734b47199989cd1ca7c47e98d3fb797875eb3169d629a3a405c588ecae2d82a2

Resubmissions

19-06-2024 23:50

240619-3vv2psxemd 3

19-06-2024 23:50

19-06-2024 23:49

19-06-2024 23:47

19-06-2024 23:42

Analysis

max time kernel
66s
max time network
194s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
19-06-2024 23:50

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

one-punch-man-saitama-pfp-1.jpg
Size

90KB
MD5

abc0f06044b5335f651d4f59cf3f7650
SHA1

dfc201aeb0bb4b35d66156c2f9fef8cfe2eb5809
SHA256

734b47199989cd1ca7c47e98d3fb797875eb3169d629a3a405c588ecae2d82a2
SHA512

5f64bba784f3653e76439ec5533a7a813b4af9f9f01cbc859c5d395f643770aace49b8fa22d89a554ab526846d7fb6826578ed495016c58da08b78aa4514eaca
SSDEEP

1536:YzA5ihFqqOsM4AET3NxFBY9ygVD1f31jfUB3pIEsezIZHe9coc7Kgn:N5ihFIgAEvED1/580LnHe+oc+2

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000_Classes\Local Settings	rundll32.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2800	chrome.exe
2800	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
2916	rundll32.exe
2916	rundll32.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2800 wrote to memory of 2908	2800	chrome.exe	29
PID 2800 wrote to memory of 2908	2800	chrome.exe	29
PID 2800 wrote to memory of 2908	2800	chrome.exe	29
PID 2800 wrote to memory of 2776	2800	chrome.exe	31
PID 2800 wrote to memory of 2776	2800	chrome.exe	31
PID 2800 wrote to memory of 2776	2800	chrome.exe	31
PID 2800 wrote to memory of 2776	2800	chrome.exe	31
PID 2800 wrote to memory of 2776	2800	chrome.exe	31
PID 2800 wrote to memory of 2776	2800	chrome.exe	31
PID 2800 wrote to memory of 2776	2800	chrome.exe	31
PID 2800 wrote to memory of 2776	2800	chrome.exe	31
PID 2800 wrote to memory of 2776	2800	chrome.exe	31
PID 2800 wrote to memory of 2776	2800	chrome.exe	31
PID 2800 wrote to memory of 2776	2800	chrome.exe	31
PID 2800 wrote to memory of 2776	2800	chrome.exe	31
PID 2800 wrote to memory of 2776	2800	chrome.exe	31
PID 2800 wrote to memory of 2776	2800	chrome.exe	31
PID 2800 wrote to memory of 2776	2800	chrome.exe	31
PID 2800 wrote to memory of 2776	2800	chrome.exe	31
PID 2800 wrote to memory of 2776	2800	chrome.exe	31
PID 2800 wrote to memory of 2776	2800	chrome.exe	31
PID 2800 wrote to memory of 2776	2800	chrome.exe	31
PID 2800 wrote to memory of 2776	2800	chrome.exe	31
PID 2800 wrote to memory of 2776	2800	chrome.exe	31
PID 2800 wrote to memory of 2776	2800	chrome.exe	31
PID 2800 wrote to memory of 2776	2800	chrome.exe	31
PID 2800 wrote to memory of 2776	2800	chrome.exe	31
PID 2800 wrote to memory of 2776	2800	chrome.exe	31
PID 2800 wrote to memory of 2776	2800	chrome.exe	31
PID 2800 wrote to memory of 2776	2800	chrome.exe	31
PID 2800 wrote to memory of 2776	2800	chrome.exe	31
PID 2800 wrote to memory of 2776	2800	chrome.exe	31
PID 2800 wrote to memory of 2776	2800	chrome.exe	31
PID 2800 wrote to memory of 2776	2800	chrome.exe	31
PID 2800 wrote to memory of 2776	2800	chrome.exe	31
PID 2800 wrote to memory of 2776	2800	chrome.exe	31
PID 2800 wrote to memory of 2776	2800	chrome.exe	31
PID 2800 wrote to memory of 2776	2800	chrome.exe	31
PID 2800 wrote to memory of 2776	2800	chrome.exe	31
PID 2800 wrote to memory of 2776	2800	chrome.exe	31
PID 2800 wrote to memory of 2776	2800	chrome.exe	31
PID 2800 wrote to memory of 2776	2800	chrome.exe	31
PID 2800 wrote to memory of 1152	2800	chrome.exe	32
PID 2800 wrote to memory of 1152	2800	chrome.exe	32
PID 2800 wrote to memory of 1152	2800	chrome.exe	32
PID 2800 wrote to memory of 2612	2800	chrome.exe	33
PID 2800 wrote to memory of 2612	2800	chrome.exe	33
PID 2800 wrote to memory of 2612	2800	chrome.exe	33
PID 2800 wrote to memory of 2612	2800	chrome.exe	33
PID 2800 wrote to memory of 2612	2800	chrome.exe	33
PID 2800 wrote to memory of 2612	2800	chrome.exe	33
PID 2800 wrote to memory of 2612	2800	chrome.exe	33
PID 2800 wrote to memory of 2612	2800	chrome.exe	33
PID 2800 wrote to memory of 2612	2800	chrome.exe	33
PID 2800 wrote to memory of 2612	2800	chrome.exe	33
PID 2800 wrote to memory of 2612	2800	chrome.exe	33
PID 2800 wrote to memory of 2612	2800	chrome.exe	33
PID 2800 wrote to memory of 2612	2800	chrome.exe	33
PID 2800 wrote to memory of 2612	2800	chrome.exe	33
PID 2800 wrote to memory of 2612	2800	chrome.exe	33
PID 2800 wrote to memory of 2612	2800	chrome.exe	33
PID 2800 wrote to memory of 2612	2800	chrome.exe	33
PID 2800 wrote to memory of 2612	2800	chrome.exe	33
PID 2800 wrote to memory of 2612	2800	chrome.exe	33

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\one-punch-man-saitama-pfp-1.jpg
1⤵
- Modifies registry class
- Suspicious use of FindShellTrayWindow
PID:2916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7069758,0x7fef7069768,0x7fef7069778
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1172 --field-trial-handle=1312,i,3708195642545349914,3932692843284107143,131072 /prefetch:2
  2⤵
  PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1312,i,3708195642545349914,3932692843284107143,131072 /prefetch:8
  2⤵
  PID:1152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1604 --field-trial-handle=1312,i,3708195642545349914,3932692843284107143,131072 /prefetch:8
  2⤵
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2172 --field-trial-handle=1312,i,3708195642545349914,3932692843284107143,131072 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2180 --field-trial-handle=1312,i,3708195642545349914,3932692843284107143,131072 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2828 --field-trial-handle=1312,i,3708195642545349914,3932692843284107143,131072 /prefetch:2
  2⤵
  PID:616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3332 --field-trial-handle=1312,i,3708195642545349914,3932692843284107143,131072 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3452 --field-trial-handle=1312,i,3708195642545349914,3932692843284107143,131072 /prefetch:8
  2⤵
  PID:2848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3564 --field-trial-handle=1312,i,3708195642545349914,3932692843284107143,131072 /prefetch:8
  2⤵
  PID:1384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3832 --field-trial-handle=1312,i,3708195642545349914,3932692843284107143,131072 /prefetch:8
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:2168
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x1400a7688,0x1400a7698,0x1400a76a8
    3⤵
    PID:2320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3892 --field-trial-handle=1312,i,3708195642545349914,3932692843284107143,131072 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3748 --field-trial-handle=1312,i,3708195642545349914,3932692843284107143,131072 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3552 --field-trial-handle=1312,i,3708195642545349914,3932692843284107143,131072 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1312,i,3708195642545349914,3932692843284107143,131072 /prefetch:8
  2⤵
  PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1468 --field-trial-handle=1312,i,3708195642545349914,3932692843284107143,131072 /prefetch:1
  2⤵
  PID:944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=1580 --field-trial-handle=1312,i,3708195642545349914,3932692843284107143,131072 /prefetch:1
  2⤵
  PID:2840

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2656

C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe" C:\Windows\system32\devmgmt.msc
1⤵
PID:1628

C:\Windows\helppane.exe
C:\Windows\helppane.exe -Embedding
1⤵
PID:1504

C:\Windows\system32\DrvInst.exe
DrvInst.exe "2" "211" "PCI\VEN_1234&DEV_1111&SUBSYS_11001AF4&REV_02\3&11583659&0&08" "C:\Windows\INF\igdlh.inf" "igdlh.inf:Intel.Mfg.NTamd64...1:i965G0:8.15.10.1749:pci\ven_8086&dev_2972" "65da5c193" "00000000000005B0" "00000000000005BC" "0000000000000060"
1⤵
PID:1592

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Windows\system32\newdev.dll,pDiDeviceInstallNotification \\.\pipe\PNP_Device_Install_Pipe_1.{c99b91a9-cb36-4e81-b2e4-bb3cea49fb78} "(null)"
1⤵
PID:1032

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
1⤵
PID:1644

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x1cc
1⤵
PID:316

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x1
1⤵
PID:1108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
35f8e4ed1e5aee34000a4846c801a7ec

SHA1
43555ab73121144c5e6e8c943fe982ff5146a9ec

SHA256
60cca87f8a152b86bb0dcc1d7fdc7442da5c4a7bc0656d11166d462564c8f11d

SHA512
ab0a4a8664a6f735b793cad0efc68395c96bcb896395b005ab6eaa955dab716cd8204621dbfaeb4a69273934aa50ef6dbda7bc60de4351931a0837accaee106c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0fd9216c5ac6be2927c871393081cba2

SHA1
adca5d8b14553ca183f0b0c73987c8bb9f9014fc

SHA256
18012132a33b3eccc85e0216ecb819986278c8ba9eeb7560ece1d09a4d2e7fe2

SHA512
2ad99dc7044babe87149d221ea7ae191e45168a411bc165a38ef2d757a81386480dbebfb05f7d871da3a50eeb56916ba7e82fcf731b568381856da8c235b87c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
94f2666fbcb316257b59c80499a9cbac

SHA1
315d628ae0217504276ec7814696b45c0f7cbd81

SHA256
ccd8d8f6f9e5d8c5f8ed98829e46fa9657db784c458d2d24ef7c642f12e4686a

SHA512
4b52bdcc10b9ef3ed47019c1513df10ca7fd202310094d53b5987e505e7f893b402f180395160f672be855fa472ecc02a960be8af8db6c4874f7c2ebbb91eaec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d7e97e7dc5262f5fa5e7624fbd7e795b

SHA1
01a959d10661309fe3e782ed006ffce19e94b3d7

SHA256
fa765df9131d3a406633cbfc75d5a8fd28c0276cba90c9753f2c9518cdf10627

SHA512
1ea4dd325a9a25ae064c36c24192fa055dceeca3d281d1499c9187a9760c3147c2564ec91e3e0e50c263fd7669cdbbcecaf82d55fadaeb577ecd085cf20b6a0b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
71fba6aed576eead043979913e597d93

SHA1
b8a5f740e638b2cf3bdf0aa9adda75fee3186c07

SHA256
a32f2f3d90c2e6609b1db13148e8f3b3408f2767cf6c13e6ec4b0b2164025fa1

SHA512
8e5a3ee64bea43c7a651124b666b6dec95de2935724606216259ed780ee6743706303c175300b52a56623494cdfe078eccb593a872638bf64cfdf27c15bfd742

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dea70ead4a66ac8dd980eb2c9e6e8b4a

SHA1
3e5507549caee1904e224966aca0e2e7fdef5dc3

SHA256
9df663db79cc22dfa1cd33161496b7afe469e77ed2ff0518461743a980b3981d

SHA512
eb75ffc55324eff9c3d8f77b856397057f7273c0619f550931f1f256ffd5cb3e8a66b225ead8fbf5070ae2eceb68b35d0a67ce596f3f09cec7aeb24a41c84bf4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8a1dc607e1c618cee25d961c4ef56b11

SHA1
da7314c87b9d4f84238f80e26d07ee6276cc32ee

SHA256
7837a8ff34a102d1dc0724a6b28d28497b2c3f997f13eca0a4968fa50566903a

SHA512
71707f328c49af79ec8a605b786b90a77b8fbd1efb511ef185270d81f1fe5aed0a2c7613ab8773533da5e3dd2e9589d4c30d08aa0d508fdc114286541d4c9cc9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bf7007fbf451a6c68c0c8e71095956e5

SHA1
e1e09a831a524eca2dc27de7303ef5242a52ed7e

SHA256
add331a2476bf3cd253388fdc3a968bf2f87eb0546ea0f16eaada80069797245

SHA512
f892e5983b1d2020f4cc2dd537e6ef61f5f40bcf45fbb633ce1f2dbadd332860628e4008aa4cc135af5b7ab61cb4ccfce33ac5ff7febeac9a439bb230c39c175

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
73299440f276232ffca1eecf83d0bc83

SHA1
5ab7daa0e0ffd326a56096f8453d4b21192534ba

SHA256
0835046920ed3b354878248020738d1798d6a100623e27c2b5e00c236bbac04d

SHA512
905022e3793e911d9551d302d808d4f65dc318d0e96fabaaa15518ea8652211064fbeb583956d30c69e003eeaba67e199f9feb75c06c296d904e2b364ece7096

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0e9953d9df38474f2a9d243d8439baa2

SHA1
3e3c7afd05d9fd26293463c8e846df071d765159

SHA256
38983a1cbf78f138d7a353bef673184b262315cc0c61db7dc8996b8510dbf162

SHA512
21ea5547cf39ee832271bdac6f80e6d23aec0272f25c2b43f8dee2dc5835661e21622fed9ae7167b34e820264e2568290354a4648d1c3198e4bc57150e97ba10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cf33d2fb97bf4755ef2445f7fe90e09c

SHA1
990c04b3a7ecd71a867deabe8562cdfd88878c34

SHA256
3559c41bbd74e5f52f92fe3502be4577e8879f00f8eabf4f26b95e897b049fd3

SHA512
c39a8a9108ca462d28d7de92d817faeaa28bf642c5c4a439f2c411076eee3632eedea41cb6dae433d0c4afd91e4927161d133ce127417c91f93e5299b1dcf5a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1958b5138d894011a541aa107b49f06b

SHA1
d8e451967857ca10980e15fc75b3508c44e21fd4

SHA256
40539c51e9331ba387fed6f148d262c291c060d327795b0fa85038d2b10b73e2

SHA512
1ee2cb54683019896b187c039129bf5c2ec3149ded06a7c04489b21e669da31fb318fbea40752dcd65a13ae0b009f465900a02806709df50fdacb5852aac5382

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
032a0d1da6a10654d03d01426451015d

SHA1
eaed390dc2c1d19c878b980088cf7df786ef0190

SHA256
f413d80cb3b8b7c365107db4ea9747d67f00b76f5f0e6ab9fd66724c576ebafe

SHA512
f07d992ce810ddccb0c2bbbdb74816f7c3e6dba8487a2eca7af497809151d66fe38cd3173eae5c8c7dc0a1a699df38e350cfba5ed040275d6ba4444ff122361f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
525B

MD5
f879131abb2c226188a02f8f45f6e258

SHA1
662eae5388c2ba6be6d587e7f66e3d3edcb16914

SHA256
48d5b31bbc039574ffaf60895a3b715b29d015d8e793041c1a3e393a69947e85

SHA512
90c3661c23984fd2f5fc0685bd35b662f19d29a51548a2871852b50852116e4ba2d732da863f1b710adcfb4401e4195f9d9d819c72f2d5ef2e6e9678af1156e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bef06033ddea17c38367fb6401debd3f

SHA1
299f35661802e612414858b99f78bf4528a4a1f8

SHA256
053463673de5c8c18a17ba82811779bbab7e05375504dda461e08c0443c10cc3

SHA512
0a6bcf99ff8c3f24638bdea4be772fe65b028b377079df8c84a7f1510f074b0d17fca4ff3f6d8e52fd3a056bd7bd230c7d7b4c266d34aa94fded0f6a63233b67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
525B

MD5
6c820de35c96b921a43aec1891f950c5

SHA1
1aca9a9a30b9f4d40a8c449175ade6884f91ac9f

SHA256
58f6a0e2611e49bb6fc0aa5bf19cd59c32cf32b142d13c52f1fccf36340711ba

SHA512
78032074a1f90410552c5e201c8e181b7a1db2c406ececf8943b1031a1e1207553d8cbfd84a0873b563f01c6f30487ba050d7ef9615634111adfe421f8a6e8d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
eec14b4697c000ddfde6099b1f43cc7d

SHA1
8e4a3a875c0009849de73b3315a94052dbf6560f

SHA256
8e61623b035c5f1558028123ac18511e74aaae35af1a348bd3753250f3ff0171

SHA512
c0c38c0c60cbeb3ba95852434ccac05e0c2a8a2374911f5f1be3eef37df824214c94e9ab6d15110f1c44137a12fa8231238bbadc3f5dc3aa3d8567f09ff74a9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
895dbf5362e55a370dbc1036c53f361d

SHA1
91b542b7646c2f97d53fdfddd41ac96076942473

SHA256
7207d44e9c2ac9ba6e1b0340f4dcb2f3eabb543ba90fad02234b103b561ea6a2

SHA512
989816e07eee5542bf1ca3e32433a9c15eedb0c8fd989596897bc01c143e7aacb5a8ffae8f34a0d3c9523605304085a9442a678b19b522bcd03a4156ce492a74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
7009e7613dcc23a8aa1f5c2966ed1707

SHA1
26b4c2642f30290521186211f5301381bf3ae20d

SHA256
19fc94531e87ba9ddef0d34576caad1b97a3f1a9a2e096269e7be45018af94b1

SHA512
841934c10ee9f13687105c4c6ca8d5550b5174ca3a959b66824f078236508cd0f8d14fd1c673485276e7cabe54cbd8bb50072ad9efb12f07376ba3cabe0f1024

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
afa1eff7c55d17329c12a772dfde76ae

SHA1
a0c8bc851bef804737bdb5f8e80228dd0ae8ac7e

SHA256
5fcbb3a8f61370686bdcddd23bc9441ea8442ee949fcce13e0bcc9b6263138ca

SHA512
f41b9b407a079d14622d640fd31c0aa674bb9be08a4a9b41b7bea6a3c29fb35faa2377b35446d944d1e7c595ebd64292e62050b78b5cbbd7ff7274e103c42d5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
433c818022abe732b287f8cb570ba12b

SHA1
f7decfbdb467c7f71678c0bc11914b18808df733

SHA256
90c32d5400ce0c05930fbf86c4af877a7ec276090949a44f8d36247656aa6e51

SHA512
a08a8187e5b82218ca655bcc6b9d5a07271fbf7a48f4007aea9ed823a338824c4dc981cdf09d2b1fc228d5999737aacd054c52879d97c0b26b5b3a746114fa50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
298KB

MD5
4daba6e837fa0e84ec7f09e68841f1f4

SHA1
91ad788d5ae1b6e65608762c1df5224a1215f313

SHA256
d04fc3842b46f49ff3fe1f0ddf2a718ea055567b3c9c134656f256ce89ddac99

SHA512
4e1943532f9a059fe185191049c1d2be3298ebcd8ce96e28bba6c74e818cd370628270a04f41a6f944f2a56c40ab565620f27251744b8e763437f0130fd366cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
298KB

MD5
9bb4d533e63e38e1227ba87495133fbd

SHA1
089b1348334694a5087b4ca3044b73e6ee3cf4c3

SHA256
fd26e238f51091589b099bb3301f1b2ad034f910ff090ad333ca725cdc0dc668

SHA512
f3c29ceeb8c7430573dd500392824b2fd5eb5d27abba03404eff1b6ab108593a71bd960fd6d950121244d11c74f7cdc645f20e34201bf8030ad5142d471a791f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ee15c26a-a7e2-4a15-bbd2-bd770fe02262.tmp

Filesize
298KB

MD5
08fe3cd2c251e9aca5da3358d8487f40

SHA1
8db4a6937bc347a40ee4eac9bf461d8189e8b3a9

SHA256
8fd4e7972430387572970813d4f6552637c0660b2ae838e8e0206fbeba20dac1

SHA512
6292563e36595e01745f85bc4020ae4aec28ef7876790be3a871c9a997ee2ff0e35f5798142c98cd3b244f6ebf831072013bd75fb94f1e8b89dcc3c8fdf55e9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8DD0.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8E7F.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Windows\INF\igdlh.PNF

Filesize
68KB

MD5
a7ca48e096cd0cc9eaab16e46650e4c8

SHA1
24931b00c596b6eb799d365a95dd5efa7e390d1e

SHA256
e0d8c86103e702940652da78a7655405b83cf1e27e308ee6a3e5c9691c52ac3c

SHA512
f8f2d0956b521ec6605652d14fdcd4f34a5be26b84abcd5e7391625860afc8577e9dee3e28a5c3a941f9a765febd3cee1b82f2cd878969c65a4a64eb839ec717

Download Submit
C:\Windows\System32\DriverStore\FileRepository\igdlh.inf_amd64_neutral_54a12b57f547d08e\igdlh.PNF

Filesize
68KB

MD5
dc5c287d774c5f4b1eb59abfbc3c90f3

SHA1
90c25c9b3daaf35725456f33d20346c125d223c5

SHA256
f5297a56d17bdf375992c9cd7a3539cedc912fbc1e64f3d42fc824a7e24cc77e

SHA512
9a6ca7297526cba0ca2c8f4c04ae58413c00eb0723246dfea1e569ff4247792775007d2e272c7af706d52ba6e91d5364070ce705d366a2f6204957035b3299c6

Download Submit
memory/1628-1010-0x000007FEF8270000-0x000007FEF82AA000-memory.dmp

Filesize
232KB

Download
memory/1628-1012-0x00000000047D0000-0x00000000047E0000-memory.dmp

Filesize
64KB

Download
memory/1628-1011-0x000007FEF6970000-0x000007FEF69AA000-memory.dmp

Filesize
232KB

Download
memory/1628-1031-0x000007FEF5300000-0x000007FEF533A000-memory.dmp

Filesize
232KB

Download
memory/2916-0-0x0000000001BC0000-0x0000000001BC1000-memory.dmp

Filesize
4KB

Download