12eb8a8de98663614345954639b59d7d762be14a916e46e76ade8614d4bced1a

Analysis

max time kernel
51s
max time network
137s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28-05-2024 15:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Stealerium/Builder.exe
Size

216KB
MD5

41dd506cd0525197e69d9c8592aed2a7
SHA1

5d04b134c8f1800fbcd664898d34dee8d10d8fa8
SHA256

dcd0162524ce4ae11f5c5e9b496e35ce6a096e5dea8e63b45fa835069737f87c
SHA512

16ba073d871eb9a244b8e733c101e9fec98699d881440e0dfa661e9f331fda0789f232e4abd70dcff3649a5428049590461da83ab7f0078e3ed9c7fc2fbfb28b
SSDEEP

6144:Klx3eDAIbr0K3xybL1tAj4PhFqFVfrRbP:Klx3mbr0P1tAj4P6r9

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

2620 chrome.exe
2620 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

Processes:

chrome.exe

pid	process
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exe

pid	process
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2620 wrote to memory of 2804	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2804	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2804	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2740	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2740	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2740	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2740	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2740	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2740	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2740	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2740	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2740	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2740	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2740	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2740	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2740	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2740	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2740	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2740	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2740	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2740	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2740	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2740	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2740	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2740	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2740	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2740	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2740	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2740	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2740	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2740	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2740	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2740	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2740	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2740	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2740	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2740	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2740	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2740	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2740	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2740	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2740	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2480	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2480	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2480	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2500	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2500	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2500	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2500	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2500	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2500	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2500	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2500	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2500	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2500	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2500	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2500	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2500	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2500	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2500	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2500	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2500	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2500	2620	chrome.exe	chrome.exe
PID 2620 wrote to memory of 2500	2620	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\Stealerium\Builder.exe
"C:\Users\Admin\AppData\Local\Temp\Stealerium\Builder.exe"
1⤵
PID:2068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef71b9758,0x7fef71b9768,0x7fef71b9778
2⤵
PID:2804

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1144 --field-trial-handle=1328,i,18020924597735033542,4076711697725057160,131072 /prefetch:2
2⤵
PID:2740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1428 --field-trial-handle=1328,i,18020924597735033542,4076711697725057160,131072 /prefetch:8
2⤵
PID:2480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1588 --field-trial-handle=1328,i,18020924597735033542,4076711697725057160,131072 /prefetch:8
2⤵
PID:2500

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2280 --field-trial-handle=1328,i,18020924597735033542,4076711697725057160,131072 /prefetch:1
2⤵
PID:2948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2288 --field-trial-handle=1328,i,18020924597735033542,4076711697725057160,131072 /prefetch:1
2⤵
PID:2504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1712 --field-trial-handle=1328,i,18020924597735033542,4076711697725057160,131072 /prefetch:2
2⤵
PID:2272

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1304 --field-trial-handle=1328,i,18020924597735033542,4076711697725057160,131072 /prefetch:1
2⤵
PID:324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3448 --field-trial-handle=1328,i,18020924597735033542,4076711697725057160,131072 /prefetch:8
2⤵
PID:1504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3572 --field-trial-handle=1328,i,18020924597735033542,4076711697725057160,131072 /prefetch:8
2⤵
PID:2792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3436 --field-trial-handle=1328,i,18020924597735033542,4076711697725057160,131072 /prefetch:8
2⤵
PID:3056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3460 --field-trial-handle=1328,i,18020924597735033542,4076711697725057160,131072 /prefetch:1
2⤵
PID:960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2460 --field-trial-handle=1328,i,18020924597735033542,4076711697725057160,131072 /prefetch:1
2⤵
PID:1728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2664 --field-trial-handle=1328,i,18020924597735033542,4076711697725057160,131072 /prefetch:8
2⤵
PID:2608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2352 --field-trial-handle=1328,i,18020924597735033542,4076711697725057160,131072 /prefetch:1
2⤵
PID:2244

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3976 --field-trial-handle=1328,i,18020924597735033542,4076711697725057160,131072 /prefetch:1
2⤵
PID:1576

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2068 --field-trial-handle=1328,i,18020924597735033542,4076711697725057160,131072 /prefetch:1
2⤵
PID:3044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3868 --field-trial-handle=1328,i,18020924597735033542,4076711697725057160,131072 /prefetch:8
2⤵
PID:1912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3760 --field-trial-handle=1328,i,18020924597735033542,4076711697725057160,131072 /prefetch:1
2⤵
PID:2448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2664 --field-trial-handle=1328,i,18020924597735033542,4076711697725057160,131072 /prefetch:1
2⤵
PID:240

