c9633caa24d2754971ba1579c89f9ed590c3572c4e5ef1f1d81ac2e122d08392

Analysis

max time kernel
234s
max time network
241s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
01-06-2024 11:06

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

AgfEmpires2HD-v5.8.911-Oyunindir.vip.torrent
Size

14KB
MD5

97cf7d9469b236c2e8af40d320d126a4
SHA1

0ee68631cbb7ef471d0db956b7fd71a835499732
SHA256

c9633caa24d2754971ba1579c89f9ed590c3572c4e5ef1f1d81ac2e122d08392
SHA512

f532183742c10a542d25aff0b2001fc5f67ddeddc05454103f50a5bb6d851de246c3bf8fcf4a79972e946d936ed5c5d85f99d27b515904b181aae6be6c833a64
SSDEEP

384:j2IhKACp4LujYtBI8Q5rf68jgn9052LX4dCHeod6ePwtg/d:yZeaY+tCgDAko+odetQd

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Delays execution with timeout.exe 2 IoCs

evasion

pid	Process
5780	timeout.exe
1668	timeout.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133617136224797442"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "221"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3924	chrome.exe
3924	chrome.exe
6100	chrome.exe
6100	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5884	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe
Token: SeShutdownPrivilege	3924	chrome.exe
Token: SeCreatePagefilePrivilege	3924	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1408	firefox.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe

Suspicious use of SendNotifyMessage 25 IoCs

pid	Process
1408	firefox.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe
3924	chrome.exe

Suspicious use of SetWindowsHookEx 22 IoCs

pid	Process
2040	OpenWith.exe
1408	firefox.exe
5884	OpenWith.exe
5884	OpenWith.exe
5884	OpenWith.exe
5884	OpenWith.exe
5884	OpenWith.exe
5884	OpenWith.exe
5884	OpenWith.exe
5884	OpenWith.exe
5884	OpenWith.exe
5884	OpenWith.exe
5884	OpenWith.exe
5884	OpenWith.exe
5884	OpenWith.exe
5884	OpenWith.exe
5884	OpenWith.exe
5884	OpenWith.exe
5884	OpenWith.exe
5884	OpenWith.exe
5884	OpenWith.exe
4000	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3768 wrote to memory of 1408	3768	firefox.exe	94
PID 3768 wrote to memory of 1408	3768	firefox.exe	94
PID 3768 wrote to memory of 1408	3768	firefox.exe	94
PID 3768 wrote to memory of 1408	3768	firefox.exe	94
PID 3768 wrote to memory of 1408	3768	firefox.exe	94
PID 3768 wrote to memory of 1408	3768	firefox.exe	94
PID 3768 wrote to memory of 1408	3768	firefox.exe	94
PID 3768 wrote to memory of 1408	3768	firefox.exe	94
PID 3768 wrote to memory of 1408	3768	firefox.exe	94
PID 3768 wrote to memory of 1408	3768	firefox.exe	94
PID 3768 wrote to memory of 1408	3768	firefox.exe	94
PID 1408 wrote to memory of 4068	1408	firefox.exe	95
PID 1408 wrote to memory of 4068	1408	firefox.exe	95
PID 1408 wrote to memory of 2224	1408	firefox.exe	96
PID 1408 wrote to memory of 2224	1408	firefox.exe	96
PID 1408 wrote to memory of 2224	1408	firefox.exe	96
PID 1408 wrote to memory of 2224	1408	firefox.exe	96
PID 1408 wrote to memory of 2224	1408	firefox.exe	96
PID 1408 wrote to memory of 2224	1408	firefox.exe	96
PID 1408 wrote to memory of 2224	1408	firefox.exe	96
PID 1408 wrote to memory of 2224	1408	firefox.exe	96
PID 1408 wrote to memory of 2224	1408	firefox.exe	96
PID 1408 wrote to memory of 2224	1408	firefox.exe	96
PID 1408 wrote to memory of 2224	1408	firefox.exe	96
PID 1408 wrote to memory of 2224	1408	firefox.exe	96
PID 1408 wrote to memory of 2224	1408	firefox.exe	96
PID 1408 wrote to memory of 2224	1408	firefox.exe	96
PID 1408 wrote to memory of 2224	1408	firefox.exe	96
PID 1408 wrote to memory of 2224	1408	firefox.exe	96
PID 1408 wrote to memory of 2224	1408	firefox.exe	96
PID 1408 wrote to memory of 2224	1408	firefox.exe	96
PID 1408 wrote to memory of 2224	1408	firefox.exe	96
PID 1408 wrote to memory of 2224	1408	firefox.exe	96
PID 1408 wrote to memory of 2224	1408	firefox.exe	96
PID 1408 wrote to memory of 2224	1408	firefox.exe	96
PID 1408 wrote to memory of 2224	1408	firefox.exe	96
PID 1408 wrote to memory of 2224	1408	firefox.exe	96
PID 1408 wrote to memory of 2224	1408	firefox.exe	96
PID 1408 wrote to memory of 2224	1408	firefox.exe	96
PID 1408 wrote to memory of 2224	1408	firefox.exe	96
PID 1408 wrote to memory of 2224	1408	firefox.exe	96
PID 1408 wrote to memory of 2224	1408	firefox.exe	96
PID 1408 wrote to memory of 2224	1408	firefox.exe	96
PID 1408 wrote to memory of 2224	1408	firefox.exe	96
PID 1408 wrote to memory of 2224	1408	firefox.exe	96
PID 1408 wrote to memory of 2224	1408	firefox.exe	96
PID 1408 wrote to memory of 2224	1408	firefox.exe	96
PID 1408 wrote to memory of 2224	1408	firefox.exe	96
PID 1408 wrote to memory of 2224	1408	firefox.exe	96
PID 1408 wrote to memory of 2224	1408	firefox.exe	96
PID 1408 wrote to memory of 2224	1408	firefox.exe	96
PID 1408 wrote to memory of 2224	1408	firefox.exe	96
PID 1408 wrote to memory of 2224	1408	firefox.exe	96
PID 1408 wrote to memory of 2224	1408	firefox.exe	96
PID 1408 wrote to memory of 2224	1408	firefox.exe	96
PID 1408 wrote to memory of 2224	1408	firefox.exe	96
PID 1408 wrote to memory of 2224	1408	firefox.exe	96
PID 1408 wrote to memory of 2224	1408	firefox.exe	96
PID 1408 wrote to memory of 2224	1408	firefox.exe	96
PID 1408 wrote to memory of 2224	1408	firefox.exe	96
PID 1408 wrote to memory of 2224	1408	firefox.exe	96
PID 1408 wrote to memory of 1484	1408	firefox.exe	97
PID 1408 wrote to memory of 1484	1408	firefox.exe	97
PID 1408 wrote to memory of 1484	1408	firefox.exe	97

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\AgfEmpires2HD-v5.8.911-Oyunindir.vip.torrent
1⤵
- Modifies registry class
PID:1312

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2040

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3768
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1408
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1408.0.1924879624\1475275312" -parentBuildID 20221007134813 -prefsHandle 1880 -prefMapHandle 1872 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {72529de9-98dc-49f1-9247-28ee8f30683b} 1408 "\\.\pipe\gecko-crash-server-pipe.1408" 1960 218502e0158 gpu
    3⤵
    PID:4068
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1408.1.1829513243\1352154020" -parentBuildID 20221007134813 -prefsHandle 2324 -prefMapHandle 2320 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {25580986-edf9-48ba-8962-d09c0bce40f4} 1408 "\\.\pipe\gecko-crash-server-pipe.1408" 2360 218501fb758 socket
    3⤵
    PID:2224
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1408.2.240764109\847328979" -childID 1 -isForBrowser -prefsHandle 2960 -prefMapHandle 2808 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5b3d7c1-94d5-40f1-b999-78c988b0d8b3} 1408 "\\.\pipe\gecko-crash-server-pipe.1408" 1584 21853df0a58 tab
    3⤵
    PID:1484
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1408.3.310319017\23382421" -childID 2 -isForBrowser -prefsHandle 4024 -prefMapHandle 4044 -prefsLen 20988 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {05ab8feb-0574-4159-b46a-eecc8cc668bc} 1408 "\\.\pipe\gecko-crash-server-pipe.1408" 4052 2185294b058 tab
    3⤵
    PID:4896
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1408.4.658745592\1012213666" -childID 3 -isForBrowser -prefsHandle 4188 -prefMapHandle 4192 -prefsLen 20988 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {32351db2-3f48-40af-82a7-38cfcf32a0f7} 1408 "\\.\pipe\gecko-crash-server-pipe.1408" 4064 2185294b358 tab
    3⤵
    PID:4772
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1408.5.2050242464\1992222600" -childID 4 -isForBrowser -prefsHandle 4068 -prefMapHandle 4180 -prefsLen 20988 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4825efe3-63ba-4f3c-a1c2-cd89d3b3ae07} 1408 "\\.\pipe\gecko-crash-server-pipe.1408" 4280 2185294c558 tab
    3⤵
    PID:2532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ffc4e9c9758,0x7ffc4e9c9768,0x7ffc4e9c9778
  2⤵
  PID:4380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 --field-trial-handle=1976,i,17923244027995473429,1805886278913680669,131072 /prefetch:2
  2⤵
  PID:3844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1976,i,17923244027995473429,1805886278913680669,131072 /prefetch:8
  2⤵
  PID:4736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2280 --field-trial-handle=1976,i,17923244027995473429,1805886278913680669,131072 /prefetch:8
  2⤵
  PID:1624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3144 --field-trial-handle=1976,i,17923244027995473429,1805886278913680669,131072 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3312 --field-trial-handle=1976,i,17923244027995473429,1805886278913680669,131072 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4688 --field-trial-handle=1976,i,17923244027995473429,1805886278913680669,131072 /prefetch:1
  2⤵
  PID:5360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4864 --field-trial-handle=1976,i,17923244027995473429,1805886278913680669,131072 /prefetch:8
  2⤵
  PID:5408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4852 --field-trial-handle=1976,i,17923244027995473429,1805886278913680669,131072 /prefetch:8
  2⤵
  PID:5456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5100 --field-trial-handle=1976,i,17923244027995473429,1805886278913680669,131072 /prefetch:8
  2⤵
  PID:5464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5236 --field-trial-handle=1976,i,17923244027995473429,1805886278913680669,131072 /prefetch:8
  2⤵
  PID:5472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 --field-trial-handle=1976,i,17923244027995473429,1805886278913680669,131072 /prefetch:8
  2⤵
  PID:5784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 --field-trial-handle=1976,i,17923244027995473429,1805886278913680669,131072 /prefetch:8
  2⤵
  PID:5876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4900 --field-trial-handle=1976,i,17923244027995473429,1805886278913680669,131072 /prefetch:1
  2⤵
  PID:5528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3300 --field-trial-handle=1976,i,17923244027995473429,1805886278913680669,131072 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4020 --field-trial-handle=1976,i,17923244027995473429,1805886278913680669,131072 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4876 --field-trial-handle=1976,i,17923244027995473429,1805886278913680669,131072 /prefetch:8
  2⤵
  PID:4632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 --field-trial-handle=1976,i,17923244027995473429,1805886278913680669,131072 /prefetch:8
  2⤵
  PID:5172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3836 --field-trial-handle=1976,i,17923244027995473429,1805886278913680669,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6100

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5144

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3684 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:8
1⤵
PID:4788

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5816

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Temp1_I_LOVE_YOU-Virus-master.zip\I_LOVE_YOU-Virus-master\Love.bat" "
1⤵
PID:2256

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5884
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_I_LOVE_YOU-Virus-master.zip\I_LOVE_YOU-Virus-master\_config.yml
  2⤵
  PID:5860

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Temp1_I_LOVE_YOU-Virus-master.zip\I_LOVE_YOU-Virus-master\Love.bat" "
1⤵
PID:5020
- C:\Windows\system32\timeout.exe
  timeout 10
  2⤵
  - Delays execution with timeout.exe
  PID:5780
- C:\Windows\system32\shutdown.exe
  shutdown -s -t 100
  2⤵
  PID:3532

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Temp1_I_LOVE_YOU-Virus-master.zip\I_LOVE_YOU-Virus-master\Love.bat" "
1⤵
PID:4852
- C:\Windows\system32\timeout.exe
  timeout 10
  2⤵
  - Delays execution with timeout.exe
  PID:1668
- C:\Windows\system32\shutdown.exe
  shutdown -s -t 100
  2⤵
  PID:5920

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa39a0055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:4000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
de8570d3a65d3e5909a0add9d4d7d763

SHA1
2221e87dca393254f4f382397f3e983b00aa2fb5

SHA256
5e4a0028c75f3f5813ece636563125592ad9002b2db9a9a6a7aec8570f2cfaa3

SHA512
c8d1b9a3450276a422db01e0bde136d156c708dc6a42471739c9158cd6b3d5ff6c69478aa016bcbc72f9afbe58275bf4ad3bd3aa47354dd5457cc9b1148768f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
8a70bc7bb9692f428169ae58d517c42c

SHA1
3b655d3055dff836c6b63c28bd224946e6387aae

SHA256
5075ea04f6a6fd98346db947ab76a2d610d7c4b5e5718f4977cc5edd0d239d25

SHA512
178e1f25f720f99d5356e24cf9519f9a18ee09418099903b3dcb99b612dd3ff8bd3cb36efe3d581e883df85a51eaff2bb619f3eb07ce6c027da2880bb6288b9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
1b8b1ca6ad80d06b1d1f1d20b9a7d651

SHA1
4e6a035d408f24c1e5866e1e7fb0d15a1d47b4b8

SHA256
a6c3495e15ed00a59e69121d1ea29fe2b2d761761bc2c0f46f2fd0779c0a0bad

SHA512
9b14f7581adcd5fe753dc330e28a8a9899de1bed64dadc283c71802c1c222eb5040069a0e2e9f74a3166b14b3164450c9e9d39befff08d0fe486a781b71a58e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2a3883ff7754c1ae9f03bb5e58763b61

SHA1
8d15525710db7791fa87b5acda1c17e4617c16c3

SHA256
313948d3f5b66921f61efe81d13f6152074b45f98fcb2b07fcdd595145d42ead

SHA512
1e63ad13da2b5798f10d6f6e97c99e6322fed2b9fb21e2342405d2c9fe2291cda035c303af1d77f79876b9879feec95ca7f494452717cadb3c95e1362e6f69fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4aba952d6e9f65fd7384aa1385d7c881

SHA1
afd1130028dc7326fe3cee9ca9c333684ee39fa3

SHA256
43dc0043dfbc963847fb55c9855032449a7fc52e1e9e32100f884d6546a0513d

SHA512
b3275ce1db88678a8337098276cdcb11e880d459db66c25fdfc52eab9ceea4b811ebe5b887fc26cf4b231788739c9a42749aff5a27041633f4083ba6fed256a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
d16b8c9e826f364f64e934a82f420aa2

SHA1
2fd522c2d7e651da544455f92cb8729ac6d5833e

SHA256
b665d4a48656cc28732e78aa14618df3840e01be6f50beb6eb7e9d8d976eaf15

SHA512
4dfefd1d8f1edc612b07a66c9a993a07d08e97da2cbddf273e89b3da42e035a97ee6bc6054d6211feba58a9fbf4d05f0b72e6ea01a9c224b9afccb4b8939f356

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
537B

MD5
20ebeeb8abea24ef9e5a81679f6ea5ce

SHA1
0e6a3cdb93558ddf129699a7b43839f309538baa

SHA256
8ea5ec08e766430b069995fab7b2b7559c1508cb8b92b5fde72a8e9d2c43f0b8

SHA512
30946f1e3e7d545c90d3641942cb37c38cd53f3d2840429cb7de5fbf7d114b59b4ba7705906e1109a78998a0207af2d39ba846a4e446feb13f836c1e46177e0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8a26c146fc406a764b07f17df4408642

SHA1
9165a731c50bc5eda7064d5fc70400ee50a12f08

SHA256
8e98cefd68e05c81a7609a13c365ad0dc3f1e6cb7c84de84a9eca66a58f0093c

SHA512
ab00a18750d9fe4b1474d2ddd9bef64e934ea7bbd8a76f8c44200fb4c7d3d939093256edde7f1afd8f1da817ec7afdb8abe7eed5b2a2fe1ecfa1a4c80bef72e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ee240ff27a0496e6e55d29482b7208d1

SHA1
f43687258e5af8fc2302ef2dac51af342502854c

SHA256
c1f4d884aab1b1594e0ad02cd9d41b8479fbf89e3a116dbecad7dc90264b13dd

SHA512
c2b4db5d0186b2bd9be459f48ab7024d88d64d80b4eda09ca1d4bc3130896a02ab610e95029201076f10bb1a8bd1985e1dc9bc24c6814920b211412a3c8cfadd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a1e8306eb977d75ee2afb3b264eb9670

SHA1
4eb9ba92fa87a12bb4db17d853c6e14f5e9aa444

SHA256
3b4ac04686bb4d7bc70f6ebfe33ace3d3d9693c6937a320f9d0bed913687a637

SHA512
f1cb34798794b96fd23379fbeee121a1c4d99a6cc5c46e89f1b0e531ed6455cd53e21ba6831c245148612f20b430e46e4d7faa93e6b6d55cec4128b883f15c87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fde4967e9175f79f1965f32a846d55b5

SHA1
0a8aabc7f6270c40c0de4a6429d5cf8fb332f416

SHA256
89d182bd5e3bdcb22da6660b780190efc22cb308cf303eb6a78d3149203b2e51

SHA512
4f28d932da8ae224acb3acc2572c13394f553b4c4c591d4f53df7971c983a5b19e22e3725c583cd1bd1c3751971181cc69b5148598995b5bbdf2dc3af0de04b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f05060d0258fbce8035c43bcb7d8b17b

SHA1
694f0e9154a439328a01dcb5440edf24514e4e87

SHA256
51f2133eb33b2cb8292883b5be6bac46d370315648da381a26804245bc4060dc

SHA512
4c8b9ca4de3019cab5fd4129d11acd90432ea5e40e0afb1f152fab67bb243c18b43114771381683204d8c0ccac828fba36ea77706684f124abdfa52250d67098

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d2cfab3003bdf2426113ba8dc2bbd2b8

SHA1
1868bb6ccbbbfb0eef8123cc49f1a967af31f2ed

SHA256
c60e6fc32f8da755f3914c409efd7a495cf181eb4890013fef8e5f5f06378db1

SHA512
b70f44f935359ff58061a6745c88b12a849c056c2c0059548e9f9da3f932771feb36ee463d39a8534ae6846f2e692bf986db7155ff30c32ce66c1f0e87048187

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
270KB

MD5
7432354443bea6399377c7bcdf8fbc02

SHA1
c3961d4cf3fbb8f2c6d6734fc9408d958d210076

SHA256
4bf293614bb10abac5d80c989b203e5cb250d6cc6d7603b4cc2a1ca557b614d1

SHA512
5b2a4c1399c4fc04a112e6f213597af0b84233e22b0d7d606a0bcad8be75feb477c142f673c2ebec77023328fe30c858a9abdd2bad2c007c397de693d256cbb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
270KB

MD5
e6f716ea94acbdd84498de3a31d9b967

SHA1
53620dec1a550c569f266190fc29eca9b381f527

SHA256
dbe0770376b922d3122de23822389e1c6ddd2fac1af4e4ee791464fddfe63180

SHA512
fb8ffb4b95a7b071a01ea1d60cd6bcae60f4e76fd9776caf040ccb767e88959fac271b577d9acd8eff521bde5ab88330ac788318ab4847dcca82fc3d98fa6bd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
270KB

MD5
85e12e53c3e6a34af365838224fe0603

SHA1
2d35c68aca528426bbb4d43c01fd1e281b4dad93

SHA256
d46ff460857c818ff8a07bee177f264d94d00611ee8fe3acb4decf9fce194169

SHA512
eb6563454a40fc60bc7bad7c9effe6cd1f83b78e56e6cc1cfee91ff8b78ed2e365a4babd19980ccd34dcd06b1000b9be2777e6bd1bd48b7e4233f29c17a6d9d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
76a0708144a2879e372f5f8261155058

SHA1
5e403f98770b1d2a4ccd0b781fde6d642a9ab5c9

SHA256
06e6e4f946f33b52eef1033f7120eab35a2df8ee7047a0d3aa779129f80a5667

SHA512
e7cbcfc953b005a9382ac53dc03c89a8c75de5345e1fdd06e4eb56ba494b60e1447eeb55ecf7e42130d5a4fdd8ba85552e118de2d51b887a2a56fe7ca569614d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
102KB

MD5
ed85c9fbff28e93cf60156b2b6ba10e5

SHA1
7d192c875dcb0a71d87ed51c615ae8b3f6475944

SHA256
8c95da82f68cfe9234d1bfa5ceae31e2ee47bafecd0f5d22283308ec5c1fecec

SHA512
92eef7bc7abf342d0ab2cd0b9291c3ce6ffc195e37a9794cc65d88bdbf4e7fab8f775883799145c2a15d71277f75c3ff4a2f7e22cc5a581cfc0fc2faf5b36fd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58aa74.TMP

Filesize
98KB

MD5
d622f0408d762e8a993644c6dc0432ae

SHA1
b43265891e3a301886f9d23be420b7ef119dad0d

SHA256
e6948b78091659061be16be3546332d612d921c88e5e5970b455820e0a471596

SHA512
e7cc7433cf6b06c9208ec0fedf8c870a86c68d4f5d89b5ccbcb02feba4d29406dea4967bffc6f56d53338cf42f9c946716cb15c770546ec6211f9a28292ed850

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
6KB

MD5
4b902d5a89cf2c9b85dca6f045ea28a2

SHA1
233198d109f8ab7b9f1813b3d464937945583700

SHA256
66df1cb11d29e2a12ec1616d7b85fd1c7a9aa7b7b4c08f2ef5b45bb5dde9b0f8

SHA512
8a930d376bf25ff124a9e8197f9b7ceb656c0404dc6e4b6a48af347aa813f217a1fefc5f015e8064700b4f5b3a56b864f4f9e29754d0c2671c2b561c1fddf056

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js

Filesize
6KB

MD5
464dc8c8391808ef00e572908e6baa62

SHA1
ab7591b53236a4f04f020e33e06f30c880c2c04a

SHA256
397f8fb57a847c6ac49a0bf2b26b214e3a9fa432c251871f138560c7f86d6d10

SHA512
26c2d8f81e6f4490e3eff697706c24f4898341726f63de7e50bdc0ebce81b5f271fa7f24d1a6a8e03ad25ff06abb8b302074bc277c2c4921aef09e0da94749ef

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js

Filesize
6KB

MD5
0ead7ed2de6bf09a8e83082cff1e01c5

SHA1
652c8df3637f187ecacd70c0e2857e2b0d64e864

SHA256
c072aefa822cea9ea5e654aad6e648d29b1dadd86fcf4bd3d75819829ddb898b

SHA512
cd2f7b0b770c38552b7830fafff65aa843f15ab1c9a0a32027d42a71392a1bccab28b07086802f2b2228a8ef2999462c93c2a650fa3f8bd576dc15ce285c5be0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
271B

MD5
c439e8302ef74f78a59f06b98dffcab8

SHA1
82df1ee7ccae01dd298ef9db8e1dfccec84c1138

SHA256
323bed81451d6e0332bcb50e0cd673002e2bea3dbbfa7e8484a41fef63976603

SHA512
04840f8e3acbbc12adb0b1364be5a42a39c3ed3883268895be51a538fea028f133bed1aee4d3994e919bb7ae236e598acbce3700059e29d291fc06c159021e99

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
89fb414d778d11d3a12991de60301815

SHA1
1d7a63ca92d9ad28930ce2feaac8c71c3f699ef7

SHA256
935ba660008416f0b46a028a709944f11f9c2858243a2f7bc0b57aa1d96314be

SHA512
49f06dc78f2e08621ba4ed19925d8c7ed040502f13edaeedc7df3d675e77417d8b7b3c0b3feaf7f4fcef989091b363f5af1fa9258de57cee5bd904e1d7a31f9b

Download Submit
C:\Users\Admin\Downloads\I_LOVE_YOU-Virus-master.zip

Filesize
2KB

MD5
c2a96fbc27d47ae5512b4c6a1be74226

SHA1
166e20e1389b78a845a608357f13f428c32f0c96

SHA256
6a420231c21a7ebd4a72c3c8a2860b73a4b275443be5e82c4c7de01935b72ecc

SHA512
2429fdcfb069193fee4d810edb55dd9000465866f8a75e6c4c19766bc7241d2d92d1ec4fbdc9e072d00ad7eacc079fea8744df2517b69683359b55aa61b10ffc

Download Submit

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads