Analysis Overview
SHA256
4c60e5e930efb384564cd28b16f03d17565641a7fedb7f808b8be970e5c7d9b2
Threat Level: Likely benign
The file uiutils-3.0.0.jar was found to be: Likely benign.
Malicious Activity Summary
Browser Information Discovery
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 22:07
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 22:07
Reported
2024-11-09 22:09
Platform
win7-20240903-en
Max time kernel
37s
Max time network
143s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\uiutils-3.0.0.jar
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6bd9758,0x7fef6bd9768,0x7fef6bd9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1168 --field-trial-handle=1636,i,8089018763035228685,14087303631909409813,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1020 --field-trial-handle=1636,i,8089018763035228685,14087303631909409813,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1392 --field-trial-handle=1636,i,8089018763035228685,14087303631909409813,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2272 --field-trial-handle=1636,i,8089018763035228685,14087303631909409813,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2288 --field-trial-handle=1636,i,8089018763035228685,14087303631909409813,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1996 --field-trial-handle=1636,i,8089018763035228685,14087303631909409813,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2084 --field-trial-handle=1636,i,8089018763035228685,14087303631909409813,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3488 --field-trial-handle=1636,i,8089018763035228685,14087303631909409813,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3508 --field-trial-handle=1636,i,8089018763035228685,14087303631909409813,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3520 --field-trial-handle=1636,i,8089018763035228685,14087303631909409813,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3872 --field-trial-handle=1636,i,8089018763035228685,14087303631909409813,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2696 --field-trial-handle=1636,i,8089018763035228685,14087303631909409813,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4440 --field-trial-handle=1636,i,8089018763035228685,14087303631909409813,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4232 --field-trial-handle=1636,i,8089018763035228685,14087303631909409813,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4220 --field-trial-handle=1636,i,8089018763035228685,14087303631909409813,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2816 --field-trial-handle=1636,i,8089018763035228685,14087303631909409813,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2468 --field-trial-handle=1636,i,8089018763035228685,14087303631909409813,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3932 --field-trial-handle=1636,i,8089018763035228685,14087303631909409813,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3496 --field-trial-handle=1636,i,8089018763035228685,14087303631909409813,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4200 --field-trial-handle=1636,i,8089018763035228685,14087303631909409813,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3536 --field-trial-handle=1636,i,8089018763035228685,14087303631909409813,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3984 --field-trial-handle=1636,i,8089018763035228685,14087303631909409813,131072 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| GB | 142.250.187.202:443 | ogads-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | chrome.google.com | udp |
| GB | 142.250.178.14:443 | chrome.google.com | tcp |
| GB | 142.250.187.202:443 | ogads-pa.googleapis.com | udp |
| GB | 142.250.178.14:443 | chrome.google.com | tcp |
| US | 8.8.8.8:53 | chromewebstore.google.com | udp |
| GB | 142.250.180.14:443 | chromewebstore.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 142.250.187.193:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.187.193:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.187.193:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.187.193:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.187.193:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.187.193:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.187.193:443 | lh3.googleusercontent.com | udp |
| GB | 216.58.201.110:443 | apis.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | scone-pa.clients6.google.com | udp |
| GB | 142.250.179.234:443 | scone-pa.clients6.google.com | tcp |
| GB | 142.250.179.234:443 | scone-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | www.pornhub.com | udp |
| US | 66.254.114.41:443 | www.pornhub.com | tcp |
| US | 66.254.114.41:443 | www.pornhub.com | tcp |
| GB | 142.250.187.227:80 | www.gstatic.com | tcp |
| US | 66.254.114.41:443 | www.pornhub.com | tcp |
| US | 66.254.114.41:443 | www.pornhub.com | tcp |
| US | 66.254.114.41:443 | www.pornhub.com | tcp |
| US | 8.8.8.8:53 | static.trafficjunky.com | udp |
| US | 8.8.8.8:53 | ei.phncdn.com | udp |
| GB | 64.210.156.21:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.21:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.21:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.21:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.21:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.21:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.19:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.19:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.21:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.21:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.21:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.21:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.21:443 | ei.phncdn.com | tcp |
| US | 8.8.8.8:53 | media.trafficjunky.net | udp |
| GB | 64.210.156.21:443 | media.trafficjunky.net | tcp |
| GB | 64.210.156.21:443 | media.trafficjunky.net | tcp |
| GB | 64.210.156.21:443 | media.trafficjunky.net | tcp |
| US | 8.8.8.8:53 | cdn1-smallimg.phncdn.com | udp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| GB | 64.210.156.19:443 | media.trafficjunky.net | tcp |
| US | 66.254.114.156:443 | cdn1-smallimg.phncdn.com | tcp |
| GB | 64.210.156.21:443 | media.trafficjunky.net | tcp |
| GB | 64.210.156.21:443 | media.trafficjunky.net | tcp |
| NL | 18.239.94.85:443 | static.hotjar.com | tcp |
| GB | 64.210.156.21:443 | media.trafficjunky.net | tcp |
| GB | 64.210.156.21:443 | media.trafficjunky.net | tcp |
| GB | 64.210.156.21:443 | media.trafficjunky.net | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| BE | 66.102.1.157:443 | stats.g.doubleclick.net | tcp |
| US | 66.254.114.156:443 | cdn1-smallimg.phncdn.com | tcp |
| GB | 64.210.156.21:443 | media.trafficjunky.net | tcp |
| GB | 64.210.156.21:443 | media.trafficjunky.net | tcp |
| US | 66.254.114.156:443 | cdn1-smallimg.phncdn.com | tcp |
| US | 8.8.8.8:53 | ss.phncdn.com | udp |
| GB | 64.210.156.21:443 | ss.phncdn.com | tcp |
| GB | 64.210.156.21:443 | ss.phncdn.com | tcp |
| GB | 64.210.156.21:443 | ss.phncdn.com | tcp |
| GB | 64.210.156.21:443 | ss.phncdn.com | tcp |
| GB | 64.210.156.21:443 | ss.phncdn.com | tcp |
| GB | 64.210.156.21:443 | ss.phncdn.com | tcp |
| GB | 64.210.156.16:443 | ss.phncdn.com | tcp |
| GB | 64.210.156.21:443 | ss.phncdn.com | tcp |
| US | 8.8.8.8:53 | script.hotjar.com | udp |
| NL | 13.227.219.71:443 | script.hotjar.com | tcp |
| GB | 64.210.156.21:443 | ss.phncdn.com | tcp |
| GB | 142.250.180.14:443 | chromewebstore.google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| GB | 142.250.200.14:443 | google.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 216.58.201.110:443 | apis.google.com | udp |
| GB | 142.250.200.14:443 | google.com | udp |
Files
memory/2868-2-0x0000000002570000-0x00000000027E0000-memory.dmp
memory/2868-10-0x00000000001D0000-0x00000000001D1000-memory.dmp
memory/2868-11-0x0000000002570000-0x00000000027E0000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
\??\pipe\crashpad_2364_XJVWREDKUTWEYCKU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003
| MD5 | d4586933fabd5754ef925c6e940472f4 |
| SHA1 | a77f36a596ef86e1ad10444b2679e1531995b553 |
| SHA256 | 6e1c3edffec71a01e11e30aa359952213ac2f297c5014f36027f308a18df75d2 |
| SHA512 | 6ce33a8da7730035fb6b67ed59f32029c3a94b0a5d7dc5aa58c9583820bb01ef59dd55c1c142f392e02da86c8699b2294aff2d7c0e4c3a59fce5f792c749c5ce |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 094160a8f4a4dc368302849c3296ad17 |
| SHA1 | f453fcacae05bc15ec058820fb5de017e42027dd |
| SHA256 | bdb100dd0034b1dac5fa79941f75cd9f4430ef65847ac6b0e7659f2a832f3c19 |
| SHA512 | 8267498c16b976ab1867f8c8099f219e13342850b625490f7d5da3bcc745a3625eaa1b96b1fc4682c114a439b5b3f95ca9e4c03ce7e3819f7f51d148cc9e6b9a |
C:\Users\Admin\AppData\Local\Temp\CabCFB0.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarCFD2.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\fed13d4a-e830-482e-a4bf-8cbe5bd9f29a.tmp
| MD5 | 857785849bc095ced031bd1b45bb45a0 |
| SHA1 | 5168fd98c59c67f324e6c82f531bb86c20c73363 |
| SHA256 | 5daeb86eb497bfe260164edaee93c24599fb408ae115ef84c93e7c519a29cd83 |
| SHA512 | f9c770433a28a80e5553b44921751a27b8adf58fc58d733527d77a1ecb05f653994ccaaa18f56149c48b0fc2644d819797fb07363812c0ca697ff3d00506ba01 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4ef32483dd0a154e227dc41d18667511 |
| SHA1 | 9243ca83a4e22f93aca0e2b5864456444dd1d004 |
| SHA256 | 73d4e32a2fa88c78d98a0d8fcbb47efc8c4acc4800708941dd29bab883c79374 |
| SHA512 | 5ae5cf04ca02f3018e83b4dd8ea8e4d0c4cac98e911c87b5bb493f069c6da1f9ca690b67dbbc8290c84b9304e0059fd50fff1b2890827f6a03ce38a9127bd23d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 880986a1de7cd63312a7242c519ae3fd |
| SHA1 | 2abb016fcec4637b6690ab2e10e4dc543a257a56 |
| SHA256 | da2bbb7e91d021f781731f7c238b0bd872ba08066a584e692eb678af3fa80af4 |
| SHA512 | 1592ad2d9fb4c602afbce34cb604334e87c6d5a3383c3398b152ae8b56451cb3cc0061081eeec97d6f4c4d00c3f83d53cdfe3e48c98b7ee4a85053a4efe10ce1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 789a99ac7e375aa3285b4720b1affd3f |
| SHA1 | 796a84052a2a3c055f8a94a44b7baea03eb97d79 |
| SHA256 | 92d5dc5b1e20bb2dc015f204e6bd7735b7311a93157370c560ddf99946acec8f |
| SHA512 | 5da1e18595e33463e070397c8d39030ed1c2b76fdb7bd35715b9ff226c10b296f258b82dbb1e9c88ee6688658ed9dbcb16f5eaeb001e2484cec006850b7b6b01 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8a7e4ae89dd02d5bba9b77fd3d497bd4 |
| SHA1 | 7785f511bdd90b9f384f5692d35555add56b5203 |
| SHA256 | 8f4d609b5b37cda0dcb63b3c09c79f0ea83cf656eae026d9c2ee55a7f7757bcb |
| SHA512 | 36528b6a7bf93ebae072f3e05b835f6d017efb7dd88f396279f3ce8d10935958783354d21567dd14b0c65aff1499363a47f88b3f7ef025adc96a53d720e8c0bf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2b5d1438d8246913b9ac8a5d09a6bd85 |
| SHA1 | f371583c77f83deb4f277197ba420ff79bbde964 |
| SHA256 | e23bd38707ab8fd902f950b750b7a0a8eb5a13750140ec3b9bff1eb245ea2705 |
| SHA512 | 5be9fb6b7c62d5dc3a7d0310c0259a9dde3c0cd4919884ff21949d644a0d20ce0957572364265a0c0b0e506292182b823cf96043a51213da65cb21a9cb39aad4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ed54b461ed68a4d165bd0152e30bd16e |
| SHA1 | 3099318bfe74debdf795819c7f125664a5584fb1 |
| SHA256 | eefcfe7e4420333545f0068ef495b379f2f57e5a187f378b8833b772cee0f9e0 |
| SHA512 | 9bfd2a03f8b66e69be7a3f8ac55c60631c7ca6fae652313f9a23f4fbe22f900808fd380533f8eb5158170f977e08fc49150f17b4bd68264018962943ac3938ee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a3e2b4647c7406d0b93bcac2cb818303 |
| SHA1 | bba7a1cf4e8bac0637de97f5e27f552f27d32c80 |
| SHA256 | 09cd250dc53c719999f69c3910838687931cc3becda953b5476b60c057a0d11c |
| SHA512 | 9e06765a0e53c267dd164424ee123da9c25efd0ff71545cfc401a86d2f11bc724fb8bb43c6ccd560d69b9414a796e52f91361948ae30aefe443b105a9b24129a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7fb9d7bb13d4f375f893e09c90dc8375 |
| SHA1 | e410fca8b961e7fa5256b91f2331030579de5300 |
| SHA256 | 6f8fcd52e00ed3f0d36ecd501bd6d6f525c213505463368f6552f3fe3c553e6f |
| SHA512 | e71ba195a8de80ffc194b7e8395321de958c48a9ce44b1927adb7f75c8569b0bd4b1376877748a4afae42849c84f0c6a122680e1dcd00b482f1f0668779a6294 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c9ef06f2f0bcd23c628907f54183af1b |
| SHA1 | 0d22cadc2cffd704803a7568636b7fedc0f022c2 |
| SHA256 | 0a2b50dd86cd1da3ba1ee14862946e49ced99a7435fa149eae9e536d8ffd512e |
| SHA512 | 140363d1bbe9e0a9aa3d044fb74de46af0771f6aed61a0a08715067759ffbaaf262d2143f4ac08e20b233bf84fc481a7a3e824c336958301cd1d00b75bb1200d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cc0c81397067285b9b32cdf8247a7f80 |
| SHA1 | 6641f4604e9db2bfb88cd0ad865ef4b27bab39dc |
| SHA256 | 10ca28389fb7de3a54778e991f91e3d5ed9da98fa7d8df787f879ed5798cb20a |
| SHA512 | 98129d36e81a0453c460b214fcf11c288f3e001865c4778008441b41be218d6e9b158912f037b1d111e44596e521185cc819e143bfdbecd9245013065e1be18b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 63329cb6ecd6c2935d8ac007f58075fc |
| SHA1 | 5dacbc989c0c66d039b3fd54cb02607ce483e5a3 |
| SHA256 | dd1d91da66817b8ad1311bedf9539f5c30a7beb74f488976641c45a2fd8c1474 |
| SHA512 | 26158ab519a0c255b42efa538751a4b9f5df64f043cde13a12523376580bc431fc7ed34bd4f8e688b857c73c1ab97c213ea0807cb084e5b0cc5e01fe51058c72 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c5a3dda5bfcbe4d862a39666fc70893f |
| SHA1 | 86709915a21ae55fb9d3bb74b7b37111d80c3864 |
| SHA256 | f2f612c10eb562a65fc00bd3f50154b0b8ce478884ce74a32f0733acafee19f6 |
| SHA512 | 6043da2fc99eb21843d405ea43607c60ef3707798365a9a2371a26cf485b95589757fa53ea5f3bd8c3f3a80cfee337412b69f06bc4653ebfc9e1e6dcc9348f06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 71f81c44ec85448c286304e033d19417 |
| SHA1 | c02476ae381ee73f6d09790cf07e889df856fd9f |
| SHA256 | f09fc6a8363cfed6a8455d15bdebe4b822893707117de54fa0ba844d6eb880ab |
| SHA512 | 3964b90b82364fa1031c31b915dcd2bf2aec212e816aad3df303445d2594c5bb1683f51673a4c2f2f9f8642dc9bc8658a336d3e51122980a19cfd2a37015aab6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e2dc7e0a16a8fd8ab9e00ed0275c6994 |
| SHA1 | e5c2ec6b7b671c423dae4b384541bd5478069825 |
| SHA256 | 3305b3786382f5193abd91c545cf9010bbe7aa67fbc284633e3d81a575c6a36e |
| SHA512 | adba525342181d1117a5c46b471f56aa333dc4f101537be674acd4539a1d10facad538ed40f035ae60d47bbf7ddc9850e3ec941a5d554e638f7e8be752b0c7a9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\47a9a470-4c5f-445b-a880-95fe56fe7b3f.tmp
| MD5 | 2e5a0f83285680140b8f89afb35fad98 |
| SHA1 | 614e2860367763a32982a76b0f4343a9288e3a81 |
| SHA256 | d1bee5618d880590edac60808dfdf6370f885938007f61b9a42fdb38ef2e00d5 |
| SHA512 | fecc3df5995dad92e51ae80cea7e60f617b4b8a0f9ce1876a72efc659b8256fc04a0d708ac91db6c0e84f319cc843b44a281b5a3b5d2561a0f1b84c2112d5f35 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c41dd98d-002c-43ae-b6df-a42a15c6b0a0.tmp
| MD5 | 793ff483784e1f342bb1ce60c9975933 |
| SHA1 | da12fb3bdd574b5952b106a90544b6538557ed9f |
| SHA256 | 73d0208fa6886a845ab38c888837fd97a5304ca0885cce0b88f949be7a3bd564 |
| SHA512 | aee1976ba5ecfe61256deb3da8ec216136948872da7293597a15401d3ecbb222eec69c85ef66c99817ce52711b8cdd5d6a5c0b2545119f38c9de8bb327ef9753 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c24d095acf4f4adecbf368cc77d2cf16 |
| SHA1 | 698f43826f7e7cbbf476d22b973c0bc8ae3e45dd |
| SHA256 | 6239af54a7bb75d3e731fe2113d942d2ee92679968a22a20987c1b8b764c60ce |
| SHA512 | 3e7fefc1656b31cf5a0f05077d252649023116b8cf0c7f4649ffdcf20d870360eae4f97f87f2eab972e024ba6692d6eb740931117ee4063fc117cfa746d4b4e0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 8771f08a499b065eba70d57cc122cb67 |
| SHA1 | cc19f685a7aafde836726020d641f7af23f3fe16 |
| SHA256 | 5d970902adaa459cb7d33722368f1101f0de327026d34d4954a15234c6d53289 |
| SHA512 | 4e9a860f4ad615f264a4484c92ae1987a6a5f749570d758e24e9179a0136007c758eda1b5a2bcc464badd7b968af4a17db6b652f05e2838acf8d51cc64a24da8 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-09 22:07
Reported
2024-11-09 22:09
Platform
win10v2004-20241007-en
Max time kernel
93s
Max time network
140s
Command Line
Signatures
Processes
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\uiutils-3.0.0.jar
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
Files
memory/3020-2-0x000002B780000000-0x000002B780270000-memory.dmp
memory/3020-11-0x000002B7F0160000-0x000002B7F0161000-memory.dmp
memory/3020-12-0x000002B780000000-0x000002B780270000-memory.dmp