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2476 --field-trial-handle=1328,i,18020924597735033542,4076711697725057160,131072 /prefetch:1
2⤵
PID:3028

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2528

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2412

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
d7d9b3f4cdb4524080dbf3534c81acd1

SHA1
38bfb43d6437f933c1928b87c517b5659df935d7

SHA256
b6fd532865d82214f2f99b1b3bcbea54ed5f8f0625fa6a5a234103f2c849574f

SHA512
a68d7aa07c8f08f2e8e45f002b25b4d81821519d35dca82bba88ed8fe73aa413ed88fc467e067173f9aa0e0e1ad989424bb83cfd12aebf0d4fdd14e7d3755805

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
83970bcbe17b84cbe2ab87fcefdd8233

SHA1
8f9428a92f4c5c6026183b51be70a538856741e5

SHA256
a0158075a075c478d75fb029f6453b1f102dfc9550ab1f816aeb8744dd4e0fcc

SHA512
7afa1f88afe3517a83daaeb3e412911a1947fbe9c4e7d5697e3374fcb74c15cf555c906f259a667571d8d892ea0c49c317e1a6d0364c788009c9dc5b2e4256f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
b48488f67fb283b72450db3302c83522

SHA1
e7daaddc45dbbee2bb0e548db254363a8724c5a5

SHA256
50228d54feeee50d5c86341a14392235db50c1b24de6c63c5a79d0c1466e9854

SHA512
16a81a7bee4ae0f79ca796deafbf6a96c873b59f6f7198be73610d4df98ab977d5f4df3120c5ef696be5b9ab60bb8a04db53501a97c433a7daf9900c6af594f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
c7e6ed830385765abe3279ac0415bba2

SHA1
68bef913b387af9e8c3003854d5e26de85d87ee1

SHA256
b418f985d1565ae379a34db1016e186b38cd1804ec9c6360a941894862fdde17

SHA512
0449fc1f8f99f7c198385ffd1d62f53bf7f709ac0bea8d7f72b9b6fa530eb97b263990a40274c32c9598bbb31a2c740fc119f4314b6ddbb5fb1847e061d19de2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
eb91d7da0f279e6f52164db500d47963

SHA1
d7bc2e827890bf0c3838e676c493ed7f088da059

SHA256
f9861d1c04e6eea54bd0de66dda211af57efff982813e59b6657cadd71a6b138

SHA512
94823aefcbb69ea1d7d58f65ff55d0f4f959825c95a9d9dcbcdb475d0816111808d06d1387b0d3b93dc57ff3503c1aaa24909e82c16467abc53f24b23072d9e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
54f65b22888778cf13f4e6c7a3a30e8f

SHA1
2348fadfbe7ab0a9bfdceb33fb8a0e3d849cf856

SHA256
0183038921aee8d7988036ab3535cf62704ecb708a27fa9e71c65aa975763421

SHA512
0f567ca477c2ffd9d8d28b245b6287a9d56d62ae618f28ac0b9cfedc46fecaa47466a52e0e30c167571d89750f4da0b4c478e848e0e56ab37704a09ac424c8fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
d2ecf634ae831f5ddee2555fdc02d12b

SHA1
250fed878935d2a6a1c59aca9ed9e17049f01cd4

SHA256
3b4124aee487b2cc71a4026017b20fcf25e870edbb2590036421fd458a566d5e

SHA512
0c10741805009dee31fc1209549550f2da06676a86da5d1b0a9978712ffd989b024c7ec7b221b502d52654ab2a2b7c1b733396facbb3ab0722631d432e97d204

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
dc3e402e3223f85c0c9c8f1142b00d6f

SHA1
56f336691df301e6589f38f576f8c74a74a6a9df

SHA256
2a5d4a6b4a0c09ebc6e354c776a5e68b616189c5966c29f935b14f47c1ac9833

SHA512
d854c96e8646b108c67bb5a1ab3e51a419a96575eab22b7dbfffa7817be006cfa128c3e6841dfc099b87d5b28924b9291a68bcc8c4de19237dd98c048c9aa427

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
32363d51353211f4e7f1bc86dee1686a

SHA1
30dc636583a88f44e152bbc8df6849db5cb1c572

SHA256
81c77ce498f9ef42fb60027bc50d930a30c7299f385dd3418f2a28066bb2e728

SHA512
3cd8373b57a84e2beda27453f091bc6e5e3be56d03dfb698cd26aba49df98777ab48799220487ada90fdea2d704ddbbe46afbe1b7635461e1fcea27258a73fcf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
6c708f8dbcb69d764de5170e7872b635

SHA1
7e7de9d34bbd9efa40d46c49c3378b415d474b2d

SHA256
1519b3352f9dc9c031f69ae55bd6d5e9284b49fd71b3f8c388ba46746f7e638f

SHA512
5a220844516f616d8d5d90f7d42b44ea2c01fd0ad871796b6d7568c70b1276146858c2d6bb6cb02e49e501a1e86b8c4d72c9112d81f232c103109d5c48ad41a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
3c88af8a435a90b9fee950a863b41c94

SHA1
be6732a7252bbab81666da1b9063e4dabfcd5f99

SHA256
c610c987dfd5089600d77062f579a022da3656df035eed155fd69be5139b0c63

SHA512
536c756187c0cf4bf9001aaca92c0610a495a80d9b221f7b79fb984215011bb1d48b9deb87694e10c2f9a8b1d2d6f82eb4b94937c026ac95077ec419aad8d15e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
8c7f1e5180a024ba96fc5b1be2c2cb50

SHA1
edf9e2083e2a1ffaa67495dbcf055e2ba166d1ec

SHA256
4d165cd29977bf421451d530b6ac24ce6272d0646d11b1ec2235f615ed5de27b

SHA512
9a5b8757e9fea9bdbd174b9f6188e657b37689c8a5a4d5ff608eb0dc7d1789333e3a04e06f5ab3e3465ff7944833569fc3097f78c87aba4cb122901a36a4bd6e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
0c8a80917e4ce1565a65b0f30b49d03e

SHA1
43cf5b7f9cd1916c438f161891ccbb1b357c12f6

SHA256
247670f9f2b08e224d837fb0ea73b99b0d8ff3f0f2636ecc2440f16c87f128ff

SHA512
b15442ff2e5414873dd4894965a475b4137b45ad04acaf0be1937e5c8166818b73c716195c0fe79d35cd6ced7610e1e1bed1acc5b686ffca69ae6cbf78b8d604

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
7a886b8e2744f15a76b3da3a95fc8ab3

SHA1
6bbe9ef2b18ce50c6da9373870fd033fd533b576

SHA256
dd17d81264052b1be17289b8acf77d8e40490f8d4ae16529a4704d3ce715fec9

SHA512
5aadd07cfaa4259417a8120fa86a219644f0213f349b5882145bd54230fc83390cdf9648b0692f39643af36c3d0cb531ed3f3c0ae032b17ad53719d17411c126

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
288B

MD5
825317211c217ee225376c5bace6ba6a

SHA1
b3542142f9ecdab4f6c4cf3e53aa1faeacd532b2

SHA256
c7fce2f7831cad84957e058c34b182a1c9955623718cbf503422db700959c139

SHA512
c147f56f1a2dea6cd4fb81fafc208c91e04a05e21809619b495f9f949b0951f151bd934e71229b24475634979b3161831c9415a942a7088932e27a9630670454

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp
Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
2dd26d4990b010011dc9bf44fe24667b

SHA1
9426efbe3e92638ce6cc2ddf7b6a5d201de00410

SHA256
7a661f31ff0a82abe6a0ab5ffe96317c9ba2982ccad94c5bfedfd48d0c957aef

SHA512
9c727666e03e0dc0768ce8ff7308e7218ed934b5e1d690f6eede4e49de312d36aa21e400a61af5078688e0aab1e83d70ce5b3a6d1ac6001ff9b82f3bd66bfb3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
361B

MD5
f4d56b5036c354ad3ed044b4327f584a

SHA1
07f2e65edcb5b5f4d22b5f46d697ba91b73d4e3d

SHA256
2b516abd91ae8fd86114f5930378404c9567514ae7639593ea254fbd77085415

SHA512
8466cdbd1a4b644f78eab2f69add3dd8bd2a1d057646d77ae82afa6e0b94ad94ce93108673a283fe41d8cd24a0c886d245c143bcbb022d97dab06d670663e77b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
522B

MD5
6f05da1ac48078e7394ae40b14f4c2d7

SHA1
1d753cb503401d15eae18acdfe2738736caacff5

SHA256
8aec1e476f3fbe4e45f3ce91ff3cadd3f219c082d27355d62fe14dd10c3e8fda

SHA512
7ca00539ef6cb4b803c04743562ad966d57d5becb77ee54fabfee29cec5d8e489401371acd44703e3b67dacb58e861b5691c9e81ef3ddddd3f437fba0626b6b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
522B

MD5
11d713916144fd2d5c212a2527363806

SHA1
e0ecfa8747c39c232f768cccadf8a2ae8f3b74a3

SHA256
ef2f194dbd76d7cb5c65257e911a6036e536ea8641c954d66e2c2257b3a85310

SHA512
d0a49547e6de3c95c600af5008345a4c2b11aac071d268d0da1b013538a6ba2aeeaac173f9fc90db04a004f0b57c80b26b3c336e3aa158b4744d33eb383977e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
d9bf6d10d89e618d19530e1182227683

SHA1
52e256699c95821922a6cae211480ec38c43936e

SHA256
62686f06e088f27fcaeaff1a191803d17abe2f4203befe50f63eeea1350e5c3d

SHA512
dd4ab0d9e53d2d70e7f2da6da047f65fad0e26652465c201b9248912898ed56baa94f488c6323627709bf3273f8bc2a564daa5f4b62013f02ac73d9f3eb8fb43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
fbd3614cf6a3280d7a8c5164eaf686f1

SHA1
d1b1556f9f5fa6f936ac816f1020dd62b3e045f3

SHA256
e2064e975d1ad2b60c5b324f96d1af35097054c46f74b80c1fce151b60124887

SHA512
1567b03addceaa44c6c36e5a50eeaf9613b165c4af164fd9d4acc83dfcb9d8e1d022070e010ec9636221c2da830c152b60148ee567e636c0162128e6c649198d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
36297e915fc1c9148ac8186fba35e0fc

SHA1
9789337af1e9dd66a33e33780f485de6973d7a20

SHA256
04394f0af04e01276b12baac1303f6e3ac2938f06f3c76faa23bc72791440e4e

SHA512
0ba1f370d86d830e049c85b9cb52f5418ef7c09c8b7e5ffd519eec066f13fef9fdbfa40000ac7e2b2f2942218514b36cd1c89e246d73efa9928d28e69f430f9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
b3adb40f232cf75a1ac8f9e66935daae

SHA1
45d86d3131628fffe18797fd7b81e02d12cbbc71

SHA256
ecd813679902e92526f494c6f68191f2796d3e9d3126b8d0f2a5a3ea5c10b02e

SHA512
7f630d82efd389828ab4b512318c9d692d21743fe5f08eae2463216f5c5b46b8064747ff24ff7778622cbe571e23edbea089ee91f1e4ec8e7653440213fb9f18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
3811190373d69b6a9e52656a5e1bd8c5

SHA1
0cb9f6a9305bfbc6b31306129a5f41a7d9275507

SHA256
9c4a460a1c40833200eef4cfd02d730cde6370b664cc37eef284cc1179228862

SHA512
ff372356054eda7d03bbab9962bb50ebc4909fa083dd60611fb199e70a5a04b602428bd2fcf2cd59f253d061a5946e475eb8d406f72d78955ab06c2726d36619

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
7576b78ba1eacb6f07c64e0ba674db0a

SHA1
d14db81462698eed5eaf6a11359570f0b4914f47

SHA256
0f8d13dcbd4e269bdec7aa74c5f42c939c5cf51a4a74b121d089482b7366916d

SHA512
005e9577cda727178f6be45054106c152dcfd2756a479d7ad4b02df4625a52659150ff91946d1de45d00bb70ea4a6ca7e640f11aaf33786fa8d02dd53abb3212

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
271KB

MD5
99329e193f86606d6372d69b00aec5d8

SHA1
e36ea64735a17e8c6fbd59832d207c04a1fb8772

SHA256
24ad75caa061d2295013dd70f5d0e90b97da6953a5656fc6aebc971d184910ec

SHA512
5648eafcc7727c141a9dca985902d94db05d7a250394993a5fcc8d358fc7075eeb8cdd7d8194d687dca591eddeb120513f3c8233e160d78414e8a2a69c834c8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
75KB

MD5
d50766444405b854fe4be0f2fc9a7bf4

SHA1
3d0f0db2b6b6f7eaa7ac4fd4efd97c8220459ba7

SHA256
6e7088a9eb452ec60d3225b2599793ae3307b155c736e504c2a78ea1b6f58db1

SHA512
f16436221471db891a0da64747d04511ee44bfbc639774801396014ad29447cc604b380776bd52ef6d950aefb8751799103a87e38fa0cf700c523f62c73ce88a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9AB1.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
\??\pipe\crashpad_2620_NPONPXQIFNLCVRJD
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit