hxxps://github[.]com/Da2dalus/The-MALWARE-Repo

max time kernel
112s
max time network
114s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
23-07-2024 17:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Da2dalus/The-MALWARE-Repo

Score

8^/10

discovery upx

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
4640	BlueScreen.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000a00000001aacb-517.dat	upx
behavioral1/memory/4640-550-0x0000000000400000-0x0000000000409000-memory.dmp	upx
behavioral1/memory/4640-553-0x0000000000400000-0x0000000000409000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
64	raw.githubusercontent.com
65	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BlueScreen.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133662307790264610"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe
Token: SeShutdownPrivilege	1360	chrome.exe
Token: SeCreatePagefilePrivilege	1360	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe
1360	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1360 wrote to memory of 4636	1360	chrome.exe	73
PID 1360 wrote to memory of 4636	1360	chrome.exe	73
PID 1360 wrote to memory of 960	1360	chrome.exe	75
PID 1360 wrote to memory of 960	1360	chrome.exe	75
PID 1360 wrote to memory of 960	1360	chrome.exe	75
PID 1360 wrote to memory of 960	1360	chrome.exe	75
PID 1360 wrote to memory of 960	1360	chrome.exe	75
PID 1360 wrote to memory of 960	1360	chrome.exe	75
PID 1360 wrote to memory of 960	1360	chrome.exe	75
PID 1360 wrote to memory of 960	1360	chrome.exe	75
PID 1360 wrote to memory of 960	1360	chrome.exe	75
PID 1360 wrote to memory of 960	1360	chrome.exe	75
PID 1360 wrote to memory of 960	1360	chrome.exe	75
PID 1360 wrote to memory of 960	1360	chrome.exe	75
PID 1360 wrote to memory of 960	1360	chrome.exe	75
PID 1360 wrote to memory of 960	1360	chrome.exe	75
PID 1360 wrote to memory of 960	1360	chrome.exe	75
PID 1360 wrote to memory of 960	1360	chrome.exe	75
PID 1360 wrote to memory of 960	1360	chrome.exe	75
PID 1360 wrote to memory of 960	1360	chrome.exe	75
PID 1360 wrote to memory of 960	1360	chrome.exe	75
PID 1360 wrote to memory of 960	1360	chrome.exe	75
PID 1360 wrote to memory of 960	1360	chrome.exe	75
PID 1360 wrote to memory of 960	1360	chrome.exe	75
PID 1360 wrote to memory of 960	1360	chrome.exe	75
PID 1360 wrote to memory of 960	1360	chrome.exe	75
PID 1360 wrote to memory of 960	1360	chrome.exe	75
PID 1360 wrote to memory of 960	1360	chrome.exe	75
PID 1360 wrote to memory of 960	1360	chrome.exe	75
PID 1360 wrote to memory of 960	1360	chrome.exe	75
PID 1360 wrote to memory of 960	1360	chrome.exe	75
PID 1360 wrote to memory of 960	1360	chrome.exe	75
PID 1360 wrote to memory of 960	1360	chrome.exe	75
PID 1360 wrote to memory of 960	1360	chrome.exe	75
PID 1360 wrote to memory of 960	1360	chrome.exe	75
PID 1360 wrote to memory of 960	1360	chrome.exe	75
PID 1360 wrote to memory of 960	1360	chrome.exe	75
PID 1360 wrote to memory of 960	1360	chrome.exe	75
PID 1360 wrote to memory of 960	1360	chrome.exe	75
PID 1360 wrote to memory of 960	1360	chrome.exe	75
PID 1360 wrote to memory of 4688	1360	chrome.exe	76
PID 1360 wrote to memory of 4688	1360	chrome.exe	76
PID 1360 wrote to memory of 3428	1360	chrome.exe	77
PID 1360 wrote to memory of 3428	1360	chrome.exe	77
PID 1360 wrote to memory of 3428	1360	chrome.exe	77
PID 1360 wrote to memory of 3428	1360	chrome.exe	77
PID 1360 wrote to memory of 3428	1360	chrome.exe	77
PID 1360 wrote to memory of 3428	1360	chrome.exe	77
PID 1360 wrote to memory of 3428	1360	chrome.exe	77
PID 1360 wrote to memory of 3428	1360	chrome.exe	77
PID 1360 wrote to memory of 3428	1360	chrome.exe	77
PID 1360 wrote to memory of 3428	1360	chrome.exe	77
PID 1360 wrote to memory of 3428	1360	chrome.exe	77
PID 1360 wrote to memory of 3428	1360	chrome.exe	77
PID 1360 wrote to memory of 3428	1360	chrome.exe	77
PID 1360 wrote to memory of 3428	1360	chrome.exe	77
PID 1360 wrote to memory of 3428	1360	chrome.exe	77
PID 1360 wrote to memory of 3428	1360	chrome.exe	77
PID 1360 wrote to memory of 3428	1360	chrome.exe	77
PID 1360 wrote to memory of 3428	1360	chrome.exe	77
PID 1360 wrote to memory of 3428	1360	chrome.exe	77
PID 1360 wrote to memory of 3428	1360	chrome.exe	77
PID 1360 wrote to memory of 3428	1360	chrome.exe	77
PID 1360 wrote to memory of 3428	1360	chrome.exe	77

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Da2dalus/The-MALWARE-Repo
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffae8329758,0x7ffae8329768,0x7ffae8329778
  2⤵
  PID:4636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1536 --field-trial-handle=1832,i,10043301710140815496,2336560140690296359,131072 /prefetch:2
  2⤵
  PID:960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1680 --field-trial-handle=1832,i,10043301710140815496,2336560140690296359,131072 /prefetch:8
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2124 --field-trial-handle=1832,i,10043301710140815496,2336560140690296359,131072 /prefetch:8
  2⤵
  PID:3428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2812 --field-trial-handle=1832,i,10043301710140815496,2336560140690296359,131072 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2820 --field-trial-handle=1832,i,10043301710140815496,2336560140690296359,131072 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 --field-trial-handle=1832,i,10043301710140815496,2336560140690296359,131072 /prefetch:8
  2⤵
  PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 --field-trial-handle=1832,i,10043301710140815496,2336560140690296359,131072 /prefetch:8
  2⤵
  PID:1284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4864 --field-trial-handle=1832,i,10043301710140815496,2336560140690296359,131072 /prefetch:8
  2⤵
  PID:4092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4816 --field-trial-handle=1832,i,10043301710140815496,2336560140690296359,131072 /prefetch:8
  2⤵
  PID:1128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5196 --field-trial-handle=1832,i,10043301710140815496,2336560140690296359,131072 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3800 --field-trial-handle=1832,i,10043301710140815496,2336560140690296359,131072 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3488 --field-trial-handle=1832,i,10043301710140815496,2336560140690296359,131072 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2856 --field-trial-handle=1832,i,10043301710140815496,2336560140690296359,131072 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5480 --field-trial-handle=1832,i,10043301710140815496,2336560140690296359,131072 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3192 --field-trial-handle=1832,i,10043301710140815496,2336560140690296359,131072 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5916 --field-trial-handle=1832,i,10043301710140815496,2336560140690296359,131072 /prefetch:8
  2⤵
  PID:3024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5768 --field-trial-handle=1832,i,10043301710140815496,2336560140690296359,131072 /prefetch:8
  2⤵
  PID:816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 --field-trial-handle=1832,i,10043301710140815496,2336560140690296359,131072 /prefetch:8
  2⤵
  PID:4308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 --field-trial-handle=1832,i,10043301710140815496,2336560140690296359,131072 /prefetch:8
  2⤵
  PID:5024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5872 --field-trial-handle=1832,i,10043301710140815496,2336560140690296359,131072 /prefetch:8
  2⤵
  PID:2164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5056 --field-trial-handle=1832,i,10043301710140815496,2336560140690296359,131072 /prefetch:8
  2⤵
  PID:4952
- C:\Users\Admin\Downloads\BlueScreen.exe
  "C:\Users\Admin\Downloads\BlueScreen.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5824 --field-trial-handle=1832,i,10043301710140815496,2336560140690296359,131072 /prefetch:8
  2⤵
  PID:1520

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
5b48c2e5034897524394ccac79908545

SHA1
6a336a7b9825e9ac0193c6732f642d9f1f94d4fc

SHA256
f25e1b138bf9163e46de31e7f8a9a83a5f97e87ccba5e503eb709f5a8e2da0e5

SHA512
4fca3d5be96b1dc78f8fce89d02be33658801036273ba7c34cee0b2dcf12551eff8ae27237d451268906263731673682c83bb4290270dc6b24a770b541aa598d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b150e41c23d8d781b2aa74902cfc6c76

SHA1
0501fedfbffaa9bd75ef459fc1b4ddfe5a47268d

SHA256
fdd9f14e08d04d5775c3ecb05934780e9300a8eb94c3a20fbdba3b7bc3de30dd

SHA512
4049b92a090b0122a2e9027ed3897228f0fa1abf26e8d39137df669bcd35ef287ec3055f5cdea406ab87fe6c8eba9600ac6f90d869a35f10e9298c19ff1773d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
36b6b23d6b7bb87c40c37852f5e97715

SHA1
59acd7091a6b56c89b788dec0f7d6da48dfdba04

SHA256
0d401cf9040630aab9ecf5d76f10981ef2a8acb8804135e8ebdb7cc7c0aa151b

SHA512
85858b509b711019d579dfe965fa4a619c48fab55c2e8871a310177b7a3dd5568e442388c0325dba544428ea3def7be3549eaa516a9bdfbb73463f614a3ba436

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
8d8dba44e78b2afdba3d54be444a1296

SHA1
315e0be7bd355dc33a6876fd586843eaac45c34f

SHA256
ce945d693c3a686ce489f743e3f2d5b8fa07d35faa9748c56110f9e4b7b49eb0

SHA512
8d9d68b78152de7eca35f415c83525e8a536c6821ee6f250b42c5610069bdc646bdfbf1719c48fdfb70da85e9bbc1207d9ff00ec5e520a5b873b9f89068a6a1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
eedffdd20881d82c5672e033b10fd4bf

SHA1
f4ad4b0dacbfc222f4f4589c72cbbb27e026d29a

SHA256
7ec42937a9219432713037c55d12552ef18f20ee290493c801c1b61603333b1d

SHA512
c11dfd8bc0fb47a64046034706a64fadb13a212cb86d1aeba23188e4a37afb86bbe9d1c0fed9cb0468ae1cd31b12dafcf116d5bc2079ea408ae5bc77cc51cea7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
d7dc17b6083e3a9ed2c67601323945c3

SHA1
f800ba731c830aba1675454d07104cda0f408ce3

SHA256
dc69b3706178d6a5c8eb37fe0198e0d51b79919b4d3684f9793f413d706263e2

SHA512
b34bebf86d12bdfcb3a776a0c87c871f137391f0d7859716f9ec03f57d33a3a6b52342dcaea2073f55787b5243bd26d2f1c22b393c772903d6991b0420daf7e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
483fdd927125a5fec395b8babdbded31

SHA1
10bb684b00b14b9525fe5a2d1dbc0b3bcf818249

SHA256
ad3c521e2bc1a0c7914e4c150ed16a1849fb5924b2f3b8ade24af053a375073e

SHA512
f71f1ede0aaa5a1c6f67571a2e0289ffc56845e834cef6a0b539e02a326bfa1a7f5b3689cc43bdc2e757a36ebba0bb71169a5735a0222f44c9fa016fb9c2959b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0ff9a71f686766d28694427ebda115b4

SHA1
ce684428680674773638972e4a815f9a10e80f31

SHA256
a230ad672ea914e1fbe35409a49f31514a9d613820053f4d48cf2a837f47c850

SHA512
e4255d73eb034f73bf77951ed90597aa5b3fc1aeaed8ef3b083c6ec9cdecc4fcfe5a63777e6688b79a70c245bcf7b56b39713dc3369c8c1335b3a5ddd65dfbfd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
10d86d3720aed85731e3cfd4c24fe67a

SHA1
4d563c8424654f9a858d8b7a0a35f70b0d6e209c

SHA256
926a5dd68245d262dde2a933db14e64f1cf027d5a645de1d9c2e0b40daa5644f

SHA512
41a380932188ba50e7708439548f55865dbd7d26c0d298ac8730f47fcbd9229603d99d8733f15e505ea49411549285f5eb6dc929d8d84895b94e28b11a7a78b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
91051bc4f2b8db3789f0832e21ea4549

SHA1
5dafa38762d81da62a7489591ce0b77f6a8e932f

SHA256
902baaa76307fd146edc7d64125cd47fa41a8b42373f54f1338661ee35eed1fc

SHA512
ce0e5b60ab089045bca9bd0611a702533b8f2782a37a44d8291682c42a94b02b7ea61f8c3f23d6368f8d27d41112d2af02f6b10ba8041860a5cfa95959a48486

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2275662df2297fa2d9494f716f8e37ac

SHA1
9af6847eeebd602f59ee70a1032d9df32ad845dd

SHA256
5bed49218873a98503f0e13ffb5a566e4b7fd9c65fb9815c321a805f27662e9b

SHA512
ca3c9373fb698569e2bfba72298d8837a8c85b757436f1bcf4ce310dadce2d87f1f83a630a089a04b8857363cfdd61ad3db97556ac7034a5faa03d5c0db138c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1f19b8ce47f176e805a04ce5cebf458b

SHA1
ad8444f72b272c4754f35b2852a7cebe2aeb8113

SHA256
63369920cc30387696213062d4e17114cd3c996df33eab95f70e6be6bf1945f2

SHA512
2a4e8058dcc17f62b4b0103c8d6ca8f65270fa447c8b382f3d41bfcd0f9a41a9c87fd952e7f66aee3378cb11d528df7c62ffefbe0078d50d2570da4657cc19f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8e1af1dfe704b655d1e37cc082bfadf0

SHA1
d093ee6781235b16f1126e610a8046b0d1db9008

SHA256
8d4a136eba35f50da3fe7b824b2b91dd8e48d59edc783c2a26716e13afc49558

SHA512
d3da562ba3e1239d9eb6b62262e41c719e14fc1f5d2fee1101e484ef61decbeab22cf75d5d506cf8b9446d7da0ed41f4eb14aba20d7d5bac51cae0416ca93a7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e42247513f00d89a3d3cf0736a622e3d

SHA1
58cc91ee3e02dc99b74ec93a09791447baf9157d

SHA256
d32e9d41f72f754a126b8126311d754f2e6b880ba4871bc16e40bd8a53f06d1e

SHA512
98ad6f4e9bf4958cb018e8f4a110ccc3e4436d61076dfb871b1a070bd084f16ea5af0b91e9d166b927f7e4b8a45a63d13f2ca70c77eb43a558d5f6483724a94a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
b31b01f7460c27bc8e1aa6db0a015cd6

SHA1
58edaab5d106866019e478a41a4c2e61674ead55

SHA256
293da16c988255e8fda268fe7b8c1ee30f875c939844e9e3254b80ede0d0fc7d

SHA512
ff2a70851d0decfb9dbb01e1b5121b9c4ef59b20bc2d090cd5a6f627a5893395913b9fd98ba611769c345721e1f44098f9e49de5373a1df0e6203a2ed868003f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
a3b6086fd976b4b55c1c8778a0d799e4

SHA1
8ab303acedcd6be9f3e7ee12f012939c05532b06

SHA256
9d4d49fd072bc057677cf62ad57ee5b1d5c5f97eb38397158415bddb0a00800c

SHA512
66ae2a66d64930bdae853bafc34b55261c013173b09ea37605a154030c501015af5c86218143e11124c1de1b936be7f67bd2710f77e6bd89610dd6ad044941c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
137KB

MD5
dd084b652a21cb0f277a5bc47c796bcb

SHA1
e53cc8a22c82c1379ef7fb9a080a3d6680161092

SHA256
c8780d5ade8996c835e9754cc9f55b3a862f90ad0b8aa13dff39b22166ac1c87

SHA512
551e1032abc8d6bc9660d9957a7ea6c9f6389508b91ede2a038605b7c4435159ff10223fda58406f871d802e2c2e9687703766b900af6b198cb2129022216752

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
157KB

MD5
a062bdf14f5f4c0abbb449b15c829d70

SHA1
ec6f4ac38dc383cf09cce99fc7be945fd2369cc4

SHA256
cb1561d8f367fbde6d028d4ccb3fbf01d3fe030edf6a0af30d83f38f80a4efc9

SHA512
670961efea5e6c898bf73b0f8c5d378e5e0a480254c3fc31d70e06ab8f094ea54d49ed43a1cf95a59e754ff883e55e5ba57a32dc76c739a71ced8429cda00b4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
137KB

MD5
f3891fe242b587e092412cbd6d6b0f0f

SHA1
d456432fa22202251e08b9a7b789cb4d92568f58

SHA256
64ddfe4aae9846424206e127e4287dd535b2f483d9f888b503ad5e669afb284c

SHA512
1a5370a575e9d90c53936c988483074a2313991dfef0ea6f5d48682a4606c3c474c51ca3c2265791f7d735ccfec8f56213601aab60571570f930b9c7509faa20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
157KB

MD5
2e84f545427c6b6e39b08fa0b5032d69

SHA1
bce1cbbdb63135fcbafcc075d9e0f351101d110d

SHA256
827aa9dade0586e2ff57d5ddb93c2d961247458e78bfe6c25b0e72709a6282f6

SHA512
32f729ec96e9f91aac9e797653c0e974cfbc33605e205e61465574c2e0de9e094c97cb1c7dfc8b9d022c9c60aeb23fcb9e8cd6e64928bf596d1328767329ef63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
111KB

MD5
7303fddaab149963b94d7a9d55553b43

SHA1
f334219f4c5276e9678ae3ed62b2809b2c9c9c8f

SHA256
8438f3ac26a41941538b6b27ccda4c36647ba8f01fdc3e89038773978b6bf438

SHA512
67311f0e5f02429b8fb2d6378bc28c0775e55d6bdf1ef15996124414c155940b5c9b3f06cf448fe76d49b00d11162ef6a2479f41dbd6f5857e5b7f14a350c4e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58ec3f.TMP

Filesize
98KB

MD5
1889060dd2c3833dae0d79ca4e322154

SHA1
81f13759325bfc9e92c15fddadf908a0a8d918ec

SHA256
ec77a058f3148a1430f0b3e052788231c6d2d3ea9244ce4dc50b2608a3712333

SHA512
da83562e5f1df52cbb04b4511fcdfac7b036b367b1fde5a61ccbad3af673f28af5f777b4037fc0dd7955ed1854517c4954d2408c450e581c3da33f17f80aad41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\BlueScreen.exe

Filesize
9KB

MD5
b01ee228c4a61a5c06b01160790f9f7c

SHA1
e7cc238b6767401f6e3018d3f0acfe6d207450f8

SHA256
14e6ac84d824c0cf6ea8ebb5b3be10f8893449474096e59ff0fd878d49d0c160

SHA512
c849231c19590e61fbf15847af5062f817247f2bcd476700f1e1fa52dcafa5f0417cc01906b44c890be8cef9347e3c8f6b1594d750b1cebdd6a71256fed79140

Download Submit
memory/4640-553-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4640-550-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download