edc426f4f7d1373edf054024bf979969c89f6f123a944769e8708e381041d513

Analysis

max time kernel
860s
max time network
1703s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
29/06/2024, 14:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RopTranslatorX.py
Size

3KB
MD5

96991fb1e8d1b121e17ca85f4273ee31
SHA1

14c35a5b3d4a5cbbc89b0b365409be365b82a8f0
SHA256

edc426f4f7d1373edf054024bf979969c89f6f123a944769e8708e381041d513
SHA512

046f3251e45ea3d60f55ccbc877d2a540fc9b33c7a67b2ea0ec8dc7ab33809922f427a63e30d106bb8d9d4c59fd7f26f58a582d915cad829b458a0baf6374815

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies registry class 9 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\py_auto_file	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\.py\ = "py_auto_file"	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\py_auto_file\shell	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\py_auto_file\shell\Read\command	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_Classes\Local Settings	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\py_auto_file\	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\.py	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\py_auto_file\shell\Read	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_CLASSES\py_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\AcroRd32.exe\" \"%1\""	rundll32.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2656	AcroRd32.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2656	AcroRd32.exe
2656	AcroRd32.exe
2656	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 2800	2204	cmd.exe	29
PID 2204 wrote to memory of 2800	2204	cmd.exe	29
PID 2204 wrote to memory of 2800	2204	cmd.exe	29
PID 2800 wrote to memory of 2656	2800	rundll32.exe	30
PID 2800 wrote to memory of 2656	2800	rundll32.exe	30
PID 2800 wrote to memory of 2656	2800	rundll32.exe	30
PID 2800 wrote to memory of 2656	2800	rundll32.exe	30
PID 2564 wrote to memory of 2260	2564	chrome.exe	32
PID 2564 wrote to memory of 2260	2564	chrome.exe	32
PID 2564 wrote to memory of 2260	2564	chrome.exe	32
PID 2564 wrote to memory of 2412	2564	chrome.exe	34
PID 2564 wrote to memory of 2412	2564	chrome.exe	34
PID 2564 wrote to memory of 2412	2564	chrome.exe	34
PID 2564 wrote to memory of 2412	2564	chrome.exe	34
PID 2564 wrote to memory of 2412	2564	chrome.exe	34
PID 2564 wrote to memory of 2412	2564	chrome.exe	34
PID 2564 wrote to memory of 2412	2564	chrome.exe	34
PID 2564 wrote to memory of 2412	2564	chrome.exe	34
PID 2564 wrote to memory of 2412	2564	chrome.exe	34
PID 2564 wrote to memory of 2412	2564	chrome.exe	34
PID 2564 wrote to memory of 2412	2564	chrome.exe	34
PID 2564 wrote to memory of 2412	2564	chrome.exe	34
PID 2564 wrote to memory of 2412	2564	chrome.exe	34
PID 2564 wrote to memory of 2412	2564	chrome.exe	34
PID 2564 wrote to memory of 2412	2564	chrome.exe	34
PID 2564 wrote to memory of 2412	2564	chrome.exe	34
PID 2564 wrote to memory of 2412	2564	chrome.exe	34
PID 2564 wrote to memory of 2412	2564	chrome.exe	34
PID 2564 wrote to memory of 2412	2564	chrome.exe	34
PID 2564 wrote to memory of 2412	2564	chrome.exe	34
PID 2564 wrote to memory of 2412	2564	chrome.exe	34
PID 2564 wrote to memory of 2412	2564	chrome.exe	34
PID 2564 wrote to memory of 2412	2564	chrome.exe	34
PID 2564 wrote to memory of 2412	2564	chrome.exe	34
PID 2564 wrote to memory of 2412	2564	chrome.exe	34
PID 2564 wrote to memory of 2412	2564	chrome.exe	34
PID 2564 wrote to memory of 2412	2564	chrome.exe	34
PID 2564 wrote to memory of 2412	2564	chrome.exe	34
PID 2564 wrote to memory of 2412	2564	chrome.exe	34
PID 2564 wrote to memory of 2412	2564	chrome.exe	34
PID 2564 wrote to memory of 2412	2564	chrome.exe	34
PID 2564 wrote to memory of 2412	2564	chrome.exe	34
PID 2564 wrote to memory of 2412	2564	chrome.exe	34
PID 2564 wrote to memory of 2412	2564	chrome.exe	34
PID 2564 wrote to memory of 2412	2564	chrome.exe	34
PID 2564 wrote to memory of 2412	2564	chrome.exe	34
PID 2564 wrote to memory of 2412	2564	chrome.exe	34
PID 2564 wrote to memory of 2412	2564	chrome.exe	34
PID 2564 wrote to memory of 2412	2564	chrome.exe	34
PID 2564 wrote to memory of 344	2564	chrome.exe	35
PID 2564 wrote to memory of 344	2564	chrome.exe	35
PID 2564 wrote to memory of 344	2564	chrome.exe	35
PID 2564 wrote to memory of 1288	2564	chrome.exe	36
PID 2564 wrote to memory of 1288	2564	chrome.exe	36
PID 2564 wrote to memory of 1288	2564	chrome.exe	36
PID 2564 wrote to memory of 1288	2564	chrome.exe	36
PID 2564 wrote to memory of 1288	2564	chrome.exe	36
PID 2564 wrote to memory of 1288	2564	chrome.exe	36
PID 2564 wrote to memory of 1288	2564	chrome.exe	36
PID 2564 wrote to memory of 1288	2564	chrome.exe	36
PID 2564 wrote to memory of 1288	2564	chrome.exe	36
PID 2564 wrote to memory of 1288	2564	chrome.exe	36
PID 2564 wrote to memory of 1288	2564	chrome.exe	36
PID 2564 wrote to memory of 1288	2564	chrome.exe	36

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\RopTranslatorX.py
1⤵
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Windows\system32\rundll32.exe
  "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\RopTranslatorX.py
  2⤵
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:2800
- - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\RopTranslatorX.py"
    3⤵
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:2656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6a29758,0x7fef6a29768,0x7fef6a29778
  2⤵
  PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1136 --field-trial-handle=1328,i,823774911317944190,15604596782640479291,131072 /prefetch:2
  2⤵
  PID:2412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1548 --field-trial-handle=1328,i,823774911317944190,15604596782640479291,131072 /prefetch:8
  2⤵
  PID:344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1624 --field-trial-handle=1328,i,823774911317944190,15604596782640479291,131072 /prefetch:8
  2⤵
  PID:1288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2208 --field-trial-handle=1328,i,823774911317944190,15604596782640479291,131072 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2216 --field-trial-handle=1328,i,823774911317944190,15604596782640479291,131072 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3216 --field-trial-handle=1328,i,823774911317944190,15604596782640479291,131072 /prefetch:2
  2⤵
  PID:1788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2184 --field-trial-handle=1328,i,823774911317944190,15604596782640479291,131072 /prefetch:1
  2⤵
  PID:2620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3428 --field-trial-handle=1328,i,823774911317944190,15604596782640479291,131072 /prefetch:8
  2⤵
  PID:804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3420 --field-trial-handle=1328,i,823774911317944190,15604596782640479291,131072 /prefetch:8
  2⤵
  PID:856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3460 --field-trial-handle=1328,i,823774911317944190,15604596782640479291,131072 /prefetch:8
  2⤵
  PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3788 --field-trial-handle=1328,i,823774911317944190,15604596782640479291,131072 /prefetch:1
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 --field-trial-handle=1328,i,823774911317944190,15604596782640479291,131072 /prefetch:8
  2⤵
  PID:1556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 --field-trial-handle=1328,i,823774911317944190,15604596782640479291,131072 /prefetch:8
  2⤵
  PID:1776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1168 --field-trial-handle=1328,i,823774911317944190,15604596782640479291,131072 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1124 --field-trial-handle=1328,i,823774911317944190,15604596782640479291,131072 /prefetch:8
  2⤵
  PID:2012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2404 --field-trial-handle=1328,i,823774911317944190,15604596782640479291,131072 /prefetch:1
  2⤵
  PID:832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2800 --field-trial-handle=1328,i,823774911317944190,15604596782640479291,131072 /prefetch:1
  2⤵
  PID:1772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2660 --field-trial-handle=1328,i,823774911317944190,15604596782640479291,131072 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 --field-trial-handle=1328,i,823774911317944190,15604596782640479291,131072 /prefetch:8
  2⤵
  PID:2728

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2456

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
1⤵
PID:2888

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2cc
1⤵
PID:1552

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x54c
1⤵
PID:2992

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x200
1⤵
PID:320

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x1cc
1⤵
PID:1660

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x1c8
1⤵
PID:2280

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x490
1⤵
PID:1104

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x550
1⤵
PID:2464

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4ec
1⤵
PID:2880

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x138
1⤵
PID:1040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9513790a4fa5d91bb3d1106864bddaa5

SHA1
55a6da75cdc8eb67274e240a2bd0fb08d8600e53

SHA256
df4b7563a06d3ef715735c9538ba42e0d9e0cde4d166d4dfa63c6e0925835b7d

SHA512
ffb5691f84ffc260cc1f499bf1d8742eba54871643b68663533c995aa9a158a37395d77f361f10981b5c231f6a4874765cb5594b7be9a1fbea73d29dfe698f6b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2793a18b77075d1c5e406e768a71dad0

SHA1
d759b4a0de2795bf1cf788c2ca24a0968d38d112

SHA256
ee2a4d883b4bc015811cd10316087ad8cbfd5f4b62c3bf64f42e449a921a8c5a

SHA512
77649994dacd328ad736cc3022cbf2f218a2cb93327b00d12bdfc1b01f0944a9d684d04328cf03eab33505e416e44b909ddb3ef71c865302b598fe01dd3c40ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\65348908-c125-4bb0-afbb-4077a86bba5f.tmp

Filesize
295KB

MD5
914fdf906dfa87c73055aa7bb832970d

SHA1
d51e8290116cf5be91ad1cb5939d15d52526c7e3

SHA256
96407cce65ef6325700d8513003358f44eff92fd0f55065de866e97ce2269c5c

SHA512
48b3d8ce55470ca08de50cc0ab2046f0939e5462631b09dacbe720c44af9562faed380a1536a15343cd371e1fb1430cfba9f2c9152d24e6f67cb1ec3003b5f49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
66KB

MD5
33411bb179575dfc40cc62c61899664f

SHA1
d03c06d5893d632e1a7f826a6ffd9768ba885e11

SHA256
274befc7b39609fed270e69335bc92b3d8251545594636eb408d5d93e0ae1a4f

SHA512
dc830766c928ac84df16d094fc92586b9c2c25f819123dc9b5ec259220b4b1c45e2af28c89a710f047c00c9dcf7df8dd859a9a7a2d2228703f616df13caef2c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
e7aba89236fdcc34cd356097e869b1fb

SHA1
0df2ac1e75ea1e9e37445817080d091939a1a7ce

SHA256
7105293c605aca0ac593fb166ac6eab52cb481b7c1170819be965437c0df4207

SHA512
7a6c93f44eaf5d77853ac205e5c615e4efd527ae1429a9a22ff0389e00f7850b0013ad5adbe8db5df5079b79c278308ef9581ffda3a7e455128cdde8faf35ff8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
171a80534164b2d9eb1cab7db5090662

SHA1
2a40e408e6cc9ed5976f4c75af0a5b3071d90fb1

SHA256
6816dd0982d1f631a9040798c93b7778ce97c794c24726aca8b96ddad1f0c5f6

SHA512
6f8105ac4ad907a32fb8115200dc558b40f98e0c4dd70473ae67575a114da78905fece7da28abe3b04b5ddf39e1d6623c399bb6fcc3d946fe46a2c74c8c50b7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
9938591c5380967499b849c883da8dda

SHA1
650a7d99bbd9323ef68c7e5c745a841319374650

SHA256
418fad1892c4af0e5f9132d1bdb7f9d8011025f04373dcf5d461da876e8e0b5a

SHA512
352b5985ffa9e2b73a1ae9261c5ba204ff48883a6d72e6772704204c9d167013ce06b462d16b588b5b611a17bc708221a9179829beafe19d3b624637c3852a7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
1e6547b825ec0165f0003fbb1d7a1235

SHA1
64351f8d2dfaa6121410413804a1ab475410c93a

SHA256
ac562cdf0637812d6a18ff66b5557d34f13694d29129b49c047f4db55bbbd472

SHA512
728bd96ced4c25c59cfb899ed7b286bb2ffac84a0669b0e675824e358e0aa7e55d72b2f4eebb26819adb2ee62e1d8f7e4515e70f0f49b0ab5a8bd2566800f8fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
1e68534c0ce7c962e293833899be5390

SHA1
b0756e9627e13e65d0a21e04b034b4171d415783

SHA256
2feeb099292ea076295021953baecff35e40d56412d0da15d6a46bcd857c7030

SHA512
c97db8a127893265579f25f583812d3a2bdbe58cea647cc1a227b004652288ff84ed8eca8183fc1a4aa6e8947d5cd0950d4f950f3347a020504046e9be354784

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
a9be84b8766c0a59d523e51585a2342a

SHA1
5add68d1b9f87de1a3e6f725c0525c2297d16f68

SHA256
d0b60674218eedfe804efd13cf296f3e9e5aa332610789a14934ac956e177760

SHA512
69402c7a4982360d20d2be9694b19f13ccf828b6f1f76b7484b3e30dcabccec336f286fa484bea56b43a561b0223dbe7c071b6d03e68e0888a3d27d8a60908d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
a64bbeb83828f4028b75a79d7c39b5d4

SHA1
c23d300005472ea5604bbad948fdf67cf2ea6a37

SHA256
dae696ba0b4f7b3f0830396e2e8eca061fabfc4c00d3dcb1da7279d2386ed81d

SHA512
7af8707ab5ee0273e18115cd75601430ef1d58b92f35d9f3b611c8a2c38e692d179d534a07453f73d930c7fdc9bc9ba6d79ffb51c19b9e64024900c7126d9df2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
527B

MD5
0feff401ec97fc7a651248a55b939362

SHA1
966cd34bdfb62c5abbf43cb4643dc52bad77882d

SHA256
c22f3b41f8812e71e3cafd0daa388915d4b400ec785be5800fdc1939ff179818

SHA512
3dca20f8ac51e717f8c40fe717f4691b7c0437e5f8c875db7e03ad8cd88da7db9c742c2dbfc697789757a25e0ad7addc17421dda44a5ceea7f0da3d870281480

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d905c0d31defe51873ab87f0a8243499

SHA1
4e0d551fdf5c34896fc898f62c09f691b1ab39d2

SHA256
7921227636c0882f86c0a4e0bcb33bbeaa2ddb15919edddbfad8e3d15df80df5

SHA512
503007bbec0458b67d85c320f7f314eb3d831a9da9f17b476d1ba897cef0f1e254f3d6ea5389f825be94ad005458c04f87bed4503e46b6a039664903101bd722

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ac2ad64fb9cd00f56e79306b23c736e4

SHA1
dfd27c4a26f56528192b5170ed5da1c6bee3c62c

SHA256
c47f762ffcde1e825568c74e97fcb92dbe04a90fbfca5001366f6292f92bff28

SHA512
9986266e16f9f246b8cd9838e730cd055d1f0597072d066bf7b90d4f9c0b06a804fbb155bee4c1b3e61624b1af8125deaf25484c50a4076726d545c6dfda849d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0b4792fdda38078bc92e63edeee070e2

SHA1
b6230883b477eef4f237dc09a62c778b230c58ac

SHA256
47e1810d5e1be5769fed77c6863c437cda46df852d45a2987f060b4a4692affc

SHA512
96b493d78be53ec1ed327e408a422b9de483cba43e082c8726538cafd64b0ac658d1336252263fb2c46569d682e3321009caa7da2055413092758d842ffe1522

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
9043ac00f28869257408fe58356ef8f7

SHA1
4214a62fffe6234db0c714729e5dacd137bfa9eb

SHA256
0d78a9d877d7dd5a4ca8cb33caee3ea4bf8961acdbddbae29e21ab5543b2e91d

SHA512
46716e267d584e39cbb4f991ec6fa0d7aab26ff957f25f53a672caf7ff27169a0927899acd492a9de9f63a7d16f3887caf1d3a123d13345e76b42d2dc2378fd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a59af26c6ebe28e509bd0eb428cd07f7

SHA1
683900320db08a0534d4aad0a5e08dabee89363a

SHA256
98fec4277925a7a6e3440b8c6b5819bcac1770b33f13a76e3b355fd1fa1e876c

SHA512
c207c2fd15e9cd452c523fd9fe5f6233a6eb9f4c2379899fed8c463fa8533c07515c119a484e67e555270906df4031b364115590a9f3b1506076824a48f9e0ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ed996519bafc52d9450d06aaa6bd00a8

SHA1
01f362cc9e9a0de955cb526614bf6fba51a57a19

SHA256
ee72871fb624e91f35f26f4b64c35d0183c24c32786c5e2ddec3a7931774e625

SHA512
fb8a1ce2d6ee04b6823f61ea5afa2c16e214ba77f03ed3eddb1a791b172f0547d63267c97359aadeba1f34c799fc9727657cfa14e8d9cdec65811f7346660df9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e3a5f5ef0224cade6d65236f018d723b

SHA1
4dd5593b9385aa5cc22601331400ab7dc3ecb4ac

SHA256
070d2eacc2872e4452820ad838d783196dcf42689527321ddf7d4377887926ab

SHA512
6e2f6410a8d0a1a37385c2e5c13531c2ee68fe87d57537926a2e8058a2dd1b5b9039e37d249c76e40cb3a914a54ca1ea8ffb427b6c10c4be58726ebe98bd6500

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c8f5d73d7fed9ca884d036e56d567d78

SHA1
1bd2cae65654036964216c86ae44b88d5c22626c

SHA256
53c950f757cdf6e4d636424d4f28bce4c4f287f9e2de7f83e9234b855e0a5f90

SHA512
2a3e2792f61e445242aae567946bb8b44f21ff97adb906a217c5481dd3d530460ad5f8922cab5169bde3fcdde9e06b811697fdb0b4e61b4fa104b5467beed2d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
311KB

MD5
8f147bf53230fd93041885a58c325f31

SHA1
28c2c673159e42fd8ec628ff74f2b040c02a61da

SHA256
a27fe765de6de9d9330537af24c22ac9552be1c4e5e5f9449e239ddba83809eb

SHA512
5c25a2c1fff745ad9554f0b1949da91fb1071295aa2dbd1e54f24d5f38bf1f98f7c5dc6f5165523b8daf15b7455d14d9d9b42e6d4f5f8ca25455dbf75ce1d370

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
140KB

MD5
9d6be6f01651bceabbd58fca082ad71e

SHA1
c942f4225abc85be9a51d9b109403b538aea4fad

SHA256
23329d113ecdb20bf62a37e498ce090db101baa7d02e678cded5667f4d143a10

SHA512
4e2a20eb82c1ab90c236c8e526bc6a725266bc063eb6a3e7da508ee082ea05f63b769f0db482f25cd47636c953c2decfbf2f0856f829d14fa9fe9dd38248ca8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
76KB

MD5
64c422f85f02566349eb8e99f5812458

SHA1
de103a10a509fc25bcdea2254e7e38c526bb4025

SHA256
654582de3002e342358a76ed29dc7f24fbffc08bda6acbd0e4893f49d2fbb95f

SHA512
123a5057f478524364a54e95f673c4add51c5f41550daae4607679aa80551723448727ef12a79a6a5724d271b64ec734d1acce9f324aa31f716e86c8464d4d80

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3352.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3405.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
b10be213f232739845c1b2202027424d

SHA1
25dd2f644b7e3996f7fb6c8ea0510d2e4c1e9854

SHA256
91ebb33918ffce42a4003c6bac49673f55af9808118ebfcfc69f3c3dce6b16b8

SHA512
2dd070ffeed5bcbecabbfde8da5bb3f0b0f076f5ac1600d46fe6ed80780f92bb167a1b0e8cd35b54a790f7e9d48fe506380bf3b800279667e2ba63c89f449ee5

Download Submit