28e904fd216f1fa26962fa9ca0be1bf2bdb1043b72fad7fd56824aa383d4a465

Analysis

max time kernel
126s
max time network
154s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11-04-2024 14:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Fluxus/Fluxus V7.exe
Size

3.9MB
MD5

aa5d196260f56a93d7a9ddf32d202112
SHA1

4abe547da7e38e9facb98523e4795a71af6b4600
SHA256

653eaa58999ff72cd9e858a9661c87b049fc66172d20fc9ae0f1e3b1e2af694b
SHA512

7cf76918a4d04c628cc4e7b3a7f2674c03b97104e98b98ab8407d2e12521e48dc61438d982cfdc9763deaa1b915e4432a972274dd6ac381a5a58f08e1ffd55d5
SSDEEP

49152:XgLIR9JyCns59qfuce05XlWycazyClY1YH8PnGpv80tbvvqVUcZ:XgLIRfyC7egWJa3lY1U82kmvvoUc

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2872	2804	WerFault.exe	27

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2752	chrome.exe
2752	chrome.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	2804	Fluxus V7.exe
Token: SeDebugPrivilege	908	firefox.exe
Token: SeDebugPrivilege	908	firefox.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe

Suspicious use of FindShellTrayWindow 38 IoCs

pid	Process
908	firefox.exe
908	firefox.exe
908	firefox.exe
908	firefox.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe

Suspicious use of SendNotifyMessage 35 IoCs

pid	Process
908	firefox.exe
908	firefox.exe
908	firefox.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2804 wrote to memory of 2872	2804	Fluxus V7.exe	30
PID 2804 wrote to memory of 2872	2804	Fluxus V7.exe	30
PID 2804 wrote to memory of 2872	2804	Fluxus V7.exe	30
PID 2804 wrote to memory of 2872	2804	Fluxus V7.exe	30
PID 1976 wrote to memory of 908	1976	firefox.exe	37
PID 1976 wrote to memory of 908	1976	firefox.exe	37
PID 1976 wrote to memory of 908	1976	firefox.exe	37
PID 1976 wrote to memory of 908	1976	firefox.exe	37
PID 1976 wrote to memory of 908	1976	firefox.exe	37
PID 1976 wrote to memory of 908	1976	firefox.exe	37
PID 1976 wrote to memory of 908	1976	firefox.exe	37
PID 1976 wrote to memory of 908	1976	firefox.exe	37
PID 1976 wrote to memory of 908	1976	firefox.exe	37
PID 1976 wrote to memory of 908	1976	firefox.exe	37
PID 1976 wrote to memory of 908	1976	firefox.exe	37
PID 1976 wrote to memory of 908	1976	firefox.exe	37
PID 908 wrote to memory of 2116	908	firefox.exe	38
PID 908 wrote to memory of 2116	908	firefox.exe	38
PID 908 wrote to memory of 2116	908	firefox.exe	38
PID 908 wrote to memory of 2212	908	firefox.exe	39
PID 908 wrote to memory of 2212	908	firefox.exe	39
PID 908 wrote to memory of 2212	908	firefox.exe	39
PID 908 wrote to memory of 2212	908	firefox.exe	39
PID 908 wrote to memory of 2212	908	firefox.exe	39
PID 908 wrote to memory of 2212	908	firefox.exe	39
PID 908 wrote to memory of 2212	908	firefox.exe	39
PID 908 wrote to memory of 2212	908	firefox.exe	39
PID 908 wrote to memory of 2212	908	firefox.exe	39
PID 908 wrote to memory of 2212	908	firefox.exe	39
PID 908 wrote to memory of 2212	908	firefox.exe	39
PID 908 wrote to memory of 2212	908	firefox.exe	39
PID 908 wrote to memory of 2212	908	firefox.exe	39
PID 908 wrote to memory of 2212	908	firefox.exe	39
PID 908 wrote to memory of 2212	908	firefox.exe	39
PID 908 wrote to memory of 2212	908	firefox.exe	39
PID 908 wrote to memory of 2212	908	firefox.exe	39
PID 908 wrote to memory of 2212	908	firefox.exe	39
PID 908 wrote to memory of 2212	908	firefox.exe	39
PID 908 wrote to memory of 2212	908	firefox.exe	39
PID 908 wrote to memory of 2212	908	firefox.exe	39
PID 908 wrote to memory of 2212	908	firefox.exe	39
PID 908 wrote to memory of 2212	908	firefox.exe	39
PID 908 wrote to memory of 2212	908	firefox.exe	39
PID 908 wrote to memory of 2212	908	firefox.exe	39
PID 908 wrote to memory of 2212	908	firefox.exe	39
PID 908 wrote to memory of 2212	908	firefox.exe	39
PID 908 wrote to memory of 2212	908	firefox.exe	39
PID 908 wrote to memory of 2212	908	firefox.exe	39
PID 908 wrote to memory of 2212	908	firefox.exe	39
PID 908 wrote to memory of 2212	908	firefox.exe	39
PID 908 wrote to memory of 2212	908	firefox.exe	39
PID 908 wrote to memory of 2212	908	firefox.exe	39
PID 908 wrote to memory of 2212	908	firefox.exe	39
PID 908 wrote to memory of 2212	908	firefox.exe	39
PID 908 wrote to memory of 2212	908	firefox.exe	39
PID 908 wrote to memory of 2212	908	firefox.exe	39
PID 908 wrote to memory of 2212	908	firefox.exe	39
PID 908 wrote to memory of 2212	908	firefox.exe	39
PID 908 wrote to memory of 2212	908	firefox.exe	39
PID 908 wrote to memory of 2212	908	firefox.exe	39
PID 908 wrote to memory of 2212	908	firefox.exe	39
PID 908 wrote to memory of 2212	908	firefox.exe	39
PID 908 wrote to memory of 2212	908	firefox.exe	39
PID 908 wrote to memory of 2468	908	firefox.exe	40

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\Fluxus\Fluxus V7.exe
"C:\Users\Admin\AppData\Local\Temp\Fluxus\Fluxus V7.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2804
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 1176
  2⤵
  - Program crash
  PID:2872

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2520

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2388

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1976
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:908
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="908.0.1519654419\843923464" -parentBuildID 20221007134813 -prefsHandle 1208 -prefMapHandle 1180 -prefsLen 20671 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {659e037e-08c3-47fa-99d9-308655f155a9} 908 "\\.\pipe\gecko-crash-server-pipe.908" 1352 fced858 gpu
    3⤵
    PID:2116
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="908.1.1841596080\470116182" -parentBuildID 20221007134813 -prefsHandle 1504 -prefMapHandle 1500 -prefsLen 20752 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5114538-13ae-4263-916c-10922a96362e} 908 "\\.\pipe\gecko-crash-server-pipe.908" 1516 3e42b58 socket
    3⤵
    - Checks processor information in registry
    PID:2212
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="908.2.1416194815\131883924" -childID 1 -isForBrowser -prefsHandle 2140 -prefMapHandle 2136 -prefsLen 20790 -prefMapSize 233414 -jsInitHandle 764 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7557cba8-6c11-40df-8173-38185d9ee0cf} 908 "\\.\pipe\gecko-crash-server-pipe.908" 2152 fc62858 tab
    3⤵
    PID:2468
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="908.3.1015172721\837046373" -childID 2 -isForBrowser -prefsHandle 2456 -prefMapHandle 2452 -prefsLen 26033 -prefMapSize 233414 -jsInitHandle 764 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {02528f3c-d191-48be-8671-7f60a3ad8065} 908 "\\.\pipe\gecko-crash-server-pipe.908" 2468 1bbaf858 tab
    3⤵
    PID:2568
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="908.4.890097860\331849039" -childID 3 -isForBrowser -prefsHandle 3188 -prefMapHandle 3184 -prefsLen 26092 -prefMapSize 233414 -jsInitHandle 764 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {21f2fa73-0ee0-4ccf-97a2-30013a258b8f} 908 "\\.\pipe\gecko-crash-server-pipe.908" 3204 1a186e58 tab
    3⤵
    PID:940
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="908.5.1566934768\973362359" -childID 4 -isForBrowser -prefsHandle 3744 -prefMapHandle 3612 -prefsLen 26092 -prefMapSize 233414 -jsInitHandle 764 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f624453-5d97-442c-95b6-878e6b8c4f47} 908 "\\.\pipe\gecko-crash-server-pipe.908" 3764 1edf6a58 tab
    3⤵
    PID:1548
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="908.6.799653593\487583964" -childID 5 -isForBrowser -prefsHandle 3880 -prefMapHandle 3884 -prefsLen 26092 -prefMapSize 233414 -jsInitHandle 764 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {50afc1b7-6959-4629-b2be-a9ac42580b0f} 908 "\\.\pipe\gecko-crash-server-pipe.908" 3868 1edf8558 tab
    3⤵
    PID:2708
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="908.7.339841827\365924138" -childID 6 -isForBrowser -prefsHandle 4008 -prefMapHandle 4012 -prefsLen 26092 -prefMapSize 233414 -jsInitHandle 764 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {00e9da54-7066-44e7-b54d-606bfeb9963c} 908 "\\.\pipe\gecko-crash-server-pipe.908" 3996 1fef1858 tab
    3⤵
    PID:3008
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="908.8.359354943\1716679608" -childID 7 -isForBrowser -prefsHandle 4424 -prefMapHandle 4428 -prefsLen 26092 -prefMapSize 233414 -jsInitHandle 764 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {47d458a9-eb89-41fe-ba2e-d810c7850406} 908 "\\.\pipe\gecko-crash-server-pipe.908" 4404 21942658 tab
    3⤵
    PID:2572

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5069758,0x7fef5069768,0x7fef5069778
  2⤵
  PID:2512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1160 --field-trial-handle=1376,i,12474163228460778308,11498261930157988431,131072 /prefetch:2
  2⤵
  PID:836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1528 --field-trial-handle=1376,i,12474163228460778308,11498261930157988431,131072 /prefetch:8
  2⤵
  PID:1816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1580 --field-trial-handle=1376,i,12474163228460778308,11498261930157988431,131072 /prefetch:8
  2⤵
  PID:1276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2308 --field-trial-handle=1376,i,12474163228460778308,11498261930157988431,131072 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2304 --field-trial-handle=1376,i,12474163228460778308,11498261930157988431,131072 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1420 --field-trial-handle=1376,i,12474163228460778308,11498261930157988431,131072 /prefetch:2
  2⤵
  PID:860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2856 --field-trial-handle=1376,i,12474163228460778308,11498261930157988431,131072 /prefetch:2
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3236 --field-trial-handle=1376,i,12474163228460778308,11498261930157988431,131072 /prefetch:1
  2⤵
  PID:2588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3492 --field-trial-handle=1376,i,12474163228460778308,11498261930157988431,131072 /prefetch:8
  2⤵
  PID:2012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3600 --field-trial-handle=1376,i,12474163228460778308,11498261930157988431,131072 /prefetch:8
  2⤵
  PID:952
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:1184
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x1402e7688,0x1402e7698,0x1402e76a8
    3⤵
    PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3908 --field-trial-handle=1376,i,12474163228460778308,11498261930157988431,131072 /prefetch:8
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4048 --field-trial-handle=1376,i,12474163228460778308,11498261930157988431,131072 /prefetch:1
  2⤵
  PID:1288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2744 --field-trial-handle=1376,i,12474163228460778308,11498261930157988431,131072 /prefetch:1
  2⤵
  PID:2500

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2168

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
426fe2660808140f44fee2053ac7708c

SHA1
d446ec5ea57a407ef201b33f4eea96dfab05c9a9

SHA256
b1c71cca566bf318ea8778c25a327553beefa97f7ffb6b7445b96fd31057cf80

SHA512
e1961f2823641b91f007c1809c5b2acd6fcdd9fb0e77bba1614265b6458a5ac0295c42ede9025e88a47071aa84725f16787b929f0547a2c762c1987f3204eec8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5809860a01b031aa93d19e795af3e6fb

SHA1
323048064691cdf9e09132d3f27941ab5ebabbcb

SHA256
95aab9bb5d3d6ed2fabb2b97470e2062c96c426f2e835f0fd73da551092087af

SHA512
7498388530796ab36cf02f4d86d39ca210beaa3511e4e4fdc1400f056499314e2b12f2cf1a7c91a88eee04c8486bae02b14e265d97c072b4fb923967d41f1f35

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f12252788217410db43cdabe0047b0e6

SHA1
30cbfb7a447c851b2dab887342ecf17d80aa26ef

SHA256
d8dcf1183e2d071b19e08b7c2f65db27eca307945853fd45c5d466a21adac4a6

SHA512
278e080f986f4c11a926a21e6a695819e86e296d62f7f945989b62c56f2bcb21aafb52b6798d9daed7a1fbb3e5709b3efbec2a12bc831fbbc0cfd6d07e9e875c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
02f915e95767dda1162152fdd3f717d9

SHA1
0e4283e58af927519ec42813af0f31a968468626

SHA256
948aa6a4ac4cc285523c42952b83bcb148e13e999064a455ac0ba2db7e4022d2

SHA512
ec96b3c7b842aa11434b4a0e5115e4c418205fdd09620e29d367b8da5743a57b642cae8b55f75147678c611c693107b740223a3005b412bc0d19cd8c331c490a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4827a2d3011eda0a1a2356988f7b4769

SHA1
d1b3d73c153608d38208be90c91c0487daa58c88

SHA256
98ac01303e6bebcf24f627d8c54c2025c437ac31a0280ffd06dc64e4b4970fc6

SHA512
63185382c7c14ae366d6a9cb2ea808ea194f53513458e51e788dbbf8caea83471651d502f78e9a1ccac79a23d4fc732f839ca202daa01f6560a66800d5598325

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
644b93e5744223c62f728f69735cfa97

SHA1
469684ce1f78f69de6f6834f7312473de57126ca

SHA256
b892b48f017f1ff6a99121a81880f0323b3a95333e82643862075bd8267a4607

SHA512
4518aa9563f5a0c3bc185a3b72a1deed2491cb85f2091b4d7859c2c4dda1b98adcc7e2a38f3970a6a6a88c2ca70033ba6c1c7926b4d2bde406ea416125fceb51

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
942bdd70149612b6f0ed5b08552d2781

SHA1
f2880f931d7e6e89115f809d28adfdf03089e8ef

SHA256
8b0e216796a16e04dc3da6104a4a15c1b1468b609ff507ce7ec81acb8c2d7d3f

SHA512
1a4a35cdf6032c932380bd7375163cb089feaab7e8bbb67d9284e79492acdcb88965490740b465657764127dc6ab6ba22b5a406b667de455daaaec2f725b1dcb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d1d383766595255f0fd3a3fed1e6c65c

SHA1
13e1447d29b4da0b58ef008b213b9f5b7fb39c31

SHA256
f80fc1f616a4dbeef64cd4ddef3e323bd58075c11c2a7e9b10dcdb46a5029a97

SHA512
2ad3de122ef6f4dfa2ff71a12b21b15d10044508fdd6c23ca051d4776929e26afa973c1495d43f190afffa0dddb172a83aae41116f8e2d23e16e1e049743a380

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
acd9477e0ae909f745e45d5ed7f6a550

SHA1
5c0a0b45d4e833940bbfe3315e39874c24b23752

SHA256
1519fff343bb252f7af157bfe6c3d8805b6536b219ee347261f577be48f29fed

SHA512
9104fb614625475dd224f7539b39f768239144292dead779d61e9dcbdd5c3e344501812787213f0603b789d50f3a37602803984466a3f9b0061b2105f6bdb14e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9516.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
bb29bed3ca0ba4ebb22f15404ff4a4c0

SHA1
8b5016a464bb6db05ae08be62480ec2bf8b28de3

SHA256
8aefa7275de96f4e8d87bfe0189840a51932443eff7a53afd3ec9b11b1f952c4

SHA512
690eb5684fcb398ed1c03d4542e9d1687f02609cf4b823f7821b628147487d79017b9c109f4f85c8d1b3ff5639bf046f8921a7f5748ba7147f363914dded8964

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\datareporting\glean\pending_pings\332c51ba-84b5-4980-8ec7-9137839c84e6

Filesize
11KB

MD5
38f3f8224623aca9f514f3c3f894f934

SHA1
12f06dfbbf00da180ecaf6cd2039446a79415172

SHA256
ac3fba54159524d0c59b5d8ee366a73aec8df69211b175e5ac15fe12b45b44a7

SHA512
d5cf01f6e85a25cd4004587bd316cc65da4800e01e81d4010e6471d888e288d526e016abdfdcf678c11b88e5667b8d37ca128f90c909b26e6cba3253022bbfd1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\datareporting\glean\pending_pings\db38a8f4-4501-489d-9e9f-0394e9c4238a

Filesize
745B

MD5
d5c36b597783d4b9f5b107b3074be9dc

SHA1
3532910ea4b4a1eddaf14dc3b235eff518461e03

SHA256
76d249c4ce7efeb8335897c941f028be1176a3c815555a67f97d6834cfb8d71c

SHA512
b86223fadc1705b31e503377700eecc8c1ded840857e29d9ac0f9cd4450ed7b3c44bf2e129a6184f9569261091154f779d5b8d146750bf0da8789ec43638fd73

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\prefs-1.js

Filesize
6KB

MD5
cc1984cd6bdca038457c212d3ef94ec7

SHA1
247b827678bacd96e2b21eb132a4a7773ab0ff51

SHA256
021654acb1b0740866b0720b6b55489a55a120f0fa374194b6e2db0dfac6f2c4

SHA512
9c554fca7223dc2059ebc7322cd0be77dcddf864d4cd9bb67d0c8b39321d6bebe0fe37363fda602bebb7fc3f2b34d0896d426bdc81802a7adace7d192fcd084f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\prefs-1.js

Filesize
6KB

MD5
e53073fe5399b0a88f5321cdd86e4563

SHA1
b601c79a3d59c517d372d28529f64042dfea2df2

SHA256
966898059dcff4fa96dbbfcb7daaf21abcd6b2966900dde10f503245c7ff288f

SHA512
e88831f0ae6447cb072f284399c432844eacc54d9192a6a987a1a98d2789b32ff46c00c5abfa1fd42ecebf5073978795c8162ac2049cce57c25bdedf1f49dd9a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
bc02afd73e71bad1d74152bc8c23fc4a

SHA1
13c378e70baa9161b8274cf0b95d309bea658f35

SHA256
f639e96193d9b64099e4bf80cc7c875cc27c1d04a2a2e1ece77e5113b53bd287

SHA512
74fe42309ffe65eb427567ec93c2b335481300af19c0e985ffc06273ac5294ad40e5cdb2cdc0d6f4f191fedce88bc19c411af67984127d2c2661fdd8f4005595

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
e46505c227b0d2fd192d23a389693de0

SHA1
8ca60a3f2871b01ac3a95462f136a99b6126f6e3

SHA256
abb380d63149139bbc72907a8d8faa711c474fc1aad45b82084ebc090c8b8420

SHA512
97633a525b003553dc5f69c5f693e34104d68be0fbd6eb8b7bc662d01037b7f2a87bc285ce3910ffd1e09cc195c2b27bade170dd64992583c991a7e18c439e88

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
c5d56786dbe9f7e845541ad8393bc5d7

SHA1
276d92c8017e8bc50a833c5797e3efcc9fb8632b

SHA256
db76a06f28fda274baa6ddb564cba17b42e27ce4f7b87e319c56800b5d9bd5f4

SHA512
c8df3462836f9060801c6bdbd1d1bcb4ffc50dc552333c0cabe0056c2c834cc99efb0253339123df525ad4d8dcf28a56f4f3226aba1fecfef82fea343551bb5b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\sessionstore.jsonlz4

Filesize
4KB

MD5
bb4e40a37895333929425d1ab33338d3

SHA1
abb30567fc4b7a42cb45a561f46672fc2d137e66

SHA256
6c2c737a29b96244f21f8e2ee69270206f0ce30fe8bd003723aaa4bb3d0d36b4

SHA512
c0dd16a7535501bfda8cc5f6a13f122a327693879d89538cdd2447b304facb9552e0170d9a1343d70339e6b07a2724aed5d8ddd77aa0481e80745551aa28831b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
84915a4201d8a8e0564944a76ad800b0

SHA1
898b5b1061e0ab66aaf128107f8ebe071214eae1

SHA256
8fa1acacc57ac6b358b867004a18c6e99ac57069dd50b618689c3c2304ca1a95

SHA512
fbc253aefd6b8977297a5823e6736b68c64b45f0c9c0f4c344d23977ee31e6d798b197ceb4ed2d4dbe7392dc9459b5a8eb3fd20b4d87217f32b755c4afd03a8d

Download Submit
memory/2804-0-0x0000000000910000-0x0000000000D04000-memory.dmp

Filesize
4.0MB

Download
memory/2804-7-0x0000000074280000-0x000000007496E000-memory.dmp

Filesize
6.9MB

Download
memory/2804-6-0x00000000005F0000-0x00000000005FA000-memory.dmp

Filesize
40KB

Download
memory/2804-5-0x0000000004640000-0x0000000004680000-memory.dmp

Filesize
256KB

Download
memory/2804-4-0x00000000005F0000-0x00000000005FA000-memory.dmp

Filesize
40KB

Download
memory/2804-3-0x00000000005F0000-0x00000000005FA000-memory.dmp

Filesize
40KB

Download
memory/2804-2-0x0000000004640000-0x0000000004680000-memory.dmp

Filesize
256KB

Download
memory/2804-1-0x0000000074280000-0x000000007496E000-memory.dmp

Filesize
6.9MB

Download