b514e4a14c52bbacf73e344bc33871459adf9ac818d6ae0fbb9678a918fd7dc3

Analysis

max time kernel
108s
max time network
154s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06/04/2024, 14:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Snow's YouTube Bot V2.exe
Size

151KB
MD5

15f3230c01742affc03455a3295619d9
SHA1

6983fa3ad4cc4a12ef788b0bf4fd1404add02cf1
SHA256

b514e4a14c52bbacf73e344bc33871459adf9ac818d6ae0fbb9678a918fd7dc3
SHA512

c8bd7c4258575a21d6d3bb51cb033a2f599b9beb5460df65bf64035776d82d41130f776689216463e749a29c1a4311e12897aec4b741aa426ea9f13fe24f8cfd
SSDEEP

3072:hBhOjzP63j2uz6t7VsMfLNn3FpehOjzP63j2uz6t7VsMfLN:hL4Nn+4N

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CE3F8E61-F41E-11EE-BCB4-4AADDC6219DF} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0f816a82b88da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "418574233"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b000000000200000000001066000000010000200000005232c9ea2bdf0de24e78f83fd0bb588ff74bcf7b3c963e87cf5f7ea59f3d74fc000000000e80000000020000200000007c29abe22aa76c4ebf6fe339d914f752ea4f0aac39bfcffafe52a369a605f128900000007f3391ad7f5baaee100baed1e21bba2d3a1fa7418fff74192f96c4662d77796cf0ba9b3b797369147800440348c25ff31ed894f6900c37cf157021aef883f6d6c3f987b1dfc5adb5fdba8ca6f4285b01745a11e98c791dd2b957ea55fe4408b66991a507eaae161186e8bf4a371f28e74ce40b4624485b8bde206a9729d0a009ef856dcee5e54caf18b432e7a3442a58400000005a078e205c1e9fa6a4f0173e4ca64afd2aca599581a84de0349675ffb79494a88b42da971ffc3ecf000dbfbca18f479753789d3cca196c6c397f36749373a201	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b00000000020000000000106600000001000020000000dc5c982517e8999fa5d183a2e26c307685a0a75bf0f362432c627e4a575fa0ef000000000e80000000020000200000000eef3901eba6a6fa3d550036d8d55432244e78e6d93b7dcf4f01569d082d8903200000000337961ef3a17f799efe19d318c97816eb746361d26655167466404a39c5f8d640000000fb5a09be66d962e5caaff28f035cc3f51ee8a14249e597d497c167f0b8b276d4dc3d2f3878fc7692846d1e554783268783f1ec0efcc46c3103738c4245701c70	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
596	chrome.exe
596	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
1432	Snow's YouTube Bot V2.exe
2604	IEXPLORE.EXE

