3af66fcfb2f8345d2fda0feb8dcd106ef34bf2ef1369cfb846ef2b1689048b32

Analysis

max time kernel
214s
max time network
214s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/04/2024, 07:14

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

Fail SERIOUS.mp3
Size

18.7MB
MD5

4be84b11b997394302a9d29d0a2e0734
SHA1

5142d6df2adda36ca8d61a931dc158a937b0ef0e
SHA256

3af66fcfb2f8345d2fda0feb8dcd106ef34bf2ef1369cfb846ef2b1689048b32
SHA512

c25e2f6c66fc7b40c5f139e1fe72b2e95ecfec6ccd19c8681adbda3ebd84c15a6771f13cc7ccf7e27d1fe646bab23b3edf2a1ed49dcbbe4af34428addd930284
SSDEEP

393216:f4VR7kHLQgn7lhVKrGwy9axz9UZrpqyWF6oVt8O:9VHrpqyt1O

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1956	vlc.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2448	chrome.exe
2448	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1956	vlc.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: 33	1956	vlc.exe
Token: SeIncBasePriorityPrivilege	1956	vlc.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe
Token: SeShutdownPrivilege	2448	chrome.exe

Suspicious use of FindShellTrayWindow 45 IoCs

pid	Process
1956	vlc.exe
1956	vlc.exe
1956	vlc.exe
1956	vlc.exe
1956	vlc.exe
1956	vlc.exe
1956	vlc.exe
1956	vlc.exe
1956	vlc.exe
1956	vlc.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe

Suspicious use of SendNotifyMessage 41 IoCs

pid	Process
1956	vlc.exe
1956	vlc.exe
1956	vlc.exe
1956	vlc.exe
1956	vlc.exe
1956	vlc.exe
1956	vlc.exe
1956	vlc.exe
1956	vlc.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1956	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2448 wrote to memory of 2472	2448	chrome.exe	29
PID 2448 wrote to memory of 2472	2448	chrome.exe	29
PID 2448 wrote to memory of 2472	2448	chrome.exe	29
PID 2448 wrote to memory of 348	2448	chrome.exe	31
PID 2448 wrote to memory of 348	2448	chrome.exe	31
PID 2448 wrote to memory of 348	2448	chrome.exe	31
PID 2448 wrote to memory of 348	2448	chrome.exe	31
PID 2448 wrote to memory of 348	2448	chrome.exe	31
PID 2448 wrote to memory of 348	2448	chrome.exe	31
PID 2448 wrote to memory of 348	2448	chrome.exe	31
PID 2448 wrote to memory of 348	2448	chrome.exe	31
PID 2448 wrote to memory of 348	2448	chrome.exe	31
PID 2448 wrote to memory of 348	2448	chrome.exe	31
PID 2448 wrote to memory of 348	2448	chrome.exe	31
PID 2448 wrote to memory of 348	2448	chrome.exe	31
PID 2448 wrote to memory of 348	2448	chrome.exe	31
PID 2448 wrote to memory of 348	2448	chrome.exe	31
PID 2448 wrote to memory of 348	2448	chrome.exe	31
PID 2448 wrote to memory of 348	2448	chrome.exe	31
PID 2448 wrote to memory of 348	2448	chrome.exe	31
PID 2448 wrote to memory of 348	2448	chrome.exe	31
PID 2448 wrote to memory of 348	2448	chrome.exe	31
PID 2448 wrote to memory of 348	2448	chrome.exe	31
PID 2448 wrote to memory of 348	2448	chrome.exe	31
PID 2448 wrote to memory of 348	2448	chrome.exe	31
PID 2448 wrote to memory of 348	2448	chrome.exe	31
PID 2448 wrote to memory of 348	2448	chrome.exe	31
PID 2448 wrote to memory of 348	2448	chrome.exe	31
PID 2448 wrote to memory of 348	2448	chrome.exe	31
PID 2448 wrote to memory of 348	2448	chrome.exe	31
PID 2448 wrote to memory of 348	2448	chrome.exe	31
PID 2448 wrote to memory of 348	2448	chrome.exe	31
PID 2448 wrote to memory of 348	2448	chrome.exe	31
PID 2448 wrote to memory of 348	2448	chrome.exe	31
PID 2448 wrote to memory of 348	2448	chrome.exe	31
PID 2448 wrote to memory of 348	2448	chrome.exe	31
PID 2448 wrote to memory of 348	2448	chrome.exe	31
PID 2448 wrote to memory of 348	2448	chrome.exe	31
PID 2448 wrote to memory of 348	2448	chrome.exe	31
PID 2448 wrote to memory of 348	2448	chrome.exe	31
PID 2448 wrote to memory of 348	2448	chrome.exe	31
PID 2448 wrote to memory of 348	2448	chrome.exe	31
PID 2448 wrote to memory of 352	2448	chrome.exe	32
PID 2448 wrote to memory of 352	2448	chrome.exe	32
PID 2448 wrote to memory of 352	2448	chrome.exe	32
PID 2448 wrote to memory of 884	2448	chrome.exe	33
PID 2448 wrote to memory of 884	2448	chrome.exe	33
PID 2448 wrote to memory of 884	2448	chrome.exe	33
PID 2448 wrote to memory of 884	2448	chrome.exe	33
PID 2448 wrote to memory of 884	2448	chrome.exe	33
PID 2448 wrote to memory of 884	2448	chrome.exe	33
PID 2448 wrote to memory of 884	2448	chrome.exe	33
PID 2448 wrote to memory of 884	2448	chrome.exe	33
PID 2448 wrote to memory of 884	2448	chrome.exe	33
PID 2448 wrote to memory of 884	2448	chrome.exe	33
PID 2448 wrote to memory of 884	2448	chrome.exe	33
PID 2448 wrote to memory of 884	2448	chrome.exe	33
PID 2448 wrote to memory of 884	2448	chrome.exe	33
PID 2448 wrote to memory of 884	2448	chrome.exe	33
PID 2448 wrote to memory of 884	2448	chrome.exe	33
PID 2448 wrote to memory of 884	2448	chrome.exe	33
PID 2448 wrote to memory of 884	2448	chrome.exe	33
PID 2448 wrote to memory of 884	2448	chrome.exe	33
PID 2448 wrote to memory of 884	2448	chrome.exe	33

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\Fail SERIOUS.mp3"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6069758,0x7fef6069768,0x7fef6069778
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1196 --field-trial-handle=1728,i,6342573045039744237,1987744695314665772,131072 /prefetch:2
  2⤵
  PID:348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1408 --field-trial-handle=1728,i,6342573045039744237,1987744695314665772,131072 /prefetch:8
  2⤵
  PID:352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1492 --field-trial-handle=1728,i,6342573045039744237,1987744695314665772,131072 /prefetch:8
  2⤵
  PID:884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2288 --field-trial-handle=1728,i,6342573045039744237,1987744695314665772,131072 /prefetch:1
  2⤵
  PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2296 --field-trial-handle=1728,i,6342573045039744237,1987744695314665772,131072 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1180 --field-trial-handle=1728,i,6342573045039744237,1987744695314665772,131072 /prefetch:2
  2⤵
  PID:2248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3268 --field-trial-handle=1728,i,6342573045039744237,1987744695314665772,131072 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3500 --field-trial-handle=1728,i,6342573045039744237,1987744695314665772,131072 /prefetch:8
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3616 --field-trial-handle=1728,i,6342573045039744237,1987744695314665772,131072 /prefetch:8
  2⤵
  PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3652 --field-trial-handle=1728,i,6342573045039744237,1987744695314665772,131072 /prefetch:8
  2⤵
  PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3700 --field-trial-handle=1728,i,6342573045039744237,1987744695314665772,131072 /prefetch:1
  2⤵
  PID:2948

