a6ca3a16b0938b1348ca5c571a6bfb041fca72bee8cc5fef77df6e18853e6bd6

Analysis

max time kernel
47s
max time network
148s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
02/05/2024, 21:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

minecraftBLACK-main/0n10.cpp
Size

1B
MD5

68b329da9893e34099c7d8ad5cb9c940
SHA1

adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
SHA256

01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
SHA512

be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{78A2E6F1-08C8-11EF-A34E-5E73522EB9B5} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe

Modifies registry class 12 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\cpp_auto_file\shell\edit\command	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\cpp_auto_file\shell\edit\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1"	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\cpp_auto_file\shell\open	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\cpp_auto_file\shell\open\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1"	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_Classes\Local Settings	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\.cpp	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\cpp_auto_file\shell\edit	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\cpp_auto_file\shell	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\cpp_auto_file\shell\open\command	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\cpp_auto_file	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\cpp_auto_file\	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\.cpp\ = "cpp_auto_file"	rundll32.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1760	chrome.exe
1760	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2636	rundll32.exe

Suspicious use of AdjustPrivilegeToken 54 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe
Token: SeShutdownPrivilege	1760	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
2500	iexplore.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2500	iexplore.exe
2500	iexplore.exe
1528	IEXPLORE.EXE
1528	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 2636	2204	cmd.exe	29
PID 2204 wrote to memory of 2636	2204	cmd.exe	29
PID 2204 wrote to memory of 2636	2204	cmd.exe	29
PID 2636 wrote to memory of 3068	2636	rundll32.exe	30
PID 2636 wrote to memory of 3068	2636	rundll32.exe	30
PID 2636 wrote to memory of 3068	2636	rundll32.exe	30
PID 2500 wrote to memory of 1528	2500	iexplore.exe	34
PID 2500 wrote to memory of 1528	2500	iexplore.exe	34
PID 2500 wrote to memory of 1528	2500	iexplore.exe	34
PID 2500 wrote to memory of 1528	2500	iexplore.exe	34
PID 1760 wrote to memory of 1856	1760	chrome.exe	36
PID 1760 wrote to memory of 1856	1760	chrome.exe	36
PID 1760 wrote to memory of 1856	1760	chrome.exe	36
PID 1760 wrote to memory of 944	1760	chrome.exe	38
PID 1760 wrote to memory of 944	1760	chrome.exe	38
PID 1760 wrote to memory of 944	1760	chrome.exe	38
PID 1760 wrote to memory of 944	1760	chrome.exe	38
PID 1760 wrote to memory of 944	1760	chrome.exe	38
PID 1760 wrote to memory of 944	1760	chrome.exe	38
PID 1760 wrote to memory of 944	1760	chrome.exe	38
PID 1760 wrote to memory of 944	1760	chrome.exe	38
PID 1760 wrote to memory of 944	1760	chrome.exe	38
PID 1760 wrote to memory of 944	1760	chrome.exe	38
PID 1760 wrote to memory of 944	1760	chrome.exe	38
PID 1760 wrote to memory of 944	1760	chrome.exe	38
PID 1760 wrote to memory of 944	1760	chrome.exe	38
PID 1760 wrote to memory of 944	1760	chrome.exe	38
PID 1760 wrote to memory of 944	1760	chrome.exe	38
PID 1760 wrote to memory of 944	1760	chrome.exe	38
PID 1760 wrote to memory of 944	1760	chrome.exe	38
PID 1760 wrote to memory of 944	1760	chrome.exe	38
PID 1760 wrote to memory of 944	1760	chrome.exe	38
PID 1760 wrote to memory of 944	1760	chrome.exe	38
PID 1760 wrote to memory of 944	1760	chrome.exe	38
PID 1760 wrote to memory of 944	1760	chrome.exe	38
PID 1760 wrote to memory of 944	1760	chrome.exe	38
PID 1760 wrote to memory of 944	1760	chrome.exe	38
PID 1760 wrote to memory of 944	1760	chrome.exe	38
PID 1760 wrote to memory of 944	1760	chrome.exe	38
PID 1760 wrote to memory of 944	1760	chrome.exe	38
PID 1760 wrote to memory of 944	1760	chrome.exe	38
PID 1760 wrote to memory of 944	1760	chrome.exe	38
PID 1760 wrote to memory of 944	1760	chrome.exe	38
PID 1760 wrote to memory of 944	1760	chrome.exe	38
PID 1760 wrote to memory of 944	1760	chrome.exe	38
PID 1760 wrote to memory of 944	1760	chrome.exe	38
PID 1760 wrote to memory of 944	1760	chrome.exe	38
PID 1760 wrote to memory of 944	1760	chrome.exe	38
PID 1760 wrote to memory of 944	1760	chrome.exe	38
PID 1760 wrote to memory of 944	1760	chrome.exe	38
PID 1760 wrote to memory of 944	1760	chrome.exe	38
PID 1760 wrote to memory of 944	1760	chrome.exe	38
PID 1760 wrote to memory of 1032	1760	chrome.exe	39
PID 1760 wrote to memory of 1032	1760	chrome.exe	39
PID 1760 wrote to memory of 1032	1760	chrome.exe	39
PID 1760 wrote to memory of 864	1760	chrome.exe	40
PID 1760 wrote to memory of 864	1760	chrome.exe	40
PID 1760 wrote to memory of 864	1760	chrome.exe	40
PID 1760 wrote to memory of 864	1760	chrome.exe	40
PID 1760 wrote to memory of 864	1760	chrome.exe	40
PID 1760 wrote to memory of 864	1760	chrome.exe	40
PID 1760 wrote to memory of 864	1760	chrome.exe	40
PID 1760 wrote to memory of 864	1760	chrome.exe	40
PID 1760 wrote to memory of 864	1760	chrome.exe	40

