hxxp://google[.]com

Analysis

max time kernel
1318s
max time network
1320s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25-06-2024 09:37

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

http://google.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exechrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 18 IoCs

Processes:

LogonUI.exechrome.exechrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133637819090380180"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "233"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

chrome.exechrome.exechrome.exechrome.exe

pid	process
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
4544	chrome.exe
4544	chrome.exe
216	chrome.exe
216	chrome.exe
4772	chrome.exe
4772	chrome.exe
216	chrome.exe
216	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

chrome.exechrome.exe

pid process

3860 chrome.exe
3860 chrome.exe
3860 chrome.exe
3860 chrome.exe
3860 chrome.exe
3860 chrome.exe
3860 chrome.exe
216 chrome.exe
216 chrome.exe
216 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe
Token: SeShutdownPrivilege	3860	chrome.exe
Token: SeCreatePagefilePrivilege	3860	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

Processes:

chrome.exechrome.exe

pid	process
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

Processes:

chrome.exechrome.exe

pid	process
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
3860	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

LogonUI.exe

pid process

5040 LogonUI.exe

pid	process
5040	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3860 wrote to memory of 3100	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 3100	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 3636	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 3636	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 3636	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 3636	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 3636	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 3636	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 3636	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 3636	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 3636	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 3636	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 3636	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 3636	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 3636	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 3636	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 3636	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 3636	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 3636	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 3636	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 3636	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 3636	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 3636	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 3636	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 3636	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 3636	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 3636	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 3636	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 3636	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 3636	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 3636	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 3636	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 3636	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 376	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 376	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 764	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 764	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 764	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 764	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 764	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 764	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 764	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 764	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 764	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 764	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 764	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 764	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 764	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 764	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 764	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 764	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 764	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 764	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 764	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 764	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 764	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 764	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 764	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 764	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 764	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 764	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 764	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 764	3860	chrome.exe	chrome.exe
PID 3860 wrote to memory of 764	3860	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://google.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffa75bab58,0x7fffa75bab68,0x7fffa75bab78
2⤵
PID:3100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 --field-trial-handle=1864,i,10232071194342016013,2934441233624659570,131072 /prefetch:2
2⤵
PID:3636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1864,i,10232071194342016013,2934441233624659570,131072 /prefetch:8
2⤵
PID:376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2248 --field-trial-handle=1864,i,10232071194342016013,2934441233624659570,131072 /prefetch:8
2⤵
PID:764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2932 --field-trial-handle=1864,i,10232071194342016013,2934441233624659570,131072 /prefetch:1
2⤵
PID:2620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2944 --field-trial-handle=1864,i,10232071194342016013,2934441233624659570,131072 /prefetch:1
2⤵
PID:1200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4320 --field-trial-handle=1864,i,10232071194342016013,2934441233624659570,131072 /prefetch:8
2⤵
PID:3748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4464 --field-trial-handle=1864,i,10232071194342016013,2934441233624659570,131072 /prefetch:8
2⤵
PID:3308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4548 --field-trial-handle=1864,i,10232071194342016013,2934441233624659570,131072 /prefetch:1
2⤵
PID:4896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3400 --field-trial-handle=1864,i,10232071194342016013,2934441233624659570,131072 /prefetch:1
2⤵
PID:1256

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4444 --field-trial-handle=1864,i,10232071194342016013,2934441233624659570,131072 /prefetch:8
2⤵
PID:508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4572 --field-trial-handle=1864,i,10232071194342016013,2934441233624659570,131072 /prefetch:8
2⤵
PID:4852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4548 --field-trial-handle=1864,i,10232071194342016013,2934441233624659570,131072 /prefetch:8
2⤵
PID:2412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4352 --field-trial-handle=1864,i,10232071194342016013,2934441233624659570,131072 /prefetch:1
2⤵
PID:4564

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1548 --field-trial-handle=1864,i,10232071194342016013,2934441233624659570,131072 /prefetch:1
2⤵
PID:4868

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1540 --field-trial-handle=1864,i,10232071194342016013,2934441233624659570,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=1700 --field-trial-handle=1864,i,10232071194342016013,2934441233624659570,131072 /prefetch:1
2⤵
PID:4636

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fffa75bab58,0x7fffa75bab68,0x7fffa75bab78
2⤵
PID:384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1940,i,11812413258588815590,8818465200975079512,131072 /prefetch:2
2⤵
PID:1444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1940,i,11812413258588815590,8818465200975079512,131072 /prefetch:8
2⤵
PID:696

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2244 --field-trial-handle=1940,i,11812413258588815590,8818465200975079512,131072 /prefetch:8
2⤵
PID:5096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3124 --field-trial-handle=1940,i,11812413258588815590,8818465200975079512,131072 /prefetch:1
2⤵
PID:4036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3132 --field-trial-handle=1940,i,11812413258588815590,8818465200975079512,131072 /prefetch:1
2⤵
PID:4988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4364 --field-trial-handle=1940,i,11812413258588815590,8818465200975079512,131072 /prefetch:1
2⤵
PID:3188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4864 --field-trial-handle=1940,i,11812413258588815590,8818465200975079512,131072 /prefetch:8
2⤵
PID:3560

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4860 --field-trial-handle=1940,i,11812413258588815590,8818465200975079512,131072 /prefetch:8
2⤵
PID:4104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1840 --field-trial-handle=1940,i,11812413258588815590,8818465200975079512,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2460 --field-trial-handle=1940,i,11812413258588815590,8818465200975079512,131072 /prefetch:8
2⤵
PID:3280

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4760 --field-trial-handle=1940,i,11812413258588815590,8818465200975079512,131072 /prefetch:8
2⤵
PID:180

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1192

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:3552

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3942055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:5040

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma
Filesize
1024KB

MD5
d9a49a7d6d5ca840cf0f0e937007e278

SHA1
90197e483cc1bf8970cb6012997b1968f43d8e78

SHA256
183acf4a52e283da352ac2e3d51d43dbdd1534325f4585b6763a4ef38151b876

SHA512
142acbf150500db5f703b3e56c42895cb4374927f6e26adb02f090cf18e9797b8f4e34b7e621de6daf03093cc0a7df73cb4328525ac7a1a4f36e2b61dfde0642

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
757f9692a70d6d6f226ba652bbcffe53

SHA1
771e76fc92d2bf676b3c8e3459ab1a2a1257ff5b

SHA256
d0c09cff1833071e93cda9a4b8141a154dba5964db2c6d773ea98625860d13ad

SHA512
79580dd7eb264967e0f97d0676ba2fcf0c99943681cad40e657e8e246df1b956f6daeb4585c5913ca3a93fdfd768933730a9a97a9018efa33c829ab1dea7a150

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0
Filesize
44KB

MD5
e186950c5b19ad8c9a6baa5f9664b705

SHA1
1b96f964bbd17018b73a8911b46f7d2861dbe7fd

SHA256
2684283d7385a0aaadd0917b202cba87029a8383e2df5a42ce81a248cd64e3eb

SHA512
7ed2671b53c70c482c25771e8588eeb6e692fa84a5f3aa37347b430c5d9ca0cccc10ba98148312fc22d9e09c411577beef58246bd5464e5ff8b12342088c4e08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1
Filesize
264KB

MD5
7ea4ccf2cc85c4b904f6d432e1856eb4

SHA1
f245525c1a6759da04d7aee5b6594c6e111169af

SHA256
2192e0ba004a4fa5cd2a7ac262c5ab7d75a7172991ca5e85b175f814394c5d3d

SHA512
482c832069f0990afcc06b12ac35ea2943dd9bb62f2d11cd986a73b10c6236b81fa6dc53eef1d5d9d40788f52b5d94e7ac741c2630158ac68cc50a539b2f9d78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History
Filesize
152KB

MD5
b273f2a8fc48e04abe7e78e3d87c01f3

SHA1
3b5b15fdaff30adf7f4dd5822f18b362d97125b7

SHA256
77aea92571cdb11f354e5bddfe08b93c1b160074487ee717efa0ea7d5da76326

SHA512
15ed906d7bbe3bdcd9be1129ab5f5da96157d7dd680a87c3a87a8a0ceebf3fc263374a9ab519d66255cd8389f426ce82ac3434164193091d6ded6ed543d29578

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
811B

MD5
0062c075e4de356247d8b8b7e34ab502

SHA1
66e963ba6211e61f8b466b07786f6ecb0873418c

SHA256
02a7b38f1067fbb561df678fe300e139e1d8152f8b7bbcea5663942a4a1925db

SHA512
0cfefa72235645a5e3b07abff9452755889659aea232e079c10b82392608d635e2dba0cb45626f4ce941ea5ef32c6bad0878f043740749e1763e4d6fa51c24e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
f336c9a9d3dcdd63fc913c81b430c4d2

SHA1
2040ae92dea63aa79fa3da48078810dd6907807b

SHA256
e65530bf480cf299628bdfce87af30d6ad06b49c9e2863e597c84973c8700274

SHA512
94217a434b77d56e0d9c1783ab325cb32a9eb82a6e6bb395e550a343d94e5224cbac4d3aedb6e0d6e0676de21099dfcaade2ce621a848da7d407b35673799cd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
b931827565676555a475eec77b1754fd

SHA1
e39bbcbe6791b81503634c5338a4defb09d5c38a

SHA256
c286d8a8189295de32cd7e4cb5bc7d5b051d0eaa9c00619dfcbb53520d355b0d

SHA512
c566d0f1102ea7ab73e4067801f3fc6d7eafc4204ca6246d3698b06c1b2ec4fba72a29cab0c00b116b01ff2f899ad5cc71089c2849f2e388ea8ff3d8f43eb1df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
9d1921f0696fca1e28d5bf645edfd8f3

SHA1
1a63473949ca456c4feff900a5de63746922e4ae

SHA256
1c9afce4b7e80c4a8d4106aeead9c492bed2c107b68d485acfbcf39f52b9161d

SHA512
9ffc4265038eddb41ef6b4f90c1ed436d27775f8e379e0ab2006702eb93cc13fbe6cde54fcc69419a62ebe148ce8e4778967ef50637b9c9aa923767e913f6cbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
897c6efa38e99e2612b7124b64cd5fc3

SHA1
7c3586774a647bdb4fbeb3d9f1a5f343d717589d

SHA256
c3746665ecf00aac01ad91eb505d195c76cc1d4bbc6b262528cbfebd70273c83

SHA512
1845bfe2df9c2ea3a93b66406386ece4b29c89392f7e14be6723bf695823ccfe6f4dfe681b9fe9fdf607f51f70ad413974b066025f8d05a5cac9fa62b256c8b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13363782232116785
Filesize
789B

MD5
05d5b746229b1c1eddde99bded4b9f8d

SHA1
594cef4a83e28b385d5622d09bcb4c4a50642c81

SHA256
9602983f78795c1a61ae7ee86740ee0ae8d70400b848483ff69399d3a1548d13

SHA512
8ed07d4bd9ae5a8af95ad8c0cfc10e157820ceac78f18246730b3f4b47ef9311b97906067729b4c1aad21f7b7e71c3a3111f986915a76388875634d2a13aaf5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log
Filesize
112B

MD5
f89fb01e4dce3eed679ea8df8d3df78c

SHA1
f970a9557ad72059e7521a58084903c8841c7793

SHA256
4577694d0528113fb9a27182995e88ee120b6289510513fceeacbc76675b12fe

SHA512
0e69350bac9e34ba8d920cc529f2d5c27be96bc06481a579adbc14ff5acf05a1daac7ca5cb485e3db019fc44a3daa5f5e115eaadd35ff745c9a09ab4edc71a03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
Filesize
345B

MD5
6c5f9eb50d1976f882e5077539768a1e

SHA1
918df68894630bc808ff2791acc9345fdb972fc6

SHA256
75cd3d41761fa8465b26e725bfc11723617f656a9a413fa7070e6c1ac4fa6bcf

SHA512
0bd9c9e4d0634d9475fa0777d47db48dcf544589d68a7cd9e034d4acc7f2e9c96605741c4378a22265a591f0289e1dcced39e696ff62f371ff6d29c2d84d9ad2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log
Filesize
15KB

MD5
0e72763a7cfa19d446515943ba162f8f

SHA1
0b17302d457bb90f27e33fa5c93ddd206d2e0169

SHA256
8c646a1ea8ad0a00ba76a47d7f5552ae4e5b834317cdeb7a41c80da7e3f21556

SHA512
b325c0639530a490169f078dafa9c5e53766ccf0a9216771ae90491e58e3d2fd405ad972cae6d19acc3caa28304b54aa538af0cb33984524dbff2fd98bf410ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
Filesize
321B

MD5
838a14dfed4142e4a34a1c3dbbc974af

SHA1
3367f9557ec81a438b58217fa7d10c7e79ee6da5

SHA256
037856e656155db1ce5d9940024d15fa430ec070998f3760ac19be2138b65b58

SHA512
bc1ca3a9f17eded0812a3a6c7d97f45a2ba2bee9366d204aa7416a010e8c46e0118b6032953e71fe09acf26318635ad54bd85c78eb9778fc698764eb428ab011

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
Filesize
14B

MD5
009b9a2ee7afbf6dd0b9617fc8f8ecba

SHA1
c97ed0652e731fc412e3b7bdfca2994b7cc206a7

SHA256
de607a2c68f52e15a104ead9ecbaa3e6862fdb11eac080e408ba4d69f1f7a915

SHA512
6161dd952ae140a8fb8aa5e33f06bc65fdc15ce3fbfe4c576dc2668c86bce4a1d5c1112caee014e5efa3698547faad3bc80ec253eedb43148e36e1a02ce89910

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
324KB

MD5
f48fd399664aca060c4f13ea718cb929

SHA1
91d6a55e87454ad976195aebf4e51f4c729e7242

SHA256
1b45e0da0b48c77f37a4ca50f7f4c524ff741f10c2de2921e74afd38bfa85142

SHA512
65a09994a0a333d1f0ce648a3e40c8edae6241f9f39e3f0fc7c8dfcd03e9b2928d93c2e64c0b9bf79ced205b2913cccda59de6b1ad1dd835f6b5336ec189ba94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
325KB

MD5
ddd7b6385a0dcfc5b7559c5205afb724

SHA1
baebb08fe0c69f8440bc83eb3eee6c6653376581

SHA256
73e9c3c02956195508416582d902bb95fc2ad59443f4f8fca1bbc9e7f9435a00

SHA512
a2a48538601ae87b0dea87c51a416a5132498b20ddc3eaeecb211b2108395f03e9070d59e834808c9cfe37e803e7a06bde2d082f6f850d91db082710d16502ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
257KB

MD5
4544315f5a1bf7e67375bbae7bb9d97d

SHA1
86ce33b9f38b06e3bc813e2dca631484ddf6d7cf

SHA256
b034b0141dd4b8df54a64ff2c87f748a15502378c79a124c6251ee5029399f0d

SHA512
65709af5234d15b6a3d50d8e910bbe0d1dbfd4100bd796aaee93a65010e9cddb119bdea15bcd94ab420937069a3da6d0fd5a8b77db90086043d114672e8d2493

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
257KB

MD5
3bb51501fea57746596e5f8ba2ff3745

SHA1
2791f2bf0205672db383a1c7d37edb560b3ec30d

SHA256
328f9f32e00b75cf2cb2964d684dc0fa339159ad5cd6cfbd1564582e25d89a46

SHA512
877a5942a6e64fb0282988b7a5c9bc3ce4941bb0c823d0cd75c067087df84f4ccb8b58fc27849f4d3f6f7516de891b675cc682dc1f0806e14b8e8876c0d70923

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
354KB

MD5
b988c90d2ed8a3233b791caca0858e28

SHA1
ce7545e4c5111dcf85c776be9157bc3e59bf8312

SHA256
dd730509bc8ed119d38d823278208e4f30a463f8d4c96dfbe6deb80dae12130e

SHA512
37a7385e3f09b6bfd9ec39c3d73cd2c384c650a4fa474b012c4213003b97084931777a7cf0eb88d7be8d442c9282b607d18f123d68b8199586635a7c0290420d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
280KB

MD5
e95b7a31737f2a7ce5bf285aafea9fdc

SHA1
4d32025d60a9fb5696128429109ca390e4dedade

SHA256
0ccecd245f26ef3051959fd0caad5cf847756680b013f54338210b005ad66f0b

SHA512
e8f4206e27c72f4ab86f3336d533c9de04361b585c3e9a5a996a85c909b1bf85c339503541c3372491a5bf62a9fa1d0d27f4c45de599107f71ebb2347dd2b80d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
94KB

MD5
7b86e6c98277b7635098cb39382da2f3

SHA1
e34ed8cf0e654fbe2db22759cafc534599aa7b01

SHA256
92eb28ed95bc7db10eb86f7701cbe260bab8113cc38a9a7fc93417820ba0feb9

SHA512
39f4785ca1fdf936c0042403f5db1b293edbdd7e282ed8435786f351b86257bc9c6005ba291a9d8c795258f5a5b9d32afb22b3f55f9c42c3449a9c7638be9dfe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
91KB

MD5
12d494e3dc645537921452786d39befe

SHA1
f4f3b35624137c2ddb179e277251a800c4a32b2a

SHA256
c3e17cc9c90e251d46b8aa932d5e8096715fa26e368185f7162d8e50e2b87143

SHA512
360da234a70713e7191031b8079f7051f0c3d530215b91759565ab0f61cb21c9d58cfb12215fdd17a4653dac58003f643e794b2de529e7bb3f7e56f18405fe54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57deb7.TMP
Filesize
88KB

MD5
b2a81791090227b5ecd7778824e28aaf

SHA1
2c50bee3585444683e7833a369bc0aca4343c2a0

SHA256
dccf6295a4aaf38869d59f8192c6a4a1e238b337f477fafb38f799f3127feed0

SHA512
61306a1306245c06b5e03f4e5d16ee7a20e67c9683682e95cf011e26d67d8776fbb087c054dc5cb74db9b073f8794309d2e0c6e2bf762e0bfcae076067a265d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
Filesize
264KB

MD5
05582f3425f0b0648f24bfa338d54700

SHA1
cb8500802526ae584f1605206d49d43defbb1718

SHA256
a0152639622fd5c9dd49c4e12d3ba2427f0fd14d31cb0555d32ad7ad438c6477

SHA512
832a02d6b2b67e54b92649e7f55eb62e4707d9d26522d5d600de061073f8a79021cba2a11bbccc774313acb58c51bb12b68ccbdf822e57df9d1ac6d2adee829f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\Desktop\AssertNew.zip
Filesize
658KB

MD5
461dcb566c8d9dedf576b205c22405bd

SHA1
3f734cf29b9a3241083bd3ff594dd039c5c02347

SHA256
127753bdd0a5bb864571900bb2fb623b3f313417bb47f62b335d3f518ca1ceda

SHA512
3957bfe912c9b4b5e446d35e91991ae4ab8be71e85d122a59140f10583fb39f0696588aa8e3ab0aff7233b0baa47503d2fedc2df6caaab5730406219217ab35f

Download Submit
C:\Users\Admin\Desktop\BlockDismount.eprtx
Filesize
638KB

MD5
ff7d4b020887cdda6bef7e5bcaa31e2b

SHA1
64f976adb6af36b86a635f8b6d3fd3d447b5b332

SHA256
3c42f9708c6f9e43d5c20569ef1966e6ec5dd806e01b0e56fd7b9bded287e200

SHA512
20e05a9ac37daf1655ebefc416173f589e49809756840d17a4165de4d48a8257188c4ecfc47fa8713f7fa18d5264e1c050ed1a630b6f21aaccbb86482e2f36b0

Download Submit
C:\Users\Admin\Desktop\BlockReset.jpeg
Filesize
324KB

MD5
b7734ecaf9b34b7091b520d8befeabf3

SHA1
155c292eba952e7dfd77814eed00fde6c33b480a

SHA256
82296cf2dffdb5316d36e4395b64361c9422f261abb18b4020275a2b59b1bf77

SHA512
c3967256fcd2cc01cb4c66ac0397b693e3b4ce9414321d6c03762f27375a1c36a8bee1a4e789df4b28153a84faf25593a13984f5eb5548e51dcc41505f201151

Download Submit
C:\Users\Admin\Desktop\CloseSave.odt
Filesize
678KB

MD5
afb06e2ff49d48887e038735c19a6ba1

SHA1
6bf6c8a94d322c0193fe3516f95ed9af9990cfc1

SHA256
1623bf58d23cca75076f0dd2cf79348b3b52012fa4b0bd3f9f082bc0516a04e7

SHA512
b073a45930833d20e57c94c9a6fcbc0ebd0429d5df9099dc9ef86cadb4ddb451ffe67ff38fd5a42aaa458bce1ac90c9a9211a6f1363ea7282c0a2141874e2b1f

Download Submit
C:\Users\Admin\Desktop\CompletePing.3gp2
Filesize
344KB

MD5
6fc644348be7e7ac9b7edd4c9428ecd8

SHA1
ec04262b377d813abea5ab9b82d1ddbf0d5a99f7

SHA256
c6ab668a3ec6624c9f1bbd1202da315c66c286b1f41f05f4956e2f07cbb943d7

SHA512
72d2208054cb7735f9fe686729fb7d38d35d6dce41c58044e9675739bb748da9e7a882429da438f2e45b9cb7fc5bd79b7ccc7ee6fb7428d42e508e7364eae0fc

Download Submit
C:\Users\Admin\Desktop\ConnectJoin.jpe
Filesize
422KB

MD5
0b5075aa8a1754a677a97a0b4abb8ec9

SHA1
6d6ce3638bccb30b03e69471a9c55b2b8e2b9e4f

SHA256
a30af20ea55661287218b6a9a05e4382c17499c5129d0ebf4ffa1ffdf83689f8

SHA512
70b38a7ddbfda7f8a8caaceb3083e8db996f94b5a7de6fd496e04e2adf3d9eb362e3c2914624b06a7dde2358a60958430a5a49d3ba0ec4c8f1b56996c8189050

Download Submit
C:\Users\Admin\Desktop\DebugConfirm.xht
Filesize
540KB

MD5
93051325ad34e7bf3de458a6f11270b3

SHA1
6b1a095ecfc66123b12567b897b65ac2d2d3eb6e

SHA256
16818578f0ae1676159635d5db123c3655c3e4f32ca17d93fcd8a778d54740e3

SHA512
1413def666480293f93a49fdd2cb712a718e60533637ebefd3bb17ed634d80dab7b6880e44173715559ed63dbe1b41e666d9704dc565890fe3fe28584c06acc0

Download Submit
C:\Users\Admin\Desktop\DisablePublish.wmv
Filesize
521KB

MD5
7c1ee3dbf6d5ac44226ca074b0833f56

SHA1
8d47beee6dfbbc0453d9682c361168974c681cbf

SHA256
ce2cc67f83147609508e42716097826857668a8749078328295df2242b6695e3

SHA512
458c1cdf00af856a46fe09073812dee8bc07b39cf160322b61e6f6c301deb5b3cc82d610dee834d549f32c97b66d0ff6e12276337a63a63c547c572ff719609a

Download Submit
C:\Users\Admin\Desktop\FindSubmit.DVR-MS
Filesize
697KB

MD5
81d48cbc18f09028745b397de20049be

SHA1
f468f1ec0f01786dc2d164c41ce2a66c6835c571

SHA256
efcc68e808cc787410191828d3df2c01bc4b7baa678253b36399a2976a8aa2a0

SHA512
b9f2ef1fe1daa38651766d0ae0aea392cd74929a0654ab409d4444004cbc5fbff7ae216bc4dfef41128931a406f88244cc427b3f8fcb0efb3173318ecd38c72f

Download Submit
C:\Users\Admin\Desktop\ImportShow.shtml
Filesize
403KB

MD5
b1f1cc98a3e2221e7da50e39e9ee68db

SHA1
2465d5fdf9d60930d276663808bdd5962c2a8879

SHA256
53cd3f8df6bec55ef5ad888b81e6eda6b642240edcdd1e5eda4464490b27c53c

SHA512
4674704d82889e0cec0570aad8a0ab10c9a74b730b47be8eb818ee94225deda760e98b9eae32a684d71a9fd50329ece951c28b56586902cd74588aaa850726fc

Download Submit
C:\Users\Admin\Desktop\MergeRestart.js
Filesize
481KB

MD5
bb8506d737e5d0d1f52ebb8ab13c678b

SHA1
a38da6bfa743088e49f169df5b11470caee223b6

SHA256
81375e1ea4ff96dd82e60e86abd875b247cd3f6e3f352e6d7503655341f54ea1

SHA512
3843db881b20f7baf91f60f9bc133a16955ff44367f19431055ef9b007d3a6f0eb36ff3409f914294280acf4be09a53e4f4468a6eddacb2ffed0c38f6795e430

Download Submit
C:\Users\Admin\Desktop\Microsoft Edge.lnk
Filesize
2KB

MD5
5a32eb516e59ab42d2d014aa4a69418b

SHA1
6665d9942a65fb9b168345d00dbf7bac36284220

SHA256
c1dd003e476edcd5bc8bdcd4abe4f458fd4b7ed12a77a314c6b9d745e0de7917

SHA512
48e224685b5f0cf02792b8aaf0c3b2c967e697ffb10238ae9d514eabc9ddc6952238b543a0d8f1ebd39091a3a65af47ff831aa3d71b08e6311de0954d861e0c3

Download Submit
C:\Users\Admin\Desktop\MountRestore.vdw
Filesize
619KB

MD5
f64df46156111c9bdb61f565921c0158

SHA1
dd1996176411c4febb146483f2eddb89ad05a463

SHA256
95722de6bcfbe10ba15873acd1360f38ad87077f2dab04f92f7a6580f3461fcc

SHA512
56691952bb76903c500557cdc4ce34c98fb152d59013b3976c819417ec969080f61c0d260d5ecefdd76d84cbf007445a5882e2596eb029afe5dced1f2eb0a575

Download Submit
C:\Users\Admin\Desktop\OptimizeReset.mpa
Filesize
501KB

MD5
2acfc76d1170b73511f09cda24566792

SHA1
e1f6bda0c1f3225988e2b5c8fcb744ea7ded3840

SHA256
1dc1364064a63ed252fbba11888bee8a08273cb4603a75022a5c53d848f1a8fa

SHA512
5047b52ff10e7d2cc8d3173e50e6334587dfbb0e4ba829aa16bb992d1545c86574bfd6b8a109bcf6beacb960a2d2e9a6a25a45b37eedd75f9b10a118baea60b4

Download Submit
C:\Users\Admin\Desktop\OutInitialize.wax
Filesize
383KB

MD5
8caf875206b430d89303bea3065d03a4

SHA1
0e5c9a64b8585841e3a18053714be707e0939d77

SHA256
60d8482deefc0c31e92de42c5445295ce4b3b8eb2a8a0eed80f8cb33074638ee

SHA512
d5b0af2d39a23623530ffca81ec96eb27868202b9a7090f4d31383332589fd7604f5c2ce2b4fe93f2b53dfb214ff433938f171a97f1281f35a509f6104c41979

Download Submit
C:\Users\Admin\Desktop\PopTest.dwg
Filesize
265KB

MD5
1c83664346e599fe4f2c1ff7ce616a30

SHA1
2420751bb38d1825ce66e6e26086a057676af00f

SHA256
26f8726d9f77e1c8993899923761bb3cc6857f540a270ea0cf5c5e3226f14717

SHA512
778d4c78c3894d021c62ed042de59a5a4c49e6b32bac440346f1f0d7138c8a33744b4a6a295d166839f31582431addb883233140f182e63e774913e9dc2900c3

Download Submit
C:\Users\Admin\Desktop\PushUnprotect.jpe
Filesize
363KB

MD5
948934a559bb510a15b12fca910a5aea

SHA1
8e4b6c39c27eabc1e34896199d7445eb88804c5f

SHA256
1abe95e8a03675a4f18f0129570a028857d3ceb1330889e7a14c7b9e4e198ee3

SHA512
8f621b2ca581bb9b941eb6e67e6459d04ccacc5b5d1f1f219ac465a716a543f6b55d374fa29e8e462dcee9c2e5bd4ed19050fb37741540a845a4bad639277a53

Download Submit
C:\Users\Admin\Desktop\RedoShow.TS
Filesize
442KB

MD5
fc0007e450e8861fca2143759c4f57f4

SHA1
28c6e1d3bfefcd609396c8dc10db6b995da02e65

SHA256
d12b0b458ab0b94cfa734e9a950d6d37a6eed195edbb353914d0c7b7a67b1fa9

SHA512
1808f206694898b138b0e932f0ed610355acb7f035b9c59f4c9537842c8c01e4a9704753c0d75897c3dd7fc279b968cd3a26ef6ca8b5a0e939a59c8cb859513f

Download Submit
C:\Users\Admin\Desktop\RemoveDebug.asp
Filesize
560KB

MD5
380189ff82cb7201ec7f325920d2243f

SHA1
59dbdb38b34e78bd6dae0313c5a21167ee770684

SHA256
7876fb98ce5ffbdf1938f17ef2b1619a4910aa8aecfca9ddec37d825b81ce931

SHA512
dd10af333680b0b08bd333102ce1e176ee6f81177ad03fe50ca1e5e467b055260c17aa870746438ddb393142d7bf1956aee25d31520a47d318f10d0e5468384f

Download Submit
C:\Users\Admin\Desktop\RepairCopy.3gpp
Filesize
963KB

MD5
961c57fc04fbc04dea213ecf2571a680

SHA1
101619c670fda780932c645189d0c0113dc99e21

SHA256
c406ec794205692950efc03f970a0bed774f94ab6f8ccb83ac376add3efb7982

SHA512
df0732c79f4ba9be6b6b8e7f4184c4d2f0bc2d85f100b18ae687e651a3a0ae3fe4ec5b675be53942638fe648826ec958011d885a2a67e7bca823154f31ef91d6

Download Submit
C:\Users\Admin\Desktop\ResumeUninstall.mpg
Filesize
580KB

MD5
d2b4b063c2c9cdac7b0fefc7469f9c85

SHA1
786dcac6ffe727707e518293d3e874d48428477f

SHA256
8a2a1f99ca1171ff90062493b1ed573d227b910420a225f66da0841f2900184e

SHA512
89ba13a57fde37f621ef969c2cdd230f377a59ba4ebac19b8e5e581dbdd0a5ea80f34254eeea2c3cd8f558802103565574ac104a3ff26154512eec1e14a0005c

Download Submit
C:\Users\Admin\Desktop\StepUpdate.mpg
Filesize
304KB

MD5
28cf61cfa90819d86bec37c5ddad1e2c

SHA1
99aed023d54537a399da818d0625a5b5f2d50635

SHA256
f7bb1df6a2f496f133d60f35764acc896529fcd94386d91d7a90be9aa2598116

SHA512
75ecef8b6dbc9cdb133e921a381f6a01e18716fe61bb45136237ca4850d006193d42813f5793ae4f251440ce0c0382e522097aa2f1107d905731b483eb46ad09

Download Submit
C:\Users\Admin\Desktop\SwitchUnprotect.dib
Filesize
285KB

MD5
5ecb4a1fd32ac93e4b6f818072a78ed0

SHA1
b61adab30958ee0a75351c06125037f7d761d3e4

SHA256
71d0ef307d88c8e7c255c3ba8704ee22e0c41c1e7c4b64a1f684c5f3e34d8982

SHA512
5e24052ef2ea544f8206b86c2460db2d036072bfca81cd79284951ec3c435203a550bf5ffd7f9acf0e277d642310da3dbcc3b944882752ef5a014c2d25a53d9b

Download Submit
C:\Users\Admin\Desktop\TestTrace.3gpp
Filesize
599KB

MD5
a40b609d099d83035ed8de70c65987d2

SHA1
8b924ccb0f96d1d6596dabafc5c4aab6f196a625

SHA256
fc04655faf998d59975a0c49d1c3c9aa4456a80fee625c837281d2dc5ae77f76

SHA512
77778082eb76c3bdeed09f3fd1ab625a823b727bb957c4de587e82333a7975ead4d9f778a02981359befcca364045f5cbce3249e7e2a9e42ee4a021e493df0ec

Download Submit
C:\Users\Admin\Desktop\UnblockBackup.wma
Filesize
462KB

MD5
449e8be237cf1c040d94c742c36bd165

SHA1
6c23ba283992dfbdeeaad2400fadceabb293ddd5

SHA256
a603a0a3909a6c9647b6a907f664ec6780ae902cc9bb16acf6a9f8b6e60d48fa

SHA512
427b21eb940ab44cd1ca6b62b307b1fd8ecabea131a2b8bc025d6cc3aa2e35741799b5e5c3b1d6a8380846ba254f1ecf641b864f473a1f5f5b1b371f4829ff06

Download Submit
C:\Users\Admin\Desktop\WatchSplit.bat
Filesize
245KB

MD5
0e05704d974aa9bd10476679d7e1720f

SHA1
a6e582d0fb9cb7c0ccca801d02251f71c1a676fd

SHA256
c1063ec84273195bf440a2b393a057f42a64a0c49169c435c2d7f613fd056b17

SHA512
9654b3f79a05e41e166a69c890e55850dbd3ed6925b4f3f7fe16a6dd10fff8dfc41f3c43b22a6da027855798766228344672bd075950e705d1df5d2e4c36ff29

Download Submit
C:\Users\Public\Desktop\Acrobat Reader DC.lnk
Filesize
2KB

MD5
a62f85ded507d9e3b6201ce2026832d2

SHA1
e56e290431ab577db73c9d92da8463c765ed274c

SHA256
97cf7e3b3e9ba6f2606cea6f879576497b96224eebbc9506906f6507f91650e0

SHA512
387b648828c1619ec2063ba14df67b3197b382e9139b75cf05919301f1a3742c84c72cb39679f3cf41f604811ee87947f3c18ece47230b01fa41e3bd82b96987

Download Submit
C:\Users\Public\Desktop\Firefox.lnk
Filesize
1000B

MD5
5f1a76469bee19a9bb1104ae60bf2754

SHA1
6c18f54f99771b7210c6c6fcdab1fd7ac2db1cc2

SHA256
293beef9b87f853dce2cbb18136b323e5b48f858b0dd572941b1d69b1ead27a5

SHA512
24644267ad772b0fbfb79fca07bd1deab976fb99358c1ed44ee4854c559fe4b7e6a8907cf1e319217c343cb2783b0c542e2a4a3d02d4f27ebe8c1db14f2a60c9

Download Submit
C:\Users\Public\Desktop\Google Chrome.lnk
Filesize
2KB

MD5
f56cf980a91e2452042aa10e2ac5c6c3

SHA1
e5d009b4454f1ef8c0752e42b52e8b667c6ea775

SHA256
cd9bd53dba03846a5575673fd79633a0903997e84d30beabe416cbb32ac627d1

SHA512
65e0de31770f03f0b5716d25864fe4bdb3d762a3460912ee49611db30e4818c573daf6c9ba5a37b23511f28da8a2da208de82c2c7ef798f4dec26b50c2c23e4b

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk
Filesize
923B

MD5
6f7965131b5e962a9635819f96160aa1

SHA1
aa2a5ec1bb2339db835982980aaa5373be687359

SHA256
e7f9942bdf76a6e7c4c4b1b5ad49ab1b8f597a2a00dbd0661cf1f87facecbea4

SHA512
7b9f49699eb98382256c6585ab8a00faa567c5d9abdd1f9c7869716a5081a6ef7c49b527451be05f1c05586a861cfb983b869d055341b780d5890b7389dcace2

Download Submit
\??\pipe\crashpad_3860_ZIHLRNOEOYBSGZUW
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads