Analysis
-
max time kernel
54s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
04-10-2024 11:13
Static task
static1
Behavioral task
behavioral1
Sample
Proforma invoice NO 2003949 dated 10042024.exe
Resource
win7-20240903-en
General
-
Target
Proforma invoice NO 2003949 dated 10042024.exe
-
Size
742KB
-
MD5
288e2818b37e52f9e697431692abb36e
-
SHA1
6868bc69d0d6d0b92e9c0c3078c09420c3dc651f
-
SHA256
0a74602363d411ea6ce0a632acadeb68025595990a3ee9add024ab36cca0bfcc
-
SHA512
e7d481cc5281223fc4636c190026f14fef5351e80bec2bd40bb053349cba497998b9700aa1b06736bc30a5a657fc2690ad94adec50b3f2f315287115805b9cee
-
SSDEEP
12288:Ahx6P6SzMLJ9Cg0ISgrUaoNsFo4uMY2Csm0jQ:gx/yMnCCSgAmo/WV
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.concaribe.com - Port:
21 - Username:
[email protected] - Password:
ro}UWgz#!38E
Signatures
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 4 api.ipify.org 5 api.ipify.org -
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 3048 set thread context of 2680 3048 Proforma invoice NO 2003949 dated 10042024.exe 30 -
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Proforma invoice NO 2003949 dated 10042024.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Proforma invoice NO 2003949 dated 10042024.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 2680 Proforma invoice NO 2003949 dated 10042024.exe 2680 Proforma invoice NO 2003949 dated 10042024.exe 2564 chrome.exe 2564 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeDebugPrivilege 2680 Proforma invoice NO 2003949 dated 10042024.exe Token: SeShutdownPrivilege 2564 chrome.exe Token: SeShutdownPrivilege 2564 chrome.exe Token: SeShutdownPrivilege 2564 chrome.exe Token: SeShutdownPrivilege 2564 chrome.exe Token: SeShutdownPrivilege 2564 chrome.exe Token: SeShutdownPrivilege 2564 chrome.exe Token: SeShutdownPrivilege 2564 chrome.exe Token: SeShutdownPrivilege 2564 chrome.exe Token: SeShutdownPrivilege 2564 chrome.exe Token: SeShutdownPrivilege 2564 chrome.exe Token: SeShutdownPrivilege 2564 chrome.exe Token: SeShutdownPrivilege 2564 chrome.exe Token: SeShutdownPrivilege 2564 chrome.exe Token: SeShutdownPrivilege 2564 chrome.exe Token: SeShutdownPrivilege 2564 chrome.exe Token: SeShutdownPrivilege 2564 chrome.exe Token: SeShutdownPrivilege 2564 chrome.exe Token: SeShutdownPrivilege 2564 chrome.exe Token: SeShutdownPrivilege 2564 chrome.exe Token: SeShutdownPrivilege 2564 chrome.exe Token: SeShutdownPrivilege 2564 chrome.exe Token: SeShutdownPrivilege 2564 chrome.exe Token: SeShutdownPrivilege 2564 chrome.exe Token: SeShutdownPrivilege 2564 chrome.exe Token: SeShutdownPrivilege 2564 chrome.exe Token: SeShutdownPrivilege 2564 chrome.exe Token: SeShutdownPrivilege 2564 chrome.exe Token: SeShutdownPrivilege 2564 chrome.exe Token: SeShutdownPrivilege 2564 chrome.exe Token: SeShutdownPrivilege 2564 chrome.exe Token: SeShutdownPrivilege 2564 chrome.exe Token: SeShutdownPrivilege 2564 chrome.exe Token: SeShutdownPrivilege 2564 chrome.exe Token: SeShutdownPrivilege 2564 chrome.exe Token: SeShutdownPrivilege 2564 chrome.exe Token: SeShutdownPrivilege 2564 chrome.exe Token: SeShutdownPrivilege 2564 chrome.exe Token: SeShutdownPrivilege 2564 chrome.exe Token: SeShutdownPrivilege 2564 chrome.exe Token: SeShutdownPrivilege 2564 chrome.exe Token: SeShutdownPrivilege 2564 chrome.exe Token: SeShutdownPrivilege 2564 chrome.exe Token: SeShutdownPrivilege 2564 chrome.exe Token: SeShutdownPrivilege 2564 chrome.exe Token: SeShutdownPrivilege 2564 chrome.exe Token: SeShutdownPrivilege 2564 chrome.exe Token: SeShutdownPrivilege 2564 chrome.exe Token: SeShutdownPrivilege 2564 chrome.exe Token: SeShutdownPrivilege 2564 chrome.exe Token: SeShutdownPrivilege 2564 chrome.exe Token: SeShutdownPrivilege 2564 chrome.exe Token: SeShutdownPrivilege 2564 chrome.exe Token: SeShutdownPrivilege 2564 chrome.exe Token: SeShutdownPrivilege 2564 chrome.exe Token: SeShutdownPrivilege 2564 chrome.exe Token: SeShutdownPrivilege 2564 chrome.exe Token: SeShutdownPrivilege 2564 chrome.exe Token: SeShutdownPrivilege 2564 chrome.exe Token: SeShutdownPrivilege 2564 chrome.exe Token: SeShutdownPrivilege 2564 chrome.exe Token: SeShutdownPrivilege 2564 chrome.exe Token: SeShutdownPrivilege 2564 chrome.exe Token: SeShutdownPrivilege 2564 chrome.exe -
Suspicious use of FindShellTrayWindow 34 IoCs
pid Process 2564 chrome.exe 2564 chrome.exe 2564 chrome.exe 2564 chrome.exe 2564 chrome.exe 2564 chrome.exe 2564 chrome.exe 2564 chrome.exe 2564 chrome.exe 2564 chrome.exe 2564 chrome.exe 2564 chrome.exe 2564 chrome.exe 2564 chrome.exe 2564 chrome.exe 2564 chrome.exe 2564 chrome.exe 2564 chrome.exe 2564 chrome.exe 2564 chrome.exe 2564 chrome.exe 2564 chrome.exe 2564 chrome.exe 2564 chrome.exe 2564 chrome.exe 2564 chrome.exe 2564 chrome.exe 2564 chrome.exe 2564 chrome.exe 2564 chrome.exe 2564 chrome.exe 2564 chrome.exe 2564 chrome.exe 2564 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 2564 chrome.exe 2564 chrome.exe 2564 chrome.exe 2564 chrome.exe 2564 chrome.exe 2564 chrome.exe 2564 chrome.exe 2564 chrome.exe 2564 chrome.exe 2564 chrome.exe 2564 chrome.exe 2564 chrome.exe 2564 chrome.exe 2564 chrome.exe 2564 chrome.exe 2564 chrome.exe 2564 chrome.exe 2564 chrome.exe 2564 chrome.exe 2564 chrome.exe 2564 chrome.exe 2564 chrome.exe 2564 chrome.exe 2564 chrome.exe 2564 chrome.exe 2564 chrome.exe 2564 chrome.exe 2564 chrome.exe 2564 chrome.exe 2564 chrome.exe 2564 chrome.exe 2564 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3048 wrote to memory of 2680 3048 Proforma invoice NO 2003949 dated 10042024.exe 30 PID 3048 wrote to memory of 2680 3048 Proforma invoice NO 2003949 dated 10042024.exe 30 PID 3048 wrote to memory of 2680 3048 Proforma invoice NO 2003949 dated 10042024.exe 30 PID 3048 wrote to memory of 2680 3048 Proforma invoice NO 2003949 dated 10042024.exe 30 PID 3048 wrote to memory of 2680 3048 Proforma invoice NO 2003949 dated 10042024.exe 30 PID 3048 wrote to memory of 2680 3048 Proforma invoice NO 2003949 dated 10042024.exe 30 PID 3048 wrote to memory of 2680 3048 Proforma invoice NO 2003949 dated 10042024.exe 30 PID 3048 wrote to memory of 2680 3048 Proforma invoice NO 2003949 dated 10042024.exe 30 PID 3048 wrote to memory of 2680 3048 Proforma invoice NO 2003949 dated 10042024.exe 30 PID 2564 wrote to memory of 2616 2564 chrome.exe 33 PID 2564 wrote to memory of 2616 2564 chrome.exe 33 PID 2564 wrote to memory of 2616 2564 chrome.exe 33 PID 2564 wrote to memory of 2788 2564 chrome.exe 34 PID 2564 wrote to memory of 2788 2564 chrome.exe 34 PID 2564 wrote to memory of 2788 