5c330a2657f4619ecb416032cd52556c5c0eb50b3ac931dc69e1813a47a8263d

Resubmissions

Analysis

max time kernel
455s
max time network
463s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
24-05-2024 21:13

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

run.js
Size

38KB
MD5

c06c522758ff0f9d118fc3b66f80cfb9
SHA1

b563d4dc0ceab64f0807eb128534e304d2223ee4
SHA256

5c330a2657f4619ecb416032cd52556c5c0eb50b3ac931dc69e1813a47a8263d
SHA512

644ccb5d2a485cb339e17370fb5455bb4b794464b5ef836338bfe904901caebb3886438028522c5c4252e09c004c8babfc7cd721305e7fb959169e3d85d1034a
SSDEEP

768:1Tt5PEHM6pcSq3Tt5zUshHoSp3wu8xMfBmauRS:JtFEHSnDt+sdc2maf

Score

8^/10

evasion execution ransomware

Malware Config

Signatures

Disables Task Manager via registry modification
evasion

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

000.exe

description	ioc	process
File opened (read-only)	\??\E:	000.exe
File opened (read-only)	\??\G:	000.exe
File opened (read-only)	\??\J:	000.exe
File opened (read-only)	\??\K:	000.exe
File opened (read-only)	\??\P:	000.exe
File opened (read-only)	\??\S:	000.exe
File opened (read-only)	\??\Z:	000.exe
File opened (read-only)	\??\A:	000.exe
File opened (read-only)	\??\H:	000.exe
File opened (read-only)	\??\I:	000.exe
File opened (read-only)	\??\N:	000.exe
File opened (read-only)	\??\Q:	000.exe
File opened (read-only)	\??\V:	000.exe
File opened (read-only)	\??\W:	000.exe
File opened (read-only)	\??\L:	000.exe
File opened (read-only)	\??\M:	000.exe
File opened (read-only)	\??\X:	000.exe
File opened (read-only)	\??\B:	000.exe
File opened (read-only)	\??\O:	000.exe
File opened (read-only)	\??\R:	000.exe
File opened (read-only)	\??\T:	000.exe
File opened (read-only)	\??\U:	000.exe
File opened (read-only)	\??\Y:	000.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs
ransomware

Defacement
T1491

Modify Registry
T1112

Processes:

000.exe

description ioc process

Set value (str) \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Control Panel\Desktop\Wallpaper 000.exe
Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Control Panel\Desktop\Wallpaper	000.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Kills process with taskkill 2 IoCs
evasion

Processes:

taskkill.exetaskkill.exe

pid process

2348 taskkill.exe
4576 taskkill.exe

pid	process
2348	taskkill.exe
4576	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133610590365831988"	chrome.exe

Modifies registry class 4 IoCs

Processes:

000.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile	000.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\icon.ico"	000.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3107365284-1576850094-161165143-1000\{9951E065-8717-413A-B6AD-43382EC9AF91}	000.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon	000.exe

NTFS ADS 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\000.zip:Zone.Identifier chrome.exe
Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

vlc.exe

pid process

4748 vlc.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\000.zip:Zone.Identifier	chrome.exe

pid	process
4748	vlc.exe

Suspicious behavior: EnumeratesProcesses 30 IoCs

Processes:

taskmgr.exechrome.exechrome.exe

pid	process
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
2028	chrome.exe
2028	chrome.exe
1728	chrome.exe
1728	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

vlc.exe

pid process

4748 vlc.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

chrome.exe

pid process

2028 chrome.exe
2028 chrome.exe
2028 chrome.exe
2028 chrome.exe
2028 chrome.exe
2028 chrome.exe
2028 chrome.exe

pid	process
4748	vlc.exe

pid	process
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

taskmgr.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	3456	taskmgr.exe
Token: SeSystemProfilePrivilege	3456	taskmgr.exe
Token: SeCreateGlobalPrivilege	3456	taskmgr.exe
Token: 33	3456	taskmgr.exe
Token: SeIncBasePriorityPrivilege	3456	taskmgr.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

taskmgr.exevlc.exechrome.exe

pid	process
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
4748	vlc.exe
4748	vlc.exe
4748	vlc.exe
4748	vlc.exe
4748	vlc.exe
4748	vlc.exe
4748	vlc.exe
4748	vlc.exe
4748	vlc.exe
4748	vlc.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

taskmgr.exevlc.exechrome.exe

pid	process
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
3456	taskmgr.exe
4748	vlc.exe
4748	vlc.exe
4748	vlc.exe
4748	vlc.exe
4748	vlc.exe
4748	vlc.exe
4748	vlc.exe
4748	vlc.exe
4748	vlc.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

vlc.exe000.exe

pid process

4748 vlc.exe
2180 000.exe
2180 000.exe

pid	process
4748	vlc.exe
2180	000.exe
2180	000.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2028 wrote to memory of 2796	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 2796	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4416	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4416	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4416	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4416	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4416	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4416	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4416	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4416	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4416	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4416	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4416	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4416	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4416	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4416	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4416	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4416	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4416	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4416	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4416	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4416	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4416	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4416	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4416	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4416	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4416	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4416	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4416	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4416	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4416	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4416	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4416	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1688	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1688	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1180	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1180	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1180	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1180	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1180	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1180	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1180	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1180	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1180	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1180	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1180	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1180	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1180	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1180	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1180	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1180	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1180	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1180	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1180	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1180	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1180	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1180	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1180	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1180	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1180	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1180	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1180	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1180	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1180	2028	chrome.exe	chrome.exe

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\run.js
1⤵
PID:4900

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3456

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\OptimizeRemove.aiff"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4748

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4920

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost
1⤵
PID:3880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffda2e1ab58,0x7ffda2e1ab68,0x7ffda2e1ab78
2⤵
PID:2796

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1612 --field-trial-handle=1848,i,15004452485205090988,6951500551159907663,131072 /prefetch:2
2⤵
PID:4416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1848,i,15004452485205090988,6951500551159907663,131072 /prefetch:8
2⤵
PID:1688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2216 --field-trial-handle=1848,i,15004452485205090988,6951500551159907663,131072 /prefetch:8
2⤵
PID:1180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1848,i,15004452485205090988,6951500551159907663,131072 /prefetch:1
2⤵
PID:276

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3224 --field-trial-handle=1848,i,15004452485205090988,6951500551159907663,131072 /prefetch:1
2⤵
PID:4868

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4220 --field-trial-handle=1848,i,15004452485205090988,6951500551159907663,131072 /prefetch:1
2⤵
PID:2208

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4520 --field-trial-handle=1848,i,15004452485205090988,6951500551159907663,131072 /prefetch:8
2⤵
PID:5072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4676 --field-trial-handle=1848,i,15004452485205090988,6951500551159907663,131072 /prefetch:8
2⤵
PID:1632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4728 --field-trial-handle=1848,i,15004452485205090988,6951500551159907663,131072 /prefetch:1
2⤵
PID:2404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4868 --field-trial-handle=1848,i,15004452485205090988,6951500551159907663,131072 /prefetch:8
2⤵
PID:2520

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1516 --field-trial-handle=1848,i,15004452485205090988,6951500551159907663,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1536 --field-trial-handle=1848,i,15004452485205090988,6951500551159907663,131072 /prefetch:1
2⤵
PID:1892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4304 --field-trial-handle=1848,i,15004452485205090988,6951500551159907663,131072 /prefetch:8
2⤵
PID:2856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4680 --field-trial-handle=1848,i,15004452485205090988,6951500551159907663,131072 /prefetch:1
2⤵
PID:1604

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3388 --field-trial-handle=1848,i,15004452485205090988,6951500551159907663,131072 /prefetch:1
2⤵
PID:1760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3204 --field-trial-handle=1848,i,15004452485205090988,6951500551159907663,131072 /prefetch:8
2⤵
PID:4768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 --field-trial-handle=1848,i,15004452485205090988,6951500551159907663,131072 /prefetch:8
2⤵
- NTFS ADS
PID:1560

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1860

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C0 0x00000000000004E4
1⤵
PID:752

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1080

C:\Users\Admin\AppData\Local\Temp\Temp1_000.zip\000.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_000.zip\000.exe"
1⤵
- Enumerates connected drives
- Sets desktop wallpaper using registry
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2180

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\windl.bat""
2⤵
PID:3372

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im explorer.exe
3⤵
- Kills process with taskkill
PID:2348

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
3⤵
- Kills process with taskkill
PID:4576

C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic useraccount where name='Admin' set FullName='UR NEXT'
3⤵
PID:3252

C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic useraccount where name='Admin' rename 'UR NEXT'
3⤵
PID:2856

C:\Windows\SysWOW64\shutdown.exe
shutdown /f /r /t 0
3⤵
PID:1352

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa39e8855 /state1:0x41c64e6d
1⤵
PID:2392

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Defacement

T1491

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
Filesize
206KB

MD5
f998b8f6765b4c57936ada0bb2eb4a5a

SHA1
13fb29dc0968838653b8414a125c124023c001df

SHA256
374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef

SHA512
d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c
Filesize
326KB

MD5
5aae70c00054cc7ef59ac13574a82581

SHA1
f05fc8c8af1645202335beeb76e6da6493c393ff

SHA256
d67d918feaf5ba0877317932ec25da10f705200a7c80f0d90f8baad827b7bd0d

SHA512
30bd59101baa97729f225a351846e3f655cec7c75444b2ef399e5c7d498a96a7375376aab3eba58325fd8b5ea7d16ef95940c1c9636d23d204251c3736f11285

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d
Filesize
133KB

MD5
32cbc145fe3c633d23e29bdf65c30121

SHA1
82d6cd7ff158e70cc093e9594152a9084be54917

SHA256
fd7ae142630869d09fbcc261b6c1c0b6dedf522ac295a7125e8e2c952f02e6b6

SHA512
bfe15347175b50f4f20a58bc5576d0d8c902e54bde7546e80a2c29fb2138a9ad53fc6e4485748d87abb7d4fa1765b791f58298287bd810691198ef3bafdb47e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
6a93960feeaac9ac733e220795564fbb

SHA1
e8eab13faa9fa627228c0b5b5220faa92ad6b855

SHA256
53e3dba5635e6a1941e2d1c1633e7ec07dbaedb29ebd23e7f98a305277ac12fc

SHA512
057ad07385492569d96f4446f6ec844a11d5a6f898f0228daf4c707e926ca177d7331a6e50081fdbe820db1fd504b8897c969fddc0acf0ece4e4b7bd4544fd92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
f182874a39b20779c88e099edb88bd1e

SHA1
226d879ff67c9338f5a7df6256f5580494b92bbe

SHA256
48da4b819551b9d79632ec2ad65f865169290db27b390b7682f77e0a0da68ade

SHA512
48c509033a0a715444ed50376f5c98984054f5b65ab31a1ed78379cd691860ed037b9c7ff3d538c2e100393cb24566a61b570d171ada63830b44e9ad80511cbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
11708cbf1aa547583258c70f59fb1f52

SHA1
5b0a847ef4e89b69957fea31ed9f576b60b6dd2a

SHA256
683eeb8960d1d1b830ccab16db6b9938528e6fdf4a1784ec118e5b86132bb528

SHA512
1284efaf5ebdd93ea10915c91ffe288dde4a75f6f3a11f5e166f6cad78130aeef6f5b7628bb3b637f35d5a46e7869a811f0bad025ebb7269fdb6ebba74124ade

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
9882726d00b5f4cbe5a2345dc5e46aa5

SHA1
c29f2bd086cf461d86582d10d98d4522ecaabdff

SHA256
3997f507959196a18c64fcb02735961d3b1f798399e9036eeeb669902e1924ef

SHA512
6e2ac7728214196185f1f07c4eff14108a90f1ed09aa0dd1ea5e09936e3fa633bbb35b9dc8844ea8c681b6bb077add12b527737f44e9f227a37193e6528c440c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
bc2703e3410c81ba1b251f28b764e8f6

SHA1
e92bcfce8f77b6e365c7f8a9bbe7847244a92282

SHA256
28674c55a228952ed113013014e3efcccbc5402b26ab0d249e1b6d2443d697bc

SHA512
2e368182a749c7cd534bd9be4fee5d4147f729f8748822289ad302684c0a9e20e19ccb3673f62423bb50aff32b5bcf6d944d2776343606c23656b796d4d24956

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
832738cf777f76eb7df0a31bbb73619a

SHA1
a3428208c1cf0241e5e58d6c2a10fc1ef11b5d84

SHA256
622b847e12edf0168c073dc270d6b098373f99f8400abcaa57aa4e7c0acfcbde

SHA512
4a8d5109059e120ac7c05b48358b610926996f3e0ddeb3ca6caf35ba0bfc8b9079b8521860828d4a2f4e7ba56c149787522917d9f3b33fa82f1129827f763a5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
c9362ff1b2503f925c1e329a0fb92fa1

SHA1
d01eab170a203eabe771bc98457ada91c934913b

SHA256
d7a327075867911254ee1586a6468325f4788e1fc7cb62581a5e9a4aff9add8b

SHA512
c3e1e32177ce58cbbeb04ea2e27b11020baf4da5b8a5c418f99ff6743e684b2cb65e82f2cac5a1c93d6690819e63ea0e5834ff8e8887b845c305109d09520c63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
867644dc0bd5ead2b970cd0de4919931

SHA1
e3d0e5f640cbbfe601ebc40ee67eefd79ad26a16

SHA256
14b820e9f2cf8d78657fa2c5fbaeb1e7087a077f87a9202d8cbdee6010fc8534

SHA512
544bdf429f24de85a4547b0883e1f6a82a8dceb158adf29708b50211220607861eae5c02a2f010522b14acbc12efca0faf39c35765b73b45d5e62e1e82a780fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
6KB

MD5
98db5bf8ec9a52a7dda0ba8aa09e6b74

SHA1
04633648ea27b88153eab99fe3e8fd304d1252ea

SHA256
6557a2fc1d46d3799af90bea355553d0c6601db27f97996646bbedf73ee680f7

SHA512
bb8e476263e371f2886b5e6e1fdfeb92a11c1700bb383551c9e0c91566f3ec550c8ad1de483b0c72ad9a45fd29b88b968893132b61518f2c20595b4bd42b8d57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
3a86954bf5ccbfdc5465c32056c9c1ad

SHA1
c841d9dd7a889aceb8d443ec5cc4728a273c35b8

SHA256
1ed1b7afea42809dbe1964db0caca495f1602e2645612d24b485f5856eed5b8b

SHA512
b3361ba2b179f4f73c4372954fdff503e66bd0ef90db93360ae8028d13a9e5269030c617a4d6d12a9169a2666c95e1903a52922cd6102b63569b04351683eb03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
3497d47e9fd2666f49373da45dc7644c

SHA1
4346f37c16645a3c838408eff263b392a7ebabd2

SHA256
f968902b32045a8d7d0ccaca43c2ad15561a8d8ad90313e2268fa3f50459d57b

SHA512
8fda46bf7a763c6705cdfa511ce42778b304efba50027ab28edcef15d563a4ef58237329281460f6865bd3cbf9f8131a7eb23562df10c7a35ed2faf3708895e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
524B

MD5
342701f5f2f2917fdd7b50a12cb901db

SHA1
06921df1b900eb9650a529a3b7055332c7a6a846

SHA256
3e9e6852c7765e0566c1e0dd0fa1175a3f31a4e8ba8501c47456b330f9edd456

SHA512
0c0f9f372563817609bcb4c13d38afd092496b7fa347fbf269a8756202d4eaa6c4a17748c4dbf327c5566dcc68a8c1c977db58aa29ed6ffac4359d33a8a24fb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
524B

MD5
8e8af3fa8c2eee6ac19cd672656f5752

SHA1
1b2f48a4099acee7366391c31af420b59ad7b1fc

SHA256
990de8954c9486f3e251c542efc3252b4523a1811eb07ed0cb06376ca2a46392

SHA512
154fa08ced80de3aa79c3ef4612b49389e02fcb05cdf6f23e6835e6e4bb31df67a23c300f5b661223d1b8a197a9440feee231e81312b3804af0d0fc01f54e215

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
524B

MD5
4b348411885b3782890cdd002094e97a

SHA1
f0c349dde00f0841d86eedcda4195ac3b4f27e54

SHA256
30bd114dae57450d63e9b7a4d95b75b75d018f1c8d69448b90f8c8b267903a52

SHA512
a880d5e015f9b6190fd85056280f69ebbbdfa1e8201f7762ebc97e7090d45639c2e2b2ab5d4253cabfa2d48073f8ef51a46edfdb957723c84cdbda403c70de8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
859B

MD5
6fa85f634c36d4bb89327fe3082c0d7a

SHA1
c47b208b6b469705a27ffbd9075f9bdaf460839a

SHA256
63dfde4c4ef580028e92915a4d785c5bda8a083b6c38e7b8dabc3098afa22aba

SHA512
c70cce65b4799033632b010e0ab76087638cbe389bcbae410f90f652dab0050ed1214bbdc7981374d0039369d566fc61d3672a5a7529d660c5aefbaede73d5db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
d3296507b275e8a260e7ff6fdc3dd43b

SHA1
8fefca32187800577e24c1b8f32264a2674e0fef

SHA256
561fb156354183cf022ba2eedc2f12a928bb463d8937c2acf7f9cc082b18f8df

SHA512
9c7ee01e04183d7d0935393acc34a01e4579aeaca6b176d87b3140e55fc99e4d9219a6c2f11a6c40986981637f225b843d0539cd78aaa91fe4bb53171d57e713

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
fe10e8281701d6a514bb7d9e390f0dd1

SHA1
a15958169b07ecf889a9b4fb0ed4705d87da707f

SHA256
b531162ce83cda3399df9e73982c4c06eb082d5edbc42575cf027fdfb899d281

SHA512
e8c28cc12e12ccce0262309115395da5e3c9c207e3c61e0bf14727993376121e7a641fc741312d67b8bb67013961afc1cd707a4aeee6f58cb88747b7bbfaed20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
932d5aae931014a6c7987bfad7adfdb7

SHA1
a39e806804d8b1e474f5fcb4e05e3187238e1187

SHA256
70e6c41d01d75ff3ea67f9d4712e1b00ca521cc352f6afc54a791c73c6d399e5

SHA512
9a47119c0957dc749e883eb8d9ef1b95c331d24a57ed884a288c0f4c538aa42a388583e0f27dec74b4e9633f17b2fcc9b01b19c9d192305cf8cd809d3ec826cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
e9c96ee62213669a31e26e5301e488cc

SHA1
3e6f3f532ee50bab87ebd8994d34aedba25b2b5a

SHA256
e07891ce974d3c699389f796646337a65fbca6ef6c51c2792f9d99e3f513f988

SHA512
59a02e15d48668ef2009ed9e59a5af3b65e14f01e1d884b76a4c4178fdda4b956f376c923b822a48456d4218b9a1e4748c98fab45acb79473960ee7f6b61d352

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
daa00bb366ac04f4ae9195d33aa0d9f6

SHA1
86cbedee3603a65ab8e98e07b60688ed530aff7d

SHA256
ecb2c57c7c6f899fe9bc7e14d28dee198a7b6ec2e3320aca96b0dac70f88509e

SHA512
fd5603f0558f3d66b0e17f5d5e36c8ef1b27bd0d6a6b77bf5ce303bb4533f0575edb0d1cac5a9f2decaa64d4cd5791f56e647eddca679e36d69c23869209004e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
6920de1febaee0255cd54443a4193804

SHA1
ed59e1820eca6aeb6ed207450c8cf16099ea9605

SHA256
610b5c201b0898bc5ea6ee27e46abed3b4fd87dfc1abf77c53bc9c35d5bbb3f5

SHA512
d99daa6e97d20917eb6513db8675e2204b5926ee8025b46cbf123b047a684063c7a93fd44387d466a32d31b4793aae9f7ce1f76a9d4d9c98572b78a8adf39c70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
5da30d37b846dedce6ecb8d422a707a5

SHA1
65e860a34918752eea25965519400e8533650017

SHA256
788296fafd7a13c42f33fb6d5121d46b8aa831eef1c4cf72f818d32bd6050888

SHA512
c07f2e5a1b0bad2d2b6c7a72a694f2ad688e3a7f6211934a088b98db61a71e02918fd1fb4f06427deafb4ba2ceaed36e0c54c759e7f1558e9864d47a3173af1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
60b027f8360764b50da85e2e046714fa

SHA1
99d5952142b286e11c9c95db2e1618ea261e9275

SHA256
6ea6efacae98c38b95aab5649149ca3e9b936852b5e2504cd725e9d2841e547e

SHA512
f6b5e7b77feb467dfca43664cd2246f7e7126f6e198d6f3bbd3ebefa3694ac32a66260cc2e86eddbe922a19f3b5c52fa5c3e434d325c10c68e4f0382e3ebb9fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
867b449e57ee996642601f4826fdda8e

SHA1
c108babe709bd95dd917d8125dca0a4f767d233a

SHA256
ee7d417a787465a5d61985ba50711ecf902d8866c6e977bd0aefe1db7875b602

SHA512
ebc8851627c695b04b40164d56dcf21bf9f084a9fa6fa4032f3153d3ccbfdd90bf14a86b1b82ad64219c0de471eac315fae57567501ac213f3ccf85c46832ec8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
f9ce8e896e13f62c08db4e5a60573c42

SHA1
af3f151c7a7410d74407345b9dfd69f936514aad

SHA256
bd47bb3ff211ff7f4eb1eb633e8a82a724443c29cc6073c6b0d9746e09e39440

SHA512
6a47ddeb259bfa06155e7fd6026982bc530bfc7a6aacfa90c0e533b9dcc72895d6e1b19ea3b76c2aa09ca12aa41dcf58b18f4f20105bd872d562f0914079d790

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
079e79fb08d63caaad940b1763a5aa16

SHA1
4db93296d2c1b966ff012d28fd82f24b19166759

SHA256
d100b5c9aa19ca0191f59283369f08da7aca1c214837dc7c0079e8f0275610ee

SHA512
36110628e09c34f675227eaec43f566388737356c58fd9537253899fa5e89220ba1d13ddca4eb1600d206271101608e4e63672a908b871e6d5f2fe62d30cb963

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
72c035a28079c65159de709877b3de8d

SHA1
715ed302bd343eb2c20968eadfdf3a629f672fb7

SHA256
946ffd1b7983487656fa1f83ff3190cb6fe6cda676704c8276d63f0ca43fefc9

SHA512
272c2090f8aec0aaa077ee419725d6932fb9c8435b3ebb886029d8ce01ab11b53bc326e2d23f15b57094dd804c4e65499f2e21a52173ba7df9d33b8bc8bd8c6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5c1351.TMP
Filesize
120B

MD5
e2b4417b1c9073290461de5a4b3a587d

SHA1
7bdff4d5ea7474cd5f1f093bd133b20b7cd14d82

SHA256
2ecd57f664305b369ffc3a204b3d4ca9386f20607dabeb78ae5ff7517155c5dc

SHA512
6f62ec5480700318c6d4a3632495171743c247bed0dd74822794a49eaf850b38e0c8bcac981eff887f8c01859cce2e3191e4650463507b824d1f26bc0bf97414

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
260KB

MD5
37f12a40d6cacb6843d1b0f0cc81350f

SHA1
f1f4e37e8c35a568eed798cfc1baeba98bcd4890

SHA256
bc4fd8567716856be9bbac74e0c2a74d397cb5840d2640c18283595bcaca5fcc

SHA512
9d209f45f66a6fbe3aa33675077ee418efeec295ad35731ddb8466dece8b646a406ec53b18c35ad0072ea3455baf0e96be6fe39ac3449ecfc9abe57864462f0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
260KB

MD5
38a74a8428fc9dd35f5c13eae4602fe6

SHA1
90ebfb563fd3ebf71a65c38ad8e7f9fdaa5cbf7e

SHA256
54683698db06884dc4d10959c648de9ee50ff9b21f5f01a5b4f8b985b8291af9

SHA512
525e5f74c54ae6921f9eee9e933d2bde532fb6116ec89795a22ee7971c3959cd3e4ff3f5df23ea351bc410f1b8affcd73f100dba0c141435bb0297e30b90953c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
87KB

MD5
e7312715b9e6ee71f1195a773325ff05

SHA1
442ea2d6bd5532f60075902c4607beb88dd8c7c5

SHA256
116d2b24ddcbe955bb43484f3a2af678639b7dd68448ab45b22ea7695571a3a5

SHA512
bfb61acf940a463d9fd9d1f0a036162da45922d2f47d9fb9e21335a0e4a09419c957e9a7cfed3eaeb624f02163ea316a09a652cad737689d1fe9a773d5c2b83a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5d5b90.TMP
Filesize
82KB

MD5
cf2df18f3642c0f74dd29b16ff5f13d4

SHA1
7941efce6e02c7aa805b4f0a04c9506994194531

SHA256
76a356d769e91956a370b3549eadf994050b1ce5697045ea7b261275e1b29733

SHA512
46e150ede2d761126b1b03f2441ef53d904d874c85b321f9e4e99a7648c365a9812b3e72ceaabe3d777752f53ad54b55786267f389a0af83bc4cfc53927706f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
Filesize
896KB

MD5
16cb91529f8b348e677640c9c6e64b27

SHA1
7b55d3a28b56fb73d945f16829c904864739fe71

SHA256
35ff2dc5b2aa6cbde9a4f1591120ecc5473dbe365b9642062369fa81eec37ab8

SHA512
e50ec337d0708b31fbf63aa05535c3515974446015a93e1050a83d172653a3c4765325ba5aa2bba316bee05c0517431d900c57334352f6d83116e90cfcd13094

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.2\WMSDKNS.XML.bak
Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
Filesize
14KB

MD5
cbbb6191a9b96f5a2a9491736b433838

SHA1
b82f7c40eae2224dc658e2fd6d7b6f79cdc13d3a

SHA256
4bbebf908f6497b54bc1abe9ec5850e8ffb4fc1f2b11a68f441ca0dc4c313731

SHA512
426628576d0edd80b8fee2b808c2d96872739f9f457d15db71f2553ef126048e7e348823bf1bd1c56284147f5b291afb11c256abe3d1f5c2f8a3ba6ff2c86b2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\one.rtf
Filesize
403B

MD5
6fbd6ce25307749d6e0a66ebbc0264e7

SHA1
faee71e2eac4c03b96aabecde91336a6510fff60

SHA256
e152b106733d9263d3cf175f0b6197880d70acb753f8bde8035a3e4865b31690

SHA512
35a0d6d91178ec10619cf4d2fd44d3e57aa0266e1779e15b1eef6e9c359c77c384e0ffe4edb2cde980a6847e53f47733e6eacb72d46762066b3541dee3d29064

Download Submit
C:\Users\Admin\AppData\Local\Temp\rniw.exe
Filesize
76KB

MD5
9232120b6ff11d48a90069b25aa30abc

SHA1
97bb45f4076083fca037eee15d001fd284e53e47

SHA256
70faa0e1498461731f873d3594f20cbf2beaa6f123a06b66f9df59a9cdf862be

SHA512
b06688a9fc0b853d2895f11e812c48d5871f2793183fda5e9638ded22fc5dc1e813f174baedc980a1f0b6a7b0a65cd61f29bb16acc6dd45da62988eb012d6877

Download Submit
C:\Users\Admin\AppData\Local\Temp\windl.bat
Filesize
771B

MD5
a9401e260d9856d1134692759d636e92

SHA1
4141d3c60173741e14f36dfe41588bb2716d2867

SHA256
b551fba71dfd526d4916ae277d8686d83fff36d22fcf6f18457924a070b30ef7

SHA512
5cbe38cdab0283b87d9a9875f7ba6fa4e8a7673d933ca05deddddbcf6cf793bd1bf34ac0add798b4ed59ab483e49f433ce4012f571a658bc0add28dd987a57b6

Download Submit
C:\Users\Admin\Desktop\UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR N1XT.txt
Filesize
396B

MD5
9037ebf0a18a1c17537832bc73739109

SHA1
1d951dedfa4c172a1aa1aae096cfb576c1fb1d60

SHA256
38c889b5d7bdcb79bbcb55554c520a9ce74b5bfc29c19d1e4cb1419176c99f48

SHA512
4fb5c06089524c6dcd48b6d165cedb488e9efe2d27613289ef8834dbb6c010632d2bd5e3ac75f83b1d8024477ebdf05b9e0809602bbe1780528947c36e4de32f

Download Submit
C:\Users\Admin\Downloads\000.zip:Zone.Identifier
Filesize
648B

MD5
1cd101588d3a0277a5786e908778e4e7

SHA1
a62a8488d315ac23c129789cc8cc682f61524d87

SHA256
3faecadf36ee767c33885cf78c86aaf9de2e417e6d867a0fc891d38288bae9b5

SHA512
b068dacc80755558be0063e91d08b58828f37b11e806292efc27d9eebaa3f4da077742c33e8718e23ae646c74e98670305709eb3d7505d014ea40c93c4f72dbb

Download Submit
\??\pipe\crashpad_2028_NCRGHQNHZDVWYPZL
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2180-784-0x0000000005D20000-0x00000000062C6000-memory.dmp

Filesize
5.6MB

Download
memory/2180-783-0x0000000000460000-0x0000000000B0E000-memory.dmp

Filesize
6.7MB

Download
memory/2180-803-0x0000000008E60000-0x0000000008E6E000-memory.dmp

Filesize
56KB

Download
memory/2180-802-0x000000000B7C0000-0x000000000B7F8000-memory.dmp

Filesize
224KB

Download
memory/3456-11-0x0000020349640000-0x0000020349641000-memory.dmp

Filesize
4KB

Download
memory/3456-12-0x0000020349640000-0x0000020349641000-memory.dmp

Filesize
4KB

Download
memory/3456-2-0x0000020349640000-0x0000020349641000-memory.dmp

Filesize
4KB

Download
memory/3456-9-0x0000020349640000-0x0000020349641000-memory.dmp

Filesize
4KB

Download
memory/3456-0-0x0000020349640000-0x0000020349641000-memory.dmp

Filesize
4KB

Download
memory/3456-6-0x0000020349640000-0x0000020349641000-memory.dmp

Filesize
4KB

Download
memory/3456-8-0x0000020349640000-0x0000020349641000-memory.dmp

Filesize
4KB

Download
memory/3456-1-0x0000020349640000-0x0000020349641000-memory.dmp

Filesize
4KB

Download
memory/3456-10-0x0000020349640000-0x0000020349641000-memory.dmp

Filesize
4KB

Download
memory/3456-7-0x0000020349640000-0x0000020349641000-memory.dmp

Filesize
4KB

Download
memory/4748-36-0x00007FFDA3110000-0x00007FFDA3121000-memory.dmp

Filesize
68KB

Download
memory/4748-21-0x00007FFDB3A60000-0x00007FFDB3A94000-memory.dmp

Filesize
208KB

Download
memory/4748-20-0x00007FF611070000-0x00007FF611168000-memory.dmp

Filesize
992KB

Download
memory/4748-25-0x00007FFDB7420000-0x00007FFDB7431000-memory.dmp

Filesize
68KB

Download
memory/4748-28-0x00007FFDB2EA0000-0x00007FFDB2EBD000-memory.dmp

Filesize
116KB

Download
memory/4748-30-0x00007FFDA8D40000-0x00007FFDA8D51000-memory.dmp

Filesize
68KB

Download
memory/4748-33-0x00007FFDA8D20000-0x00007FFDA8D38000-memory.dmp

Filesize
96KB

Download
memory/4748-32-0x00007FFDA31B0000-0x00007FFDA31D1000-memory.dmp

Filesize
132KB

Download
memory/4748-31-0x00007FFDA1B00000-0x00007FFDA1B41000-memory.dmp

Filesize
260KB

Download
memory/4748-29-0x00007FFDA1B50000-0x00007FFDA1D5B000-memory.dmp

Filesize
2.0MB

Download
memory/4748-27-0x00007FFDB3130000-0x00007FFDB3141000-memory.dmp

Filesize
68KB

Download
memory/4748-22-0x00007FFDA2750000-0x00007FFDA2A06000-memory.dmp

Filesize
2.7MB

Download
memory/4748-52-0x00007FFDA2750000-0x00007FFDA2A06000-memory.dmp

Filesize
2.7MB

Download
memory/4748-26-0x00007FFDB47C0000-0x00007FFDB47D7000-memory.dmp

Filesize
92KB

Download
memory/4748-35-0x00007FFDA3130000-0x00007FFDA3141000-memory.dmp

Filesize
68KB

Download
memory/4748-47-0x0000027D8D4C0000-0x0000027D8D713000-memory.dmp

Filesize
2.3MB

Download
memory/4748-37-0x00007FFDA0A30000-0x00007FFDA0A41000-memory.dmp

Filesize
68KB

Download
memory/4748-45-0x00007FFDA0830000-0x00007FFDA0887000-memory.dmp

Filesize
348KB

Download
memory/4748-46-0x00007FFDA0260000-0x00007FFDA0272000-memory.dmp

Filesize
72KB

Download
memory/4748-39-0x00007FFDA09F0000-0x00007FFDA0A01000-memory.dmp

Filesize
68KB

Download
memory/4748-40-0x00007FFDA09D0000-0x00007FFDA09E8000-memory.dmp

Filesize
96KB

Download
memory/4748-42-0x00007FFDA0930000-0x00007FFDA0997000-memory.dmp

Filesize
412KB

Download
memory/4748-34-0x00007FFDA0A50000-0x00007FFDA1B00000-memory.dmp

Filesize
16.7MB

Download
memory/4748-43-0x00007FFDA08B0000-0x00007FFDA092C000-memory.dmp

Filesize
496KB

Download
memory/4748-44-0x00007FFDA0890000-0x00007FFDA08A1000-memory.dmp

Filesize
68KB

Download
memory/4748-41-0x00007FFDA09A0000-0x00007FFDA09D0000-memory.dmp

Filesize
192KB

Download
memory/4748-38-0x00007FFDA0A10000-0x00007FFDA0A2B000-memory.dmp

Filesize
108KB

Download
memory/4748-24-0x00007FFDB74F0000-0x00007FFDB7507000-memory.dmp

Filesize
92KB

Download
memory/4748-23-0x00007FFDB7600000-0x00007FFDB7618000-memory.dmp

Filesize
96KB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads