hxxps://download2295[.]mediafire[.]com/t92dmi8t9kqgypIq0lbLLl_7_-FevskUJGgSCEPRk97lag-12tdftvEu-__papZnX2y-h7YXfejumnHeuLTWWv2XVeWTSKMiM-OSs6dYbp7UBi5a3SPYP1B9ImOCBje6FJ9PBzqBs5FUSIJaJ4chqmiHsCcbYDvBtc2HdqHmldJFHw/7kmnatdlp9u0jaa/GenP+3[.]4[.]14[.]1[.]zip

Analysis

max time kernel
150s
max time network
155s
platform
windows10-1703_x64
resource
win10-20240611-en
resource tags

arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
submitted
08-08-2024 08:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://download2295.mediafire.com/t92dmi8t9kqgypIq0lbLLl_7_-FevskUJGgSCEPRk97lag-12tdftvEu-__papZnX2y-h7YXfejumnHeuLTWWv2XVeWTSKMiM-OSs6dYbp7UBi5a3SPYP1B9ImOCBje6FJ9PBzqBs5FUSIJaJ4chqmiHsCcbYDvBtc2HdqHmldJFHw/7kmnatdlp9u0jaa/GenP+3.4.14.1.zip

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133675807959058133"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
4968	chrome.exe
4968	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1840	GenP-3.4.14.1.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 440 wrote to memory of 3652	440	chrome.exe	70
PID 440 wrote to memory of 3652	440	chrome.exe	70
PID 440 wrote to memory of 4464	440	chrome.exe	72
PID 440 wrote to memory of 4464	440	chrome.exe	72
PID 440 wrote to memory of 4464	440	chrome.exe	72
PID 440 wrote to memory of 4464	440	chrome.exe	72
PID 440 wrote to memory of 4464	440	chrome.exe	72
PID 440 wrote to memory of 4464	440	chrome.exe	72
PID 440 wrote to memory of 4464	440	chrome.exe	72
PID 440 wrote to memory of 4464	440	chrome.exe	72
PID 440 wrote to memory of 4464	440	chrome.exe	72
PID 440 wrote to memory of 4464	440	chrome.exe	72
PID 440 wrote to memory of 4464	440	chrome.exe	72
PID 440 wrote to memory of 4464	440	chrome.exe	72
PID 440 wrote to memory of 4464	440	chrome.exe	72
PID 440 wrote to memory of 4464	440	chrome.exe	72
PID 440 wrote to memory of 4464	440	chrome.exe	72
PID 440 wrote to memory of 4464	440	chrome.exe	72
PID 440 wrote to memory of 4464	440	chrome.exe	72
PID 440 wrote to memory of 4464	440	chrome.exe	72
PID 440 wrote to memory of 4464	440	chrome.exe	72
PID 440 wrote to memory of 4464	440	chrome.exe	72
PID 440 wrote to memory of 4464	440	chrome.exe	72
PID 440 wrote to memory of 4464	440	chrome.exe	72
PID 440 wrote to memory of 4464	440	chrome.exe	72
PID 440 wrote to memory of 4464	440	chrome.exe	72
PID 440 wrote to memory of 4464	440	chrome.exe	72
PID 440 wrote to memory of 4464	440	chrome.exe	72
PID 440 wrote to memory of 4464	440	chrome.exe	72
PID 440 wrote to memory of 4464	440	chrome.exe	72
PID 440 wrote to memory of 4464	440	chrome.exe	72
PID 440 wrote to memory of 4464	440	chrome.exe	72
PID 440 wrote to memory of 4464	440	chrome.exe	72
PID 440 wrote to memory of 4464	440	chrome.exe	72
PID 440 wrote to memory of 4464	440	chrome.exe	72
PID 440 wrote to memory of 4464	440	chrome.exe	72
PID 440 wrote to memory of 4464	440	chrome.exe	72
PID 440 wrote to memory of 4464	440	chrome.exe	72
PID 440 wrote to memory of 4464	440	chrome.exe	72
PID 440 wrote to memory of 4464	440	chrome.exe	72
PID 440 wrote to memory of 168	440	chrome.exe	73
PID 440 wrote to memory of 168	440	chrome.exe	73
PID 440 wrote to memory of 4916	440	chrome.exe	74
PID 440 wrote to memory of 4916	440	chrome.exe	74
PID 440 wrote to memory of 4916	440	chrome.exe	74
PID 440 wrote to memory of 4916	440	chrome.exe	74
PID 440 wrote to memory of 4916	440	chrome.exe	74
PID 440 wrote to memory of 4916	440	chrome.exe	74
PID 440 wrote to memory of 4916	440	chrome.exe	74
PID 440 wrote to memory of 4916	440	chrome.exe	74
PID 440 wrote to memory of 4916	440	chrome.exe	74
PID 440 wrote to memory of 4916	440	chrome.exe	74
PID 440 wrote to memory of 4916	440	chrome.exe	74
PID 440 wrote to memory of 4916	440	chrome.exe	74
PID 440 wrote to memory of 4916	440	chrome.exe	74
PID 440 wrote to memory of 4916	440	chrome.exe	74
PID 440 wrote to memory of 4916	440	chrome.exe	74
PID 440 wrote to memory of 4916	440	chrome.exe	74
PID 440 wrote to memory of 4916	440	chrome.exe	74
PID 440 wrote to memory of 4916	440	chrome.exe	74
PID 440 wrote to memory of 4916	440	chrome.exe	74
PID 440 wrote to memory of 4916	440	chrome.exe	74
PID 440 wrote to memory of 4916	440	chrome.exe	74
PID 440 wrote to memory of 4916	440	chrome.exe	74