Suspicious use of AdjustPrivilegeToken 24 IoCs

description	pid	Process
Token: SeShutdownPrivilege	596	chrome.exe
Token: SeShutdownPrivilege	596	chrome.exe
Token: SeShutdownPrivilege	596	chrome.exe
Token: SeShutdownPrivilege	596	chrome.exe
Token: SeShutdownPrivilege	596	chrome.exe
Token: SeShutdownPrivilege	596	chrome.exe
Token: SeShutdownPrivilege	596	chrome.exe
Token: SeShutdownPrivilege	596	chrome.exe
Token: SeShutdownPrivilege	596	chrome.exe
Token: SeShutdownPrivilege	596	chrome.exe
Token: SeShutdownPrivilege	596	chrome.exe
Token: SeShutdownPrivilege	596	chrome.exe
Token: SeShutdownPrivilege	596	chrome.exe
Token: SeShutdownPrivilege	596	chrome.exe
Token: SeShutdownPrivilege	596	chrome.exe
Token: SeShutdownPrivilege	596	chrome.exe
Token: SeShutdownPrivilege	596	chrome.exe
Token: SeShutdownPrivilege	596	chrome.exe
Token: SeShutdownPrivilege	596	chrome.exe
Token: SeShutdownPrivilege	596	chrome.exe
Token: SeShutdownPrivilege	596	chrome.exe
Token: SeShutdownPrivilege	596	chrome.exe
Token: SeShutdownPrivilege	596	chrome.exe
Token: SeShutdownPrivilege	596	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2552	iexplore.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2552	iexplore.exe
2552	iexplore.exe
2604	IEXPLORE.EXE
2604	IEXPLORE.EXE
2604	IEXPLORE.EXE
2604	IEXPLORE.EXE
2552	iexplore.exe
2552	iexplore.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1432 wrote to memory of 2552	1432	Snow's YouTube Bot V2.exe	28
PID 1432 wrote to memory of 2552	1432	Snow's YouTube Bot V2.exe	28
PID 1432 wrote to memory of 2552	1432	Snow's YouTube Bot V2.exe	28
PID 1432 wrote to memory of 2552	1432	Snow's YouTube Bot V2.exe	28
PID 2552 wrote to memory of 2604	2552	iexplore.exe	30
PID 2552 wrote to memory of 2604	2552	iexplore.exe	30
PID 2552 wrote to memory of 2604	2552	iexplore.exe	30
PID 2552 wrote to memory of 2604	2552	iexplore.exe	30
PID 596 wrote to memory of 2392	596	chrome.exe	35
PID 596 wrote to memory of 2392	596	chrome.exe	35
PID 596 wrote to memory of 2392	596	chrome.exe	35
PID 596 wrote to memory of 2412	596	chrome.exe	37
PID 596 wrote to memory of 2412	596	chrome.exe	37
PID 596 wrote to memory of 2412	596	chrome.exe	37
PID 596 wrote to memory of 2412	596	chrome.exe	37
PID 596 wrote to memory of 2412	596	chrome.exe	37
PID 596 wrote to memory of 2412	596	chrome.exe	37
PID 596 wrote to memory of 2412	596	chrome.exe	37
PID 596 wrote to memory of 2412	596	chrome.exe	37
PID 596 wrote to memory of 2412	596	chrome.exe	37
PID 596 wrote to memory of 2412	596	chrome.exe	37
PID 596 wrote to memory of 2412	596	chrome.exe	37
PID 596 wrote to memory of 2412	596	chrome.exe	37
PID 596 wrote to memory of 2412	596	chrome.exe	37
PID 596 wrote to memory of 2412	596	chrome.exe	37
PID 596 wrote to memory of 2412	596	chrome.exe	37
PID 596 wrote to memory of 2412	596	chrome.exe	37
PID 596 wrote to memory of 2412	596	chrome.exe	37
PID 596 wrote to memory of 2412	596	chrome.exe	37
PID 596 wrote to memory of 2412	596	chrome.exe	37
PID 596 wrote to memory of 2412	596	chrome.exe	37
PID 596 wrote to memory of 2412	596	chrome.exe	37
PID 596 wrote to memory of 2412	596	chrome.exe	37
PID 596 wrote to memory of 2412	596	chrome.exe	37
PID 596 wrote to memory of 2412	596	chrome.exe	37
PID 596 wrote to memory of 2412	596	chrome.exe	37
PID 596 wrote to memory of 2412	596	chrome.exe	37
PID 596 wrote to memory of 2412	596	chrome.exe	37
PID 596 wrote to memory of 2412	596	chrome.exe	37
PID 596 wrote to memory of 2412	596	chrome.exe	37
PID 596 wrote to memory of 2412	596	chrome.exe	37
PID 596 wrote to memory of 2412	596	chrome.exe	37
PID 596 wrote to memory of 2412	596	chrome.exe	37
PID 596 wrote to memory of 2412	596	chrome.exe	37
PID 596 wrote to memory of 2412	596	chrome.exe	37
PID 596 wrote to memory of 2412	596	chrome.exe	37
PID 596 wrote to memory of 2412	596	chrome.exe	37
PID 596 wrote to memory of 2412	596	chrome.exe	37
PID 596 wrote to memory of 2412	596	chrome.exe	37
PID 596 wrote to memory of 2412	596	chrome.exe	37
PID 596 wrote to memory of 2768	596	chrome.exe	38
PID 596 wrote to memory of 2768	596	chrome.exe	38
PID 596 wrote to memory of 2768	596	chrome.exe	38
PID 596 wrote to memory of 2100	596	chrome.exe	39
PID 596 wrote to memory of 2100	596	chrome.exe	39
PID 596 wrote to memory of 2100	596	chrome.exe	39
PID 596 wrote to memory of 2100	596	chrome.exe	39
PID 596 wrote to memory of 2100	596	chrome.exe	39
PID 596 wrote to memory of 2100	596	chrome.exe	39
PID 596 wrote to memory of 2100	596	chrome.exe	39
PID 596 wrote to memory of 2100	596	chrome.exe	39
PID 596 wrote to memory of 2100	596	chrome.exe	39
PID 596 wrote to memory of 2100	596	chrome.exe	39
PID 596 wrote to memory of 2100	596	chrome.exe	39

C:\Users\Admin\AppData\Local\Temp\Snow's YouTube Bot V2.exe
"C:\Users\Admin\AppData\Local\Temp\Snow's YouTube Bot V2.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
PID:1432
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.hackforums.net/member.php?action=profile&uid=1243490
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2552
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2552 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:2604

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6979758,0x7fef6979768,0x7fef6979778
  2⤵
  PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1172 --field-trial-handle=1320,i,5059526945866460678,13814981197889512297,131072 /prefetch:2
  2⤵
  PID:2412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1320,i,5059526945866460678,13814981197889512297,131072 /prefetch:8
  2⤵
  PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1608 --field-trial-handle=1320,i,5059526945866460678,13814981197889512297,131072 /prefetch:8
  2⤵
  PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2304 --field-trial-handle=1320,i,5059526945866460678,13814981197889512297,131072 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2312 --field-trial-handle=1320,i,5059526945866460678,13814981197889512297,131072 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1568 --field-trial-handle=1320,i,5059526945866460678,13814981197889512297,131072 /prefetch:2
  2⤵
  PID:2480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1464 --field-trial-handle=1320,i,5059526945866460678,13814981197889512297,131072 /prefetch:1
  2⤵
  PID:564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3776 --field-trial-handle=1320,i,5059526945866460678,13814981197889512297,131072 /prefetch:8
  2⤵
  PID:1600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3892 --field-trial-handle=1320,i,5059526945866460678,13814981197889512297,131072 /prefetch:8
  2⤵
  PID:2388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1460 --field-trial-handle=1320,i,5059526945866460678,13814981197889512297,131072 /prefetch:8
  2⤵
  PID:768

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
11944b83d1e69ebedd742736d2791a6a

SHA1
e799ce5596e845314142de30dc6a36990baa565c

SHA256
2f54f5030bfd56405758a8a7c5af2b7e7414661f80f9e8d71ba2e663b64a46e8

SHA512
bf9c30fea06369c94e548d0ce5a1b3cbaf2391f06f3de7a2398e52e719d20cb6a68eeb04bd2d236137fdaca79aaad1ab47f3f1634e7d5b2e0ce4eb1c04c9a78f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
122129bbeeeff0633f5b74f3be4cadac

SHA1
cf1e6a731e3ffd0b951b6c06861ec30bd07485d7

SHA256
fa286579bedaa6fe16b3a91082202453a06ecde15e450f59a673c2e1ce354022

SHA512
ca7eb8cf08c4b9ce63b620b13cb55fee5069f16b015f44026b62613ce3fa54404606f18c50cd5a9768eff2e5eedd17879c5ecfe733b122639bb865469edbd30c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a656aa7cf669d3174c4d4a5cb6f6cf3d

SHA1
47183cb5f95471d4eaac820f48f03307d6346a8a

SHA256
89a39d03a8fbd6ebb565c662338d6103fb0f0258051a1c369a83db64b1c09bb8

SHA512
0422b761ad981f6f2f97b6147cf9aab53403716565ca4b56ae15bcf58a00619ab9f1f3685ca07f34192a8586d3cea77bb211b0a47894e75dbf91dd27ad54f328

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ba21c777d037d61823a421d6fea5a3fe

SHA1
4a091d845dce7e3fc7bf1f4eed3477f1a19bbed5

SHA256
fd1ea2deeabc2c0f62030d2961da1abd2c9140e3fdc9f10bdab6a94cf29d4ede

SHA512
25c3219c529c37e35a244c1b6509b191f3799907005a2f35ed5a2b5e12c1973417b994467160b3f9f5edf158ea923829e86b3b3bdb6b35a2ac205b937882c74f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f05ad5d5b3847362e85e4385002b80ad

SHA1
71669a66a6158c08e300bacc4e9a7f23450f847b

SHA256
e0203bf530dc51d4b0593634d790be423d9607a965ecdb468d2d3f8a68d2ed88

SHA512
a82a7947ee3f1039030d71ffec173c7870b05de2960a9ff0e4d6c6d019ff24968935395db2309f5ce7770219a4c58099357596a6fde93d017693f5d45728fead

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
733640cd5ea818e74d4756cd6609abce

SHA1
e3bf5e1a45391308363f602d597c01be4398a969

SHA256
487347630dd3c8e666610efcc761fb1f70bc668c99728899993f2e3c964a20cc

SHA512
eed23f90c99264682fc603eaad6a2e434eca8a536f2b4e3ee48e043ca92e74908265aa63316049fd228247b0d62b998d6f8b685a656937aa6e6c6a0965e5c74f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
080a72bdc3dbfadc2d2de78a3c118fe8

SHA1
4c23b018f658cadbe3dbed967c3438df5be370e3

SHA256
d8d256b4fdfcf150aa3fc72a734a441aaa2d0e415e7fb39ada37fbb49b730e76

SHA512
581d455253a6ee42b5d2556ffa33b374ea6d68b1b9f87cff284147dadc2757c73ea7ed38fd253f5c44876279a5fb1b68250c550bc34f1f5e6ef69e0a230fc17a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6f9f0e096dafff92375225e35c6e978a

SHA1
cef8901eabaf62918b8b4f7b2b171bc8cd053278

SHA256
9bd3214d333fe7d00bd42c9c64ffefd04f28a32a9455509cfcce9b2eebdf40f2

SHA512
94d75045aa169c85064c46a9a91f93988d0a8a134e1f8cec6fb51628b9f5cdd661aaaf6bd6045e10267295f0a617cc68b27667baab5e4bd062225dadb85e6e9a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1ecf950f6f2168d0a5c559e3a00bd06d

SHA1
94340ecc7e3fc3c8f3d81ca412129c03b51022cd

SHA256
d0fa4040a485dff1c3be002f31d4bbbaef86c8d5e2e40f23d0fde372d769b36a

SHA512
9f6594b825e7bd944673c3029b02b62a14a263a8ac03754c1f9398156eb1fc0f06135422fd3981b8e506e6b7a8a9547bb9060feeefc455e8de7516f48d7a40f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
838e365fcc8524ab662bf4a1cf295ca3

SHA1
71a4d606da6eff350d32ff637b978615a7ffb7fc

SHA256
9378d1defa163d36747418469a61a9dcca7ddf99c23a13212f3d09a2113fe0ed

SHA512
f5abf02e38b863de4489facbfd8bc63ec53a525fad1735230fd325bb7808f345af49a19898e4fba5d18dd718014e5fdf4d043d85442eebd8dc73e129c33a1261

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7ea5a3e968b22871422c95b442cc5962

SHA1
c7141bedf30e2023934b52adfee7e43dc61949e9

SHA256
08f0d5dec904ea07d7c24246e415e747618a1e7836e57214484188a90414328a

SHA512
5c2c1dc7ea7f27efaff0930b598c6406b70772501e06f643fd6fea5bf258a57c395968197624afbd7a57e9f717a8a2563af3eca28f8b8728bd6c02064a440914

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dd2573689df0a8225c19f6d523ef0298

SHA1
7474bbef40cd0239d521a552cb5cb688dc6e4dfe

SHA256
f992f32988b73aa629024e3568869b2acfde5aa1862eba92ce2a482cbfb8e756

SHA512
c9a8a680fe479c2a8c105f100bcacb1af6aae9b34f56389201de00e8c22dca1762ca06016bbf555758449e652506291eddf93fb628f5107c9ac2e79fd8161a35

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fe3e85e0db112bb5c7933fa4d8809728

SHA1
7e785d2e9a7eb48709d5984fd12b0d25ef7fb4ca

SHA256
3307023b8479973599a5dc2ce344bab3c3f0707b351a15ff86a882e264824ea1

SHA512
a639cdd8a4c1904399b6dd6f3447becc5109ddaf46668402ea67b20d38ad6393a1ae9cefaf92c6e05e92ca7fa87bddaf2c38becece4909ad33690be54e5803d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c00ab58f93237165123024ac9414fa1b

SHA1
5941a0029a298db42eef75bce7adf1e76bdcbf57

SHA256
88eb8ffd53b32e55a219eb274d42883a9115c53eff9be643fc1c3ded366b3286

SHA512
b3c1b54a072523cf1ee21b51c075abf6dc2813581b7bd2bc472b529233cd611dfe6ed7c89ec813ae40d71561e0dd240ba8c3b137287f6471ca0a48089ad4f8a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
db6e0fba2b50028486b6174af953af0d

SHA1
bf69d23c6f76ef780432ee28ee0b16a0b42971ee

SHA256
c6afdbc3bed599dda32e9ae273fcbb55aedce3ebe9a938aed80a0af69edd6290

SHA512
c9f8b10a3444046377ff8d10bc07704838ae9f75c3b4449ed640e3ccdcee7744abbe6bca3c1472529581f5787af6cbbd8df049524dac369556c0d20a8456cfc4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e5426c0b171fa3febc8617807d48cd52

SHA1
b5f94d86a92c9809c014a12e13251a42b34d314c

SHA256
792c52ae10000ead8fffadbe4fd620ac6da8b2ad7a00acf0fc1f59cc5695d62e

SHA512
93eada9e793545902fabad61f52014abe92dedea518b2bae6fa7790b36ba14ab952d14e5f6e81d4ed654a29a736a6bb0fe142c166c5feec03c5bcea2c6668cc2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e23f1e403e58c7e8e884f21703dc210a

SHA1
b459be03f26b587b92bb9d741d1e8da554672fe3

SHA256
465284a76ed6cfd96bb0aa69a311555f3c1fed8388fdb9982b749b2145c4001a

SHA512
e3fa3e0ad4b0b68135843cbf77efe183764e0b0b28cd111d6a3085755e2e2d245bd4eb726da309da091802df477cb50a65076f647c52619f123de57c21584d1a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aeb6c4286483950a145331f19b067d64

SHA1
889985add06c4ceb25716e9c7531dfaf0ce9ca13

SHA256
9dd9a7adec5019ef24c26e1ac8fe00252149b30f90e6ad715a760b728f2bf07c

SHA512
5e18d2418bf85f936da27008c103ed5c834063e90992bf7de30006ef9679253120b3545a1f460d5906aa847e85555179f3523fd45d40825895205fe45a41bf4a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
41515d0ffadab31dafa16bf11c7929f7

SHA1
6b188d6611340393b0e9816094c01fe40ddb33df

SHA256
2dc86d4211f097da1dcdb2f350cad3917d6df0aac7032532588900fce2464475

SHA512
e0d36a0c543a9f94d43464b526395b8d2bd18b91c4fa390c833b1fbbf46911443719d05ede7ed7542a78e072cd2ff65fa00936e8da7e4717f0b5c158f14a197b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
b61c76b7c19570cfcdda847c7b75c85f

SHA1
e9c2ced3b057adbf14b7aaf6799e8880f9528e5f

SHA256
843df6328013e0f3aaf77b4fe86a617c7345de21b7941fa234a2354474459efc

SHA512
6b6a45dc3b5adc1ab32d84517fcd05a2b1c6066276cd5e529491f5b5936e08270029c465cc39ad9a1fcf7b0224268ed61991b63d69e99a8d31ce84e70a69c157

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
bf45ab85c7c2af1f25f5b5c22160295b

SHA1
f7811e8920673350eec9eb1ecdda4fee0f6dc318

SHA256
5c014cf902bb8e3983c324a9497805b00d4e28b665152bd44d18c8a32b731d65

SHA512
24c543da89dceb570165ba9ea416b94ba240099b8d3a5ae3d8bd287e1db62a0629ad66b3922680a0e0d1d65e653d61c90ee6d12363d1540a7ffa24a584b4166f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarCCA9.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
memory/1432-245-0x0000000004C50000-0x0000000004C90000-memory.dmp

Filesize
256KB

Download
memory/1432-1-0x00000000745E0000-0x0000000074CCE000-memory.dmp

Filesize
6.9MB

Download
memory/1432-2-0x0000000004C50000-0x0000000004C90000-memory.dmp

Filesize
256KB

Download
memory/1432-1034-0x00000000745E0000-0x0000000074CCE000-memory.dmp

Filesize
6.9MB

Download
memory/1432-3-0x0000000004C50000-0x0000000004C90000-memory.dmp

Filesize
256KB

Download
memory/1432-489-0x0000000004C50000-0x0000000004C90000-memory.dmp

Filesize
256KB

Download
memory/1432-0-0x0000000000370000-0x000000000039C000-memory.dmp

Filesize
176KB

Download
memory/1432-57-0x00000000745E0000-0x0000000074CCE000-memory.dmp

Filesize
6.9MB

Download