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2496

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2548

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:1548

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{FCC74B77-EC3E-4DD8-A80B-008A702075A9}
1⤵
PID:2736
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --uninstall --system-level
  2⤵
  PID:2300
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13f977688,0x13f977698,0x13f9776a8
    3⤵
    PID:2400
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --uninstall
    3⤵
    - Enumerates system info in registry
    PID:2488
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6069758,0x7fef6069768,0x7fef6069778
      4⤵
      PID:1448
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1276,i,3562111593407965702,18070162161857768991,131072 /prefetch:2
      4⤵
      PID:860
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1276,i,3562111593407965702,18070162161857768991,131072 /prefetch:8
      4⤵
      PID:980
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1684 --field-trial-handle=1276,i,3562111593407965702,18070162161857768991,131072 /prefetch:2
      4⤵
      PID:1420

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:312

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" shell32.dll,Options_RunDLL 1
1⤵
PID:756

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
1⤵
PID:908

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x1
1⤵
PID:336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\06cfc20c-c539-41f9-bcad-59c759bc4a7d.tmp

Filesize
267KB

MD5
72aa9034a6bbcbeede500b4341a1fc3e

SHA1
0ebf40624c3ddb118eec52125fbc55c1cdae577c

SHA256
1f922e219bd331c3bb33ac0562afc4015bd0e1f89bc87d505c0166f75cc38967

SHA512
ad0610580bfb6afb2c2b798b3062e95d4ca74a27b328f725fe7257b2bab236b6fd33b57aae236e5a1510932cb32ae8b91fefa2862b59dc4daee453153e33dc7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\13f4f031-b7e1-4706-9223-4ba097ab15cc.tmp

Filesize
267KB

MD5
0da73e633c05107a0c4fb189beef3214

SHA1
5219100822b534a043fb8535bb81d9f624dd2085

SHA256
58cf48590609f4683860de812598f6aa07cb106f8199a9de88b212b099d37a8a

SHA512
f9c32443dec5809d290608fa6a131bd1835964df84479cc7ed39d027451d9166f95f06539dbaec412c093165247feb581730f671c72c9fc9881b45396541260a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
ed715d36c6e1a35718245d163b752006

SHA1
aacee5bf36ae2ed34b5a7b67070af133bf605a1a

SHA256
a428a6d7caa0b2da05d2a23609a8d0b304ed47abfd582c313ab216176079ae50

SHA512
42b5d8146f04aed3e270919381e98d3de6c505572bfc771f1febcd9c26df574bf800dfa08cf1b961798c938c818f6e2ebf494848a63a44a9735096c4a0169159

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
200KB

MD5
a484f2f3418f65b8214cbcd3e4a31057

SHA1
5c002c51b67db40f88b6895a5d5caa67608a65ce

SHA256
79cbe928773386d07f0127f256f383debed5ccea5ff230465bf46ec7c87319d6

SHA512
0be1bb8db08f6e6041a85cfee90cd36a5b595afbca34d52a125465454fc806b4bb7ae569eaf4c882922fb1b962b6060534e597791cd0ad23483be5981d9be85c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
286cf00a3f9997416ab652af86a5793a

SHA1
d20f503117e3f98bab51d9d7f505fee2f46da26b

SHA256
d333d4e6cef3789b09e23e4612576b78159d47bc8ba629a4c56a3a1922fbefc7

SHA512
c99faaaaaef04356db71b560881a1096c2c7e3e824a0d8ca17ca42163db16f1f24510a4c520157e258e252d722cba8e9591077a8ff0f5f583634b8e9617a6375

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a8e0cb853da320e67aad87899ae05713

SHA1
354c33164f7c49fd3eabd041264ba806b1647131

SHA256
459178aabf48e962242d38581ca0fdc94c1b16c3da5f22edc8013122ea2f540f

SHA512
35ca2fe3e9a7f42935f0ddcfb15e2993250304a527400a2f4e56ea98fbb7bbd4f2592380b2c4f3934762f5cefd27afcf3ff03ca46fdf57bb77d9ffc94658acad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d24e81179a874cdb1609079999d07d00

SHA1
94dda5fdc6492fc12d48be334bea5b5074e218c8

SHA256
67dabd83a61d6b790501a5be89b59e123e21689bccc49053b5c449c95293b953

SHA512
33c25aea99e8b14313aed5a92fe022621a28997f6c8451dc37f0b8e5343336f68dfaeb02460ebc998aa880563df833479b29b031ca5dd800af6bc196e9cf29e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
8615bd006322cd1a7f3b5f80e270c6ca

SHA1
51e05384b6637673e09fcfb9f4ba090ebc542392

SHA256
b47c649121d263793397a57ce51dd32e2c474e012cf360308b273a18e1963e97

SHA512
84b2cd2b77b6da418560de59b554ce8e7e21ad72c4bd8b3a198ead9c27137336fb26ea16d2363e1fbcf49840203d436c9182af70c1ff08c7dfe6f8d481efb433

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
267KB

MD5
116cc674a25e9fbbb3d32ab0b30cd6f9

SHA1
e99ec540012a14e1fee3cb420b032033f3adb3fa

SHA256
d2804bab3c8dd71865adbae838cb26eba79b0241f1e63350af4d41333aee4768

SHA512
97070f3dc60368f88b51c230ce0c05c028032b1aea993bb33d420fdaaff705092f6f2a45113b324e11a5521bd2c2147369933ea950bdc0545928b9e1015a01cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
e1adb86204a4cde4a920d9370e9e9a3a

SHA1
92483f7f7c75f89ce1e87906462d5f434c503320

SHA256
6ec6f2ebf6522295e86b5538885d404cba70409f4117fc8e1f78e14efb779ea0

SHA512
2c33ead30c01c4935b393d16a809184a67e5bb4226e18f72c2d1ceba56398eb68ba735a8888fbd0047e4109e6611fb6d77400c6a105a05b2443680ab1df3db17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt

Filesize
4B

MD5
a7653b3b0cbc78b870e03f1143b4c868

SHA1
0612bd3b8ddb9879a48bcff879c49a089af2bc8c

SHA256
dc729be401450576f556932a4057826877804fb3d9cc2b95c69a7401f6db4b5c

SHA512
c070602a0214bb30db225061d9bb06f45a5a6bc6aaa1866d2b2a8dfd2185490baf607301e1c4edb740324cdc91df75c9a106c2d2e2d9e3bb210f3493259ebc9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
memory/1956-20-0x000007FEF65C0000-0x000007FEF65D1000-memory.dmp

Filesize
68KB

Download
memory/1956-51-0x000007FEF5F50000-0x000007FEF6204000-memory.dmp

Filesize
2.7MB

Download
memory/1956-40-0x000007FEF2B20000-0x000007FEF2B32000-memory.dmp

Filesize
72KB

Download
memory/1956-36-0x000007FEF4930000-0x000007FEF49F5000-memory.dmp

Filesize
788KB

Download
memory/1956-39-0x000007FEF2B40000-0x000007FEF2B51000-memory.dmp

Filesize
68KB

Download
memory/1956-38-0x000007FEF2D50000-0x000007FEF2D78000-memory.dmp

Filesize
160KB

Download
memory/1956-37-0x000007FEF2D80000-0x000007FEF2DD6000-memory.dmp

Filesize
344KB

Download
memory/1956-16-0x000007FEF4CA0000-0x000007FEF5D4B000-memory.dmp

Filesize
16.7MB

Download
memory/1956-32-0x000007FEF4A70000-0x000007FEF4AC7000-memory.dmp

Filesize
348KB

Download
memory/1956-41-0x000007FEF29A0000-0x000007FEF2B1A000-memory.dmp

Filesize
1.5MB

Download
memory/1956-33-0x000007FEF4A40000-0x000007FEF4A6F000-memory.dmp

Filesize
188KB

Download
memory/1956-31-0x000007FEF4AD0000-0x000007FEF4AE1000-memory.dmp

Filesize
68KB

Download
memory/1956-30-0x000007FEF4AF0000-0x000007FEF4B07000-memory.dmp

Filesize
92KB

Download
memory/1956-28-0x000007FEF4B30000-0x000007FEF4B9F000-memory.dmp

Filesize
444KB

Download
memory/1956-29-0x000007FEF4B10000-0x000007FEF4B21000-memory.dmp

Filesize
68KB

Download
memory/1956-26-0x000007FEF4C10000-0x000007FEF4C40000-memory.dmp

Filesize
192KB

Download
memory/1956-25-0x000007FEF4C40000-0x000007FEF4C58000-memory.dmp

Filesize
96KB

Download
memory/1956-24-0x000007FEF4C60000-0x000007FEF4C71000-memory.dmp

Filesize
68KB

Download
memory/1956-18-0x000007FEF6600000-0x000007FEF6621000-memory.dmp

Filesize
132KB

Download
memory/1956-17-0x000007FEF6630000-0x000007FEF666F000-memory.dmp

Filesize
252KB

Download
memory/1956-49-0x000000013FA40000-0x000000013FB38000-memory.dmp

Filesize
992KB

Download
memory/1956-34-0x000007FEF4A20000-0x000007FEF4A33000-memory.dmp

Filesize
76KB

Download
memory/1956-50-0x000007FEF8000000-0x000007FEF8034000-memory.dmp

Filesize
208KB

Download
memory/1956-52-0x000007FEF4CA0000-0x000007FEF5D4B000-memory.dmp

Filesize
16.7MB

Download
memory/1956-35-0x000007FEF4A00000-0x000007FEF4A11000-memory.dmp

Filesize
68KB

Download
memory/1956-27-0x000007FEF4BA0000-0x000007FEF4C07000-memory.dmp

Filesize
412KB

Download
memory/1956-19-0x000007FEF65E0000-0x000007FEF65F8000-memory.dmp

Filesize
96KB

Download
memory/1956-6-0x000007FEF8000000-0x000007FEF8034000-memory.dmp

Filesize
208KB

Download
memory/1956-21-0x000007FEF65A0000-0x000007FEF65B1000-memory.dmp

Filesize
68KB

Download
memory/1956-22-0x000007FEF6580000-0x000007FEF6591000-memory.dmp

Filesize
68KB

Download
memory/1956-23-0x000007FEF4C80000-0x000007FEF4C9B000-memory.dmp

Filesize
108KB

Download
memory/1956-9-0x000007FEFA810000-0x000007FEFA827000-memory.dmp

Filesize
92KB

Download
memory/1956-10-0x000007FEF7FE0000-0x000007FEF7FF1000-memory.dmp

Filesize
68KB

Download
memory/1956-11-0x000007FEF7200000-0x000007FEF7217000-memory.dmp

Filesize
92KB

Download
memory/1956-12-0x000007FEF71E0000-0x000007FEF71F1000-memory.dmp

Filesize
68KB

Download
memory/1956-15-0x000007FEF5D50000-0x000007FEF5F50000-memory.dmp

Filesize
2.0MB

Download
memory/1956-13-0x000007FEF71C0000-0x000007FEF71DD000-memory.dmp

Filesize
116KB

Download
memory/1956-14-0x000007FEF6670000-0x000007FEF6681000-memory.dmp

Filesize
68KB

Download
memory/1956-7-0x000007FEF5F50000-0x000007FEF6204000-memory.dmp

Filesize
2.7MB

Download
memory/1956-8-0x000007FEFB490000-0x000007FEFB4A8000-memory.dmp

Filesize
96KB

Download
memory/1956-5-0x000000013FA40000-0x000000013FB38000-memory.dmp

Filesize
992KB

Download