e0a95ac99f393fd7815f43de65beaef59bacd5d6af1a394688ad88ec2984edfc

max time kernel
193s
max time network
199s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01-10-2024 17:23

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

gridIcon.1d8a85f3.svg
Size

293B
MD5

1d8a85f34abd62b14d14839dfc8c61fc
SHA1

ce4656701f932004cb94519e610f888f8b22ccef
SHA256

e0a95ac99f393fd7815f43de65beaef59bacd5d6af1a394688ad88ec2984edfc
SHA512

b560c2023f0590c4da329c245ff1259a285fb969686a3c10861f3c829cd53f800f98c8768c4f6a8b6f08f9fa4d2a57472958765fd24aace6427e11824238a0a2

Score

10^/10

discovery evasion persistence ransomware trojan

Malware Config

Signatures

UAC bypass 3 TTPs 1 IoCs

evasion trojan

Bypass User Account Control

T1548.002

Disable or Modify Tools

T1562.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	000.exe

Disables RegEdit via registry modification 1 IoCs

evasion

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	000.exe

Disables Task Manager via registry modification
evasion
Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
6068	000.exe

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	000.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	000.exe

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	000.exe
File opened for modification	C:\Users\Public\Desktop\desktop.ini	000.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\H:	000.exe
File opened (read-only)	\??\L:	000.exe
File opened (read-only)	\??\M:	000.exe
File opened (read-only)	\??\S:	000.exe
File opened (read-only)	\??\U:	000.exe
File opened (read-only)	\??\Y:	000.exe
File opened (read-only)	\??\A:	000.exe
File opened (read-only)	\??\O:	000.exe
File opened (read-only)	\??\Q:	000.exe
File opened (read-only)	\??\X:	000.exe
File opened (read-only)	\??\G:	000.exe
File opened (read-only)	\??\J:	000.exe
File opened (read-only)	\??\V:	000.exe
File opened (read-only)	\??\Z:	000.exe
File opened (read-only)	\??\E:	000.exe
File opened (read-only)	\??\I:	000.exe
File opened (read-only)	\??\K:	000.exe
File opened (read-only)	\??\N:	000.exe
File opened (read-only)	\??\P:	000.exe
File opened (read-only)	\??\R:	000.exe
File opened (read-only)	\??\T:	000.exe
File opened (read-only)	\??\W:	000.exe
File opened (read-only)	\??\B:	000.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
148	raw.githubusercontent.com
147	raw.githubusercontent.com

Modifies WinLogon 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoRestartShell = "0"	000.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Control Panel\Desktop\Wallpaper	000.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Crashpad\metadata	setup.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 4 IoCs

evasion

pid	Process
2240	taskkill.exe
672	taskkill.exe
5288	taskkill.exe
3260	taskkill.exe

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 008ab4bd2614db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31134758"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{E86585C4-8019-11EF-A2A4-4A4A300BA5D9} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009a7bf3bae5f3a549b81f23758225dc5c000000000200000000001066000000010000200000005ab2c2bc5fe146a2ba5b6f8e7c06e5dfe78a02899a0e704a7bff3d9b5aeac04d000000000e8000000002000020000000a1faf632cd9073682930a239bba861dde151c132f614560d627a1433d699a99320000000c2448016387e5fe06c210eb0f545349cec8e7bfdef9b781c6532d34e89528f6a400000004ddf564050ce30edf5599bafee20a27d610165fefa73c6087c2911c75f1370edb28744c90a45c1c740e31c024771c2e163b64fc20656f32de69ad949d10dbc13	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3169101937"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31134758"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009a7bf3bae5f3a549b81f23758225dc5c00000000020000000000106600000001000020000000c81fc4a319887967d190951ed41d2db4a0dc01116c01606f72e3ec8e53365431000000000e800000000200002000000014328237598111ce94c2ccacb64d6a38c79494033e88f53956415878dff633d620000000d8a39df7dd50cdee56b07954c5330fffc6a4813c5952e64600da70440a968dba400000004e89d8bb04d7bc104c944dc917b230895d055e5f5377e3848418a87d2a0a20a30fc5d774819274a32e9a41cd241f4cd3ad6240cc96c3e39d8531c7fdfaa23548	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3169101937"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0b6c4bd2614db01	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "66"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133722770368469552"	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\icon.ico"	000.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2170637797-568393320-3232933035-1000\{B881A85D-10A6-4C34-BF65-73CAFF39B0F3}	000.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2508	chrome.exe
2508	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe

Suspicious use of FindShellTrayWindow 44 IoCs

pid	Process
3232	iexplore.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3232	iexplore.exe
3232	iexplore.exe
4848	IEXPLORE.EXE
4848	IEXPLORE.EXE
2340	OpenWith.exe
5484	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3232 wrote to memory of 4848	3232	iexplore.exe	89
PID 3232 wrote to memory of 4848	3232	iexplore.exe	89
PID 3232 wrote to memory of 4848	3232	iexplore.exe	89
PID 2508 wrote to memory of 3924	2508	chrome.exe	93
PID 2508 wrote to memory of 3924	2508	chrome.exe	93
PID 2508 wrote to memory of 4616	2508	chrome.exe	96
PID 2508 wrote to memory of 4616	2508	chrome.exe	96
PID 2508 wrote to memory of 4616	2508	chrome.exe	96
PID 2508 wrote to memory of 4616	2508	chrome.exe	96
PID 2508 wrote to memory of 4616	2508	chrome.exe	96
PID 2508 wrote to memory of 4616	2508	chrome.exe	96
PID 2508 wrote to memory of 4616	2508	chrome.exe	96
PID 2508 wrote to memory of 4616	2508	chrome.exe	96
PID 2508 wrote to memory of 4616	2508	chrome.exe	96
PID 2508 wrote to memory of 4616	2508	chrome.exe	96
PID 2508 wrote to memory of 4616	2508	chrome.exe	96
PID 2508 wrote to memory of 4616	2508	chrome.exe	96
PID 2508 wrote to memory of 4616	2508	chrome.exe	96
PID 2508 wrote to memory of 4616	2508	chrome.exe	96
PID 2508 wrote to memory of 4616	2508	chrome.exe	96
PID 2508 wrote to memory of 4616	2508	chrome.exe	96
PID 2508 wrote to memory of 4616	2508	chrome.exe	96
PID 2508 wrote to memory of 4616	2508	chrome.exe	96
PID 2508 wrote to memory of 4616	2508	chrome.exe	96
PID 2508 wrote to memory of 4616	2508	chrome.exe	96
PID 2508 wrote to memory of 4616	2508	chrome.exe	96
PID 2508 wrote to memory of 4616	2508	chrome.exe	96
PID 2508 wrote to memory of 4616	2508	chrome.exe	96
PID 2508 wrote to memory of 4616	2508	chrome.exe	96
PID 2508 wrote to memory of 4616	2508	chrome.exe	96
PID 2508 wrote to memory of 4616	2508	chrome.exe	96
PID 2508 wrote to memory of 4616	2508	chrome.exe	96
PID 2508 wrote to memory of 4616	2508	chrome.exe	96
PID 2508 wrote to memory of 4616	2508	chrome.exe	96
PID 2508 wrote to memory of 4616	2508	chrome.exe	96
PID 2508 wrote to memory of 4820	2508	chrome.exe	97
PID 2508 wrote to memory of 4820	2508	chrome.exe	97
PID 2508 wrote to memory of 2180	2508	chrome.exe	98
PID 2508 wrote to memory of 2180	2508	chrome.exe	98
PID 2508 wrote to memory of 2180	2508	chrome.exe	98
PID 2508 wrote to memory of 2180	2508	chrome.exe	98
PID 2508 wrote to memory of 2180	2508	chrome.exe	98
PID 2508 wrote to memory of 2180	2508	chrome.exe	98
PID 2508 wrote to memory of 2180	2508	chrome.exe	98
PID 2508 wrote to memory of 2180	2508	chrome.exe	98
PID 2508 wrote to memory of 2180	2508	chrome.exe	98
PID 2508 wrote to memory of 2180	2508	chrome.exe	98
PID 2508 wrote to memory of 2180	2508	chrome.exe	98
PID 2508 wrote to memory of 2180	2508	chrome.exe	98
PID 2508 wrote to memory of 2180	2508	chrome.exe	98
PID 2508 wrote to memory of 2180	2508	chrome.exe	98
PID 2508 wrote to memory of 2180	2508	chrome.exe	98
PID 2508 wrote to memory of 2180	2508	chrome.exe	98
PID 2508 wrote to memory of 2180	2508	chrome.exe	98
PID 2508 wrote to memory of 2180	2508	chrome.exe	98
PID 2508 wrote to memory of 2180	2508	chrome.exe	98
PID 2508 wrote to memory of 2180	2508	chrome.exe	98
PID 2508 wrote to memory of 2180	2508	chrome.exe	98
PID 2508 wrote to memory of 2180	2508	chrome.exe	98
PID 2508 wrote to memory of 2180	2508	chrome.exe	98
PID 2508 wrote to memory of 2180	2508	chrome.exe	98
PID 2508 wrote to memory of 2180	2508	chrome.exe	98
PID 2508 wrote to memory of 2180	2508	chrome.exe	98
PID 2508 wrote to memory of 2180	2508	chrome.exe	98

System policy modification 1 TTPs 1 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	000.exe

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\gridIcon.1d8a85f3.svg
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3232
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3232 CREDAT:17410 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:4848

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96856cc40,0x7ff96856cc4c,0x7ff96856cc58
  2⤵
  PID:3924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1812,i,922325732736695346,16156187347388518632,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1808 /prefetch:2
  2⤵
  PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1988,i,922325732736695346,16156187347388518632,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2012 /prefetch:3
  2⤵
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2280,i,922325732736695346,16156187347388518632,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2292 /prefetch:8
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,922325732736695346,16156187347388518632,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3204,i,922325732736695346,16156187347388518632,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:2588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3708,i,922325732736695346,16156187347388518632,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4572 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3156,i,922325732736695346,16156187347388518632,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4700 /prefetch:8
  2⤵
  PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4820,i,922325732736695346,16156187347388518632,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4836 /prefetch:8
  2⤵
  PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4956,i,922325732736695346,16156187347388518632,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4448 /prefetch:8
  2⤵
  PID:1160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4692,i,922325732736695346,16156187347388518632,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4992 /prefetch:8
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Program Files directory
  PID:396
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ff77d414698,0x7ff77d4146a4,0x7ff77d4146b0
    3⤵
    - Drops file in Program Files directory
    PID:3896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4872,i,922325732736695346,16156187347388518632,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5128,i,922325732736695346,16156187347388518632,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:3840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5360,i,922325732736695346,16156187347388518632,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5392,i,922325732736695346,16156187347388518632,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5404 /prefetch:8
  2⤵
  PID:3268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3216,i,922325732736695346,16156187347388518632,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3252 /prefetch:8
  2⤵
  PID:4272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5232,i,922325732736695346,16156187347388518632,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5240,i,922325732736695346,16156187347388518632,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3372,i,922325732736695346,16156187347388518632,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5092 /prefetch:8
  2⤵
  PID:1892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5156,i,922325732736695346,16156187347388518632,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:2576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5540,i,922325732736695346,16156187347388518632,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5672,i,922325732736695346,16156187347388518632,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:1200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5892,i,922325732736695346,16156187347388518632,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5888 /prefetch:8
  2⤵
  PID:5608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5876,i,922325732736695346,16156187347388518632,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5996 /prefetch:8
  2⤵
  PID:5616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3160,i,922325732736695346,16156187347388518632,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6164 /prefetch:8
  2⤵
  PID:5624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5092,i,922325732736695346,16156187347388518632,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6188 /prefetch:8
  2⤵
  PID:5636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3564,i,922325732736695346,16156187347388518632,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6336 /prefetch:8
  2⤵
  PID:5644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6032,i,922325732736695346,16156187347388518632,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4816 /prefetch:8
  2⤵
  PID:5860
- C:\Users\Admin\Downloads\000.exe
  "C:\Users\Admin\Downloads\000.exe"
  2⤵
  - UAC bypass
  - Disables RegEdit via registry modification
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Drops desktop.ini file(s)
  - Enumerates connected drives
  - Modifies WinLogon
  - Sets desktop wallpaper using registry
  - Modifies registry class
  - System policy modification
  PID:6068
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\windl.bat""
    3⤵
    PID:4440
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im explorer.exe
      4⤵
      Kills process with taskkill
      PID:2240
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im taskmgr.exe
      4⤵
      Kills process with taskkill
      PID:672
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im regedit.exe
      4⤵
      Kills process with taskkill
      PID:5288
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im ProcessHacker.exe
      4⤵
      Kills process with taskkill
      PID:3260
  - - C:\Windows\system32\net.exe
      net user Admin URNEXT
      4⤵
      PID:5336
    - - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 user Admin URNEXT
        5⤵
        
        PID:5356
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic useraccount where name='Admin' set FullName='UR NEXT'
      4⤵
      PID:5372
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic useraccount where name='Admin' rename 'UR NEXT'
      4⤵
      PID:2116
  - - C:\Windows\system32\shutdown.exe
      shutdown /f /r /t 0
      4⤵
      PID:5460

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=1524,i,4174666705242427184,7333705955694532165,262144 --variations-seed-version --mojo-platform-channel-handle=4512 /prefetch:8
1⤵
PID:1532

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1804

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2340

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa390f055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:5484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\67580b1c-d176-4d41-a97e-e5de7d869ec4.tmp

Filesize
11KB

MD5
481518da419967a2f38b0005a614c218

SHA1
545a9693574203636ee456d69269c18222dd7f61

SHA256
a73aa11ae2d483ff2d435bb61548b1fbd4a4f3bcbb234898fa8458e770f78a07

SHA512
68f00bd409c3ce5da6010ded537724143768f104e070f96b67c0b88345b640a451082603c602834951089b172e1080450413c411e7b6909b8d87ebda6ed6fe3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
2a6e7f9facac70fcecb7081b20e7f6ff

SHA1
5edf15baa6e6221166f46033313113c321ca8805

SHA256
2c7446108079dee0987ea26dac662f174624975d69923512d91be1a84a502663

SHA512
d26f51757a5e8959a55ff8fe8489d68133e7bc1ed786cb65d8472d24a612a148682487a24bdd0fca7b4a54c28d809b103b75fd289c10c14f5cc967efcd81f04a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
213KB

MD5
f942900ff0a10f251d338c612c456948

SHA1
4a283d3c8f3dc491e43c430d97c3489ee7a3d320

SHA256
38b76a54655aff71271a9ad376ac17f20187abd581bf5aced69ccde0fe6e2fd6

SHA512
9b393ce73598ed1997d28ceeddb23491a4d986c337984878ebb0ae06019e30ea77448d375d3d6563c774856d6bc98ee3ca0e0ba88ea5769a451a5e814f6ddb41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
37KB

MD5
1b6703b594119e2ef0f09a829876ae73

SHA1
d324911ee56f7b031f0375192e4124b0b450395e

SHA256
0a8d23eceec4035c56dcfea9505de12a3b222bac422d3de5c15148952fec38a0

SHA512
62b38dd0c1cfb92daffd30d2961994aef66decf55a5c286f2274b725e72e990fa05cae0494dc6ad1565e4fbc88a6ddd9685bd6bc4da9100763ef268305f3afe2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
20KB

MD5
a6f79c766b869e079daa91e038bff5c0

SHA1
45a9a1e2a7898ed47fc3a2dc1d674ca87980451b

SHA256
d27842b8823f69f4748bc26e91cf865eceb2a4ec60258cbca23899a9aef8c35a

SHA512
ed56aaa8229e56142ffa5eb926e4cfa87ac2a500bfa70b93001d55b08922800fe267208f6bd580a16aed7021a56b56ae70dae868c7376a77b08f1c3c23d14ab7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
37KB

MD5
4a781938209ae1b3ce5ead800b050066

SHA1
bc52b40992057b8bf0a7c1d38c245e8d86d7dda9

SHA256
bff49084a45c8f80e96ac6535c2e9f5302f52d73902a368b17e6281f6034be93

SHA512
fcf05576fcf2d74d0b6c393f18c0645aaf857792f96e57aa8bfbd0a2856c1f82ded7367571274c99d8807658e75444211a81c29823a2afe358c4afc390b8a74c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
24KB

MD5
e9085bbce2730ad18477a5e6b2a053e5

SHA1
81b04f132e7c01d796d1730cace6a922eed47c5f

SHA256
0d3da8c2f0f202ed280cfc0ce71a43264f3793e1f7d5a837822ebed5ee1af188

SHA512
80f905992a6be57b31da4e63f69674a2c9a3c3f0e8c182103afd12d60d689936c5ac76a32bc809b672c564b9b65f1608960be800e72ce058842c698d1bea9fe8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
18KB

MD5
2e23d6e099f830cf0b14356b3c3443ce

SHA1
027db4ff48118566db039d6b5f574a8ac73002bc

SHA256
7238196a5bf79e1b83cacb9ed4a82bf40b32cd789c30ef790e4eac0bbf438885

SHA512
165b1de091bfe0dd9deff0f8a3968268113d95edc9fd7a8081b525e0910f4442cfb3b4f5ac58ecfa41991d9dcabe5aa8b69f7f1c77e202cd17dd774931662717

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
17KB

MD5
4859fe9009aa573b872b59deb7b4b71a

SHA1
77c61cbe43af355b89e81ecc18567f32acf8e770

SHA256
902bb25ea8a4d552bc99dea857df6518eb54f14ffa694f2618300212a8ce0baa

SHA512
6f12570d2db894f08321fdb71b076f0a1abe2dba9dca6c2fbe5b1275de09d0a5e199992cc722d5fc28dad49082ee46ea32a5a4c9b62ad045d8c51f2b339348be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
59KB

MD5
d5da1cc03ddee197a316010d5c41df05

SHA1
39a2021e9daacf3c6f1f8146dc788a7968a3442b

SHA256
a114702bef93ef5d0518d242f5ea247ff4072ceb7eea451e5681e4b4e7387ae9

SHA512
5cc05a34e9eec5e901402477e41a7263f0f02a8f31fdc06b08e0453e7ad50f55717f230a5c992bd1dbef8168c8b69daa2d2982a29449329a0cb207d14bc8fad6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
53KB

MD5
cfff8fc00d16fc868cf319409948c243

SHA1
b7e2e2a6656c77a19d9819a7d782a981d9e16d44

SHA256
51266cbe2741a46507d1bb758669d6de3c2246f650829774f7433bc734688a5a

SHA512
9d127abfdf3850998fd0d2fb6bd106b5a40506398eb9c5474933ff5309cdc18c07052592281dbe1f15ea9d6cb245d08ff09873b374777d71bbbc6e0594bde39b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
144KB

MD5
521af33c55174ecf75a05833f8109ff6

SHA1
897f21eaffb962d3c805576d06f07c820acd18b5

SHA256
a3c75bd51b37662153258f638dee394ec4f7be139bf3844e9166f937aedd6324

SHA512
88b44345081129b9c9a4b81a6a83fdadf93f4ce9fa236f8befbc172fecb649ade758466e2c44be30f987915477a9f4abfcdbd1baa67932821b861dfc6f83e682

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
69KB

MD5
e6893066d4a483fc02ca3bf7a18040fd

SHA1
0b50ad494d460cda78f5ccea9bd37330a59238ca

SHA256
a623b7becab8300ebbdfdfa39f2b53f075c196343905f591d88a82bda566a196

SHA512
437d282e102984a3d65a5476e166b1e1165c87b552edb5a642828cd95dfcb59e6818c30f39252f677cc08ee7524744f1d13645f8ee85aa5d030707a39178617c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
178b8402d87ff62ffc9b2b75173fda2e

SHA1
013ff8b90a46d630953ef2a6056c3a105fdf15a3

SHA256
6a91dd6c4be7be4fe525df085b6b92ba30371b0ff729d43f5794564ebba1c5c3

SHA512
f29223ae520e289e9c0eb954b43239ec46f49cbcc03d0285a8be3f51d22095617137b88e105f70c74dd6a6b80299916c54a962eac8ca788d0beb96e8429e32c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b21adbf7c086a3173b68251a77a42a40

SHA1
49396f328271fee8539443a8150228a797abb515

SHA256
eb3ed067b9c6f73be8763a9e26772091cbc8e912f9ba3cca3618a82b92e341a4

SHA512
2ab7f5af551ba30336d9e2f34fb14d37749c2bb4f785e69d25021d031b93456496aeeb0ec9b9f6d2b4153729e7bc90f98bbfae40680363866a627408cff7e182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
50e34442e30d5f7ebc7b28b810c23dbe

SHA1
06248da204b1699e594b6483936160064a912d40

SHA256
cff568a8f9c29409c75e10e6d8025b054447c921f80e5a44b706c573af9d8a18

SHA512
d07ee5502820aab1b1bdac24eef5706905058bb6ae372df35bcd3e1260b35b82a7ccc464463fd74f1ee097473a936d9f08c4379635990dcb6b840da753d13400

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
7d52d475f47fafe7e5f8c1517aa29ebd

SHA1
e8e9dcce3dfda130350529d5e3d28bb7c1394163

SHA256
5b88e06e208fc9267923bdde57a505c604b36708495eead0696c3de4307285eb

SHA512
58374740e34c07f1316b194bdd7a9ac2ecbac4a313dada421b156e4c39121d5ff882eb83924c3f98eb8e42fe399f04941ed51ce8c9b83d1a893de239220f17d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a787ba735456141a40fa86a12bc76e18

SHA1
2bd205ab350feda081f203ec37ae79c822e33b75

SHA256
b5c116677547b789f9ad49c97168902e7ca166ead0ed0f1813617fb8e0ed2290

SHA512
e124504b800f6dea7cac04a32e3f60dc1ddcfadd658ca35a26bcbaf48104e657398fad26ee7d0683ffcf536c8c7eb374951018f9f56944f309b835119d429592

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e490eef8f459ae88b3c867726c0c056b

SHA1
4593613e0e04ea6f3be4a4fbb497be2f47bc8444

SHA256
7bbb14ca318d909c21449f56d661d8dfe464499054cea89688414a0df719f14d

SHA512
e052e0420404548cf0a781f15aec340e4156e30fc86357a2e7fe34acee59a187a4f33f66458ba7867b5433c96cbe9d8b00e5cf08a5193f56750e8ffdfc362dda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1f2a6aee4733c3a27283ef46199b3ec3

SHA1
94ae4c09bb3aa00f7decc0cb931e47fef4ef248e

SHA256
13c0d4305a075ae0339983bf9936714b2aca6c08cfdadeffbcf9ce1d081d1d76

SHA512
9abcfa01e09e8a85ca61a36323d726ae30ca32b291ea8ba48ffb085e5655b094f2cc49a8443f058c5aac3c648775488472512117ee0ea20476aec4787f023598

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d2ac8b52e160b5e1892739d80b016ef1

SHA1
84bef34a3f540a3aa112bd30a041e684d92abe8c

SHA256
d540b0cd4ecd4c3d3d14a19a99360e2adfd5bd0b8e5f98ce32c78749ce266d6a

SHA512
afb72061c68a31e225dfe2a7879458e9f642fd2e729e7c9a6e5d2cd66fb4459270a69ac3ec7eae287d11bdc6a56cf6a63d8ecb6903b4c2b8e963aa4baea141a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
dc0cca097e8ff9c0c42f14d508dee400

SHA1
5399fb6d6eb106e4249a85cdabf7874688529788

SHA256
71b637949867610bc0231b5fdda913f5b841693cba3a3f79d1aade7222720856

SHA512
c18c1a5d6b7e90288b5e78a8388f7d5a71c4111ca64aa9171e475e908c0e8d9f46a94d96711dc64708d5cc497f7ff5c2dac5e32fa88ffff3715ffbec00a51bcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a1060bc6479f405ad360006f89755c78

SHA1
c9a4adc1f6b89f240f08145c47cfcdcca81709ee

SHA256
bff68ced570399182d8441724f37c021a19509b7631bb192dc7859e3c678a0f5

SHA512
aee61909dd7e27108287bf088e3dc0de6d9798c30873cf7892d3382b3578991b28778e1dffd84cadecd7852a68f5779547653f3b9b13333cfbf7e292fe48ae42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
01dbea7918c9a8c9619d35a6138e722e

SHA1
5916faada75150724fe765d62c7d523b582e462d

SHA256
4d9a03013826771bdcdd8c039ea01398db02cef53763ca2273ff96d893834764

SHA512
aa905af16ed51df0dd2d082a8b1f10d5854fd48c9f27373189532d48d345190dc4398a9698bce51117fc14ecbd27bff5a45e1f482e1fe8b5871947e73eae031b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
725e54871559d1886bfdda276c2ac5b9

SHA1
2955c0e05d2fdb2e5f6c503bea0dbe01d0798211

SHA256
0af352be7c30052788f25c768846c4715be37da456cbfa035931651939dec582

SHA512
e0db9b81eb0256e5093e7e36859a265b315373faef7b784d850ea5a85d865b08cb56a8562dd16020822784e802fe62da56cf621f47ac0f5e03583de6719c07fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
d0e458d522c60dccd12511aade0888f6

SHA1
b8f66a30e567d38c0e8dae3639efcf0b454fb676

SHA256
21eab154a9e69e7f738ae03846c8eede51a810dfa27f5f6b9b3f6501c0541cf4

SHA512
25b19ac27963ab84cc085d8b2124794d23564f361ed307629fb847376bf190ae113e730dabf01794c20d854fc071472640a64a8146b00844851500390c3e8c6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6c983af7f2943a44570d2b1dd0a7d4a3

SHA1
891e67d1e65711aeeeae26b0f4b7c465bf36caae

SHA256
b2ed471ac21bd049b10147c5216f6db33197184b723d4918e3ad00bd6965dd81

SHA512
a317c6f7c6a05768b666152e7e4b6aecf1d40e87b38e4c714b22b040f4cabfcc17db3709e66e7e02f873916cba934a003d26559b45b0924ac603c6f1125123af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bf0c2227b2e61c29d3afa6fd6e20e826

SHA1
10a8c26b2093892a9ea2282b84b2e0837b7ddbe1

SHA256
ce93aafdec083a9eeba29a26fc1c9e9919cb840e5905cf560b45912edd8ee1c4

SHA512
f6b4f7fa23f6d0288e9958d5fbf2c0b6dab10cdd24495839a748f61099e5de8ed3019c6f867ba0942a0d6f6fe61eb950a3897ae8bf8bbe5b845911601d21a9b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\a72c8423-18b4-42e0-b766-f143c81faddc.tmp

Filesize
354B

MD5
d6bf0f2dfc420e4df0b7c1ad1f6e12af

SHA1
ac578b3dc82fe39a8c40ada8dd92c625ff4e592f

SHA256
50705b87ef8205dd7b1dbb53730806ffb2d1002f750dfc2952036793c84ab367

SHA512
3728b107518f36d633075723166ebdf9288975b0b5cd2f5f75c8b6729bce353df0dcb595d1c0941b2ccc388055153f88c2d358d75ab08f259c8af993471dd609

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
19ada5c1d5edeeaf1d700fddc3ade04d

SHA1
f6cd07dbda6dcf6751a9ed900e50d2d5eb8acd8f

SHA256
834b61ffaea7b6439e63ef47c98b5f8014f60639c98b31b33efcb67fff0d5269

SHA512
bdc9ba6338001811c07e7f81ed1de06cae7dcfbd88a525cb668dc8249e6d6519409146f729327548d86f9fa2d4afc82b5e8c478171449f23c79e0f42a2a8cf5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fd159d530924b9ad39bf02c6a9858b7e

SHA1
3a6bb931eaadba15ae95288f805ca999249212e5

SHA256
ae33f55c10a7aeec654b5efe9c97e4ffaeed1111a05b085aee73af60013fd52f

SHA512
b055d03cce77affc46f8e121d55fdc13eda7c355f34d645ccc2b45de9bfd477bff9f9049aa90cf63750ebdcc61ffd2e1d6682f213107be8f088ca32b1b1e90d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
6cbe5eddfd6086b63f67c110efbba384

SHA1
3e98e9576e355829597c922b643c55ec8de41e05

SHA256
9410b1d49f8f9c6234d0c5f777537e70fdeaa7ad7162233420b5cd5456c3a831

SHA512
776351dda7812d3d14ac68318ecde1431659822a12d5a0c3fd4ab5f791e4145e9971e87315fb83a316530e0d14a6078cdaa170bfa9761cf8314322384c451361

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
966c74930adef4b0d1924d34aef6ea1d

SHA1
e0d5648b9ac708fcfbf64562c8c4bba63c1e7a2a

SHA256
ee42d52029196986531c320831de7b4d51b789bfcadd04cd434c5bcb1cfd973d

SHA512
26ea82e2531940d00dacf28ef1fb2395992a5d25040a7892c1408967d9da86a165477ee82fa1c41a25127d498c01b3e294ee5c69bf5d597b150aba997226a317

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b069c17047027ac0c20041b01799e1e2

SHA1
61aa1a47fc24909396abaca2d4a9ef01bf5209ce

SHA256
50166f15688b25664f08d2b63f7b0d97994940a3394c0a5b58f62f6bedb5a8b5

SHA512
22bc71915db4f18f7421070bca07670ae51d542f48759e3e8f16f5e231ee98b5a5d02ae740239fe49445d57c9ecadb2f890b951ee8740f7aa9d7e12d0e39c3ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
eed3caaabb6dcb010ad6aee44dec4ef3

SHA1
0c60bb846c890f391c0ab039746094f8a1177f4a

SHA256
23c7f8e54fdace3f9579e75b589884b64dd0b47876d91c033838165f05f11696

SHA512
2e85aee0a1bc8fc5ffc72cf208d3dfbc4edde868cb83fd75b63842dd5ef037724a3af8e205ddaf84733984f60697909419335e7782d1a7e83fd03612b0a1e4bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
35137d46e1f985d7fe7178888fc6889c

SHA1
4f006fbf82169464229a70f590faeca04ff6a627

SHA256
a4595865906953ff7902e9d79001d7755dceca044168780cb7be45a97ba080d6

SHA512
16df3830b162c2121ad7cabcb64e7e139101e7119308f2065555e5a78dd036c43bbc16f444a13d8e788edbd49577a2ce4bc7a350c36c18076bc284f43858a432

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e83f37fc35d5fc2a7a94de0f6e982dba

SHA1
435451ee25409562750b14ffc21a99b31768aa5f

SHA256
c1b558961dfd83a94f7697a19382d8bf2545ceeffc3227606da4ae181e695c01

SHA512
7a0290ec63760e699a3aa037c235a2cd6484b3771927cf5f49371ea3a49b111b212518cd26a0ebf4ec6bb0940cfe55f6b91975e288d846250f426dd8b22033c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
87a546e5449a61f7fbcf894b5b987834

SHA1
78ac3c027d0cbbd9209a05c1de72c84330bf0e38

SHA256
b4ee040dd1233487ed9fb145fa6441a06d673a492f764ee894e56155c2840f14

SHA512
87fc51ea900b41243c37061700efee3e4cfe59ec3a373ae5ada2e0d69f2720f4ca775c78c14965dbacba01d72ccf16787851ebc000aa0d974d154ad6b48c2458

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1484d24ae9fddfee94c94d560282ac68

SHA1
8a6ffeb9bc79a99794cdf094e7c951ab578d0f24

SHA256
94559370c7cc4035b8b978a7089f52d22ab6e00e2f95493ad6be5139f341d04c

SHA512
a2a38880a100327606864c41ca4cb5fd1837cda62ba9979cefb76d0294a446ca46e30f07cd7c6926a1b00f067bcb62e59c0a44187616ebb16a8c07b1915cdd65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
79bf1df37ea6dd0649320721c3f256ea

SHA1
1907d9d944e5ac4a6bcd848c7a99801227eeba6a

SHA256
5c2bdbec5b5aa96b1067a158f172474b0a8d78c79a4d80e1922a876faed17341

SHA512
de3ed415a2e1559edfafa33f6d668ed5ee10162c73932ff65663d34042e205be031450a9da72f894c522d972ce02dc4cc057ad9c5b65d357a3dce7e4982c990c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a10af8970592c6aac3c563f34024f3b3

SHA1
7667a1377ad337fcd5879badfec5edfd603f9eec

SHA256
c5d95f4b156dbc31860c80b2ea9584d6a9b1364318aaa3ba3a3b68694bb576ae

SHA512
beb2bec59f66e1e042cecc64d4d9891906e70861a755fb5d538d89d346c16f8af310530e199e24cb055492700a2a86ac79326ee3c7144826e4ced7a6a57ddb80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
7e3cca5dbf3f8ef3333dd0e7a432ff4b

SHA1
27fe7a74dfde48483fbe9b623545bbf963177bde

SHA256
3c5545289a13741416e27724e3d44f842a01da74fd6ceddceed3b9f5c2d2da2a

SHA512
8bd18a6125c028a129a81531ede1f6b3205fc4ccea04537331984f04d5d72e5f970a39b4d7855f91a0a4edce1d8fca6c7278df609d74f030f849129f5f03b061

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
151166fd8583a803a93568cec27b341f

SHA1
c1e744f93decb827cdb60b16b846c4ef2ca2be75

SHA256
aa60072240953a9135a12737ebf9e15b4e7ac64752f7cc994220792c14129c02

SHA512
8f595d639e6da015cdb6d261fa2af8a7587c5659cba9c9d9ae9059ea34e94fb08e4260894cc3527025a34dcc1b2b0d50bfeec61c9c18fd29b723db7f43ba4d48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
210KB

MD5
b4bf1c36109fa06ced68092e5057f3e1

SHA1
1b2d1ea91fb0ac56d799370fa12466918c54b2b8

SHA256
3bbec4a26d011f57d4ab2a6673cfd2e55f2d25505f5c190dc9c39e3b5cb61b92

SHA512
615392c20acd55dbd78a377a51005778ccf6fa7ca50dda690de6f13a713f84b36b2bcdd293509a66831355864604e2554008b4dbda2eef80b77ec3fdedcf0d42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
210KB

MD5
cbeec9b5f0c985eafe5330470d28c94c

SHA1
593b2f4e9def5ee8438d62bf68df1661605d665d

SHA256
8cddf2ff5710c29c8e7029a025ed5bfcf39cd31dda6ecb834edfa66f216dc0aa

SHA512
f44fa8ccd9e2af996e6df3ae35d29b246c065ba191abc5834746c0e91f5e3ecb68f64986b99135527e1993f5f2da668ac3e5516a1c393700569ffdfb8db199f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
210KB

MD5
7fb5f47e718d5924a1c8a3187fbc5c9d

SHA1
1802d62b10674fb9981a807132d8dc13f7131aba

SHA256
9c213fe92592ad2cd4bb0846b9765324075c0601c3f24f0f14b261078b844956

SHA512
cccc0e609986e329923294a619680c2bd4c539f16caab0252aa1156f6d9f0b10adb5d1c43a402575b81adbaa5545652dc88c78f9aae3254db6a52ec3ee66bfe7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
210KB

MD5
0ad60fa3291bd542101ec7cea305f77a

SHA1
7c78186f777e218fc2b7c8537a2f6f0956356b50

SHA256
0d4e5ccbf5e21be5198854c48342689665ec2247f7b04631a065968d407c5f93

SHA512
882b501bd82948714a84d2fa098ddd63411ade1074078a9298ec2624722b89a4c048f4781689e9f58da5085b916da5ec084fcdb970571d31550e5065c1c88803

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
896KB

MD5
140cb03fce171f0a1af21547a1501e46

SHA1
2c840f4723e7ce7eb7c7ca5683562200a19e09b5

SHA256
c74835146d2f82660de7450e06a8740c1b49eb1e7d4e1014b6b4c1c8e2a1b405

SHA512
114130e97f7aeb17874bc196c68814e8c8f37fe8b8113581561faf457fc0d9420c182a4eae2acb5f72344d1f4e898d577f7414e48e168714527a54560a582891

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Temp\one.rtf

Filesize
400B

MD5
5e163b1f0c2e5bc318b58d39fd34acce

SHA1
af9309ded2d9ba50e51c83c791ac6aa6ced07fc8

SHA256
ef2fd3a239aa65c7c9cb204e5ae003ddd6a80d439c59f813e76d4e68987a259a

SHA512
5da736740a1259a8e481aa4e6809f080ee18153767ccaab985017e695cc2a355c2c9e309e7d774fd3a2901d801627af1eedd6928373badc4d14ca67baea64369

Download Submit
C:\Users\Admin\AppData\Local\Temp\rniw.exe

Filesize
76KB

MD5
9232120b6ff11d48a90069b25aa30abc

SHA1
97bb45f4076083fca037eee15d001fd284e53e47

SHA256
70faa0e1498461731f873d3594f20cbf2beaa6f123a06b66f9df59a9cdf862be

SHA512
b06688a9fc0b853d2895f11e812c48d5871f2793183fda5e9638ded22fc5dc1e813f174baedc980a1f0b6a7b0a65cd61f29bb16acc6dd45da62988eb012d6877

Download Submit
C:\Users\Admin\AppData\Local\Temp\street.mp4

Filesize
81KB

MD5
d2774b188ab5dde3e2df5033a676a0b4

SHA1
6e8f668cba211f1c3303e4947676f2fc9e4a1bcc

SHA256
95374cf300097872a546d89306374e7cf2676f7a8b4c70274245d2dccfc79443

SHA512
3047a831ed9c8690b00763061807e98e15e9534ebc9499e3e5abb938199f9716c0e24a83a13291a8fd5b91a6598aeeef377d6793f6461fc0247ec4bbd901a131

Download Submit
C:\Users\Admin\AppData\Local\Temp\text.txt

Filesize
394B

MD5
b35ffe3dc03de62e10b5dc3f5fa5e77c

SHA1
775254045145cd3a0097fbfc7b069a62beee134d

SHA256
f5f56b42be58680d2f666321e3c1d1d16e6b41406250e5226dfa723faef797cd

SHA512
79d8f79e879f8c603d88aa34844d7f857668d9da8bcf8ededba8dd4f745b2ed5bf20e9ded70ac268119a68e524e12e23023edc451a576e4f22fcfac0f1b79ef7

Download Submit
C:\Users\Admin\AppData\Local\Temp\windl.bat

Filesize
720B

MD5
b73032c7921e596509a179f1e0780029

SHA1
f155b7685b9e5b63fefab9ca0958772fa81876ce

SHA256
b18604254c223c6b3b56b10bcf3caf9b07ac967d6c0626a5ae8472ec44cf8bd4

SHA512
90ba246ef548036d6c8894891987658456e3bd85e2fe79bb2940e2d93ed74d512263670ef6af098181ee724dfda5192c659b8af4bbb4c36a27c3d135f6bfba12

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 709656.crdownload

Filesize
6.7MB

MD5
27f84a42d581880d149185494ab621e1

SHA1
2fe06b762ea303d0824b15d02aff68a321128095

SHA256
5eed2b5832483191e67f2ffbdcf349a6256039a8a7f934fb6bb9188873f8a73b

SHA512
9896bed08127c0d30a38b7cf0a039161b26e64bc16d33357a46c890f14c0214d6b1a78999c5da5a4b1a070edc1fb49fa3017f092b1ddd6c1e5e7920f5de305cd

Download Submit
C:\Users\Admin\Downloads\smb-qua22o4u.7z

Filesize
37KB

MD5
c7878a0692f2cb14aac7c2e9baad82f1

SHA1
36a332427990198e9775c92b3cdd0d429f304a51

SHA256
9849e33e978278070075328520663c618f05d02aad5f1fc802c68af354d44ab1

SHA512
da5cbc5cb1865337f4bfdf989a38122c083f5a2e7a6f69dd66be9669656b913f44e8bbe9207ebb1e0036bb40a334a816ed6a9aafccb3e8d27e7d6a5ec38ae610

Download Submit
memory/6068-940-0x0000026659090000-0x00000266590E8000-memory.dmp

Filesize
352KB

Download
memory/6068-938-0x0000026658EB0000-0x0000026658EC4000-memory.dmp

Filesize
80KB

Download
memory/6068-933-0x000002663E2C0000-0x000002663E970000-memory.dmp

Filesize
6.7MB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads