵
PID:112

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1812

C:\Users\Admin\Desktop\HMBlocker.exe
"C:\Users\Admin\Desktop\HMBlocker.exe"
1⤵
PID:1528
- C:\Windows\SysWOW64\shutdown.exe
  "C:\Windows\System32\shutdown.exe" /r /t 6 /f
  2⤵
  PID:368
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c REG ADD HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v 2503326475 /t REG_SZ /d "C:\Users\Admin\2503326475\2503326475.exe" /f
  2⤵
  PID:4776
- - C:\Windows\SysWOW64\reg.exe
    REG ADD HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v 2503326475 /t REG_SZ /d "C:\Users\Admin\2503326475\2503326475.exe" /f
    3⤵
    - Adds Run key to start application
    PID:2312
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c REG ADD HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce /v 2503326475_del /t REG_SZ /d "cmd /c del \"C:\Users\Admin\Desktop\HMBlocker.exe\"" /f
  2⤵
  PID:3028
- - C:\Windows\SysWOW64\reg.exe
    REG ADD HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce /v 2503326475_del /t REG_SZ /d "cmd /c del \"C:\Users\Admin\Desktop\HMBlocker.exe\"" /f
    3⤵
    - Adds Run key to start application
    PID:2848

C:\Users\Admin\Desktop\MEMZ.exe
"C:\Users\Admin\Desktop\MEMZ.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:3960

C:\Users\Admin\Desktop\ColorBug.exe
"C:\Users\Admin\Desktop\ColorBug.exe"
1⤵
- Adds Run key to start application
PID:2136

C:\Users\Admin\Desktop\DesktopPuzzle.exe
"C:\Users\Admin\Desktop\DesktopPuzzle.exe"
1⤵
PID:3152

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3901855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:3336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
43KB

MD5
8d1ef1b5e990728dc58e4540990abb3c

SHA1
79528be717f3be27ac2ff928512f21044273de31

SHA256
3bdb20d0034f62ebaa1b4f32de53ea7b5fd1a631923439ab0a24a31bccde86d9

SHA512
cd425e0469fdba5e508d08100c2e533ef095eeacf068f16b508b3467684a784755b1944b55eb054bbd21201ba4ce6247f459cc414029c7b0eb44bdb58c33ff14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
24KB

MD5
1deeafca9849f28c153a97f5070355d6

SHA1
03b46b765150a2f308353bcb9838cbdd4e28f893

SHA256
b1639f4ce0285c41f4bd666f3fae4767094e3042b0379646b5ccfe04ef01ec19

SHA512
52122b7e3ca9b58eab42fc652c24b4b8c17c43970f88860372d8377c49c540c31ddc81b519f4d59d34e199571758f82ab2fea0737ac1f847b3d4dd75d7acac19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
49KB

MD5
4b4947c20d0989be322a003596b94bdc

SHA1
f24db7a83eb52ecbd99c35c2af513e85a5a06dda

SHA256
96f697d16fbe496e4575cd5f655c0edb07b3f737c2f03de8c9dda54e635b3180

SHA512
2a3443e18051b7c830517143482bf6bffd54725935e37ee58d6464fac52d3ce29c6a85fc842b306feaa49e424ba6086942fc3f0fea8bb28e7495070a38ce2e59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
23KB

MD5
bc4836b104a72b46dcfc30b7164850f8

SHA1
390981a02ebaac911f5119d0fbca40838387b005

SHA256
0e0b0894faf2fc17d516cb2de5955e1f3ae4d5a8f149a5ab43c4e4c367a85929

SHA512
e96421dd2903edea7745971364f8913c2d6754138f516e97c758556a2c6a276ba198cdfa86eb26fe24a39259faff073d47ef995a82667fa7dee7b84f1c76c2b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d8543c57fd36006fe50b8e4cf4950706

SHA1
cc3bb338739ddf14b6c0f721c02396ab3adcec25

SHA256
d1194dc1ab5f48880c914d7ad3a0503bbf72939499c4de82754429183271d20b

SHA512
ae1e2ed923f3c4b8f94a92deaf0f51514a2e6b333b7320fe1c39767cfceea0191e356c2c4c27e81050476ef4af6a5e36d0cf923c45f6f31174b3b9199befa326

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
f1c2e868cf0ce25777d8e49a5f58bf2d

SHA1
7e016673c55e22a2a5f0461f48d658d6cf383254

SHA256
008acbc9a49d06c4dcc468dd5ed40efb79d31217f3987db6c7fecc9484ce6561

SHA512
d6d90128529ffabe8965587e7d547ce232ea3a11f47c6ec0365e750843f5ed01309ae45622f2a6f5065eb1ec1846edfc13e8f7188f3ce5ef30a90f9114743842

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
57e42121253c1825af0a06572007ea5d

SHA1
897d610d63b79cf8d23758bd49a1e0aa2df87bb4

SHA256
bd58f0fae02e3f5f1e8efe3a9a307b496511e168d3be2766a7cddcaf5b3d29c9

SHA512
2e2139b5b88f27eb093735fd8d05a9c2170045717b82a9cd46789039175b7463b03e101dc8a6eeddcf60b018b328cbfc823a669645ffa689acbdca893f71ef4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
9385565e13b5e5fcbdbe33752b324097

SHA1
a9f109dddad9ebd9da4e26fe13f4b9448526a58d

SHA256
bf100729bd07e6b8fb1e7e8a63ab44ba8baa8a0460fad05a9501a95458e0817a

SHA512
ca97d14622cd30a1da53ee13d2937bed17227449bfa985247b150f28619cc721cd4d0bafcea30c2304a69ede5aa4de49294240fe69f68387e9183175d33ecdb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
c7348d91a3fb6acae7ede7a35f725776

SHA1
f40b22222dafe0c6215c22f843fd35e758db7800

SHA256
a18efc929396cff9bcef9199ad805e058df59d6261eb0930efa4f316d312d7f9

SHA512
90190e11c5a92d2ec46956e22bd368c9e3794a553abccbf2a0874751f784055b1933176f402ed6f982c9678c11ae1c67e81dbc26620177abf529fefdbf7401c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
f1defd608e6b8a898d6c447e2ea4b37e

SHA1
afbe8579741e403936f106be8f3665fd2aeb512d

SHA256
e9c2c8948dfc3196e38526fade30bce4387d5d31bbd733abd90f400e7367aa59

SHA512
25686c96260b1644f268a2d2ce2889c1239c5df0aaaa42ec42342a6bcac0f9e2011cc6527b7e97d287dc7631b2fa60b24c6dd7ea252838e4f69f83955d1bcd58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
3908d578c25d1bc0cfab52e0694393f1

SHA1
38f51a5dd6c445ffc4881c231f9fa0d0d2ee48be

SHA256
57143e3e47fc8672af2c8c473edf9133fd7c37ba352c0b4489229054a2cf980f

SHA512
28ce86ee73ecdda930bb158ccfaba1b2906bfc26003a8a8b8cd17775f8bfad205bf3dbef6b897eda05dd747d06fbb99a24f639ec429d66c3db0c90f5ffbfa2e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
ca6e15901bab70e647323d0854d9ed84

SHA1
3ee9075fe019eb33fba93449dfca1bad6562bb29

SHA256
5c64d9bfd14b2e49a7416bf96c9f4771dcf4cfb07222fc3da6ff34a5ca759321

SHA512
8ef3dafed104a1d0ac7a6efc2ae043f16228420eff44405df48caef7048625d5737bf08c2b694b1de01a9e981b184ac65789b258c04a8911f6bd79cd756d6891

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
ae20aab56556c0498bffd59be122ae00

SHA1
c2165a138703888a6d12a45eeda89505338b9826

SHA256
d3216d57ef0e93f49bf471bb90c2cb1f85d93d8dc2f09df67f0ca6ea550df034

SHA512
b6f761be03ba960bc42dd429974062013637f46aa798537da1ee61e705f846bf0151bd0f153b186cb55f94c9b580d67a397901587bf4ed3d4ec4f6d7e7388548

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
8a269b3ba918cb14e288c887824ac7ad

SHA1
f9c8292093622cce7def08b45c228d0f54f5e92a

SHA256
2c46c23e22071d678330ed0d50b5012f0ba44b82702cc7b86a67b84e9fc77a03

SHA512
cc69f456ba4918627e297315bd36fa88b940288b241fe04715d6d8903e24439fcb06d4aa8dc4e8c8bbf2639cad07f1987f657d0524f302a8fa00a85cb197a25f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
6c1e05c243d1c39a630cda5f3c7012d2

SHA1
d4794a9d82743e0bdb9053dab18a8886a977ea26

SHA256
e6d965710bc05cbccbf16d5756969a5a5e78259947bdbf516ec7ba1cb157e7d3

SHA512
f14705d959a2197ed4d60429aff9a4a380c4a86f5ab603d0971da4f5bd29673fa123ae04280e817a4dea034fd3dd2bebd9076e35d80ee2d7681235ace55e0ed9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a4a50cc1541da0dc882ef8a19f85ff17

SHA1
f1a37ab2b9a5e16c16a5262f4a6e3f396b7a825c

SHA256
926073c401899945db0ecf92b66a5ab94b96a3fdcefebae361cadbaade4d5343

SHA512
27de70322c7f2c805916803326078d197b821469c1f8423bde10878ec043d8458b6bcc474921a3182c37b6e3bd00014fe1e52c5a819c636ebed885fa6319f63c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e7640ac6ac62858dc406c42ac37ee62b

SHA1
72980d394b086afeb37e1e76ca847b9a4392d639

SHA256
ada2586c841155087d866423d65d4d4490a7f65b85b83b85ed8cbfb4c391745c

SHA512
fa43c1f38e4e19da362463ed357e681fae334edeb2e79d18c028de01e50c7deec123eaed6b9bc207747c61cb00c1f544a2590ab02cbb1c67137542d075e0bc48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
0f157934cf0198f51051ba22032c1c72

SHA1
1ce033b69f5d4f620e515a78034852d9174387f1

SHA256
2879eee7dbf7b30957f947606f5076dd75a6d5df824cef095029cabddba0f407

SHA512
0ead329a287980d988a220449a1892b5173c41432023fe1c008247bbec6176a1897bae756674770e3dd9b81dfc8d2e68a6678e588ca1205760b61f9f51ac0fe2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
704e7a28afe7100024e53ff0186ebed5

SHA1
7620797058069d3f369771baa2a3e6d1c1c55892

SHA256
3be894213b9868c853065a13236b82d4c36b0e5f525ea6feb0dfd3582fbb9ed6

SHA512
0ff48d28beeda0999669a41db932970f727d685556c787cacf3b8f3999eb64049620f86192ab86759357877f375a7db0459a6f9c24a89f12463f85fd72ad98d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
7b457ac40a2e907fb8f5cbf87db0bb12

SHA1
a2fff2fac26445cf6e257226dea24ba113b32447

SHA256
6b4b2b9574f99918ce5265b69726109f8b93468c6b20301c4abe18075c30ccdf

SHA512
95a6f1b752845650d058b844ff66b2fea2c4b4269510cccec52f76edae146821c30e6027e18ea6e2bbe80ffd2f7c49cdc5db7d620df1e5868c6b6e52a5b136a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
37fbfa2630b64d5d9f10115d7f02be01

SHA1
28c1c386cd77efd677a47d628f390c977244881d

SHA256
c37b9fce60ccf093e16f86f16d5f62e17b86a113c44f14c9a0e91b4d7380d73f

SHA512
44506d6655229886d09a886c49f8bbe2b7431a000a40bb7f457e80f8c6fb2e15a7fd6d62dd561d56cd3485857f66946f16af8945b621281ab041c29cc097e638

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
dc1d28ee1acbe0e01476c8cf505bd7b1

SHA1
c0662fbb8c3e4c8d65725d60c81f3510542b4667

SHA256
14edfcec29440a74fecf88e2bcf25281b1de88d45b70f22c0573d647c4972763

SHA512
5dc8e506e08909118c391135e0908a8204ebbe7433f879884698a08c479af0a2a4c9f5ca526c55f015d31f86b5338ed4f6404ae919f11d2fc92d84cc5fd5051c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
94af41ab6a6ada1e65f425499a71ecec

SHA1
8dc709bd5d0ddd7c49d55eb7ef2350a36d5b88ed

SHA256
84555bbc4fc9425d960f01ca5ccf890f4dc8ef7a7f46ae4861ea7d84c0c7f239

SHA512
a3763a70b826b6fe4041219296747b7d647b6d6cdd38a46b593e2d521f385283556f92e1f7209ce7130b4f4cb14930e92441a17b6473f4b8d09f1dd2da766004

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\c11def64-0a79-4713-81f4-b0fdd8e9ca00.tmp

Filesize
2KB

MD5
c58891fa4315cb446a890551f766ccab

SHA1
50446313a584c3de5159b779c50b02f33de322fe

SHA256
34f17820efc3f413cfe5f4e37e7335b01c3e85314e8a1354e692043e99cde031

SHA512
0bcbb9a35c4da9ad996eeb246675108d970aa565565068e59891b96b020f5b6ab3c462fd650399678f1774d51e9a567fe18e7ab876e50eb4da2edd0b5a713d29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
2c367c60a71f66a7990265d62788f7a3

SHA1
0aa21935a01f8c173ab9486b97b967d79acd4e88

SHA256
5d87f2d1084159679e611b64abd6b06e9009e6b3d3de68a353ccfff94d7b2186

SHA512
70ae28922b2d48958905242b78de8e2dbbe9f990ad6899a10a0a8acebc4d642d437df88d0b48490f95ff9e1defcc58f10a04e5be45e2f4f01ede1a55333ee70a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
48a00713ab8a30a0ebcf9ef1162c5274

SHA1
643d81d213f677d08e08a0e26a96b95dbcd580bf

SHA256
8bf996cabca87ee5a1e1acab5fdbb422ea205c83b2c461eb5cad9eda8c9bed79

SHA512
ee1b1a73ffd09e63f77df52b8d803ea2218af1546072168f8476245a4cce6bbbcaa1478965488d670879c86dea6b1314ba9b97952cb44a925f1f759c6b21b1f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ae758dc32123073264cbf5a42183c2d5

SHA1
ecbb36b5f07ed9fccc77f2439be4426483f59799

SHA256
4d1db2282b16dcf1d5b19b75d32635d146ad78200b6ec0c0aded84f223ca65a3

SHA512
1db788572cf58e97722c8dedf00aee645e3516b9d3035bcf3d3d5e5fe00429f08f783d7c735743433f8a1979fbd08dd6a685304579878ec6c88e7dce69fb7a54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
25ea2f0cc344db61b2e4875abe4d682f

SHA1
fc231ed4f21e481538101b424e7606bbc91ddf22

SHA256
852dc98ee5f1b167414998ea816b38d5790ae2719fbdc0a5aa5fec716d0e155a

SHA512
80bba36015e6b3785f5ac0f65459dbb4d228c58458a9207e4010a777d3428fe426be89e3c7943f15ac35de8187bea8495b8aea13e27001198f973f83ebcb08d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d06adc37b14596a5098404e3d1df5c46

SHA1
7aa20aeaeba233a7af2a4b083121b43478ddf074

SHA256
4634a7ae49a757b5d0190ce18d5131252a44bdd8a96cf6e1044e95d30283d5f6

SHA512
c7a09d53e891ab7f9ce0a866f105215cc46667441c1a10926e990a10d9988acda612fe59bc4803c004f695a169ab6bfce2f89ad4ab5a7e47ec4ffba874780c60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c7f9d3398ea5cb25279e0faa472621e4

SHA1
21c235ae56d1e62d95ba1d53ef0be4d9ef9f856f

SHA256
fb352d8d804d30044e50ec5c4c9504459a7ecaeb36481b49284eb986ae3b7aa5

SHA512
b05015413d51313118416a8b727150538c18b4981509b7bf0444bdc00ef7968aa87d0a8d64382ceb1b39e47af7a0861010ebc754443b7a481b6dad66071e4aa5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
eb85381e000331c509e14c2a673fbc7d

SHA1
90b8c3e5eeff15a8e4efb4e4cc09e37233a5175a

SHA256
c289ed41aeed9de4cffc3595566a5a3d0476bbedc884a58f012e7313b395550a

SHA512
64e1d6d87147c0651a5ff80f097048cee1d69e6f7ffcda23fbae6202121a8444eedb9912fc2d1c83534a0b337420ddd1fa3eef8a253a847b4090992f2a1cfa39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6b3972847754f17485d06cb2eb4fcde2

SHA1
0d6d107121414f64722d0196f436ab8853715096

SHA256
0516fc85c658445f28463bc9ed91c7ab7c39569dcecce99c32b8a922560f2f92

SHA512
b7311c872ec5aa8848d301e4a3c3d0f9dc4a00265c7bde7347916489712c1b68234dfefdcaed1410d3b491d28c5702d25ce554dc99bd875f6dae968e09657636

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
183381704cf1937d4472dc3dea7a3125

SHA1
f2d7798408292bd4c38bd6d2dbcaee325d0f5106

SHA256
5a9207431111f3a13bc6d07ea8da8a9201d83621aad31190749ba82fd62f54fe

SHA512
49af77346803a8bdef4eb653a37b827c6747de357ad2c43791277d2f3a4730b856b9906377acbcc847a6ec6872352b10340e7957bcf31a5f11d2fae2d51d38cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
fb91d88c81cab5091b7295e691f2a49b

SHA1
15dba284ab7c284400fd49d76a61723f2ff65c9f

SHA256
70a4bf088b4bbaaef0f04ea01384b4d87366a494a17aa27acfd3318b6e05773c

SHA512
7784468486ba1f4c309ce82e50d552c1e7f23c462ace366408956c0084d2e3ea74231b32cf7448f678af3fa8254e9d7e9f9c4089490cfaf819cc8d53a57850b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
911239305811f8be5f5209c334d139ce

SHA1
593426f9cd326258b6f6f8dd428c26738481b1cc

SHA256
46a8c5048b0da97ba377773854b456bfb7ee60421c482154ceb49fe900d3a98f

SHA512
faa1780c19c2dd818d7b9bb9d2efc25c249c459b2ca64744678d17b51cc88f2fee6a09deefea4de599ebf1985fbdbcb10f4eefc9cda77e704687945306bb68ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
4ecb55c4b4fedbfd85dbf6066e5c3ed9

SHA1
a3675398eb1e196fb1cf0d47d420c0b3805af118

SHA256
b055f351c557b36ccaa0f051ed0e0399c7335aad9fa2e595e5bbdae25b4c45a3

SHA512
dc05f12b177ec240d2a038bd001490fa646a336b61f5cf5ab145bc111d9bc5e094862f72b77a7a2f77cabf77b624d52e657a958bf91eb4a7b631f017f88be5f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
0b5c142c8d5a0269a214962d6329c3f4

SHA1
eb9eb6865e981c260af489448615bceff68571d8

SHA256
80e516831abbfd25d5cab35fc4f7459ee8c4ad665b55afe9516dca9a76a795cd

SHA512
82013ad5d2838bb6ea45ff4deab445e419d9cf7551940123fc03211688a0783354a07c3e20fb5dc7e7d71f98d44245b63c7413c811e2bcb73eb710fca710ce4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
105KB

MD5
9e306507463832452bf9b05bfd536ecc

SHA1
2922ce573c379d6c5e2caf4f1284321f3249cd52

SHA256
8be0b4b6fce82b1bb79472a4a0550b25788b628686798039c0966043e38b537d

SHA512
9454c278fdb81837a29492de9081342c29d2a971990521888b5d7aec9a8e0bd3d7a64ba1cb023fe8d88abc82b2e6ad543f7742ba85ed2d554b01fc52802402d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5b2324.TMP

Filesize
99KB

MD5
ad5cceea5be54968c94602bd2f3c808f

SHA1
e217f9164bfa0f30e9943da68be560d0a6e7ee00

SHA256
8e9ebe5db60d41e4f32fb0a4b3eb4ceab15896fba6877e1f0ab3a7bf0216cda1

SHA512
fe8c5dc0568709a04a94c9577af865b3a7ce2ea12020379294adae192bed5dbb69a116d3bb33f4b9f6ff431200c3b088fe6fbd0d8c9007e6c975e8c58ba8a364

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\ColorBug.zip

Filesize
28KB

MD5
34071c621da9508f92696709d71bb30a

SHA1
5817a14b8da5da5aecd59f5016c2b02fbbe2f631

SHA256
ff2e6648e019087c2ec3c0f9eab548a761122b696caca171ab88e414ba5615cd

SHA512
eb4c3b5ce9a4d6e979565d44c1a1432272bd2b9d1b83ca6b03ddc9982a5a6c341126ba71bbfd0e8d443ffa93265b6d205c187f586ff0bcb708965d2db6c98b45

Download Submit
C:\Users\Admin\Downloads\DesktopPuzzle.zip

Filesize
121KB

MD5
6ec216cae1f0e898635d296bbb1a7539

SHA1
8725949a62c581e4c55d7338dcf3f67997840278

SHA256
431b9b7321f734a3f11b23e638199ff1f0d9abe9374ec299484d9e47f20b4ee2

SHA512
b619a5e8ccc0473d99453108085b1678a75dc816bbeb1d5301cd265ff8aee18e214d4e7b877d0d5d13921238d45581cb89021c4dbfb9ba2f3bddb4d4f297ddfe

Download Submit
C:\Users\Admin\Downloads\HMBlocker.zip

Filesize
38KB

MD5
5968e8a8caa61b46ba347f8c521c1f2e

SHA1
88f9a7ce6e77d191c9a57ecf238ef5e9e9ba6c7c

SHA256
a181f8925c8c66614be38de89e6dc38cf85715379a10de8d9f9d70b04891ca35

SHA512
6b0659ff7a5548cd1b752a72a70b147d1c9676dce14148430961a7b5204d4e3a42de5530d423ebb879f8e5c72785a45e5b20bd40cbf93cfaefe981534e96cbe3

Download Submit
C:\Users\Admin\Downloads\Spark.zip

Filesize
1.6MB

MD5
860168a14356be3e65650b8a3cf6c3a0

SHA1
ea99e29e119d88caf9d38fb6aac04a97e9c5ac63

SHA256
1ae2a53c8adc94b1566ea6b3aa63ce7fe2a2b2fcbe4cec3112f9ebe76e2e9bf9

SHA512
0637e4838beded9c829612f0961d981ee6c049f4390c3115fed9c4e919561ad3d0aa7110e32c1d62468a7e4cdc85d2f2e39a741939efd1aafae551de705aab61

Download Submit
memory/1528-795-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1528-804-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1528-799-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/1528-798-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/1528-796-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/1812-784-0x0000011F3AA50000-0x0000011F3AA51000-memory.dmp

Filesize
4KB

Download
memory/1812-792-0x0000011F3AA50000-0x0000011F3AA51000-memory.dmp

Filesize
4KB

Download
memory/1812-791-0x0000011F3AA50000-0x0000011F3AA51000-memory.dmp

Filesize
4KB

Download
memory/1812-790-0x0000011F3AA50000-0x0000011F3AA51000-memory.dmp

Filesize
4KB

Download
memory/1812-793-0x0000011F3AA50000-0x0000011F3AA51000-memory.dmp

Filesize
4KB

Download
memory/1812-794-0x0000011F3AA50000-0x0000011F3AA51000-memory.dmp

Filesize
4KB

Download
memory/1812-788-0x0000011F3AA50000-0x0000011F3AA51000-memory.dmp

Filesize
4KB

Download
memory/1812-789-0x0000011F3AA50000-0x0000011F3AA51000-memory.dmp

Filesize
4KB

Download
memory/1812-782-0x0000011F3AA50000-0x0000011F3AA51000-memory.dmp

Filesize
4KB

Download
memory/1812-783-0x0000011F3AA50000-0x0000011F3AA51000-memory.dmp

Filesize
4KB

Download
memory/2136-801-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/3152-800-0x00000000004B0000-0x00000000004B1000-memory.dmp

Filesize
4KB

Download
memory/3152-805-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads