d48fdae8ad6d77a8966e05ad9b8b44d682af1777e8a21d4499f7db1a9c3da33b

Analysis

max time kernel
139s
max time network
139s
platform
windows7_x64
resource
win7-20240221-es
resource tags

arch:x64arch:x86image:win7-20240221-eslocale:es-esos:windows7-x64systemwindows
submitted
25/05/2024, 17:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Cracked-RedEngine-Fivem-main/RedEngine_Cracked_V5_1.rar
Size

1.4MB
MD5

134689ca0917e44a74d51a1a3c2a89f2
SHA1

43538701963c2366b7de676b1a13ea3580517a3c
SHA256

1dfe3f83136031270e0d10047557c532b49a874b77bc455d6c93d356349545c7
SHA512

4cfd9f93f64d93df43e15e5d0d47ac0f42c0ce832fe1745c7ad0e60809b39cb532040ffd19dd1fdb772fcb9147d8f2f215233ab1fe88c9608314c2d1131fc6a9
SSDEEP

24576:+KC9fMa6jR1ENRM9gzLxJKojLOVHbe+Aw7Oev+PKSXUMI+aWFNF2/f+tNy:+KCaDORX336VHbuqvxSpayF2/f+tg

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 31 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4059C423-D0CA-11EE-8D6E-CA3DB73CB573}.dat = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingDelete	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C9064B21-1ABE-11EF-8D6E-CA3DB73CB573} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
900	chrome.exe
900	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2528	7zFM.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	2528	7zFM.exe
Token: 35	2528	7zFM.exe
Token: SeSecurityPrivilege	2528	7zFM.exe
Token: SeSecurityPrivilege	2528	7zFM.exe
Token: SeShutdownPrivilege	900	chrome.exe
Token: SeShutdownPrivilege	900	chrome.exe
Token: SeShutdownPrivilege	900	chrome.exe
Token: SeShutdownPrivilege	900	chrome.exe
Token: SeShutdownPrivilege	900	chrome.exe
Token: SeShutdownPrivilege	900	chrome.exe
Token: SeShutdownPrivilege	900	chrome.exe
Token: SeShutdownPrivilege	900	chrome.exe
Token: SeShutdownPrivilege	900	chrome.exe
Token: SeShutdownPrivilege	900	chrome.exe
Token: SeShutdownPrivilege	900	chrome.exe
Token: SeShutdownPrivilege	900	chrome.exe
Token: SeShutdownPrivilege	900	chrome.exe
Token: SeShutdownPrivilege	900	chrome.exe
Token: SeShutdownPrivilege	900	chrome.exe
Token: SeShutdownPrivilege	900	chrome.exe
Token: SeShutdownPrivilege	900	chrome.exe
Token: SeShutdownPrivilege	900	chrome.exe
Token: SeShutdownPrivilege	900	chrome.exe
Token: SeShutdownPrivilege	900	chrome.exe
Token: SeShutdownPrivilege	900	chrome.exe
Token: SeShutdownPrivilege	900	chrome.exe
Token: SeShutdownPrivilege	900	chrome.exe
Token: SeShutdownPrivilege	900	chrome.exe
Token: SeShutdownPrivilege	900	chrome.exe
Token: SeShutdownPrivilege	900	chrome.exe
Token: SeShutdownPrivilege	900	chrome.exe
Token: SeShutdownPrivilege	900	chrome.exe
Token: SeShutdownPrivilege	900	chrome.exe
Token: SeShutdownPrivilege	900	chrome.exe
Token: SeShutdownPrivilege	900	chrome.exe
Token: SeShutdownPrivilege	900	chrome.exe
Token: SeShutdownPrivilege	900	chrome.exe
Token: SeShutdownPrivilege	900	chrome.exe
Token: SeShutdownPrivilege	900	chrome.exe
Token: SeShutdownPrivilege	900	chrome.exe
Token: SeShutdownPrivilege	900	chrome.exe
Token: SeShutdownPrivilege	900	chrome.exe
Token: SeShutdownPrivilege	900	chrome.exe
Token: SeShutdownPrivilege	900	chrome.exe
Token: SeShutdownPrivilege	900	chrome.exe
Token: SeShutdownPrivilege	900	chrome.exe
Token: SeShutdownPrivilege	900	chrome.exe
Token: SeShutdownPrivilege	900	chrome.exe
Token: SeShutdownPrivilege	900	chrome.exe
Token: SeShutdownPrivilege	900	chrome.exe
Token: SeShutdownPrivilege	900	chrome.exe
Token: SeShutdownPrivilege	900	chrome.exe
Token: SeShutdownPrivilege	900	chrome.exe
Token: SeShutdownPrivilege	900	chrome.exe
Token: SeShutdownPrivilege	900	chrome.exe
Token: SeShutdownPrivilege	900	chrome.exe
Token: SeShutdownPrivilege	900	chrome.exe
Token: SeShutdownPrivilege	900	chrome.exe
Token: SeShutdownPrivilege	900	chrome.exe
Token: SeShutdownPrivilege	900	chrome.exe
Token: SeShutdownPrivilege	900	chrome.exe
Token: SeShutdownPrivilege	900	chrome.exe
Token: SeShutdownPrivilege	900	chrome.exe
Token: SeShutdownPrivilege	900	chrome.exe

Suspicious use of FindShellTrayWindow 40 IoCs

pid	Process
2528	7zFM.exe
2528	7zFM.exe
2528	7zFM.exe
1764	iexplore.exe
900	chrome.exe
900	chrome.exe
900	chrome.exe
900	chrome.exe
900	chrome.exe
900	chrome.exe
900	chrome.exe
900	chrome.exe
900	chrome.exe
900	chrome.exe
900	chrome.exe
900	chrome.exe
900	chrome.exe
900	chrome.exe
900	chrome.exe
900	chrome.exe
900	chrome.exe
900	chrome.exe
900	chrome.exe
900	chrome.exe
900	chrome.exe
900	chrome.exe
900	chrome.exe
900	chrome.exe
900	chrome.exe
900	chrome.exe
900	chrome.exe
900	chrome.exe
900	chrome.exe
900	chrome.exe
900	chrome.exe
900	chrome.exe
900	chrome.exe
900	chrome.exe
2528	7zFM.exe
2528	7zFM.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
900	chrome.exe
900	chrome.exe
900	chrome.exe
900	chrome.exe
900	chrome.exe
900	chrome.exe
900	chrome.exe
900	chrome.exe
900	chrome.exe
900	chrome.exe
900	chrome.exe
900	chrome.exe
900	chrome.exe
900	chrome.exe
900	chrome.exe
900	chrome.exe
900	chrome.exe
900	chrome.exe
900	chrome.exe
900	chrome.exe
900	chrome.exe
900	chrome.exe
900	chrome.exe
900	chrome.exe
900	chrome.exe
900	chrome.exe
900	chrome.exe
900	chrome.exe
900	chrome.exe
900	chrome.exe
900	chrome.exe
900	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1764	iexplore.exe
1764	iexplore.exe
1568	IEXPLORE.EXE
1568	IEXPLORE.EXE
896	IEXPLORE.EXE
896	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1996 wrote to memory of 2528	1996	cmd.exe	29
PID 1996 wrote to memory of 2528	1996	cmd.exe	29
PID 1996 wrote to memory of 2528	1996	cmd.exe	29
PID 1764 wrote to memory of 1568	1764	iexplore.exe	34
PID 1764 wrote to memory of 1568	1764	iexplore.exe	34
PID 1764 wrote to memory of 1568	1764	iexplore.exe	34
PID 1764 wrote to memory of 1568	1764	iexplore.exe	34
PID 1764 wrote to memory of 896	1764	iexplore.exe	35
PID 1764 wrote to memory of 896	1764	iexplore.exe	35
PID 1764 wrote to memory of 896	1764	iexplore.exe	35
PID 1764 wrote to memory of 896	1764	iexplore.exe	35
PID 900 wrote to memory of 1440	900	chrome.exe	37
PID 900 wrote to memory of 1440	900	chrome.exe	37
PID 900 wrote to memory of 1440	900	chrome.exe	37
PID 900 wrote to memory of 292	900	chrome.exe	39
PID 900 wrote to memory of 292	900	chrome.exe	39
PID 900 wrote to memory of 292	900	chrome.exe	39
PID 900 wrote to memory of 292	900	chrome.exe	39
PID 900 wrote to memory of 292	900	chrome.exe	39
PID 900 wrote to memory of 292	900	chrome.exe	39
PID 900 wrote to memory of 292	900	chrome.exe	39
PID 900 wrote to memory of 292	900	chrome.exe	39
PID 900 wrote to memory of 292	900	chrome.exe	39
PID 900 wrote to memory of 292	900	chrome.exe	39
PID 900 wrote to memory of 292	900	chrome.exe	39
PID 900 wrote to memory of 292	900	chrome.exe	39
PID 900 wrote to memory of 292	900	chrome.exe	39
PID 900 wrote to memory of 292	900	chrome.exe	39
PID 900 wrote to memory of 292	900	chrome.exe	39
PID 900 wrote to memory of 292	900	chrome.exe	39
PID 900 wrote to memory of 292	900	chrome.exe	39
PID 900 wrote to memory of 292	900	chrome.exe	39
PID 900 wrote to memory of 292	900	chrome.exe	39
PID 900 wrote to memory of 292	900	chrome.exe	39
PID 900 wrote to memory of 292	900	chrome.exe	39
PID 900 wrote to memory of 292	900	chrome.exe	39
PID 900 wrote to memory of 292	900	chrome.exe	39
PID 900 wrote to memory of 292	900	chrome.exe	39
PID 900 wrote to memory of 292	900	chrome.exe	39
PID 900 wrote to memory of 292	900	chrome.exe	39
PID 900 wrote to memory of 292	900	chrome.exe	39
PID 900 wrote to memory of 292	900	chrome.exe	39
PID 900 wrote to memory of 292	900	chrome.exe	39
PID 900 wrote to memory of 292	900	chrome.exe	39
PID 900 wrote to memory of 292	900	chrome.exe	39
PID 900 wrote to memory of 292	900	chrome.exe	39
PID 900 wrote to memory of 292	900	chrome.exe	39
PID 900 wrote to memory of 292	900	chrome.exe	39
PID 900 wrote to memory of 292	900	chrome.exe	39
PID 900 wrote to memory of 292	900	chrome.exe	39
PID 900 wrote to memory of 292	900	chrome.exe	39
PID 900 wrote to memory of 292	900	chrome.exe	39
PID 900 wrote to memory of 292	900	chrome.exe	39
PID 900 wrote to memory of 2116	900	chrome.exe	40
PID 900 wrote to memory of 2116	900	chrome.exe	40
PID 900 wrote to memory of 2116	900	chrome.exe	40
PID 900 wrote to memory of 2592	900	chrome.exe	41
PID 900 wrote to memory of 2592	900	chrome.exe	41
PID 900 wrote to memory of 2592	900	chrome.exe	41
PID 900 wrote to memory of 2592	900	chrome.exe	41
PID 900 wrote to memory of 2592	900	chrome.exe	41
PID 900 wrote to memory of 2592	900	chrome.exe	41
PID 900 wrote to memory of 2592	900	chrome.exe	41
PID 900 wrote to memory of 2592	900	chrome.exe	41

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Cracked-RedEngine-Fivem-main\RedEngine_Cracked_V5_1.rar
1⤵
- Suspicious use of WriteProcessMemory
PID:1996
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Cracked-RedEngine-Fivem-main\RedEngine_Cracked_V5_1.rar"
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:2528

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1764
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1764 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1568
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1764 CREDAT:275463 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef4be9758,0x7fef4be9768,0x7fef4be9778
  2⤵
  PID:1440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1148 --field-trial-handle=1236,i,4820092079023490989,17087883429511579869,131072 /prefetch:2
  2⤵
  PID:292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1508 --field-trial-handle=1236,i,4820092079023490989,17087883429511579869,131072 /prefetch:8
  2⤵
  PID:2116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1640 --field-trial-handle=1236,i,4820092079023490989,17087883429511579869,131072 /prefetch:8
  2⤵
  PID:2592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2212 --field-trial-handle=1236,i,4820092079023490989,17087883429511579869,131072 /prefetch:1
  2⤵
  PID:2636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2220 --field-trial-handle=1236,i,4820092079023490989,17087883429511579869,131072 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1404 --field-trial-handle=1236,i,4820092079023490989,17087883429511579869,131072 /prefetch:2
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2924 --field-trial-handle=1236,i,4820092079023490989,17087883429511579869,131072 /prefetch:1
  2⤵
  PID:1416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3460 --field-trial-handle=1236,i,4820092079023490989,17087883429511579869,131072 /prefetch:8
  2⤵
  PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3576 --field-trial-handle=1236,i,4820092079023490989,17087883429511579869,131072 /prefetch:8
  2⤵
  PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3564 --field-trial-handle=1236,i,4820092079023490989,17087883429511579869,131072 /prefetch:8
  2⤵
  PID:1604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3716 --field-trial-handle=1236,i,4820092079023490989,17087883429511579869,131072 /prefetch:1
  2⤵
  PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3880 --field-trial-handle=1236,i,4820092079023490989,17087883429511579869,131072 /prefetch:1
  2⤵
  PID:1568

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1268

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5fc642e4a120b2adca32d36ddef18185

SHA1
fb2fc93ba04ee27df12cfa8b32dab574a01c0ded

SHA256
f80601d4a8010f80ffe60abb0cde6c2e45bc547787b8634e7499022d977c9df0

SHA512
8d4d7ca4b7ee4da58d71a10218eddc852681809a1a5a239137fbedada22d10ae42c5076e70c70115f690e224de3a0fb483e933d6ee76a086ed532d9f5c19ad92

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6232f865f691980361b691b1b6837c46

SHA1
fce41a8f7564769e498cbb6bb13490c571ccc000

SHA256
78368542a57a31981353e9420610d6bafa11d0c8ffb92588d2e6c02dec8e8a15

SHA512
2d9c5dd98e02037b0164c206b69694200f70a2db543da2b133c25eb5c421e4ded072df0232cc45a7b55fd8179ecb6bd251d4822e2c9fcce551c494bb040cbac2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
334867489e1ba45de860609281c17771

SHA1
1b48190eb79f07f1bcc54fc92615600207f53110

SHA256
6f5d298fbeadc104c52f8db1409c81e2907cee2ae4e2ef4a659c97de09c5bca7

SHA512
b1a83188c6f5783703981dae6b075871c826ff996b59d931f5f9ba04ea3b72e920e18075ed57be7dddf46fa1db54bcf226899420e5336f5bf0489e08f0732ec2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
17b5e471a8297aaa5239ee38229e6433

SHA1
64303c81b611e88cd7da332361fd68422e28c38c

SHA256
ec4888f0a32f9f1bc13cbc78e5a637a7acdb160779d01521df62b351c7ba66c2

SHA512
733da01966b879891c66af21244fd1a8973c5df9c4bbd383f90dad13dc174a430bdee3f8d3190a583abb3be87f0a7ebd972fc86c231c042f2fa1e47bc76ebc70

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2c3067f361c86b118b364c3f19e85eab

SHA1
67bf0974204ee93df397827f8f13c0b450ea7398

SHA256
9e92943ccc360cd05e4041b02d90465ba1bf9a8d0679c46b4959ca4fbdda31c8

SHA512
cb7877f77d739679579dedc3b4bbe741315c56f9dffe1af692ebb210b124a1b662ee18c216ecdc0f5934434f496b20d57331c1fb563c62957a5c704b9d509259

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9aaae818abe2c697389e0a9bd414c795

SHA1
d3552316b652af98fc84eb5473a45b6002a53947

SHA256
4e21d1d8eea2e53d624e8a638960a7e7827957da6c373ac26a342eb6a1ef6f44

SHA512
ba1cc39fe310433a44ca154ceac6cd38b61b7871136696a0fe1951b47ed0879445abaf75f228360116ff3675cd1b0c442f757a6ef176f280a1765b39e5ecde49

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
942c34bc793edae01df77c7713094872

SHA1
73548b55585af2842566a687383280837f7ba837

SHA256
1d19be4f5139fe79842391efd77360539bb2c8bc6076f3a6135f67abc8586521

SHA512
3b9a38d61e98785bf8cb4f23f68fc85bde5bac67a962220e774d66b8371ce97d05fa9beddba628db4a0ae1c19a60e49fd5c6571a7bba355a1cb78331cc874edd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fdc798c58fb1a26770ef2288a0fd06c1

SHA1
40c9cf4954eec792569a0bf5658944580812293e

SHA256
cedd086a39365a55b253ddb2ccff040502b35b25d345343aed2aaeec753ad208

SHA512
48de2ccc27c06e9c8fa6085323b5dc0c94cd9530e0bb23dbcfff28a11b78524546a324bed356c8225e845b540731608f41617d3e76ce71424551eb4fd7b90284

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1f0ba2b104ef27e821028f5c312cd880

SHA1
9ff6f6bd46b1bc192fc4922d2a75729eda5f552b

SHA256
3fdc546f20c6a5da4ad0af5fd26d7b43da5c812f0128aa33238f7d387f11e2cb

SHA512
761bbfc6ecd778652fba50bf9caa2c2e5d9daa5f73ab450e02b084f224ae017a67729a64282d9e4c7c8f574c5e728c3ecebaacf5686586ac715648ec982092c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
527B

MD5
2abb3ebcccf50cbbc9716f8eb1120f0a

SHA1
05053cf913a4d8d66f760c3739b68def0c6bdc74

SHA256
6d53b98600a9887113b4f6ba624da59eda55b1d04907eae82d0699631a82fc54

SHA512
d13c67b1011eb76d5307d9b119cd758802e636cd2ded8981910d8c5fd30bde61130d9c5b79871447b4fad5cc6bdc0ebd64d1cc178797a66479a9ba23006b5bd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b04e830b749e4e25dc80e655a69cb8e8

SHA1
46034d64a925d0cbdee1a8ba52399b869942007e

SHA256
7b74e322ea921a5e2f82031f9d1881d69bfe38d27a11e953c7ce77aa860b78d6

SHA512
723047ca78dcd56a927b980f07e1ec6e097bbbf9195d8a3a7718e8f5f52daf73d5e2015a1590467d4fba44bce14a1b736e99b59cc871c52c62927ed4035c45cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
e80c0a90df40aa560d0c4dc34214b2e3

SHA1
e72bb81a1e527ab91cdd568546f125d6492b56c6

SHA256
e7c867b8ada52f4b673b679d1ea3f43777fcc0f0ce5621c8b489160f5627b3cc

SHA512
79949c91b6a2086cbe425eb3980e6da50d4bce0fae00050f7074b395dae25db6dcea58c74bdc6a6f4e94ce93de5d5d1d11c5693cf36a0f9895a1ad4c1e06011f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0e217820059fdb7fc691db2bfb98f72c

SHA1
5bd264a2730aeae030c04fd44343335982fc2a8f

SHA256
bb64e86faaf39f701f14ebe8bea6f1099a2a674da12bf7d3b41d98776b58d8e5

SHA512
454404636c0737f8d6aa5db0fecf3fc06ae81c9bc2dadb48cc24592c1c5371c14512e556c06027e7d3f410b7510aaa4b28ef09a68138483bdeacb7ba06ef5992

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2D0C.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2E0D.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DF12A9CAD919FB1273.TMP

Filesize
16KB

MD5
a24dd9eccbf6c419a15bd08e20229a08

SHA1
a1838299d04eb53a433100a0c9cd64c44ff2481b

SHA256
b462f9c8f5631dfb387b744eabe663d99cca64183947fe6829f5a1f2fe084c6b

SHA512
81d15474e1b229d546789535f2879d0ef9be45d99abb15ebe8cc980c230fe874eecd99fbf57759eca4a3440f1bbaba29a32b1138540d588a364974079c880d53

Download Submit