Analysis
-
max time kernel
34s -
max time network
156s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
26-05-2024 22:13
Static task
static1
Behavioral task
behavioral1
Sample
crypted.exe
Resource
win7-20240221-en
General
-
Target
crypted.exe
-
Size
519KB
-
MD5
1b1c7e6e96667a6a758b22d444de57a7
-
SHA1
3eafd122d0814ee5aeb35a9bce975805a8cf6744
-
SHA256
e03518acef8a2fecee311fac04e11943e8b219815f02224a4ae30d5ecccf0f90
-
SHA512
2ed665526ec20b8c3d8a6854e25bcf44755e4bfd8f34b3770c3694e4b9cd8b2ad85d130830cb298aa18521f30038ef47e5d93225a5eb14039670f5ef626f91f7
-
SSDEEP
12288:ar9mi27cWO4AEcI9cCHEAJtv9QXmuP16k:6mfemcCflO1
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2812 2764 WerFault.exe crypted.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
chrome.exepid process 3064 chrome.exe 3064 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe Token: SeShutdownPrivilege 3064 chrome.exe -
Suspicious use of FindShellTrayWindow 34 IoCs
Processes:
chrome.exepid process 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
Processes:
chrome.exepid process 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
crypted.exechrome.exedescription pid process target process PID 2764 wrote to memory of 2812 2764 crypted.exe WerFault.exe PID 2764 wrote to memory of 2812 2764 crypted.exe WerFault.exe PID 2764 wrote to memory of 2812 2764 crypted.exe WerFault.exe PID 2764 wrote to memory of 2812 2764 crypted.exe WerFault.exe PID 3064 wrote to memory of 3048 3064 chrome.exe chrome.exe PID 3064 wrote to memory of 3048 3064 chrome.exe chrome.exe PID 3064 wrote to memory of 3048 3064 chrome.exe chrome.exe PID 3064 wrote to memory of 2608 3064 chrome.exe chrome.exe PID 3064 wrote to memory of 2608 3064 chrome.exe chrome.exe PID 3064 wrote to memory of 2608 3064 chrome.exe chrome.exe PID 3064 wrote to memory of 2608 3064 chrome.exe chrome.exe PID 3064 wrote to memory of 2608 3064 chrome.exe chrome.exe PID 3064 wrote to memory of 2608 3064 chrome.exe chrome.exe PID 3064 wrote to memory of 2608 3064 chrome.exe chrome.exe PID 3064 wrote to memory of 2608 3064 chrome.exe chrome.exe PID 3064 wrote to memory of 2608 3064 chrome.exe chrome.exe PID 3064 wrote to memory of 2608 3064 chrome.exe chrome.exe PID 3064 wrote to memory of 2608 3064 chrome.exe chrome.exe PID 3064 wrote to memory of 2608 3064 chrome.exe chrome.exe PID 3064 wrote to memory of 2608 3064 chrome.exe chrome.exe PID 3064 wrote to memory of 2608 3064 chrome.exe chrome.exe PID 3064 wrote to memory of 2608 3064 chrome.exe chrome.exe PID 3064 wrote to memory of 2608 3064 chrome.exe chrome.exe PID 3064 wrote to memory of 2608 3064 chrome.exe chrome.exe PID 3064 wrote to memory of 2608 3064 chrome.exe chrome.exe PID 3064 wrote to memory of 2608 3064 chrome.exe chrome.exe PID 3064 wrote to memory of 2608 3064 chrome.exe chrome.exe PID 3064 wrote to memory of 2608 3064 chrome.exe chrome.exe PID 3064 wrote to memory of 2608 3064 chrome.exe chrome.exe PID 3064 wrote to memory of 2608 3064 chrome.exe chrome.exe PID 3064 wrote to memory of 2608 3064 chrome.exe chrome.exe PID 3064 wrote to memory of 2608 3064 chrome.exe chrome.exe PID 3064 wrote to memory of 2608 3064 chrome.exe chrome.exe PID 3064 wrote to memory of 2608 3064 chrome.exe chrome.exe PID 3064 wrote to memory of 2608 3064 chrome.exe chrome.exe PID 3064 wrote to memory of 2608 3064 chrome.exe chrome.exe PID 3064 wrote to memory of 2608 3064 chrome.exe chrome.exe PID 3064 wrote to memory of 2608 3064 chrome.exe chrome.exe PID 3064 wrote to memory of 2608 3064 chrome.exe chrome.exe PID 3064 wrote to memory of 2608 3064 chrome.exe chrome.exe PID 3064 wrote to memory of 2608 3064 chrome.exe chrome.exe PID 3064 wrote to memory of 2608 3064 chrome.exe chrome.exe PID 3064 wrote to memory of 2608 3064 chrome.exe chrome.exe PID 3064 wrote to memory of 2608 3064 chrome.exe chrome.exe PID 3064 wrote to memory of 2608 3064 chrome.exe chrome.exe PID 3064 wrote to memory of 2608 3064 chrome.exe chrome.exe PID 3064 wrote to memory of 2476 3064 chrome.exe chrome.exe PID 3064 wrote to memory of 2476 3064 chrome.exe chrome.exe PID 3064 wrote to memory of 2476 3064 chrome.exe chrome.exe PID 3064 wrote to memory of 2448 3064 chrome.exe chrome.exe PID 3064 wrote to memory of 2448 3064 chrome.exe chrome.exe PID 3064 wrote to memory of 2448 3064 chrome.exe chrome.exe PID 3064 wrote to memory of 2448 3064 chrome.exe chrome.exe PID 3064 wrote to memory of 2448 3064 chrome.exe chrome.exe PID 3064 wrote to memory of 2448 3064 chrome.exe chrome.exe PID 3064 wrote to memory of 2448 3064 chrome.exe chrome.exe PID 3064 wrote to memory of 2448 3064 chrome.exe chrome.exe PID 3064 wrote to memory of 2448 3064 chrome.exe chrome.exe PID 3064 wrote to memory of 2448 3064 chrome.exe chrome.exe PID 3064 wrote to memory of 2448 3064 chrome.exe chrome.exe PID 3064 wrote to memory of 2448 3064 chrome.exe chrome.exe PID 3064 wrote to memory of 2448 3064 chrome.exe chrome.exe PID 3064 wrote to memory of 2448 3064 chrome.exe chrome.exe PID 3064 wrote to memory of 2448 3064 chrome.exe chrome.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\crypted.exe"C:\Users\Admin\AppData\Local\Temp\crypted.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2764 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 722⤵
- Program crash
PID:2812
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3064 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6c29758,0x7fef6c29768,0x7fef6c297782⤵PID:3048
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1368,i,11296432605185840071,6899202754240843854,131072 /prefetch:22⤵PID:2608
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1436 --field-trial-handle=1368,i,11296432605185840071,6899202754240843854,131072 /prefetch:82⤵PID:2476
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1580 --field-trial-handle=1368,i,11296432605185840071,6899202754240843854,131072 /prefetch:82⤵PID:2448
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2300 --field-trial-handle=1368,i,11296432605185840071,6899202754240843854,131072 /prefetch:12⤵PID:1856
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2332 --field-trial-handle=1368,i,11296432605185840071,6899202754240843854,131072 /prefetch:12⤵PID:840
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1156 --field-trial-handle=1368,i,11296432605185840071,6899202754240843854,131072 /prefetch:22⤵PID:1312
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2968 --field-trial-handle=1368,i,11296432605185840071,6899202754240843854,131072 /prefetch:12⤵PID:2172
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3336 --field-trial-handle=1368,i,11296432605185840071,6899202754240843854,131072 /prefetch:82⤵PID:576
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3628 --field-trial-handle=1368,i,11296432605185840071,6899202754240843854,131072 /prefetch:82⤵PID:1244
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3752 --field-trial-handle=1368,i,11296432605185840071,6899202754240843854,131072 /prefetch:82⤵PID:864
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3836 --field-trial-handle=1368,i,11296432605185840071,6899202754240843854,131072 /prefetch:12⤵PID:1864
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3972 --field-trial-handle=1368,i,11296432605185840071,6899202754240843854,131072 /prefetch:12⤵PID:1280
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2400 --field-trial-handle=1368,i,11296432605185840071,6899202754240843854,131072 /prefetch:12⤵PID:2088
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3132 --field-trial-handle=1368,i,11296432605185840071,6899202754240843854,131072 /prefetch:12⤵PID:1976
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3940 --field-trial-handle=1368,i,11296432605185840071,6899202754240843854,131072 /prefetch:12⤵PID:2364
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3604 --field-trial-handle=1368,i,11296432605185840071,6899202754240843854,131072 /prefetch:12⤵PID:2740
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4140 --field-trial-handle=1368,i,11296432605185840071,6899202754240843854,131072 /prefetch:12⤵PID:1040
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4144 --field-trial-handle=1368,i,11296432605185840071,6899202754240843854,131072 /prefetch:82⤵PID:968
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3796 --field-trial-handle=1368,i,11296432605185840071,6899202754240843854,131072 /prefetch:82⤵PID:2800
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4180 --field-trial-handle=1368,i,11296432605185840071,6899202754240843854,131072 /prefetch:12⤵PID:1608
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4356 --field-trial-handle=1368,i,11296432605185840071,6899202754240843854,131072 /prefetch:12⤵PID:2004
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3756 --field-trial-handle=1368,i,11296432605185840071,6899202754240843854,131072 /prefetch:12⤵PID:1036
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4504 --field-trial-handle=1368,i,11296432605185840071,6899202754240843854,131072 /prefetch:12⤵PID:2220
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1492 --field-trial-handle=1368,i,11296432605185840071,6899202754240843854,131072 /prefetch:82⤵PID:1484
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4612 --field-trial-handle=1368,i,11296432605185840071,6899202754240843854,131072 /prefetch:82⤵PID:1984
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4680 --field-trial-handle=1368,i,11296432605185840071,6899202754240843854,131072 /prefetch:12⤵PID:2104
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=4376 --field-trial-handle=1368,i,11296432605185840071,6899202754240843854,131072 /prefetch:12⤵PID:3028
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=1360 --field-trial-handle=1368,i,11296432605185840071,6899202754240843854,131072 /prefetch:12⤵PID:2312
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:628
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5670e5fa57fbf87b65bae3bc5ba7fe0e9
SHA194d7aafa4e60e38d2946de4d31b08fdcdf0d3b25
SHA2564ad1c5b0c3cd3160381869dc47673ee97bdda500f49d8c226a181a786f881b83
SHA512a4f9f6d300751a689691e94d7efa67a659d51c39858351062e74acb62c63c56fb3f1667fd74aa62cc1b6bc93b23ee82d2760e78d219df329b762bd360a3e5ceb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD51912cf876b7e99884af3b1943964b3e9
SHA133a502e78d88e56ac5873cc2cc0b612578529974
SHA25646d5870495a49fa5333499d52db244408b6b520fdef2924ca741a9d322ff57ea
SHA512b0809d3b9710f75a1d4af804e7bc024517f6f8cb35efed5c2d85576342dd436f05da70087e34779451d7422860ce01b6af403815336e8ebbab196f7c60555051
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a32a5b5eacdb77c825f6ee2a1d73d589
SHA12e3d64d01ec075c9afc775f84c0103d478957089
SHA256c9b6a21a5eae8d4f8e79dd8514a5caaa3007a13140dcda2fba3e2bffead74754
SHA512e0ef1049a0c1e33a4e36e862acb0ed4dfb863af2864808e7720691dd9398279d733216ee96a3d2d95ced09047920689ef6e30f2372c19858a72368ddb3f12658
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5aebb304ffb95ef8a996cc331775566a1
SHA14d491423e75faf9678cb411db5d9b98ef61a9f87
SHA256b869e05240565d5f6e6b6131e7c14161dc0320d32fd121bfef63857f2d168deb
SHA5123ee69910135fbe264a6069d73e36d261af95e1014d9fd0d88a69aee09d3bd6135d61dc2451c3f9b8e8bda22693e640eb09b717f37a7a5f02c11a1e9a9315c69b
-
Filesize
59KB
MD57626aade5004330bfb65f1e1f790df0c
SHA197dca3e04f19cfe55b010c13f10a81ffe8b8374b
SHA256cdeaef4fa58a99edcdd3c26ced28e6d512704d3a326a03a61d072d3a287fd60e
SHA512f7b1b34430546788a7451e723a78186c4738b3906cb2bca2a6ae94b1a70f9f863b2bfa7947cc897dfb88b6a3fe98030aa58101f5f656812ff10837e7585e3f74
-
Filesize
24KB
MD587c2b09a983584b04a63f3ff44064d64
SHA18796d5ef1ad1196309ef582cecef3ab95db27043
SHA256d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0
SHA512df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067
-
Filesize
326KB
MD50909a1d72a123dcc4f220b69fafae18f
SHA14e32f818571f2add0f49560d8c331616a07adb50
SHA2563e040db2839e17be7cb36a7352f08978123b350cf3ade9f4d6ff36be9a818cd8
SHA5125c2264daefb50e1adff131e37ebebfd342d3495be811064b9eb0bbf435ad4502a5dee737bd40020a4cd246b2c9dc41f6ab2a0eabadf611b900b9510a3e00c53f
-
Filesize
73KB
MD5676a2ab7fe2f8a43ad8a54dde5ad3497
SHA11cd0ee9772ed8e2aa5a8feaf799779e641c6e054
SHA256e37077347f624db0db7966799b1fd84654602da75c1243e8412d81e0bacd463b
SHA512248eced8740aceca62f85b31da62a0d5c642a80097cb01ebd0ec000d23f30cb5881e292026d65268ec2140d60344b82ccd02751b3ec8d871f6a06bb4dd26d79b
-
Filesize
133KB
MD5eab13715d6ecfd5102d4ec21161945dd
SHA180a018fb3e017d9675125528a0714ce34562dd05
SHA256d191ef349d4b68dc0d2a5505099d847061465ff8ebf7d120e2d7b15e541c11d8
SHA51298bce256c93329183fcb7c67d40b86ebd319415f08da6af4901e45dc231b76dbd9ae33f9c5de58b286a27228c5d530f229f36dd8c24437fb87b0b242f8d92cee
-
Filesize
40KB
MD55ce7bdeeea547dc5e395554f1de0b179
SHA13dba53fa4da7c828a468d17abc09b265b664078a
SHA256675cd5fdfe3c14504b7af2d1012c921ab0b5af2ab93bf4dfbfe6505cae8b79a9
SHA5120bf3e39c11cfefbd4de7ec60f2adaacfba14eac0a4bf8e4d2bc80c4cf1e9d173035c068d8488436c4cf9840ae5c7cfccbefddf9d184e60cab78d1043dc3b9c4e
-
Filesize
250KB
MD5ff4d9f6b8913a6064d7d588232817dd4
SHA112d99104ab3834d6c33fe7a37069d10ec1fef21f
SHA2567d97f85255a6d99bf3013aad8322b3f8c32dc02bd3c4f1588574755e7db48d34
SHA512c2f2aa4491a8bca52de05a1468cb766d35f4cffbf408853f79a27fe014094b5c48e696cfdce743698709357c93e32318977d028f397c272104a1dea717f0c3d5
-
Filesize
164KB
MD5e8dfc02c3b5c396653186462aff7813a
SHA1971e133e0b51f4705f742f4dd313d126e1cb9577
SHA256c5ee5227dfd80d24aab357543306142afa8823fcfa205d4fb2b3e0f1533df79e
SHA5129d8239db7777eadde43916b139a36dadbf6c5ad4c9408abf9fa4a10f588e9514c4c4512beef19552c3d3dec602ff8cef6764cce863283b1a1f5c8f6c14a7e841
-
Filesize
223KB
MD53821f1b4914613cd8e3f6b2be9f5595e
SHA101690474cd1340ee26ba3b32755d138a718f1b92
SHA256f20484e43fffb76f528523ccfa33595e7a47b8bba7d19672e50a36d7c95e589f
SHA512d216f7c8cf10ef97197de0f8f9cf879a15588442b3769124b2fcc5739eb6e78e2d3f5ea8054742aeaadf5f8ce5fd573dc9c2b8a6c25d0cb8fcc2490db749bab3
-
Filesize
42KB
MD5ec7ce309f9f6c41b6f91187c7c7726e7
SHA122355398914d18888b25a0730cb6d81cb98a47f3
SHA2562065d961beeba6302d62a919bf974a0864ee3fcaa38ed8aeeed6c4f36672fbf7
SHA5127d848890b10a865d48966984142185c081ba22cc888a5be615b795c3851372ddd1ac28473de7168436695971c3178a05d9220dfe680849385a208b2105a9728e
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf773b5b.TMP
Filesize16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
3KB
MD52e493bba6db6e3e800d6960990b15de6
SHA1ba6cfe0469408792e75cf071425f306d128cbd6d
SHA2566454568ed45f3220c2514ed9cb393faf8a1540b53f738ec7f79ae22af95a6f00
SHA512c772f1915727f1d934ef925779426803782aec09e037900e1a8ddc2cc20ff49df2d4950fadd129af33df348cdd1b16cc8e81bf6c567693914b910e302f328749
-
Filesize
527B
MD59a4c5ceff324dadebeb074d23e9420e6
SHA18b85f2f401c364432ea07504adc10a9fd4f9f24d
SHA256909438532c87e668396dd728e224f02eb1b7e3c4fdc475b465f940517240a6c9
SHA512784a2d3905890a3812dad8edc83964add87dcbc9f7fc6c971085762e8fe23ba07b7000bed79629558b06edbb5c2a81946347ae38c8ad1e9c00d213afea21c266
-
Filesize
854B
MD543572ff36874dbb95d4850c8efc3282a
SHA12eac17b5797c03df1640a34a54242b2ce49f17f5
SHA256add2536e150067366cab48d54773936fd98255c9e7e84270d338da8f06aadb4f
SHA512496f0f28a792457231cb0748b8e2563f81f96f8e2a358d75fd38178bdde366500c299fd855b46f60efc39fc3da7fa61afa66782d00acd52dacdc67ca71bca4b4
-
Filesize
854B
MD583a621b3e74537ddee575c030c7f28f2
SHA1f42c2c1da89642f801fd722a0a4864e2da1099a0
SHA256ad623ca8b97c18afb1a898d2a6ba7a387c8cf1df02d92089fa126be3d11295d2
SHA512e114dabcb7b9d1098dfb44c2623c6a93aa0937bee776c9283262c19a8168e7840f61b167c880f55d8ae29da1e4e71400245a8b623fc65649fc9ee3fb93dcd287
-
Filesize
854B
MD55a91b6a19983aad37c4f9def0c3abf45
SHA1b03c1838a8138317e3418c932bee910cf65dcaca
SHA256d2024b6828e8a253b4212178a734a4f7eae41a7bb2927b9c8937ad94f94cc418
SHA5124fec1b742d5b48daea46bc9a6f308bcf5f9f2ee62885cdcb8b537cceeb7a841642e1febe9da8f70d60a3c7416ab7790687e3765f6a6a6cd0b72002181c203bd5
-
Filesize
854B
MD56f3132fd8c78a963e09c39572a2146c5
SHA116c0ff2083c19f2583a902b2c498c0a70b3e7f81
SHA256107e856409829b83dd719c0968922dcbf0e3853a5c89358b6355ae07a5ac735d
SHA512b50ec89d7f6d0d0316b4986b008307651d3a048066c5c9c9a63154140be00c72b3054a00a2779a7308f7901e8b1b73d5ec89af1636e90011ca6b929f7496d8df
-
Filesize
5KB
MD5232aba7df416696b3e490be24c2d6195
SHA1738bc3e67046a301fd5ffa30c6bf1637958f3677
SHA25620bc2d741c479002b85c989708e0b78cbc1db36182b1ee847f239cebc6f760c3
SHA5124d0dbb33a2a3c713389c7d140209828d0d0d409bb85f0f55d2355cd3e28b919e9754baa69f01f8d9694a121fd6c807f670d5349aed86e8e53d6cba84a25a23d8
-
Filesize
5KB
MD540a0b858164b76c91863deba35d7f215
SHA1b1dd807ea252491268f4007d7608baf08823183d
SHA2562cbde6a7740855988541ab2dcf3576dfaa64b7892649112ee16d0c573a266802
SHA5121e915e1a49fbb11d36fb463bd6cf86da5cae578cb6eb48d6446097453ffb7e9589190acf63cac58998cc22db34abcfbb8308069fdcd920e8a96c482271213bb1
-
Filesize
5KB
MD5a40ea7cbac0f01d4c57b53e7dbf72b9b
SHA187d20eb083292a6b42192312994912e840306af2
SHA2566b50a889c7160718acdf08152d106212bd64a2fc71813c22d0c811910274a5a5
SHA5126a21b51b3db7fdb3717382bbb890a67baa1a5c12854e898245a1eedcb4e6a2f84c1a558dc804923e178e33af32b140c259dc561ba6add482a692b21884faaf59
-
Filesize
5KB
MD5a4ba5f1da7672aee52375d75ecadb897
SHA1787ba0a236f3ff81a9f9a3392bdfb893c78e6c0f
SHA2560a5cc0e6ebcf49f3c2017421ffe905c264da0ab14a6243f9acffe19f995d82fd
SHA51293244bbab988bfc554b7ca7c9a3016287076f119a759f02f978ac39159a240a6bfaa49a1a90b238e9f93fd4dd5656a0ffbd45e1a912e8a3e2a2d4e5aafdf66bf
-
Filesize
4KB
MD56784393c121d31ef4717801778162cd9
SHA16d721527d57d23a4d81c28d85722591009b06274
SHA256de61084ae0195a86eb021f6946edbe5d404b866c30a692a9cd082a5a16de1bdf
SHA5127d7c87cb8f59658636814edcaae9b8c5e261e0374901b9be761b57e76f74db3835a4c1bda0db60c2d7cac22b4bc3633f5ee8301aa615973d9b9b5e94984fdd29
-
Filesize
16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
Filesize
271KB
MD5eb27290fbd8d6270397b7249014955b3
SHA18ac25f0c7dab13c5884cba62bcd348459d0ef54d
SHA256008eb9c83afc8e715787394f2425dfc6174290b05384f835e49cccc02aa40101
SHA51246f1a46d2eb8ba0fe8e0f492a8ab01a964ac354b49de8da55ef47509e16fbc226129027abcf833d454c36de4436eb0af330a9428aed107ab43e1e045c6e05cf6
-
Filesize
271KB
MD58decf5873b05ec84b7cf4cc0111348af
SHA1855b0fc45cdd6dd2149a4caac32e73ab95a43aae
SHA256a0892737884ddd325c3ac1eb9c46a15d0d5e5d9c97ccecf45a0c5e937f3f868f
SHA51206ec5c8948961f46e9e14c2eb7fedf72a76c07ca376447a8ed0776140b9bce4c21934dcddda14d3c971a988e310b5adc59a87999863d8e4deacbc9c85a505727
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e