2564 chrome.exe 34 PID 2564 wrote to memory of 2788 2564 chrome.exe 34 PID 2564 wrote to memory of 2788 2564 chrome.exe 34 PID 2564 wrote to memory of 2788 2564 chrome.exe 34 PID 2564 wrote to memory of 2788 2564 chrome.exe 34 PID 2564 wrote to memory of 2788 2564 chrome.exe 34 PID 2564 wrote to memory of 2788 2564 chrome.exe 34 PID 2564 wrote to memory of 2788 2564 chrome.exe 34 PID 2564 wrote to memory of 2788 2564 chrome.exe 34 PID 2564 wrote to memory of 2788 2564 chrome.exe 34 PID 2564 wrote to memory of 2788 2564 chrome.exe 34 PID 2564 wrote to memory of 2788 2564 chrome.exe 34 PID 2564 wrote to memory of 2788 2564 chrome.exe 34 PID 2564 wrote to memory of 2788 2564 chrome.exe 34 PID 2564 wrote to memory of 2788 2564 chrome.exe 34 PID 2564 wrote to memory of 2788 2564 chrome.exe 34 PID 2564 wrote to memory of 2788 2564 chrome.exe 34 PID 2564 wrote to memory of 2788 2564 chrome.exe 34 PID 2564 wrote to memory of 2788 2564 chrome.exe 34 PID 2564 wrote to memory of 2788 2564 chrome.exe 34 PID 2564 wrote to memory of 2788 2564 chrome.exe 34 PID 2564 wrote to memory of 2788 2564 chrome.exe 34 PID 2564 wrote to memory of 2788 2564 chrome.exe 34 PID 2564 wrote to memory of 2788 2564 chrome.exe 34 PID 2564 wrote to memory of 2788 2564 chrome.exe 34 PID 2564 wrote to memory of 2788 2564 chrome.exe 34 PID 2564 wrote to memory of 2788 2564 chrome.exe 34 PID 2564 wrote to memory of 2788 2564 chrome.exe 34 PID 2564 wrote to memory of 2788 2564 chrome.exe 34 PID 2564 wrote to memory of 2788 2564 chrome.exe 34 PID 2564 wrote to memory of 2788 2564 chrome.exe 34 PID 2564 wrote to memory of 2788 2564 chrome.exe 34 PID 2564 wrote to memory of 2788 2564 chrome.exe 34 PID 2564 wrote to memory of 2788 2564 chrome.exe 34 PID 2564 wrote to memory of 2788 2564 chrome.exe 34 PID 2564 wrote to memory of 2788 2564 chrome.exe 34 PID 2564 wrote to memory of 2788 2564 chrome.exe 34 PID 2564 wrote to memory of 2964 2564 chrome.exe 35 PID 2564 wrote to memory of 2964 2564 chrome.exe 35 PID 2564 wrote to memory of 2964 2564 chrome.exe 35 PID 2564 wrote to memory of 864 2564 chrome.exe 36 PID 2564 wrote to memory of 864 2564 chrome.exe 36 PID 2564 wrote to memory of 864 2564 chrome.exe 36 PID 2564 wrote to memory of 864 2564 chrome.exe 36 PID 2564 wrote to memory of 864 2564 chrome.exe 36 PID 2564 wrote to memory of 864 2564 chrome.exe 36 PID 2564 wrote to memory of 864 2564 chrome.exe 36 PID 2564 wrote to memory of 864 2564 chrome.exe 36 PID 2564 wrote to memory of 864 2564 chrome.exe 36 PID 2564 wrote to memory of 864 2564 chrome.exe 36
Processes
-
C:\Users\Admin\AppData\Local\Temp\Proforma invoice NO 2003949 dated 10042024.exe"C:\Users\Admin\AppData\Local\Temp\Proforma invoice NO 2003949 dated 10042024.exe"1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3048 -
C:\Users\Admin\AppData\Local\Temp\Proforma invoice NO 2003949 dated 10042024.exe"C:\Users\Admin\AppData\Local\Temp\Proforma invoice NO 2003949 dated 10042024.exe"2⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2680
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2564 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6b59758,0x7fef6b59768,0x7fef6b597782⤵PID:2616
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1164 --field-trial-handle=1416,i,13445704701372956235,3851309551262740790,131072 /prefetch:22⤵PID:2788
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1556 --field-trial-handle=1416,i,13445704701372956235,3851309551262740790,131072 /prefetch:82⤵PID:2964
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1632 --field-trial-handle=1416,i,13445704701372956235,3851309551262740790,131072 /prefetch:82⤵PID:864
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2304 --field-trial-handle=1416,i,13445704701372956235,3851309551262740790,131072 /prefetch:12⤵PID:1852
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2308 --field-trial-handle=1416,i,13445704701372956235,3851309551262740790,131072 /prefetch:12⤵PID:532
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2736 --field-trial-handle=1416,i,13445704701372956235,3851309551262740790,131072 /prefetch:22⤵PID:1772
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3176 --field-trial-handle=1416,i,13445704701372956235,3851309551262740790,131072 /prefetch:12⤵PID:1788
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3220 --field-trial-handle=1416,i,13445704701372956235,3851309551262740790,131072 /prefetch:82⤵PID:1720
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3588 --field-trial-handle=1416,i,13445704701372956235,3851309551262740790,131072 /prefetch:82⤵PID:1652
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3524 --field-trial-handle=1416,i,13445704701372956235,3851309551262740790,131072 /prefetch:82⤵PID:2440
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3772 --field-trial-handle=1416,i,13445704701372956235,3851309551262740790,131072 /prefetch:12⤵PID:1608
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3696 --field-trial-handle=1416,i,13445704701372956235,3851309551262740790,131072 /prefetch:12⤵PID:764
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2504 --field-trial-handle=1416,i,13445704701372956235,3851309551262740790,131072 /prefetch:82⤵PID:308
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3440 --field-trial-handle=1416,i,13445704701372956235,3851309551262740790,131072 /prefetch:12⤵PID:888
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2496 --field-trial-handle=1416,i,13445704701372956235,3851309551262740790,131072 /prefetch:12⤵PID:2312
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3288 --field-trial-handle=1416,i,13445704701372956235,3851309551262740790,131072 /prefetch:12⤵PID:1280
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=584 --field-trial-handle=1416,i,13445704701372956235,3851309551262740790,131072 /prefetch:12⤵PID:1596
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3796 --field-trial-handle=1416,i,13445704701372956235,3851309551262740790,131072 /prefetch:12⤵PID:1508
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3948 --field-trial-handle=1416,i,13445704701372956235,3851309551262740790,131072 /prefetch:12⤵PID:3044
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3868 --field-trial-handle=1416,i,13445704701372956235,3851309551262740790,131072 /prefetch:82⤵PID:2188
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4184 --field-trial-handle=1416,i,13445704701372956235,3851309551262740790,131072 /prefetch:82⤵PID:1400
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2648
Network
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
4Credentials In Files
3Credentials in Registry
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD555540a230bdab55187a841cfe1aa1545
SHA1363e4734f757bdeb89868efe94907774a327695e
SHA256d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54
-
Filesize
1KB
MD5c6150925cfea5941ddc7ff2a0a506692
SHA19e99a48a9960b14926bb7f3b02e22da2b0ab7280
SHA25628689b30e4c306aab53b027b29e36ad6dd1dcf4b953994482ca84bdc1ecac996
SHA512b3bd41385d72148e03f453e76a45fcd2111a22eff3c7f1e78e41f6744735444e058144ed68af88654ee62b0f117949f35739daad6ad765b8cde1cff92ed2d00c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
Filesize230B
MD5c85874a9aac435005f98f8507d91be30
SHA16417c410d0beed271f6430c91eb0acbeee589100
SHA25610eab058d3b4a5e6261b21a00cfeb99b8df8078d9c642ffd9a57e98fe6445d1c
SHA51283ba424357b570ddd9e79ea18fc2e2be6c3fe9d425bc2d3a409ea9023ee0c448bb75cebce3bad2c9d5df06cceea2b30e99521ca071db671244beac99196ffb23
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD545f5e6b28fb72f722e22515f9be08ff9
SHA1706df1474a9a213bfa6a0ca4b7fd2bb99144cfb7
SHA256dd7859d58fe2f20665ab07d54cbb5d58fd9009b5a96adce4666faf8478840caa
SHA512bcc2ba0f3d8c07d19836e681979ca46865ca4e9b58457db02ad4a3cff039b70e4d914d0249becc3a91c73b227f0e595eb3a778e13917598b7467c4ecd6a5a9f0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a1eb6fef24e2ed4bbc117607d097744c
SHA1a827874b76f64dbf855da47a9a004914504f5653
SHA2562f0b10d3157732294ed6ed489ba0239839567d9d46fb1f020ffe988f772c66d1
SHA5123cc3b586ce0768a081a20153b22e01c3e89fa28ed60a3c3e2cf5ed4df992db09c728632bea61e3013d6d37737cd617565905c5dc899ab9a2d102ab1fe65a480c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD500ad880a05f1d1f4018e173047cffb62
SHA1c81be9fe7ffb8d5e3964223c8dfa9ba41cf8b31b
SHA25611335c93cd048c12857c6f89af064878ce3d1cd063fec9a518d5eff5d50c8bab
SHA512b3eb5b45f7348b28429b2b72ca0219b394eae6f8ed735432e4bd6ff2b739fcfcc890ab51760f9c043fa4938291ea0fe871baf70c278c21ccffb0c1f5d4a7b0f0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b07a4fdb5101aed0e2a15717d45e271e
SHA193f62a3e7f1024fcd521953b374c8a65ebd66527
SHA256268e0147245a77cff437d46fd791a983dd577ca06266295de35d77bd0950eb79
SHA512774663441dddd2481a3fcaed71438345d4b58680521d4ea3a4b1c93a066ef169f048a5dad50a97cba582e71e0ed510ca999537864f0282997862f833c7adb6fd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b8f428940eacee839a362e4e87903bf1
SHA11df0c4dbcecd415cbc571116e0e990a998b52986
SHA2568df7cc207afb8b8d0b1e2331354a39e8003aef90507dfc7e23b2924885d2284d
SHA5125d7ddbd7b5bbad77fc671907eb010272d0b511bd157b95286f217706fca2b62edb64a0317967465ddfd3ee9537fcb93940627bfd5e1f6e55bd21c2bf8be7ac12
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD526aba25492556d19210e66c156457efc
SHA1fd565fdb242af6c976ec2581f1f2b86dff133f54
SHA256df2aff9741d100684e61a163122747f22a4af1042f0ef1cc0a3008822257fd22
SHA512c7f2a6a749a23b842584e15b2482f518bf6008779753f03a65da08039e2b1bdbf81cea51eefeac78d726c29982dc378faba347c2680399cd36f5a1cc7041669e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50c80a75c78d660d2129df48ee85cc1c0
SHA153d8c4301cca7e3a4ec0c3a44c1445c3a871d5a4
SHA2567a4f828ed333379862cea6d902d8c0c61b20e5a809135632f64ee4a1b1f7747d
SHA5123f91f4efa04e7076e7e64287eba731db75a9617c84ab8c671ea74428f8e14413deb9e50d88f5d646dd48bdc8af15505f4e17973a8557dad86b9418e19639ed5e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ca6ae75af6a82f662a248d038bd56304
SHA10128c240786543be0248dbc3f032f27abdd61af9
SHA256772152f2be72b94839b6f053dd14a6b3a4cca6e68d0ef314e92a4d6878c3b620
SHA51228af625d4dcdf8bfb406ef3ab20f793b6a91211c1277745193a176beb53fad43a6e88a68973767fa94fcdf46031a66f418613484af29d82fb32173595c14df25
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52e4e418118d1123eca7628e44d3e4fd4
SHA126a7f833f7fdb9d86e60e28429c719bf712944e1
SHA2560f5c2e89ad5c089ef619f87c63dc6c37f1771e59816978a538d626515cdad0c3
SHA512372835c59ada4794173fd4bb5587ec3f379e8a3c7fa2e838344f51cb0cae08cdadfdb089d701e9c2b05ff86222ab1f0a24158144b5d308c509ee2c9d53cee1eb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53cb32324a52c6581b535e7faca51a9ca
SHA1eb988a46135b2b95865cdfaf2c5b833200781b08
SHA2560c78d25c0b2fcb10626ab136130786272af1ba3431008e71cdc311c0e829c9d2
SHA512830dca942abb84af2ff9eb961e1b4749104e87951052ffebc308a8315eccba294b74455712cf770a90acb2def50a2027b919f8f505f91df3726e4edd1c128d9c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51f764776ac4f269fd5732178d2c6f3dd
SHA1ee54f9389bfa368de5b056bdede9328e90dffc82
SHA256fd65ed4e0f1c8de03cfbab0536c345976ff404bbbf6dd0e49a09004c6466601b
SHA51286affcfebee5dee30ae725a28cb48e02665b18d7eeeaa8bbeaa514db9a2f9c5f7dff24329a7d20e6e07529967a69cbcb6d9ff29aee99e57d671acaa5f64d6b0f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ef31c4cca6a2ec0cde34b1c08f770d06
SHA101eb2fd9ab2423c598f498a940d023f050eefe52
SHA256dcb5de4d14de7db5b206901b898a4d6616ec2c6219260d2cefbf24123564d1b2
SHA5126c264e2afce330689d69a7d0afa18dada55ae5d405805ac6bd5309cfd28dfb2f13f37712230d3e5a0d46b724cec5f03a2033f7a18bd0b9be4dd547ee9136d0fc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58e83f087e4f43989d44ca900b27fbe19
SHA1321f419cb28c8cd18aaf184cfe3287b108bb6bc5
SHA256c1268197ee939b2a21fd37cce76626c4be52549a7d1f9339bb0584e4dc175215
SHA512dd3e6cc0ead4d04e8b9ed975a8cd146271a6171cc6c7cd7835c2853cb7ee9000a92d52188f7006bc799327a3ba37264e707ea8322cec942ab2d8b1201ac121b7
-
Filesize
1KB
MD57050315a4d96859d41b19d6518b7a75b
SHA19e6a84ebff5b60eb983e12fa1146407e2b4c322f
SHA256e0efc73be593e481ba4637d0161eae9733cdce34cf3ecfffdcd33cf3864e8676
SHA5122f1257eb79794e753617c11275c336c2c9a7eb95064babcbff48afaf9e8b197836fe23f652eb6e9faaeace0483d2dc08f3ea01624a2d38f3b13a4133513634b8
-
Filesize
16B
MD5aefd77f47fb84fae5ea194496b44c67a
SHA1dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA2564166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_accounts.binance.com_0.indexeddb.leveldb\000002.dbtmp
Filesize16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.binance.com_0.indexeddb.leveldb\CURRENT~RFf77aee5.TMP
Filesize16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
1KB
MD5038bd296c5a703729df09a16169fa881
SHA1403c0ea5d10fee9925abc71be9785047999a8f54
SHA25699fa60736d088545fcfdda7f48e3e30b9d71bab20dd353a7ff8684928e4ca5e7
SHA512a4c426d3e7e99817df6198a207b08039386a952476be6fc5587e40be99ed5061ec3ce24dc79af98f1bc1fcd43017e069decbda6ce941e946b4783fc916192d42
-
Filesize
363B
MD5072a2a5eefc42c957bda7284a4f660f4
SHA11c6229a5041f00010e6cd014baaacebe05239b9f
SHA256ed49364311fab3e660bcdb3ac2446cb46d845631513603777abc12e07a7190c9
SHA512d4d0e20c88dea5de3def433108b46ec1eff0d41b6d047c854c87371fdd7fd3cbff56a96e47788cd2cdc2b95c3b92d484ebbd1675d8937525e34e4af1bd2db1bb
-
Filesize
1KB
MD5fc3e1178977bef4200e17bcdedd15e63
SHA1a4d8a860b99d0bfccc2fb9c609a82ad005090a44
SHA256a937b2c60ee320dafa05b88f7d5ac263b9564f8add56f6fd71f3659cb07ff6cb
SHA512acd1514a0f64c917c635d8041d00bc774cd9fd10c55b35b681265ea8935491d5864bdbab22c03314f1e801ade56f1febd130e691d735927a05233330888bc34c
-
Filesize
363B
MD56fadf0bb036739397b5d9e08034485f0
SHA18c48097dba476461533ec3284c883d1f33d8c505
SHA2567b2e5eaf46a5bde4c4f1ce4399dafd1008e3871a71ddcd5c130b965bd61ce634
SHA512d8836cbb7192f89d3731c033d35d209d23cd2dc42b38281e104a9a2d03f1ecebd53b12f479bc0ef4235b33365cfb77d540f506f45cc22bb5857faf3473b666f2
-
Filesize
1KB
MD5434759f297662aefd7a6864ae1365acb
SHA11c3187d5b7a4cd461e0c24a9c4ddd79ecd089620
SHA256f7e4ede90cd33619caa4c8593fb5df1cb4d08ca52a03f04addd964ede3f70fb9
SHA51277796d2416a0ce86a2838397a7b8735a3ce98c92ee2f1e6041d6c7b09cf84e3fcc804e55fb3668110244231b12f101a053566474f50b893716315bdfac95672d
-
Filesize
1KB
MD5477b452af95a3c49a7856b6955570692
SHA119c93de0e7e0f65a058285e5f55d9b7426d63c3f
SHA256694da34c9e7ca5442a1ab886eb6cec35f9013d954ea8877abd1c63469577c71f
SHA5125c4a23d7b3da54b78cc8c6fc7d7b1aed9310bc4515fb208bb0097d5083e83482a5405694be0afef52a0d02d0d09142580a0e5cdcb3882d2ac898fad59310e7b8
-
Filesize
7KB
MD5c797f301aac6e80b89d9580444401009
SHA12dd2d8dc72915de0472a5b89f1f5c39791001106
SHA256d343c9807b83210f3dcffc1f4abc74c58fbbf186b397e0940f91d25ca0eb0689
SHA512a95917936d44cb1f2570ce47a56200cb96c0a65cd8259b7dc72a2b7feab79b6f71bd1e94256a41565d5b66e9bf9495bb42376534af7120823dcc1be98621f9fd
-
Filesize
6KB
MD53c7080b0785c226a612b39070af9c9a6
SHA15eefaec66931351266177c8b78967800c47e6513
SHA2566b1449eea19e39ec0910a7d54fd604f74c2e691ee3d39ad6ce4e74959cb88735
SHA5123d09efe6ffcd3b20a12efaf62844adf9b4dec78a4c9a4f2105b2e635c766034b35a6e716f53880624afd82a1ddb08cadcc245b9e28a62657f93b254a7dd379bb
-
Filesize
6KB
MD570dc35b9492e117dd290ebeb61c06b55
SHA1572f98c67ef144b89475fa74520ca7b18f88d42f
SHA2563ed396014d6c5d2e4072ed5280d818e99ace661e628c5ce996a046364363ad3a
SHA51293f5c6000b9b142142a92f7c7f6e68e88333377c424da15c3abe10639816d2d3e7984f4eb5423b5e2ae9e086bdd6f08d9e7ac1893e493a61166069bfd4640696
-
Filesize
5KB
MD563e75506bff9a396f138c987a94f7535
SHA183adcd026b41f67f518327a098ad184f3b8b5213
SHA256b49558b6515fe309e25a4a60c8b2cbd2b3214f0aa3d71e221618730685b99454
SHA512dc38f6a81500f9034eb82bec7fa57ee05cea7fb26df47f74d35dfc585ccedcb0beb681a77d233b9109c6fe7884effb2c6a6993fcff51a884e81c4edff33e5644
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp
Filesize16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
Filesize
341KB
MD55c261ae98a5cca2cd04d7020a990e01d
SHA12f1cbf111cae19d21aa18f6a3911b6283b1592f9
SHA25661f3c64e932e3edc5bdfa7b1a95e7b07010f0cb5a0cb902febfe7627044fe803
SHA5128b87f2dd1578bd4ec182db23bd34633d4236d22621c320845734b8b531c8756a7cbb31823ba631b4a92c343d0cdd5472c6c82af203ebe0d87443b7baf66c34fa
-
Filesize
75KB
MD5e25634a49762572557e091704063d9b2
SHA16f369641e37268d68a83e23371827e35aa5272cb
SHA2560d91252fb7e569556581dabb23aca730850535d3e117a9aa548d3b49ea80f52a
SHA51220e787cf9bd3c9242869a9303bbed235c49e27199c52e7cd718ba951c563167a5ba4f78a8c1348f117ffe5535b604f8acc62070667f843bb7d26affe095113de
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b