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://download2295.mediafire.com/t92dmi8t9kqgypIq0lbLLl_7_-FevskUJGgSCEPRk97lag-12tdftvEu-__papZnX2y-h7YXfejumnHeuLTWWv2XVeWTSKMiM-OSs6dYbp7UBi5a3SPYP1B9ImOCBje6FJ9PBzqBs5FUSIJaJ4chqmiHsCcbYDvBtc2HdqHmldJFHw/7kmnatdlp9u0jaa/GenP+3.4.14.1.zip
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffdb89b9758,0x7ffdb89b9768,0x7ffdb89b9778
  2⤵
  PID:3652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1756,i,1868671077025146700,15346542958297403063,131072 /prefetch:2
  2⤵
  PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2004 --field-trial-handle=1756,i,1868671077025146700,15346542958297403063,131072 /prefetch:8
  2⤵
  PID:168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2112 --field-trial-handle=1756,i,1868671077025146700,15346542958297403063,131072 /prefetch:8
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2972 --field-trial-handle=1756,i,1868671077025146700,15346542958297403063,131072 /prefetch:1
  2⤵
  PID:3008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3108 --field-trial-handle=1756,i,1868671077025146700,15346542958297403063,131072 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5036 --field-trial-handle=1756,i,1868671077025146700,15346542958297403063,131072 /prefetch:8
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 --field-trial-handle=1756,i,1868671077025146700,15346542958297403063,131072 /prefetch:8
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4720 --field-trial-handle=1756,i,1868671077025146700,15346542958297403063,131072 /prefetch:8
  2⤵
  PID:2628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 --field-trial-handle=1756,i,1868671077025146700,15346542958297403063,131072 /prefetch:8
  2⤵
  PID:244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 --field-trial-handle=1756,i,1868671077025146700,15346542958297403063,131072 /prefetch:8
  2⤵
  PID:236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=848 --field-trial-handle=1756,i,1868671077025146700,15346542958297403063,131072 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1560 --field-trial-handle=1756,i,1868671077025146700,15346542958297403063,131072 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4704 --field-trial-handle=1756,i,1868671077025146700,15346542958297403063,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2576 --field-trial-handle=1756,i,1868671077025146700,15346542958297403063,131072 /prefetch:1
  2⤵
  PID:956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3508 --field-trial-handle=1756,i,1868671077025146700,15346542958297403063,131072 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2428 --field-trial-handle=1756,i,1868671077025146700,15346542958297403063,131072 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1552 --field-trial-handle=1756,i,1868671077025146700,15346542958297403063,131072 /prefetch:1
  2⤵
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4768 --field-trial-handle=1756,i,1868671077025146700,15346542958297403063,131072 /prefetch:1
  2⤵
  PID:5068

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4004

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2364

C:\Users\Admin\Downloads\GenP 3.4.14.1\GenP-3.4.14.1.exe
"C:\Users\Admin\Downloads\GenP 3.4.14.1\GenP-3.4.14.1.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:1840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\06e4169a-cf4c-4c57-86be-06826be6a38d.tmp

Filesize
6KB

MD5
41c6365c4fed4baff7dd09e95f7f3661

SHA1
0eff1ac0a00b653475b674f8d07aa687504cf0b5

SHA256
616a20e45ed148b59ecb9a7e93a076c0f3cc2ae2302ca88350fd77644a5a3cda

SHA512
9814f075695786492221f69bf47f37995363d61dc99cd0932b4f6a10c17e8fee99d9206606c31a3610a0cd7f8d1171e689be6e32f04451ba8031177d1dfcf568

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
609B

MD5
a9efaa632dd2bb13bab2960e7b646f4a

SHA1
d1375773d863849d15a139e46f62e665c12d90c8

SHA256
dfcefd68ea354b5cf5a4f924605a7532f362cc7333ab96f1e8f5c392f9b1baa7

SHA512
aa4b03cfaadc77f90abce95e1895937cda6ec8bf2f42f86cf33c49c6f36aa3add8a311eb3286f2b7ebfabdf4b8bf5c3ea7d4c025a00c325f4385f4126b2b28fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
873B

MD5
605936a55e57b898849f7797abc89352

SHA1
2eef9d33288e47d5ea99000f45422eadec1fd3cf

SHA256
a3a6616000309eb0991307f0f0b1ad018356a0878a5738877a2416bacf5b5e4b

SHA512
791f48934b6add30f8e0bef5a9d5d5c5ae946177c62759db5b6226de9c91f9b606882b48d6e34caf5ea97616178e78de57e3efc224deddcb8c4033e34bbca783

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
9bdf809e9a7fe2b93172f06841762001

SHA1
9431fa5ff5c3f803af97d7a4c6182d1b8839fabc

SHA256
d72f41f456c08decc6e570a52f37bf659624f4958bab64f2de11236120c61a41

SHA512
8f2d0a7f3d857906a8a87be2406c1110e274bb7223bb9dc739615b1f8fd0ac4fe6752c05e0f1867228a57a9c6bff546885aa201dfa1bfe905eaa164f0b4c24bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
202B

MD5
4f6639322bd6356c9aa347779a7f5a3d

SHA1
9b816a80b68d0240b10b0829e76726d620419615

SHA256
9824a89c9d1f1b23375cc219a692f7875942e60ffd5628c1ab98a95b3aef2283

SHA512
bf84141dc37f28ef0f4ddf0f158144a730b21c5793caf28e2ebdf2b9dc9d3e2b5b3758580b60635bf160c2a33d67b11956102a274fd3c21055e047b2b0391827

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
53478a6fcb59b3a6bddb7139bfd43897

SHA1
7fe993a8cc7ce9ab7ebfc5d2efcdc8ad87ebc57b

SHA256
607800001cc3b5cf355eb6d9e256cff6f26a24b8d9aa34db9ef409751626f0bb

SHA512
74a3f47c26d88fe038b8ed07bdf5a936e04ddaac853e33baf8d75d74b3ff28c0fa742bdb4c0ca02436c34d791819fd68a8cc133b935cfa3923f850be4cfc18aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
7f1810a6e41e852b5c351eba3776cdc0

SHA1
12589f1f5ceb1dbed547c464aab1944353ba72e2

SHA256
7d3604b824c6d3143aaa0759e914fdbb868a2b71be9e01c5dc58ee9d67de3e7a

SHA512
0450d335728809c499d6add7d288dc3a99d0b7c9a414869176bfe017abdc384c305a660914208bf5044f340efcaf9a2a317f77bb7d94082f6b811a83b6ba540e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d27868dfaf01984878d8aba2b1cf8137

SHA1
868ba43c22678f8872c6500a72272915036526cf

SHA256
f9dbc339b088f2dff7c0dafc7a46ec17e00ade57fb9fea607786c04168626571

SHA512
79691c05abb560337bd4a2a796cf936583f4c47c0bccb0a884061f0df2a9e4e611097d731edd4a7b927616416c8187493301ccbecda11acaec95f30a8e8335b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
0f262ba3c439ac11e36127c41322acaa

SHA1
97165fa87a740409abc074c52da1a33ef2fb2d3d

SHA256
d34cce456d359094f819fa177abd8f242ea2e609311ab39dae05ea6a8916aba6

SHA512
0508f1ce0a5dfd2c10540a02ea676f95049ecefa8828132e25ac1e7dc44d8b83c454634bb7e5072ccd8cf96057357e9c14d84a6a31093d72b1967d32a94daf24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
64730a232abd17de5d4696999a44eec9

SHA1
a1d28853a93a562b4c9d7af2f48b2b091f922c32

SHA256
8b7db3bbadc5b2252d297b7141cee3448cedb37321132f35a251dabdf93270f4

SHA512
bd994d54eeaf0992ad1f5d94b99ea49c711d32a4526a84f2bf3fba055afb089ae085055792aa7a6b7ac1874aa383790f323d2dfe8070dc5620e52de276c4c787

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
31bdfade23f0b0577871df688f504323

SHA1
154ea14f1361b668f857a891a31a5865df625d39

SHA256
965ff282be3204ae84868afdbbff05f1bdcaa1771dc0eefe637578019e466a96

SHA512
b8ed0fe8aa8c7ff0883f0cc5039631959d36cc3f29a96e388b86d3eb1bf7f672187bfea62003d7deae09be8f4f54e66aad454ee446b1468b0bdcb8415b219eb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
167KB

MD5
5a6bf5ad3a5fbac06106440488a9a48b

SHA1
cb9d73f73f1d72b27ae059199b614aecef3db556

SHA256
72859da71cf0281e939c252e0e400c6573d9c9c8c970b743526c4d2e433c1a61

SHA512
099cd207bff838c6686c844183f2bb958faebd26bf86127687248c4fa0728787dd935e156c6df53b1f04e7e39ec857b4803c066b7006a364aecc4c27c3c38b4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
a20b840fd1a1ea819bfd978c94b1c995

SHA1
b30897bb4747bfe7ccb48708ddd87135439b9180

SHA256
4fadb0e63f7b65cdcaf5d9608a84197be0d0e413568f2732ee1b243eb7904be0

SHA512
3562ac2c053ecd2acce27c1c6cbae6d378d644fa86de36064d7d13826191989ceb69ef5aa613d3528adfd22f164999e58d8341c0c3ffe3d7abd849ff1ab4cff7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\GenP 3.4.14.1\config.ini

Filesize
7KB

MD5
add427035968bc6f8bcdf0c5d7580495

SHA1
7c1d13771b0546c31b87b36d1f158665ba9f793b

SHA256
66232a4d8677cd50612eaebc664b2f2f3556b497d5bf8657967c259ef4723b68

SHA512
085c3f314f556fe2667df998eec6114f017849746a6691ea2e0bffd6fc8ddc5a1c00e0bd25caca233cbf4b3db59072cce212681c29a480220f1584ff26e1ee3c

Download Submit