Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

FridayBoycrazyV2.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    08/08/2024, 07:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    FridayBoycrazyV2.exe

  • Size

    280KB

  • MD5

    41e34a8240026b4e9cd8d81a73ee8b2c

  • SHA1

    3876b12e152dd552a7059538242b6f87a23e60f5

  • SHA256

    0ef2768bdfaa0b953a5c498f18bbf2df5dce249eaf2044474c476c4367c535b5

  • SHA512

    a7d610ee4f116121757f47193bf092b639cf2d439dcfa364ea800c28c0f21996fd8baa31c9abe68d2c18cc8f334c57f9d71c4e444a04a27d3b9cab90eecbba73

  • SSDEEP

    6144:1r93iyJ7/+WZT1kRnSeXSX9MNzxiMwP2OswK:iyJ7/+Wd1kRnFX4mNzxyeOswK

Score
10/10
chaosdefense_evasiondiscoveryevasionexecutionimpactransomwarespywarestealer

Malware Config

Extracted

Path

C:\Users\Admin\Documents\Warning.txt

Ransom Note
Your files has been encrypted By FridayBoycrazy and you won't be able to decrypt them without our help What can I do to get my files back You can buy our special decryption software, this software will allow you to recover all of your data and remove the ransomware from your computer The price for the software is $100 Dollars can be made in Venmo Or Robux only Please Contact Us At Gmail: [email protected] Discord Username: fridayboycrazy Payment information Venmo Amount: $100 Robux Payment Information: 10,000 Paid Ransom: https://www.roblox.com/game-pass/887175972 Paid Ransom: https://venmo.com/u/gratefulcode
URLs

https://www.roblox.com/game-pass/887175972

https://venmo.com/u/gratefulcode

Signatures

  • Chaos

    Ransomware family first seen in June 2021.

    ransomwarechaos
  • Chaos Ransomware 2 IoCs
  • Deletes shadow copies 3 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution
  • Modifies boot configuration data using bcdedit 1 TTPs 2 IoCs
    ransomwareevasion
  • Deletes backup catalog 3 TTPs 1 IoCs

    Uses wbadmin.exe to inhibit system recovery.

    ransomware
  • Drops startup file 3 IoCs
  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops desktop.ini file(s) 34 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Drops file in Windows directory 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 4 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Interacts with shadow copies 3 TTPs 1 IoCs

    Shadow copies are often targeted by ransomware to inhibit system recovery.

    ransomware
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 18 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 41 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 27 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of SetWindowsHookEx 17 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\FridayBoycrazyV2.exe
    "C:\Users\Admin\AppData\Local\Temp\FridayBoycrazyV2.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1064
    • C:\Users\Admin\AppData\Roaming\FridayBoycrazy.exe
      "C:\Users\Admin\AppData\Roaming\FridayBoycrazy.exe"
      2⤵
      • Drops startup file
      • Executes dropped EXE
      • Drops desktop.ini file(s)
      • Sets desktop wallpaper using registry
      • Modifies registry class
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:3572
      • C:\Windows\System32\cmd.exe
        "C:\Windows\System32\cmd.exe" /C vssadmin delete shadows /all /quiet & wmic shadowcopy delete
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:1716
        • C:\Windows\system32\vssadmin.exe
          vssadmin delete shadows /all /quiet
          4⤵
          • Interacts with shadow copies
          PID:4460
        • C:\Windows\System32\Wbem\WMIC.exe
          wmic shadowcopy delete
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:3384
      • C:\Windows\System32\cmd.exe
        "C:\Windows\System32\cmd.exe" /C bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:3844
        • C:\Windows\system32\bcdedit.exe
          bcdedit /set {default} bootstatuspolicy ignoreallfailures
          4⤵
          • Modifies boot configuration data using bcdedit
          PID:3352
        • C:\Windows\system32\bcdedit.exe
          bcdedit /set {default} recoveryenabled no
          4⤵
          • Modifies boot configuration data using bcdedit
          PID:4888
      • C:\Windows\System32\cmd.exe
        "C:\Windows\System32\cmd.exe" /C wbadmin delete catalog -quiet
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:956
        • C:\Windows\system32\wbadmin.exe
          wbadmin delete catalog -quiet
          4⤵
          • Deletes backup catalog
          PID:3636
      • C:\Windows\system32\NOTEPAD.EXE
        "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Roaming\Warning.txt
        3⤵
        • Opens file in notepad (likely ransom note)
        PID:1204
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2272
  • C:\Windows\system32\wbengine.exe
    "C:\Windows\system32\wbengine.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2800
  • C:\Windows\System32\vdsldr.exe
    C:\Windows\System32\vdsldr.exe -Embedding
    1⤵
      PID:3644
    • C:\Windows\System32\vds.exe
      C:\Windows\System32\vds.exe
      1⤵
      • Checks SCSI registry key(s)
      PID:3248
    • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
      "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4416
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe"
      1⤵
      • Drops file in Windows directory
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:2764
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa9e23cc40,0x7ffa9e23cc4c,0x7ffa9e23cc58
        2⤵
          PID:3184
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1920,i,1238368743721880126,8147396218933799070,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1916 /prefetch:2
          2⤵
            PID:3848
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1800,i,1238368743721880126,8147396218933799070,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2076 /prefetch:3
            2⤵
              PID:2908
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2196,i,1238368743721880126,8147396218933799070,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2208 /prefetch:8
              2⤵
                PID:2932
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3096,i,1238368743721880126,8147396218933799070,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3236 /prefetch:1
                2⤵
                  PID:3480
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3164,i,1238368743721880126,8147396218933799070,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3292 /prefetch:1
                  2⤵
                    PID:4512
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3524,i,1238368743721880126,8147396218933799070,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4412 /prefetch:1
                    2⤵
                      PID:4524
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4760,i,1238368743721880126,8147396218933799070,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4720 /prefetch:8
                      2⤵
                        PID:3936
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4764,i,1238368743721880126,8147396218933799070,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4840 /prefetch:8
                        2⤵
                          PID:2304
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4868,i,1238368743721880126,8147396218933799070,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4964 /prefetch:1
                          2⤵
                            PID:3836
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3396,i,1238368743721880126,8147396218933799070,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3496 /prefetch:1
                            2⤵
                              PID:4412
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3300,i,1238368743721880126,8147396218933799070,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4604 /prefetch:8
                              2⤵
                                PID:2788
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5492,i,1238368743721880126,8147396218933799070,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5500 /prefetch:8
                                2⤵
                                • Modifies registry class
                                PID:5380
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4552,i,1238368743721880126,8147396218933799070,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4292 /prefetch:8
                                2⤵
                                  PID:5848
                              • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                1⤵
                                  PID:4312
                                • C:\Windows\system32\svchost.exe
                                  C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                  1⤵
                                    PID:2132
                                  • C:\Windows\system32\AUDIODG.EXE
                                    C:\Windows\system32\AUDIODG.EXE 0x00000000000004BC 0x00000000000004CC
                                    1⤵
                                      PID:5176
                                    • C:\Windows\system32\OpenWith.exe
                                      C:\Windows\system32\OpenWith.exe -Embedding
                                      1⤵
                                      • Modifies registry class
                                      • Suspicious behavior: GetForegroundWindowSpam
                                      • Suspicious use of SetWindowsHookEx
                                      PID:5820
                                      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk.goxp"
                                        2⤵
                                        • System Location Discovery: System Language Discovery
                                        • Checks processor information in registry
                                        • Modifies Internet Explorer settings
                                        • Suspicious use of SetWindowsHookEx
                                        PID:5892
                                        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
                                          3⤵
                                          • System Location Discovery: System Language Discovery
                                          PID:5192
                                          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                            "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D0282D30636CDFC00C5E231BBC4B4D4E --mojo-platform-channel-handle=1772 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                                            4⤵
                                            • System Location Discovery: System Language Discovery
                                            PID:5232
                                          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                            "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=5CD5D6C07DCF1D81738633D05EC0A7F9 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=5CD5D6C07DCF1D81738633D05EC0A7F9 --renderer-client-id=2 --mojo-platform-channel-handle=1792 --allow-no-sandbox-job /prefetch:1
                                            4⤵
                                            • System Location Discovery: System Language Discovery
                                            PID:5228
                                          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                            "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F674DA999F16B19F50B1516CFBA062CD --mojo-platform-channel-handle=2324 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                                            4⤵
                                            • System Location Discovery: System Language Discovery
                                            PID:5592
                                          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                            "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=DB64E8AC2E2262C9CC87525EEC7B03F3 --mojo-platform-channel-handle=2452 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                                            4⤵
                                            • System Location Discovery: System Language Discovery
                                            PID:5648
                                          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                            "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B5702FF6E762DD7253909E9CFABB528F --mojo-platform-channel-handle=2460 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                                            4⤵
                                            • System Location Discovery: System Language Discovery
                                            PID:4588
                                    • C:\Windows\System32\CompPkgSrv.exe
                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                      1⤵
                                        PID:5572
                                      • C:\Windows\system32\OpenWith.exe
                                        C:\Windows\system32\OpenWith.exe -Embedding
                                        1⤵
                                        • Modifies registry class
                                        • Suspicious use of SetWindowsHookEx
                                        PID:736
                                      • C:\Windows\system32\svchost.exe
                                        C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
                                        1⤵
                                          PID:6056

                                        Network

                                        MITRE ATT&CK Enterprise v15

                                        Replay Monitor

                                        Loading Replay Monitor...

                                        Downloads

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                                          Filesize

                                          528B

                                          MD5

                                          af8233ca345864a7f144154a1d9ce6c5

                                          SHA1

                                          c2c5e24b4e97ee3b6f913fc92e0979d0845cfd48

                                          SHA256

                                          c742eb0a7bd4564ff10da293241bb09036c61a284c27402a18bcefc55c3c879b

                                          SHA512

                                          f5c173594a5ff93f908516924133c745eed22461b7e9bf3b340b8774a1a93cb92eff2f96f578cb96aa4a07a572f8aba1bd080f41dedb85a337a8c0d8cf839f90

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
                                          Filesize

                                          264KB

                                          MD5

                                          f50f89a0a91564d0b8a211f8921aa7de

                                          SHA1

                                          112403a17dd69d5b9018b8cede023cb3b54eab7d

                                          SHA256

                                          b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                          SHA512

                                          bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\9bca5f92-54ab-4b34-8f95-7951ae959338.tmp
                                          Filesize

                                          2B

                                          MD5

                                          d751713988987e9331980363e24189ce

                                          SHA1

                                          97d170e1550eee4afc0af065b78cda302a97674c

                                          SHA256

                                          4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                          SHA512

                                          b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                          Filesize

                                          4KB

                                          MD5

                                          bb62f8b6006e13793948edfb464035fe

                                          SHA1

                                          7cc07f7cc61bfc3e90f9ff5502cf64aaa9cf382c

                                          SHA256

                                          40bb77deedc3d866be1b767775315a43349da5cccd7b5e2724421f3dd0ae0e2a

                                          SHA512

                                          e4d1aacbc37362e435cde1c86dfbf88e57af0bd5d3775f494fc6597ed53dd4c3d207d5617b2d8596e5b381e4ac43692acee59fa84d02a98c94694c49d787892a

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                          Filesize

                                          859B

                                          MD5

                                          c230bf3f5ef661ef4f02b84a2720a590

                                          SHA1

                                          e44e7be5ece9724fea2cbcdd7e44b18dffb7f69c

                                          SHA256

                                          1175cacca4eb31d3cd75b7e74b95148602602a2120fe7bda5ab451d2dc214934

                                          SHA512

                                          45468ca069a8b0a49a1c4f1c8df64a2170f77f9dddf636d4faa597190263d613f48e34cae7b3f79b8649399e3c797c942bb6aec3d3aefb89c61d965313ed64bf

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT
                                          Filesize

                                          16B

                                          MD5

                                          46295cac801e5d4857d09837238a6394

                                          SHA1

                                          44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                          SHA256

                                          0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                          SHA512

                                          8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                          Filesize

                                          9KB

                                          MD5

                                          cb3961fd40b7357bb8487c7daa5c5a39

                                          SHA1

                                          abf7eaf6447f24be175eb41cc57bcd646157caef

                                          SHA256

                                          23a3fc20976a57e286a2d2186b7c4fb416027311c6580119e66201894e4a5cee

                                          SHA512

                                          e6a7db59b1e22413c8f4c203c51efd332978359a7b6b2406212ff4534dfa4bb3405d9ea3566aea2f8d61be93a0bfe7929cb83514a94a97751cd342614ac2cba9

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                          Filesize

                                          10KB

                                          MD5

                                          dd66791f87c114a9a96d8d193d51e306

                                          SHA1

                                          3b92b87b4fc08962650667243735f76e060086e2

                                          SHA256

                                          2cedcd29d9eee936db8f72f203c969e21a63aec7f008255798e3632a0f7bdbc9

                                          SHA512

                                          23c13e251c48672cbec0efcc14775e7ffbe0fde8493dbf0ec2079fbd6bad6497c9902b4deac5468d5ef2c18270787a0a816470a0e4097c00f2f0adb02587227d

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
                                          Filesize

                                          15KB

                                          MD5

                                          e0183f0bc180ec4ed6e93196f520719b

                                          SHA1

                                          adebdb445dbc6674c1ad55d21146b17bfc75cf5c

                                          SHA256

                                          d780fe8874a7f19847f4753639560910509c92d06406418e378008d39e43f170

                                          SHA512

                                          c5bdba96f239cf2bb1069b57e2b95663c519a9e463263611d498b80feead8fbdb33dd11a047d57282a409bc4601ce69f8d7e48c4e9288fa5e52784a92a54dacf

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\80c69d5b-48cc-4d87-b7db-21247cec888b\index-dir\the-real-index
                                          Filesize

                                          2KB

                                          MD5

                                          a9cb1c70cb99012b243921319cbecdef

                                          SHA1

                                          46241f199a96f9755f813ffaefab48e5d4b704d2

                                          SHA256

                                          cf0bc82216b95d4a38be9fe37d4cfd3ada4f1d8cf63588ee6e3254d4cc8bc097

                                          SHA512

                                          41c702a036fca2c1c73055aafea139356ef4fc311962b1cc775218a28917666a9a92332a7570572d636a4392e6cfe84c693e5c594f600b620ac1be867a730ad8

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\80c69d5b-48cc-4d87-b7db-21247cec888b\index-dir\the-real-index~RFe586dd8.TMP
                                          Filesize

                                          48B

                                          MD5

                                          fd1ed9102bf16a9b375e82c58107dd24

                                          SHA1

                                          67d4878388d8e748848f648caae007e9e81833f3

                                          SHA256

                                          00b32eb295356763c64c26f0630652100f62b0847b5a218a4f2980ba797491fe

                                          SHA512

                                          322c689155e342a2d8420b1f785d2f84d87e783daf2e52acd39a86a58dc1c35810893c1d1ec5fe16ccc603e11aa51cc5b212f39ab9410a213a9e35466a9d77f7

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
                                          Filesize

                                          176B

                                          MD5

                                          f4d41c438feae258c7d302a598a6122c

                                          SHA1

                                          3d0130ac20167c414e223f143728de946eb7664e

                                          SHA256

                                          5be941b96d1450e470f6c7319a9b54268f5378b211f539b2480e6e9185eaa871

                                          SHA512

                                          d0f79d654d1387450d52abd410086b6e0edeaa2ba7000a5fbbebf42eafac53bbb1bd987c5a01b2407637a0fc9f78cb9d7d76b9c2fd67df3441766404f13e7885

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
                                          Filesize

                                          112B

                                          MD5

                                          c0e26d32834250f7bc5ceac0f1046874

                                          SHA1

                                          4e5513b7946cf59451127af0252d5651e6cc22fe

                                          SHA256

                                          0e1622aeb4f6333fecf00236b2032b08e22aa54f7dd886f3f5942f6d48478efe

                                          SHA512

                                          460630c09ada4080ca27396fd0f58c5163681d3f1cb990ff05f736d183279f48787793d07072006e023cc63e51952be2cb5fc3fc62919778048931f19b6eaeb6

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
                                          Filesize

                                          114B

                                          MD5

                                          335e6489ee65d309f6304a84c3c8605e

                                          SHA1

                                          d8ee9ab0a5c6d0581f13a837d350e44bf95095aa

                                          SHA256

                                          a2954ffe752fa5b6c4130071e115cbd1936a958883e8579cf693aef84e6ae6e5

                                          SHA512

                                          c52771f05684a68b5fa9065abe39e258a0dcf3008bc0a8f6791ef2471e100bc66969a0fdf08bb8e75d42ad17bb137ee60b77a8fc1d976cb36e16739508037cf5

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58625f.TMP
                                          Filesize

                                          119B

                                          MD5

                                          d80fa7c1048f5e1ecc08da7380bf306b

                                          SHA1

                                          4c0c5021ad0519b4018bc6615761a8a10c5b569c

                                          SHA256

                                          ae0894311b01572b97425895a274e9bd1b0e143dfc7c87c7cd40955b149ddb99

                                          SHA512

                                          fcd73051ba27cb0fd90cab2f94fa453f8980cb7ca1e15a0f1658718f5e0ff6ebde5dd0141e6b181e1de18e71649ad345aca5c17cead66519a44cf77d0e6d5dc0

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
                                          Filesize

                                          96B

                                          MD5

                                          653d4c35cc79befc4d966b9efffafd05

                                          SHA1

                                          2cfe26187602ee77c811dd0edeab7258abe1dd1c

                                          SHA256

                                          18f68d5225a8fdbce28a33713637ad4c5aa0c44cdcc1305452681d1b68b3e04a

                                          SHA512

                                          0398b5b2c867ef77ab0efbb04e5224f88714aa25a442e1885a951e58001b4bebfd67207a4bf2f86d56d7ec1de48b0300f5fb4089198d72c2e72a73aaf4201875

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Shortcuts Menu Icons\Monochrome\1\512.png
                                          Filesize

                                          10KB

                                          MD5

                                          529a0ad2f85dff6370e98e206ecb6ef9

                                          SHA1

                                          7a4ff97f02962afeca94f1815168f41ba54b0691

                                          SHA256

                                          31db550eb9c0d9afd316dc85cdfd832510e2c48e7d37d4a610c175667a4599c6

                                          SHA512

                                          d00e2d741a0a6321c92a4aab632f8f3bafd33c0e2875f37868e195ed5e7200a647b4c83358edcef5fc7acbc5c57f70410903f39eac76e23e88a342ac5c9c21cd

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2764_1078498477\Shortcuts Menu Icons\Monochrome\0\512.png
                                          Filesize

                                          2KB

                                          MD5

                                          206fd9669027c437a36fbf7d73657db7

                                          SHA1

                                          8dee68de4deac72e86bbb28b8e5a915df3b5f3a5

                                          SHA256

                                          0d17a989f42bc129aca8e755871a7025acb6292ce06ca2437e95bedbc328fa18

                                          SHA512

                                          2c89878ec8466edf1f214d918aefc6a9b3de46d06ffacff4fdb85566560e94068601b1e4377d9d2eabefdc1c7f09eb46b00cf4545e377cc84a69edf8e57e48b2

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                          Filesize

                                          193KB

                                          MD5

                                          3c00029b3fc643d3e79ae4dad4df9793

                                          SHA1

                                          6b2ff3e2697553a8302ef37a8fbaca3983c1b69c

                                          SHA256

                                          a7c175aa99da4b812254c9031233908aa008bcd1180670207e2fdcd4e91c38a8

                                          SHA512

                                          7ab691477c24737fe3ad6a9c7f69c294c0ffe33b1812d8549f4de90cf677a155aa6558073b24f72baa23c06614e4f856bc2eb985084ab24b1f29b7e489718b41

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                          Filesize

                                          193KB

                                          MD5

                                          7476b044250d9a8e4b9a6e5a3a2ac3a8

                                          SHA1

                                          f747377f87f38fb6477fddb78648ced2260911bb

                                          SHA256

                                          1bff0525d00e65776391272152b8fc961c8420e2618e65e3a0ae47d343af6814

                                          SHA512

                                          9164cb64d8947efe346f1a7215eac157f5706d4d132fe53806b36ea816fb4a4ba7a18abc94fd50d4da6b866230591aeea23b7e9f84b4737ade7ee74da9d24be7

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
                                          Filesize

                                          9KB

                                          MD5

                                          dc5eade3556c3c675aba77260f9b88a8

                                          SHA1

                                          5cc7034a830785019a458f6bef6bfb35eef6b0ee

                                          SHA256

                                          5abe2b3294d4d5a0e6b1dba82571d7752cf23f8099cc393555ab95cb4ca2469a

                                          SHA512

                                          11be37c4509267f43083fe680904d59ab37d8b83ba45a32319f900b2442daf7cc0a5f31fabad6a543ee734576a086f64c018541891c4a58cdefbf64bce350f7c

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
                                          Filesize

                                          9KB

                                          MD5

                                          6c394f89f6062011d588d11f21b1e38d

                                          SHA1

                                          d0368d642a6cabb55e3502c6774cf416b8f4da2b

                                          SHA256

                                          ba59fd0937e07f15c9694f549e7034d074195b542f31a174f84a5c0fe7c840c1

                                          SHA512

                                          6b3e46fee67bce52a67d588dd789b899e638f2e98672b97725e26c12189b225a75d4b81a49d2bcc15a7c2b966026863d051eaddc62039ac3d42f3cf66c592d62

                                          Download Submit

                                        • C:\Users\Admin\AppData\Roaming\FridayBoycrazy.exe
                                          Filesize

                                          280KB

                                          MD5

                                          41e34a8240026b4e9cd8d81a73ee8b2c

                                          SHA1

                                          3876b12e152dd552a7059538242b6f87a23e60f5

                                          SHA256

                                          0ef2768bdfaa0b953a5c498f18bbf2df5dce249eaf2044474c476c4367c535b5

                                          SHA512

                                          a7d610ee4f116121757f47193bf092b639cf2d439dcfa364ea800c28c0f21996fd8baa31c9abe68d2c18cc8f334c57f9d71c4e444a04a27d3b9cab90eecbba73

                                          Download Submit

                                        • C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk.goxp
                                          Filesize

                                          3KB

                                          MD5

                                          26be448befefc08863dd56fd14bb46fc

                                          SHA1

                                          ded01440c8882d82ea127038bb17c002656f3f24

                                          SHA256

                                          90f4e1d75b0a7d5295ec249b33779eb4d4ac2e04c92e4e0a50f8277b37df172c

                                          SHA512

                                          e5b9a96cbb1581d4880d3b3b0aa3643b73d53112ef03f659425d6c18eb2453acf6c8ce26b2443677cd33f8496cc563d39b323a06bfb37d76b3fbba02db4a7ed6

                                          Download Submit

                                        • C:\Users\Admin\Documents\Warning.txt
                                          Filesize

                                          642B

                                          MD5

                                          072e26ca8a9c9502061d1c3d9e3bbeaa

                                          SHA1

                                          fe55bffddd0d415c293e8e926d302e3586212322

                                          SHA256

                                          f7b22500b7a82a9446b635353aceecbdc205c9208eeb72c2e2c1b6d0a9a1bd62

                                          SHA512

                                          2bc83902a56df2a3178c3b59ad8014a08b282e60289123a10d9a4d643a604876e008e782a6c861bfd211580a5fdbb1bcf748c3197210d71dc18d8949c62d4610

                                          Download Submit

                                        • memory/1064-1-0x00007FFAA0653000-0x00007FFAA0655000-memory.dmp

                                          Filesize

                                          8KB

                                          Download

                                        • memory/1064-0-0x0000000000210000-0x000000000025C000-memory.dmp

                                          Filesize

                                          304KB

                                          Download

                                        • memory/3572-459-0x00007FFAA0650000-0x00007FFAA1112000-memory.dmp

                                          Filesize

                                          10.8MB

                                          Download

                                        • memory/3572-14-0x00007FFAA0650000-0x00007FFAA1112000-memory.dmp

                                          Filesize

                                          10.8MB

                                          Download

                                        • memory/3572-24-0x00007FFAA0650000-0x00007FFAA1112000-memory.dmp

                                          Filesize

                                          10.8MB

                                          Download