b7a58e2ca2dcce78f002f12b041ffce01dc7d6faa32c5986ec6720f67e36b175

Analysis

max time kernel
43s
max time network
91s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21-05-2024 16:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

avast.exe
Size

40.2MB
MD5

99a40c5610866ea995af39f172b448e2
SHA1

42849a94592d63ff5013114555130f994455efab
SHA256

b7a58e2ca2dcce78f002f12b041ffce01dc7d6faa32c5986ec6720f67e36b175
SHA512

e0dfb5720bb1641f58a8c8eac411422c480f386c851948a9c9313cbda8a9d618764835c056c6a98e3ea4b31b97c2fac5295ae9086395218a5d2521a2ad9e622c
SSDEEP

786432:V+gX4BMdhwzTQXR5FbPp3CLTFcSS5U/LT2K3jygVLzjvJVS2owW+e5Jz9M:PXGMm4XR3b9CLmSCU/+eyglvv/S2owWS

Score

8^/10

pyinstaller

Malware Config

Signatures

Downloads MZ/PE file
Loads dropped DLL 1 IoCs

Processes:

avast.exe

pid process

2608 avast.exe

pid	process
2608	avast.exe

Detects Pyinstaller 1 IoCs

pyinstaller

Processes:

resource	yara_rule
\Program Files (x86)\Aim Master\root.exe	pyinstaller

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

1512 chrome.exe
1512 chrome.exe

Suspicious use of AdjustPrivilegeToken 62 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe
Token: SeShutdownPrivilege	1512	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

Processes:

chrome.exe

pid	process
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exe

pid	process
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe
1512	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

avast.exechrome.exe

description	pid	process	target process
PID 2320 wrote to memory of 2608	2320	avast.exe	avast.exe
PID 2320 wrote to memory of 2608	2320	avast.exe	avast.exe
PID 2320 wrote to memory of 2608	2320	avast.exe	avast.exe
PID 1512 wrote to memory of 2188	1512	chrome.exe	chrome.exe
PID 1512 wrote to memory of 2188	1512	chrome.exe	chrome.exe
PID 1512 wrote to memory of 2188	1512	chrome.exe	chrome.exe
PID 1512 wrote to memory of 1556	1512	chrome.exe	chrome.exe
PID 1512 wrote to memory of 1556	1512	chrome.exe	chrome.exe
PID 1512 wrote to memory of 1556	1512	chrome.exe	chrome.exe
PID 1512 wrote to memory of 1556	1512	chrome.exe	chrome.exe
PID 1512 wrote to memory of 1556	1512	chrome.exe	chrome.exe
PID 1512 wrote to memory of 1556	1512	chrome.exe	chrome.exe
PID 1512 wrote to memory of 1556	1512	chrome.exe	chrome.exe
PID 1512 wrote to memory of 1556	1512	chrome.exe	chrome.exe
PID 1512 wrote to memory of 1556	1512	chrome.exe	chrome.exe
PID 1512 wrote to memory of 1556	1512	chrome.exe	chrome.exe
PID 1512 wrote to memory of 1556	1512	chrome.exe	chrome.exe
PID 1512 wrote to memory of 1556	1512	chrome.exe	chrome.exe
PID 1512 wrote to memory of 1556	1512	chrome.exe	chrome.exe
PID 1512 wrote to memory of 1556	1512	chrome.exe	chrome.exe
PID 1512 wrote to memory of 1556	1512	chrome.exe	chrome.exe
PID 1512 wrote to memory of 1556	1512	chrome.exe	chrome.exe
PID 1512 wrote to memory of 1556	1512	chrome.exe	chrome.exe
PID 1512 wrote to memory of 1556	1512	chrome.exe	chrome.exe
PID 1512 wrote to memory of 1556	1512	chrome.exe	chrome.exe
PID 1512 wrote to memory of 1556	1512	chrome.exe	chrome.exe
PID 1512 wrote to memory of 1556	1512	chrome.exe	chrome.exe
PID 1512 wrote to memory of 1556	1512	chrome.exe	chrome.exe
PID 1512 wrote to memory of 1556	1512	chrome.exe	chrome.exe
PID 1512 wrote to memory of 1556	1512	chrome.exe	chrome.exe
PID 1512 wrote to memory of 1556	1512	chrome.exe	chrome.exe
PID 1512 wrote to memory of 1556	1512	chrome.exe	chrome.exe
PID 1512 wrote to memory of 1556	1512	chrome.exe	chrome.exe
PID 1512 wrote to memory of 1556	1512	chrome.exe	chrome.exe
PID 1512 wrote to memory of 1556	1512	chrome.exe	chrome.exe
PID 1512 wrote to memory of 1556	1512	chrome.exe	chrome.exe
PID 1512 wrote to memory of 1556	1512	chrome.exe	chrome.exe
PID 1512 wrote to memory of 1556	1512	chrome.exe	chrome.exe
PID 1512 wrote to memory of 1556	1512	chrome.exe	chrome.exe
PID 1512 wrote to memory of 1556	1512	chrome.exe	chrome.exe
PID 1512 wrote to memory of 1556	1512	chrome.exe	chrome.exe
PID 1512 wrote to memory of 1556	1512	chrome.exe	chrome.exe
PID 1512 wrote to memory of 1556	1512	chrome.exe	chrome.exe
PID 1512 wrote to memory of 1556	1512	chrome.exe	chrome.exe
PID 1512 wrote to memory of 1556	1512	chrome.exe	chrome.exe
PID 1512 wrote to memory of 2496	1512	chrome.exe	chrome.exe
PID 1512 wrote to memory of 2496	1512	chrome.exe	chrome.exe
PID 1512 wrote to memory of 2496	1512	chrome.exe	chrome.exe
PID 1512 wrote to memory of 1536	1512	chrome.exe	chrome.exe
PID 1512 wrote to memory of 1536	1512	chrome.exe	chrome.exe
PID 1512 wrote to memory of 1536	1512	chrome.exe	chrome.exe
PID 1512 wrote to memory of 1536	1512	chrome.exe	chrome.exe
PID 1512 wrote to memory of 1536	1512	chrome.exe	chrome.exe
PID 1512 wrote to memory of 1536	1512	chrome.exe	chrome.exe
PID 1512 wrote to memory of 1536	1512	chrome.exe	chrome.exe
PID 1512 wrote to memory of 1536	1512	chrome.exe	chrome.exe
PID 1512 wrote to memory of 1536	1512	chrome.exe	chrome.exe
PID 1512 wrote to memory of 1536	1512	chrome.exe	chrome.exe
PID 1512 wrote to memory of 1536	1512	chrome.exe	chrome.exe
PID 1512 wrote to memory of 1536	1512	chrome.exe	chrome.exe
PID 1512 wrote to memory of 1536	1512	chrome.exe	chrome.exe
PID 1512 wrote to memory of 1536	1512	chrome.exe	chrome.exe
PID 1512 wrote to memory of 1536	1512	chrome.exe	chrome.exe
PID 1512 wrote to memory of 1536	1512	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\avast.exe
"C:\Users\Admin\AppData\Local\Temp\avast.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2320

C:\Users\Admin\AppData\Local\Temp\avast.exe
"C:\Users\Admin\AppData\Local\Temp\avast.exe"
2⤵
- Loads dropped DLL
PID:2608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1512

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7369758,0x7fef7369768,0x7fef7369778
2⤵
PID:2188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1144 --field-trial-handle=1200,i,7802567394328420868,9624172790886402468,131072 /prefetch:2
2⤵
PID:1556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1496 --field-trial-handle=1200,i,7802567394328420868,9624172790886402468,131072 /prefetch:8
2⤵
PID:2496

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1600 --field-trial-handle=1200,i,7802567394328420868,9624172790886402468,131072 /prefetch:8
2⤵
PID:1536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2256 --field-trial-handle=1200,i,7802567394328420868,9624172790886402468,131072 /prefetch:1
2⤵
PID:2620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2288 --field-trial-handle=1200,i,7802567394328420868,9624172790886402468,131072 /prefetch:1
2⤵
PID:2644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1028 --field-trial-handle=1200,i,7802567394328420868,9624172790886402468,131072 /prefetch:2
2⤵
PID:768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3220 --field-trial-handle=1200,i,7802567394328420868,9624172790886402468,131072 /prefetch:1
2⤵
PID:2008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3248 --field-trial-handle=1200,i,7802567394328420868,9624172790886402468,131072 /prefetch:8
2⤵
PID:2240

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3444 --field-trial-handle=1200,i,7802567394328420868,9624172790886402468,131072 /prefetch:8
2⤵
PID:1692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3524 --field-trial-handle=1200,i,7802567394328420868,9624172790886402468,131072 /prefetch:8
2⤵
PID:1616

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3644 --field-trial-handle=1200,i,7802567394328420868,9624172790886402468,131072 /prefetch:1
2⤵
PID:2704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3848 --field-trial-handle=1200,i,7802567394328420868,9624172790886402468,131072 /prefetch:8
2⤵
PID:2752

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3904 --field-trial-handle=1200,i,7802567394328420868,9624172790886402468,131072 /prefetch:1
2⤵
PID:2540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3876 --field-trial-handle=1200,i,7802567394328420868,9624172790886402468,131072 /prefetch:1
2⤵
PID:2520

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3912 --field-trial-handle=1200,i,7802567394328420868,9624172790886402468,131072 /prefetch:1
2⤵
PID:760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3872 --field-trial-handle=1200,i,7802567394328420868,9624172790886402468,131072 /prefetch:1
2⤵
PID:2768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2576 --field-trial-handle=1200,i,7802567394328420868,9624172790886402468,131072 /prefetch:8
2⤵
PID:2968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2756 --field-trial-handle=1200,i,7802567394328420868,9624172790886402468,131072 /prefetch:8
2⤵
PID:920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3928 --field-trial-handle=1200,i,7802567394328420868,9624172790886402468,131072 /prefetch:8
2⤵
PID:1952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1876 --field-trial-handle=1200,i,7802567394328420868,9624172790886402468,131072 /prefetch:8
2⤵
PID:2004

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=664 --field-trial-handle=1200,i,7802567394328420868,9624172790886402468,131072 /prefetch:8
2⤵
PID:1716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2816 --field-trial-handle=1200,i,7802567394328420868,9624172790886402468,131072 /prefetch:8
2⤵
PID:2820

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1200,i,7802567394328420868,9624172790886402468,131072 /prefetch:8
2⤵
PID:692

C:\Users\Admin\Downloads\setup.exe
"C:\Users\Admin\Downloads\setup.exe"
2⤵
PID:592

C:\Users\Admin\AppData\Local\Temp\is-QFJEP.tmp\setup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-QFJEP.tmp\setup.tmp" /SL5="$8016C,29366223,913408,C:\Users\Admin\Downloads\setup.exe"
3⤵
PID:600

C:\Program Files (x86)\Aim Master\root.exe
"C:\Program Files (x86)\Aim Master\root.exe"
4⤵
PID:2388

C:\Program Files (x86)\Aim Master\root.exe
"C:\Program Files (x86)\Aim Master\root.exe"
5⤵
PID:2272

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d1a5b8ff6d7c7394b6d3cb0f5acebc82

SHA1
6aeb14ddfb87c50790c5a0fb42997de2e21848fa

SHA256
1915a334490d2cbfb4419058ba7be076cf49880486c0075eb58757f721d10732

SHA512
186af1676e82a9957883016ba7c9022d25e0a7a5ed4b78f231b6ed98ca2816541fda84969d7d5d7e13bfa46a7b4b5e2e2f1fdd0513cdb5ab32a0b2b0443c5e9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
8877962efe6c6220152769c68a608d59

SHA1
714549390bc8f5ed6ffa66ecb9397f1719eb9bc0

SHA256
270cce8bb194677967fbf694b0668189c21d7c4002f22f998cfb378a1eb04584

SHA512
1a68ca73c962f94d3e7c9f7aa71722493985fd1d15ea0246c2cadc28ab258061ec2b62c4ea7944ac92020b76777499d2cdbfd841535de5165661a801bc678aad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
91ef5bcf7fd473dac001af033024bc47

SHA1
dda7885c538b2f01811b76f5b6b9e8e6f4cfda50

SHA256
9d16c4175f640ef8c467d2a99bb5a89b141c34cda644569aee8956b36a5b09e2

SHA512
c0ec009aa056971924da10b666d56e88a9ecf52c404b5945bbfdbd1097b8ddef5a0221d927e04360a6ce02c09ce2476e88ebbfff60efb38138f108dc937a78e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
94bec0f0bdd183631bb31e06ca22dbc9

SHA1
56d16a04d17bde850536045b25efb6bd16194694

SHA256
bd6dd050583a817c36f82259a8d569b099034cb5a2d5801dc62068887537d7ba

SHA512
9e91c741fa4e4ec3cb0668cda4c0106dddcf31d2f9891c8b8595d1aa810e38c41c2829c721d281dc685e2667f3f4aab5731186eea3fca66d65c8e8b07ac2d452

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
270KB

MD5
5d27c4b8b1e8796f9033a60a64e85b50

SHA1
f0d6eee3cdb1554f9ffd558810d2a2bfb3434a48

SHA256
63e9bc6ee4999342b398911fe492dd1a526ae70220e3d2086fe112b8c6c9cb4c

SHA512
051860b5d3d5bd41af6da6a320ee7bc88bdae0acd985f0fce88fd5868ee85651563eabc9c3e7c997e42e2233dfab7096413a569d72d8e00bf6a675b014b15111

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
82KB

MD5
0015e625d07fc9c91c2048b8dffd184d

SHA1
d0f945e0e1994dbd83f6dd4bc564c0dc398a1f26

SHA256
fb74510bc5466554d8509173c8f227eeb05e019f07967cb2acd9981d1d48c121

SHA512
3dc9ee90611b678c36972630cbf7c539892c96c98543af64d8664dc214967b14e8fd845e4e1ec5fe1028d75568f5bff15b2ea316a0b1d4e44fe27505481e8f4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\c2a81037-a72d-439b-9de2-9f97995cabfe.tmp

Filesize
270KB

MD5
e3669d1e93fc5eb38cab09420371b213

SHA1
ed918bf85791951b2f4c25043f5af7de3475c285

SHA256
92297c1ec9cdafbe413a450b68c19a9488d2f5ab65582c86e1b2ee1bd7489bd8

SHA512
f2d6983898136f209b7455d7d593f552396e896274f672e86f199d2c12e546a46a93a70ff81236c2d967fc2e98fe5a3adf584edc137fa4df718fa51fd966c3c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9C27.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23202\python312.dll

Filesize
6.6MB

MD5
5c5602cda7ab8418420f223366fff5db

SHA1
52f81ee0aef9b6906f7751fd2bbd4953e3f3b798

SHA256
e7890e38256f04ee0b55ac5276bbf3ac61392c3a3ce150bb5497b709803e17ce

SHA512
51c3b4f29781bb52c137ddb356e1bc5a37f3a25f0ed7d89416b14ed994121f884cb3e40ccdbb211a8989e3bd137b8df8b28e232f98de8f35b03965cfce4b424f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23882\api-ms-win-core-file-l2-1-0.dll

Filesize
22KB

MD5
cdfc83e189bda0ac9eab447671754e87

SHA1
cf597ee626366738d0ea1a1d8be245f26abbea72

SHA256
f4811f251c49c9ae75f9fe25890bacede852e4f1bfdc6685f49096253a43f007

SHA512
659ee46e210fcad6c778988a164ce3f69a137d05fb2699ff662540cbb281b38719017f1049d5189fafdae06c07a48d3d29dd98e11c1cae5d47768c243af37fe9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23882\api-ms-win-core-localization-l1-2-0.dll

Filesize
22KB

MD5
f1d0595773886d101e684e772118d1ef

SHA1
290276053a75cbeb794441965284b18311ab355d

SHA256
040e1572da9a980392184b1315f27ebcdaf07a0d94ddf49cbd0d499f7cdb099a

SHA512
db57f4ae78f7062cfe392d6829c5975be91d0062ff06725c45c06a74e04ade8bcaf709cfebeba8146fb4396206141aa49572968ea240aa1cba909e43985dc3ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23882\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
22KB

MD5
e26a5e364a76bf00feaab920c535adbb

SHA1
411eaf1ca1d8f1aebcd816d93933561c927f2754

SHA256
b3c0356f64e583c8aca3b1284c6133540a8a12f94b74568fb78ddc36eac6ab15

SHA512
333e42eeea07a46db46f222e27429facaaf2ce8a433f0c39f5d5c72e67d894c813d3cf77880434f6373e0d8fffa3ef96d5f37e38dd4775491f3da2b569e9df59

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23882\api-ms-win-core-timezone-l1-1-0.dll

Filesize
22KB

MD5
566232dabd645dcd37961d7ec8fde687

SHA1
88a7a8c777709ae4b6d47bed6678d0192eb3bc3f

SHA256
1290d332718c47961052ebc97a3a71db2c746a55c035a32b72e5ff00eb422f96

SHA512
e5d549c461859445006a4083763ce855adbb72cf9a0bcb8958daa99e20b1ca8a82dec12e1062787e2ae8aee94224b0c92171a4d99ed348b94eab921ede205220

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI23882\ucrtbase.dll

Filesize
1.1MB

MD5
a9f5b06fae677c9eb5be8b37d5fb1cb9

SHA1
5c37b880a1479445dd583f85c58a8790584f595d

SHA256
4e9e93fd6486571e1b5dce381fa536fb6c5593584d3330368ccd47ee6107bf52

SHA512
5d7664716fa52f407d56771862262317ac7f4a03f31f209333c3eea7f1c8cf3d5dbafc1942122948d19208d023df220407014f47e57694e70480a878822b779a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-QFJEP.tmp\setup.tmp

Filesize
3.1MB

MD5
ec6d581c16d463ccde5b939e44e5a50a

SHA1
dbd33b25bcb2c5403e03fc962abb959c8a57d871

SHA256
564f3e7829a9f67e1ec87ed44c71d0321304256c101e0f85c2b6043d2b19e847

SHA512
4463fe55c54227d002b3c04599924d6c38883f261d938af75322eb27c8afa3f5fc3fb690e18c1b62a1f3bdde004340a60a9b713fa3c124422e4b4f3b5ab75b91

Download Submit
C:\Users\Admin\Downloads\setup.exe

Filesize
28.9MB

MD5
1e881a61b6d039124e1511cdd5919ad8

SHA1
ce9ee4388d2d5108b52416c77feb230d8d19fc95

SHA256
b03628d6232248feadb3d524612a1a9c6fbb25ea42e62e73d74893369899f72f

SHA512
a9d034d1acd275b07cf593cd3e064ebf34d4491efbe5982162abe418650ee543eb4440501f0a9bc718e5622a3fcacba3dc0ed10605c4ec429f79ad73bdc82058

Download Submit
\??\pipe\crashpad_1512_KZRUWZEPBNSHDHMW

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\Program Files (x86)\Aim Master\root.exe

Filesize
10.7MB

MD5
79e97bf3de783972cacb3439d7e4b9d6

SHA1
1dd239a1903f90ba002e45e99e2c4896a6a0221b

SHA256
fa1e8d5f51dc7ec1353ba2cbfd1e03aa268c0c08a4764a0ad8ab85ce169ab2ac

SHA512
882679d66ccfee0a44a43e307700e2c0544fff8e2ea8e64403c7a0396c2411f3f36f44ac40a5a21bbd17381e3e558d073f3736a63daf800b22b47de404007b03

Download Submit
\Program Files (x86)\Aim Master\unins000.exe

Filesize
3.1MB

MD5
10c7c5ea526f6aa871c0b2f81a179ff8

SHA1
9d7c10de0d444c6a64d24bb23a42cc5c50ee9178

SHA256
8b8cc634ec05c4174763e76aae63433c6023ad39948796938e34ee92f6b19c67

SHA512
c5d333adc599936ae650210c8064bfd190d84194b32c3498d486419d67e2122470554ca6267a16f512f27f62eafb248c83e3ae5514f63fb3987b002ce1ec655d

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI23882\api-ms-win-core-file-l1-2-0.dll

Filesize
22KB

MD5
852904535068e569e2b157f3bca0c08f

SHA1
c79b4d109178f4ab8c19ab549286eee4edf6eddb

SHA256
202b77cd363fce7c09d9a59b5779f701767c8734cc17bbe8b9ece5a0619f2225

SHA512
3e814678c7aa0d3d3a637ce3048e3b472dbb01b2e2a5932e5b257aa76bf8de8117a38e2a352daff66939a73c1b971b302f5635ea1d826b8a3afa49f9b543a541

Download Submit
memory/592-1299-0x0000000000400000-0x00000000004EC000-memory.dmp

Filesize
944KB

Download
memory/592-657-0x0000000000400000-0x00000000004EC000-memory.dmp

Filesize
944KB

Download
memory/592-607-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/592-604-0x0000000000400000-0x00000000004EC000-memory.dmp

Filesize
944KB

Download
memory/600-1295-0x0000000000400000-0x0000000000728000-memory.dmp

Filesize
3.2MB

Download
memory/600-658-0x0000000000400000-0x0000000000728000-memory.dmp

Filesize
3.2MB

Download