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\minecraftBLACK-main\0n10.cpp
1⤵
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Windows\system32\rundll32.exe
  "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\minecraftBLACK-main\0n10.cpp
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of WriteProcessMemory
  PID:2636
- - C:\Windows\system32\NOTEPAD.EXE
    "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\minecraftBLACK-main\0n10.cpp
    3⤵
    PID:3068

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2500
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2500 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1528

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6329758,0x7fef6329768,0x7fef6329778
  2⤵
  PID:1856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1188,i,3908592189082804529,4688159570334104243,131072 /prefetch:2
  2⤵
  PID:944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1508 --field-trial-handle=1188,i,3908592189082804529,4688159570334104243,131072 /prefetch:8
  2⤵
  PID:1032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1584 --field-trial-handle=1188,i,3908592189082804529,4688159570334104243,131072 /prefetch:8
  2⤵
  PID:864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2276 --field-trial-handle=1188,i,3908592189082804529,4688159570334104243,131072 /prefetch:1
  2⤵
  PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2308 --field-trial-handle=1188,i,3908592189082804529,4688159570334104243,131072 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1464 --field-trial-handle=1188,i,3908592189082804529,4688159570334104243,131072 /prefetch:2
  2⤵
  PID:3008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2896 --field-trial-handle=1188,i,3908592189082804529,4688159570334104243,131072 /prefetch:1
  2⤵
  PID:2160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3480 --field-trial-handle=1188,i,3908592189082804529,4688159570334104243,131072 /prefetch:8
  2⤵
  PID:1740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3592 --field-trial-handle=1188,i,3908592189082804529,4688159570334104243,131072 /prefetch:8
  2⤵
  PID:2928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3520 --field-trial-handle=1188,i,3908592189082804529,4688159570334104243,131072 /prefetch:8
  2⤵
  PID:1132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3748 --field-trial-handle=1188,i,3908592189082804529,4688159570334104243,131072 /prefetch:1
  2⤵
  PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2432 --field-trial-handle=1188,i,3908592189082804529,4688159570334104243,131072 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 --field-trial-handle=1188,i,3908592189082804529,4688159570334104243,131072 /prefetch:8
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3724 --field-trial-handle=1188,i,3908592189082804529,4688159570334104243,131072 /prefetch:1
  2⤵
  PID:1384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3868 --field-trial-handle=1188,i,3908592189082804529,4688159570334104243,131072 /prefetch:1
  2⤵
  PID:2828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2320 --field-trial-handle=1188,i,3908592189082804529,4688159570334104243,131072 /prefetch:1
  2⤵
  PID:2944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3872 --field-trial-handle=1188,i,3908592189082804529,4688159570334104243,131072 /prefetch:1
  2⤵
  PID:2540

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0b0c8c9095e5bdfe35a08ee0e1129da5

SHA1
d1a00eafbe048372c0662c502735ceae6031be44

SHA256
b0ba6b52a4fb473b642e2bacbe967b8663e58e1f5dd292f44d75b2bdf8a8959c

SHA512
2e2780bdbab0ea7e053f6a27610002e43aa4f4adb1b3be3b25fa65de0c89df53b473790639d78a50e7274aee5725cf6e3e0126a5d15cb968fc2a818c1933cc88

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ddc40aa11043e2f598128c82f8fe0cb9

SHA1
d8ec4661333fcd451e93b40f3eb8fffdb2b10803

SHA256
6e92d8faf9fd37b3a27bba793785c13bd88dc595774d766806e1bc240ca5d61e

SHA512
31908b4e1625f0a196789707437985d71201d30698114679fb3d9c10e78fc3981e6ca669efff2585daf7ff7c9a1b6d9d94302478046de863656f0925afc599e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f51a852ea3e669d72462e84fe681d1d9

SHA1
2d7a39d9e7dea66b5c5b90041c0472c340fe0b6a

SHA256
5a0bafa2c71a47a1c53101fdf44513b9206fe8bddaa1ada942e49b218a2a0125

SHA512
2ccc173ba149a025667e695e7d18eb4c867e103f0c7775ef40597e441a42fcdf480ee513c922a7ac9f5f983aa202c9c7d2ced4442b32edd76fc430f451131a90

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
da2d321481b3d0a0e3e72ec6ca20d0e3

SHA1
91eb193e9e7e49fd3505e059ddcd6f3d4ebe1fe4

SHA256
9df64b3b41cee4b4485eaf4dbafc84ca29a765ff696f6d10061370a85b0d65b0

SHA512
13040514613b2fb574c65c6bcfb9fb4b72a483adb4c303a9e777ccc1eb9c3148b1bf52388473142545a03f63e9f0512626f58e0f3464750ee900299756f7465e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a72d2748ef4fba51fd92dd08e1cf4c42

SHA1
fa6173b1ab071ae46c0d80e27d2c892779f34bc2

SHA256
96e18297a29261dfb819e718da64f791aec9842149469db270351c5734f60be3

SHA512
f6b21d2874c38dd97bd7b24d0110f447355e3282caa42c33c47bcbd557020c1fd620a1daf83b38d5189805b08f55e5d90ab22dc288e8dc948907acc4ee0a1b02

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cd91da7ebbebe6d6a018e7bd1b32f7d9

SHA1
7082ec7abf4bed81e9a9f07dd68d6fcbdc82dc43

SHA256
8966371086ef48f46fb9ebe23630a84725b5d4472cba225a73218063d508975c

SHA512
9d63371f9bf162bdeeb4ee6c8619afd08f2d4b4989a5e97cb419ca7e2548e7d0b15df17de24738ecc5655db3ed21e06511102f05d48caeec5be653fd95b0603f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b25e5501f5f37fa5c30c32bce0239170

SHA1
ca7e0944cece7a3e301737e7540ae9e6e63f2c92

SHA256
fde91eb75c869573e0b8060aca49110192d5549d69cc87a7c9df7439e6824bb8

SHA512
cf54421b6c8487870928c3360429b1d071ee3725d59f1e3a8085b93acefc045af261a7e3e2ec7c4c502bb6d078e8cda63fa73f5595089389921b606f6d197651

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e6d511b947082b2e6ba42e96927d75c2

SHA1
15765b539f417e9f363202031329ee0e3c70fbd7

SHA256
9a58c863232357b6c04aada1abc2943cfe9ce337cb55888388f81fe273f233d2

SHA512
bcf296896bebcdd4c5c86ca4a991d2661517f959337b6dbae7ea576ea57ea43e8ff638298b860534c8593455170ee3db7c2ae6a122fb7e53bee0358d09ebd3a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
33379b1682090c7801d6f4074ca874aa

SHA1
6ebe71bfcf1d9fc5e81dc7c1696bae297ed285c8

SHA256
21f6603b84d3403a5dbe13a92bb013d398749abe4ab808a407a6cc6b7e4f300a

SHA512
f72a71a8e685b37b23e669d3343ace1555cbe6ebc636bc7bdf976ce97794c0e8e12ecc7cd4dc5463226a480dd2ce5483c2648d45fda0eb27ea46a485ab663a00

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1d3e3a4f814de17211cb397212fe60d4

SHA1
dbdbe2c11152daabd0a0ef0977b12786055491eb

SHA256
b5ae79f66c524a284c8341bd7fb0fb433f1544ebecea029ed71350676e151c7f

SHA512
902fbae83ecde4701aca38a28e76598d1e46eddeab4e3645b72ba3212a5bc051ebb6c1f52ed87c2a5fa80520da4198cc138b592e665a894158152363565b23ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0b5ca994cc65fe8ea72f20c922ffa7c6

SHA1
4c0827ffaf5fab792eb547d70bcc771602dbabf1

SHA256
e0269b70d98baca794b0b6cc1a2d68deac2176e108f34db2b482a2a6eacc22a3

SHA512
41db23604340e79dc2e4f5d654dc10b11b3f46ad35e88fa6e7b7e02c75410ccd44b547f14b0d994dd1dcbe9ae5b3a179791659e250650132eab4dd2342f5852a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
5868dcfc1d61efca3846838cbc72063d

SHA1
7b8d1e0d81c39dbe58b898bfaf458898a6900b65

SHA256
ef75554b7e4284ef00688b23abb2636d2534f8b83a9720b0b423128bf9e0a9fd

SHA512
6c580968117112e43ddbf825f05f1c6facb254cf5fa1b1c97dcab160daa01bd65537baa4e014b9fa42f5b0f65e14fb7861bb48ad3dd6e88dd0873ab60a1e9cd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
56be5cacf9beffc3cd4174eb227694a5

SHA1
1d330b36cea9028ab1e6cb40ea6ab829d0f84443

SHA256
ad45a9e45836092e78e0593dd844b7d90c54d6274147f93885ef4dc7c7a5c8c8

SHA512
9df4a7885081fbafe67499cf6bf5dbdd79808b6e09c65b7238f9d4c830738f32ecfd0c2d3b2c07a01a5065179fde65116212aeb07a0fef49802bdc96f780d9f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c948fdb3-bc57-4300-805e-ee9dfeeaf9ca.tmp

Filesize
6KB

MD5
088cf222f91319fc57168a0c71aed7c4

SHA1
af7502e8a995472495d206e5936780e91d897bf5

SHA256
bbac5ca36a8e562ffd76a326b6cfbe5e947f30f54a428e3307a2f8d0ecd5867a

SHA512
7d5229fddacada3f20caf99cba60cf037cd4524dcb6aaf3d244a7a65dfcb49c98be0cebf1923c09d887992bd10dc44a25f31e3489e01d33293235cc636fa62e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarBEC4.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit