Analysis
-
max time kernel
196s -
max time network
424s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
14-04-2024 22:27
Static task
static1
Behavioral task
behavioral1
Sample
FMLN Ransomware.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
FMLN Ransomware.exe
Resource
win10v2004-20240412-en
General
-
Target
FMLN Ransomware.exe
-
Size
258KB
-
MD5
c87988e35ec34779191f42b6213fdec1
-
SHA1
81036dcf6ea331243f2d512b8ac9611a95a18ea1
-
SHA256
96f3ce153153f922fb18e4722b0348aee2c76022bcdee75fadab97023003fe10
-
SHA512
ba32f9bc18fb187fa4dc03bb1db903255c16af62dc903521ddd8fb120e5599bbccb4fa12255f0195a5e51b6a99ee5228bc0515f299c0ebb1b1a5134e61aab9e4
-
SSDEEP
6144:sBlkZvaF4NTBjWXXn0tHeKMSF0o91TPoEQo:soSWNTRsOBMSF31TgW
Malware Config
Signatures
-
Enumerates connected drives 3 TTPs 3 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\A: cmd.exe File opened (read-only) \??\B: cmd.exe File opened (read-only) \??\E: cmd.exe -
Sets desktop wallpaper using registry 2 TTPs 5 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Wallpaper.jpeg" wscript.exe Set value (str) \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Wallpaper.jpeg" wscript.exe Set value (str) \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Wallpaper.jpeg" wscript.exe Set value (str) \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Wallpaper.jpeg" wscript.exe Set value (str) \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Wallpaper.jpeg" wscript.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Delays execution with timeout.exe 6 IoCs
pid Process 2676 timeout.exe 2844 timeout.exe 2840 timeout.exe 1288 timeout.exe 2424 timeout.exe 2628 timeout.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies Control Panel 5 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Desktop wscript.exe Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Desktop wscript.exe Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Desktop wscript.exe Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Desktop wscript.exe Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Desktop wscript.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1348 chrome.exe 1348 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe Token: SeShutdownPrivilege 1348 chrome.exe -
Suspicious use of FindShellTrayWindow 34 IoCs
pid Process 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe 1348 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 272 wrote to memory of 2200 272 FMLN Ransomware.exe 29 PID 272 wrote to memory of 2200 272 FMLN Ransomware.exe 29 PID 272 wrote to memory of 2200 272 FMLN Ransomware.exe 29 PID 272 wrote to memory of 2200 272 FMLN Ransomware.exe 29 PID 2200 wrote to memory of 2348 2200 cmd.exe 30 PID 2200 wrote to memory of 2348 2200 cmd.exe 30 PID 2200 wrote to memory of 2348 2200 cmd.exe 30 PID 2200 wrote to memory of 3056 2200 cmd.exe 31 PID 2200 wrote to memory of 3056 2200 cmd.exe 31 PID 2200 wrote to memory of 3056 2200 cmd.exe 31 PID 2200 wrote to memory of 2628 2200 cmd.exe 32 PID 2200 wrote to memory of 2628 2200 cmd.exe 32 PID 2200 wrote to memory of 2628 2200 cmd.exe 32 PID 2200 wrote to memory of 2676 2200 cmd.exe 33 PID 2200 wrote to memory of 2676 2200 cmd.exe 33 PID 2200 wrote to memory of 2676 2200 cmd.exe 33 PID 2200 wrote to memory of 2844 2200 cmd.exe 34 PID 2200 wrote to memory of 2844 2200 cmd.exe 34 PID 2200 wrote to memory of 2844 2200 cmd.exe 34 PID 2200 wrote to memory of 2840 2200 cmd.exe 35 PID 2200 wrote to memory of 2840 2200 cmd.exe 35 PID 2200 wrote to memory of 2840 2200 cmd.exe 35 PID 2200 wrote to memory of 1288 2200 cmd.exe 36 PID 2200 wrote to memory of 1288 2200 cmd.exe 36 PID 2200 wrote to memory of 1288 2200 cmd.exe 36 PID 2200 wrote to memory of 2440 2200 cmd.exe 37 PID 2200 wrote to memory of 2440 2200 cmd.exe 37 PID 2200 wrote to memory of 2440 2200 cmd.exe 37 PID 2200 wrote to memory of 2812 2200 cmd.exe 38 PID 2200 wrote to memory of 2812 2200 cmd.exe 38 PID 2200 wrote to memory of 2812 2200 cmd.exe 38 PID 2200 wrote to memory of 2968 2200 cmd.exe 39 PID 2200 wrote to memory of 2968 2200 cmd.exe 39 PID 2200 wrote to memory of 2968 2200 cmd.exe 39 PID 2200 wrote to memory of 2664 2200 cmd.exe 40 PID 2200 wrote to memory of 2664 2200 cmd.exe 40 PID 2200 wrote to memory of 2664 2200 cmd.exe 40 PID 2200 wrote to memory of 2580 2200 cmd.exe 41 PID 2200 wrote to memory of 2580 2200 cmd.exe 41 PID 2200 wrote to memory of 2580 2200 cmd.exe 41 PID 2200 wrote to memory of 2424 2200 cmd.exe 42 PID 2200 wrote to memory of 2424 2200 cmd.exe 42 PID 2200 wrote to memory of 2424 2200 cmd.exe 42 PID 2812 wrote to memory of 2752 2812 wscript.exe 43 PID 2812 wrote to memory of 2752 2812 wscript.exe 43 PID 2812 wrote to memory of 2752 2812 wscript.exe 43 PID 2664 wrote to memory of 2800 2664 wscript.exe 44 PID 2664 wrote to memory of 2800 2664 wscript.exe 44 PID 2664 wrote to memory of 2800 2664 wscript.exe 44 PID 2580 wrote to memory of 1584 2580 wscript.exe 46 PID 2580 wrote to memory of 1584 2580 wscript.exe 46 PID 2580 wrote to memory of 1584 2580 wscript.exe 46 PID 2440 wrote to memory of 2748 2440 wscript.exe 45 PID 2440 wrote to memory of 2748 2440 wscript.exe 45 PID 2440 wrote to memory of 2748 2440 wscript.exe 45 PID 2968 wrote to memory of 1076 2968 wscript.exe 47 PID 2968 wrote to memory of 1076 2968 wscript.exe 47 PID 2968 wrote to memory of 1076 2968 wscript.exe 47 PID 2200 wrote to memory of 1956 2200 cmd.exe 48 PID 2200 wrote to memory of 1956 2200 cmd.exe 48 PID 2200 wrote to memory of 1956 2200 cmd.exe 48 PID 2200 wrote to memory of 2820 2200 cmd.exe 49 PID 2200 wrote to memory of 2820 2200 cmd.exe 49 PID 2200 wrote to memory of 2820 2200 cmd.exe 49
Processes
-
C:\Users\Admin\AppData\Local\Temp\FMLN Ransomware.exe"C:\Users\Admin\AppData\Local\Temp\FMLN Ransomware.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:272 -
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\4BB0.tmp\4BB1.tmp\4BB2.bat "C:\Users\Admin\AppData\Local\Temp\FMLN Ransomware.exe""2⤵
- Enumerates connected drives
- Suspicious use of WriteProcessMemory
PID:2200 -
C:\Windows\system32\mode.commode con: cols=170 lines=453⤵PID:2348
-
-
C:\Windows\system32\certutil.execertutil -decode "Image.bin" "Wallpaper.jpeg"3⤵PID:3056
-
-
C:\Windows\system32\timeout.exetimeout /t 33⤵
- Delays execution with timeout.exe
PID:2628
-
-
C:\Windows\system32\timeout.exetimeout /t 33⤵
- Delays execution with timeout.exe
PID:2676
-
-
C:\Windows\system32\timeout.exetimeout /t 33⤵
- Delays execution with timeout.exe
PID:2844
-
-
C:\Windows\system32\timeout.exetimeout /t 53⤵
- Delays execution with timeout.exe
PID:2840
-
-
C:\Windows\system32\timeout.exetimeout /t 53⤵
- Delays execution with timeout.exe
PID:1288
-
-
C:\Windows\system32\wscript.exewscript "0.vbs"3⤵
- Sets desktop wallpaper using registry
- Modifies Control Panel
- Suspicious use of WriteProcessMemory
PID:2440 -
C:\Windows\System32\RUNDLL32.EXE"C:\Windows\System32\RUNDLL32.EXE" user32.dll, UpdatePerUserSystemParameters4⤵PID:2748
-
-
-
C:\Windows\system32\wscript.exewscript "0.vbs"3⤵
- Sets desktop wallpaper using registry
- Modifies Control Panel
- Suspicious use of WriteProcessMemory
PID:2812 -
C:\Windows\System32\RUNDLL32.EXE"C:\Windows\System32\RUNDLL32.EXE" user32.dll, UpdatePerUserSystemParameters4⤵PID:2752
-
-
-
C:\Windows\system32\wscript.exewscript "0.vbs"3⤵
- Sets desktop wallpaper using registry
- Modifies Control Panel
- Suspicious use of WriteProcessMemory
PID:2968 -
C:\Windows\System32\RUNDLL32.EXE"C:\Windows\System32\RUNDLL32.EXE" user32.dll, UpdatePerUserSystemParameters4⤵PID:1076
-
-
-
C:\Windows\system32\wscript.exewscript "0.vbs"3⤵
- Sets desktop wallpaper using registry
- Modifies Control Panel
- Suspicious use of WriteProcessMemory
PID:2664 -
C:\Windows\System32\RUNDLL32.EXE"C:\Windows\System32\RUNDLL32.EXE" user32.dll, UpdatePerUserSystemParameters4⤵PID:2800
-
-
-
C:\Windows\system32\wscript.exewscript "0.vbs"3⤵
- Sets desktop wallpaper using registry
- Modifies Control Panel
- Suspicious use of WriteProcessMemory
PID:2580 -
C:\Windows\System32\RUNDLL32.EXE"C:\Windows\System32\RUNDLL32.EXE" user32.dll, UpdatePerUserSystemParameters4⤵PID:1584
-
-
-
C:\Windows\system32\timeout.exetimeout /t 43⤵
- Delays execution with timeout.exe
PID:2424
-
-
C:\Windows\system32\certutil.execertutil -decode "Data.lp" "KillWin.exe"3⤵PID:1956
-
-
C:\Windows\system32\wscript.exewscript "m.vbs"3⤵PID:2820
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1348 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7469758,0x7fef7469768,0x7fef74697782⤵PID:1124
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1112 --field-trial-handle=1300,i,2239287097826616574,16474804822567205655,131072 /prefetch:22⤵PID:2364
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1300,i,2239287097826616574,16474804822567205655,131072 /prefetch:82⤵PID:1572
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1616 --field-trial-handle=1300,i,2239287097826616574,16474804822567205655,131072 /prefetch:82⤵PID:1012
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2244 --field-trial-handle=1300,i,2239287097826616574,16474804822567205655,131072 /prefetch:12⤵PID:1300
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2268 --field-trial-handle=1300,i,2239287097826616574,16474804822567205655,131072 /prefetch:12⤵PID:2620
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1400 --field-trial-handle=1300,i,2239287097826616574,16474804822567205655,131072 /prefetch:22⤵PID:1588
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3316 --field-trial-handle=1300,i,2239287097826616574,16474804822567205655,131072 /prefetch:12⤵PID:1740
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3484 --field-trial-handle=1300,i,2239287097826616574,16474804822567205655,131072 /prefetch:82⤵PID:676
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3604 --field-trial-handle=1300,i,2239287097826616574,16474804822567205655,131072 /prefetch:82⤵PID:744
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3880 --field-trial-handle=1300,i,2239287097826616574,16474804822567205655,131072 /prefetch:82⤵PID:2592
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3560 --field-trial-handle=1300,i,2239287097826616574,16474804822567205655,131072 /prefetch:12⤵PID:1928
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3880 --field-trial-handle=1300,i,2239287097826616574,16474804822567205655,131072 /prefetch:12⤵PID:2200
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2512 --field-trial-handle=1300,i,2239287097826616574,16474804822567205655,131072 /prefetch:82⤵PID:2208
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2528 --field-trial-handle=1300,i,2239287097826616574,16474804822567205655,131072 /prefetch:12⤵PID:3036
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1020 --field-trial-handle=1300,i,2239287097826616574,16474804822567205655,131072 /prefetch:12⤵PID:1544
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3844 --field-trial-handle=1300,i,2239287097826616574,16474804822567205655,131072 /prefetch:82⤵PID:2628
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4180 --field-trial-handle=1300,i,2239287097826616574,16474804822567205655,131072 /prefetch:82⤵PID:1020
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4248 --field-trial-handle=1300,i,2239287097826616574,16474804822567205655,131072 /prefetch:12⤵PID:744
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2728 --field-trial-handle=1300,i,2239287097826616574,16474804822567205655,131072 /prefetch:12⤵PID:2072
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2624
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ca9633cd9d986482104c682f087f37b9
SHA12220d42485190ae02c74c8b204eecdb69175c779
SHA2565ed6c72f8e0a1418da62ff9b1d1792d6cae09101861e6da1aec1604c298cfd12
SHA5123ed161ef872b0c5c70dbf86adc927c24e78ac379ed35592a6a1bb12d1a542d572e4f3ab58978cd90746aa72372b51195d7dbef58731fa4f3f4c72a662caf74db
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5032f59e1ac9ceb85ca20dfb693c71646
SHA15ce3fd6e03a7213551175f141fe2b19f68fda3bc
SHA256975a0866a2bc1492ce537167fedf4fc0553f1666dfd8db085ad0447cad7a4271
SHA512a1b13c38600e0f4faa7e10732dbc7226b79d3f74fe9e3949168d2e0242bc3da0ac0f8b3ffdd04a4b38f79ef7698afe7b7c385a48b8eab9f87a610fd8e4bb02ec
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5773d345818e27e55449e8ce1cab664c6
SHA1d505e97cfdfe7673daf0568a9e922019ae52b918
SHA256c0975b17e66c710dc8d995254208fd271304683c178fed122f5800abe9194cd1
SHA512a74a4912e3b1d2cd2f4c8ad814a64d42df358b4bec8fb56bede7aaa2da70cf4aa448217843cc2d7cd611b13ac17c7727de36a3e364afa9caa1b37b7eccb64be3
-
Filesize
432B
MD5c17e9171fb0eede11980308432882ca5
SHA1d7d72809553a0b886dbf832c287912211dd70241
SHA2562245c9eb8de4de8692162cd8e0f64494b14594bd9b1995c86f900c37c68efc52
SHA512e5188de169fa0405e9a44cbaac1d067ea149c35960d12128afa189028271b4f02298d45bc82aea754b33a81785c38cbb09a62818b7190cbb6c2dc5dcd49b1c3b
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
1KB
MD5d723555d7a800193d12a80a2969e02e8
SHA14bb1ecc692b6cd56967ad1a021f9fd493f1e385b
SHA256075256b154032db21b9c59cedfa6b7adecc2afd403ea6d7cccaa7f88bc62d253
SHA51259d759663d5f0082328b54f14c6cd7033d6106762c077b9c3e462fa9acfff0797c8d730ee44ac242edbc362746b4ffb93c9a093cd7be1f7440ae6887e8eb1fea
-
Filesize
524B
MD50bb7acbe268562ab14717da7831014a4
SHA1f7beecee3476894a666476e54af378a6fc4489c0
SHA2561fce52dc2b2e63317a0769150c8faf1ff35499a748675092f5019c05c1ccc77a
SHA512f27de372150e36eef41bb3cd7c93ca84570314b434b415adcb29d5f4c89bc55a4942dd08bdb5f3d9f7dae8901750d1e0257f1dfa550b23ce6ef20e05953e986d
-
Filesize
524B
MD5a9b047e7817ac7c90157d3c2ec700c7f
SHA15fb6bac8166604118bd75d465ca6f696a05633dd
SHA2564600cf717dfea4f8354f7b06f6055c8737ec81cb77caf55b34ec9f53fd42e29d
SHA512ded44e7147ada1b16efb8ed50eb79a05e347aa3d5b9bec5d7e38183edf5d28f47a0b753c3a1d4093e4f7d571e3448197b32fa22408c531ba77630ef32f2445eb
-
Filesize
361B
MD559cac928f9a9de82550fad8609afa051
SHA15f28ff6e9424d0fceabc2f2d3f54c47dd204970f
SHA256f38c872132880824c5c5160cddf0b3529872ae1b3cabf60c82cdb122a6ffe9b4
SHA512e00fc1992aae10530c7d9488dd6d45e2b7b8917329b0ebd259fb5a7a4ce07d4c8f90a299e79ccf477900f62861c76879fe210c3f6d7603239f2c301dc387e749
-
Filesize
524B
MD59d541fecbe6b7cac00e8953b9349f1e9
SHA1d030425e358233d684373feccb146db5ad31dd0d
SHA256e4b8f346da178190a3a554b9c364337af7c9c9dff440302d80358e553e168609
SHA51274c8c9004ed3d48c952d63388866eff868c21980ee0c3689ec010b590a22a46403c00fd214b693c617672dea5e4944d3fb1ce893690aee7b4903e4143c2ca205
-
Filesize
5KB
MD50a119006da847805372da5f88c741ac2
SHA1676200d7a384fb0e0dc6346f913565fb761cdfb6
SHA256e2c1f1dec84f9167f1e88c5bbcbdcfdddca307da2d56194a683ec6865e9732a9
SHA5126d26afe8adf979d20a6cbdda5a4681d243819bad51860cac4c8464f9f35635bc83fa9d75df0432f4431a41ed20ec5fa3b90bf674bf8f0402fe8c8df88d1f380d
-
Filesize
4KB
MD50cc7d19f492f69f987c880b844fc8b47
SHA1a350208e03080cca9641669110db87a39b8fc0f6
SHA25660985243d9b39eba73449229fb785a3c6c97cf0bbd61ded7766f1e639c354b51
SHA5126ddc97938e62bd71ad4f8f5bfe11a4ecba6c33bcac9ce6220e3e82ac0969f2365a04dc322feb4e4aeb151e4737ab90f44c1b6028dae4fa9ed08c1fccc86c1ace
-
Filesize
5KB
MD51eb0a884581b8b7a3e9b97f6934cbce3
SHA15b2d28eb6ae9f9cdb30611ddaf9fd1cc00c9cd91
SHA2565c4d81e66d84725765e50c00104b881b41e88002d7d4ac653c99efcbe01c87a1
SHA5120a6798f6ec7d502b2d099a7686bc0f576f8a2ddbfd9bed09e5af32facc24dfdbf3a4947b58d4cd26e613f3c854df9dbcba9186a22701e939425c993cde2fb70a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp
Filesize16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a00c2be2-352b-4a7a-a917-9f4296918eef.tmp
Filesize5KB
MD5c4f1278ba02a4d64d77a28efc6cac378
SHA1fa34aec66ec5df17e52f1c9259ed66f62f01cc62
SHA256899cb5705005054f2d13d251e31fa72acce9e529784b82f72c1e8bb13929c7fb
SHA5120cbeebcaa590bdd9fbc6f2fe2575563e4934948dd0801bc30a28ccc030cb4f8348a47ff20300b6e806bed01d8d4536e068d884c548f276f90205fe989eb2453c
-
Filesize
264KB
MD5f644ce47469754b7d061adbb340e2ab9
SHA1f8156e6e806c9baaa90dc0a4065522adca352877
SHA2562ef39bd34819180a5d7e672f3c51ae9f59ff591dd49651b34748a21226a7b250
SHA512750d2ed35717dce4346d2dfe2b3a4f55074e22b44aa4d546b31d063594a2206776b59b934f188fa7216e7638e1157920658e1c3eaab687cbc9335d14c910ab89
-
Filesize
383B
MD55b2f4b19baac5325cbeae4d8024d064c
SHA14f109afc12cec097f003f1723c1da56940f69b8f
SHA25643464f239bf395e90405c7579f7380d06a0b581bbd0a8ca836b05a82808be78e
SHA5127deb4fea0601cd364bda06c74d6a5d52ffb3d16935d8552c91ebca7d790f6566c64746ff58e61936356758f4b93d91931d477c363ccc4af9a133e0456f9fb40b
-
Filesize
127B
MD571f2ece5d6de26f528ff0e1c9382f1c9
SHA112b4fe9e4f1d4e0ea494393282baeb58f5991c8e
SHA256648b31ac461f2539e111298e9d5f8e154ed8852a4f8c57cceec17504da8cdb01
SHA5120236aa82c44f9cdc7230d2b46c910c794820202e697031c893ed8502883f310bc202beee7d4a502f5508c8f6c320f9479e48be30f24f344624a0224a1f549c56
-
Filesize
54KB
MD593841169c4264ce13735e8b116d06226
SHA11ceac2fe01f6bdb37bdeb73ba13cd7ed99d0f608
SHA25682bf8fbb4b79fdd9a21518373ddd57fc2d6c53599458a055f64e20d40dc85f2b
SHA512ce98cac504828ac676d1069f6d0cedc55ff68bf51d2b01df0108ec632bdc0aa1f809ef6ddb000fa1c59ea66723c903cf37412d98f59ff7032777a45b2c72e871
-
Filesize
19KB
MD5c63727e7d32cd53e644d8ab3435778fa
SHA14f187b6d1a0839ffff7bcc69368b40ca007067b3
SHA25691d5604845d13992f916f56c2301cf866973520ef647a5d7073cdddc0bca3d00
SHA512278aa953b1578c2b7eebcd6d4dc3241a3e8862ce1ebafb2e37ec3715f2f92833f147c41227052f8ec6f06ae35d71f810913b3c28dd1675ee5e473559b3e85bc7
-
Filesize
18KB
MD5eb05f382514e1a62572f9afd06a0a50d
SHA186a601e6b8a6e0dee089a66707a9a1d80bd33ba5
SHA25624c3df9a48a7d1abd01b3a608505a33a3a2d3d907c7b6dad79c0f0da01125ab9
SHA5122b46fcbcd1a35e09c22f3230b690783121fbdd504e4f3f34d3e1753db63d6720e5c6d752bad2d2015326e165b08b13d4c4ed7611cdaaad0e1f52a357e270a79f
-
Filesize
14KB
MD53713a4dfdfa399b20561aa8bcbea1b25
SHA18109cb8e9e9c00fba74d456c1756799c72072989
SHA2568e4e731640114f96219d4aa6ce2416c2f1db7e75834cdca91c380de6b0eebbaa
SHA512a34244e4622648dc19f2efa001bf461cec7794bb7050fadacd5369272d83db87fef711afbb5a108b7665304430a419ee7fdf09c2e8155f496eba1a321142b090
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a
-
Filesize
13KB
MD51285cd98536d791db631ac4bbc4520b1
SHA1c0cf2a608361742736fc886ee837c6a501cc1ed1
SHA2568f16b68a09fb1ac498e34054c6b31634a7fba08204678b19d449f617c303c674
SHA512f67065feb33b555748e5e82dd8c2b3da4992d03eab7444481b8d060fd74a579859bbbbf6f8f37aeb6e267ab4594a2c4732e90b5e2cf2cec006191885359f8826
-
Filesize
71B
MD5cbaa7c6cb3c383b11dd691b316f2a91b
SHA10f2d66cea7cc24e0dda9972e05a7b236a9bcbc9e
SHA2565f1ffcde4ee668c3350fdd9730df67adc35c704342ac2224924069c9bae2be95
SHA512fe74a8ccd7875e7bf9588d386fd886810dc0edd01216bf5a886add985fcbb813296a606ec83028a90d30b4df348125827300a98f2ec6081a5d981d09316a44f9