67e68d1933e87f680f063203e7e243c33deba2dfdbcd2bb08e9205d3fff26fb8

Analysis

max time kernel
5s
max time network
192s
platform
windows7_x64
resource
win7v20210410
submitted
30-07-2021 07:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2222-main/test.exe
Size

50KB
MD5

934b148407a5f93bbeed3d5b2c91edde
SHA1

208fa687dea4cae2bd7a15907834ce107aea2683
SHA256

00a6aee5810a2f37be3722b8c05c363e9954e782f49e558f451c4097bbd6f217
SHA512

4cd3d836a122a19888f4be5541c158aa8add24b6276d8d9ee3a120ea2d3cc9ceb72c284ae41d3fa8d30b6c4bbfd18fe97ef451293222b9b9c23d125d3a882c2c

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

chrome.exe

pid process

1764 chrome.exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

chrome.exe

pid process

1536 chrome.exe

pid	process
1764	chrome.exe

pid	process
1536	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

test.execmd.exechrome.exe

description	pid	process	target process
PID 592 wrote to memory of 316	592	test.exe	cmd.exe
PID 592 wrote to memory of 316	592	test.exe	cmd.exe
PID 592 wrote to memory of 316	592	test.exe	cmd.exe
PID 592 wrote to memory of 316	592	test.exe	cmd.exe
PID 316 wrote to memory of 1536	316	cmd.exe	chrome.exe
PID 316 wrote to memory of 1536	316	cmd.exe	chrome.exe
PID 316 wrote to memory of 1536	316	cmd.exe	chrome.exe
PID 316 wrote to memory of 1536	316	cmd.exe	chrome.exe
PID 1536 wrote to memory of 604	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 604	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 604	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 1696	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 1696	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 1696	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 1696	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 1696	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 1696	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 1696	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 1696	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 1696	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 1696	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 1696	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 1696	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 1696	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 1696	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 1696	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 1696	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 1696	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 1696	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 1696	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 1696	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 1696	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 1696	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 1696	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 1696	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 1696	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 1696	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 1696	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 1696	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 1696	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 1696	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 1696	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 1696	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 1696	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 1696	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 1696	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 1696	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 1696	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 1696	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 1696	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 1696	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 1696	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 1764	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 1764	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 1764	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 856	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 856	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 856	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 856	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 856	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 856	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 856	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 856	1536	chrome.exe	chrome.exe
PID 1536 wrote to memory of 856	1536	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\2222-main\test.exe
"C:\Users\Admin\AppData\Local\Temp\2222-main\test.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:592

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\B27D.tmp\test.bat" "C:\Users\Admin\AppData\Local\Temp\2222-main\test.exe""
2⤵
- Suspicious use of WriteProcessMemory
PID:316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
3⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef65c4f50,0x7fef65c4f60,0x7fef65c4f70
4⤵
PID:604

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1084,14082523670219831099,16189753940676319583,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1120 /prefetch:2
4⤵
PID:1696

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1084,14082523670219831099,16189753940676319583,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1228 /prefetch:8
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:1764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1084,14082523670219831099,16189753940676319583,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1764 /prefetch:8
4⤵
PID:856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1084,14082523670219831099,16189753940676319583,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2016 /prefetch:1
4⤵
PID:1936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1084,14082523670219831099,16189753940676319583,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2060 /prefetch:1
4⤵
PID:960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1084,14082523670219831099,16189753940676319583,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2288 /prefetch:1
4⤵
PID:892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1084,14082523670219831099,16189753940676319583,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2344 /prefetch:1
4⤵
PID:368

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1084,14082523670219831099,16189753940676319583,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2360 /prefetch:1
4⤵
PID:552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1084,14082523670219831099,16189753940676319583,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2388 /prefetch:1
4⤵
PID:1160

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1084,14082523670219831099,16189753940676319583,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3708 /prefetch:2
4⤵
PID:2336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1084,14082523670219831099,16189753940676319583,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3612 /prefetch:8
4⤵
PID:2412

C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe
"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --channel --force-configure-user-settings
4⤵
PID:2500

C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe
"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0x13c,0x140,0x144,0x110,0x148,0x13f4da890,0x13f4da8a0,0x13f4da8b0
5⤵
PID:2516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1084,14082523670219831099,16189753940676319583,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3012 /prefetch:8
4⤵
PID:2576

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1084,14082523670219831099,16189753940676319583,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3040 /prefetch:8
4⤵
PID:2656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1084,14082523670219831099,16189753940676319583,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3012 /prefetch:8
4⤵
PID:2720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1084,14082523670219831099,16189753940676319583,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3052 /prefetch:8
4⤵
PID:2772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1084,14082523670219831099,16189753940676319583,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4736 /prefetch:8
4⤵
PID:2820

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1084,14082523670219831099,16189753940676319583,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4756 /prefetch:8
4⤵
PID:2868

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1084,14082523670219831099,16189753940676319583,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4844 /prefetch:8
4⤵
PID:2920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1084,14082523670219831099,16189753940676319583,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4132 /prefetch:8
4⤵
PID:2968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1084,14082523670219831099,16189753940676319583,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3984 /prefetch:8
4⤵
PID:3016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1084,14082523670219831099,16189753940676319583,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4524 /prefetch:8
4⤵
PID:3056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1084,14082523670219831099,16189753940676319583,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4548 /prefetch:8
4⤵
PID:1860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1084,14082523670219831099,16189753940676319583,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4580 /prefetch:8
4⤵
PID:1836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1084,14082523670219831099,16189753940676319583,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4508 /prefetch:8
4⤵
PID:676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1084,14082523670219831099,16189753940676319583,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4532 /prefetch:8
4⤵
PID:2188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1084,14082523670219831099,16189753940676319583,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4644 /prefetch:8
4⤵
PID:2284

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1084,14082523670219831099,16189753940676319583,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4520 /prefetch:8
4⤵
PID:2232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1084,14082523670219831099,16189753940676319583,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4588 /prefetch:8
4⤵
PID:2060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1084,14082523670219831099,16189753940676319583,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5148 /prefetch:8
4⤵
PID:2608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1084,14082523670219831099,16189753940676319583,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5368 /prefetch:8
4⤵
PID:2652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1084,14082523670219831099,16189753940676319583,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5480 /prefetch:8
4⤵
PID:2516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1084,14082523670219831099,16189753940676319583,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5492 /prefetch:8
4⤵
PID:2728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1084,14082523670219831099,16189753940676319583,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5504 /prefetch:8
4⤵
PID:2764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1084,14082523670219831099,16189753940676319583,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5516 /prefetch:8
4⤵
PID:2816

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1084,14082523670219831099,16189753940676319583,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5132 /prefetch:8
4⤵
PID:2668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1084,14082523670219831099,16189753940676319583,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4368 /prefetch:8
4⤵
PID:1232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1084,14082523670219831099,16189753940676319583,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6036 /prefetch:8
4⤵
PID:1608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1084,14082523670219831099,16189753940676319583,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2296 /prefetch:8
4⤵
PID:2628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1084,14082523670219831099,16189753940676319583,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4508 /prefetch:8
4⤵
PID:2348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1084,14082523670219831099,16189753940676319583,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5148 /prefetch:8
4⤵
PID:2304

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1084,14082523670219831099,16189753940676319583,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2604 /prefetch:8
4⤵
PID:2788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1084,14082523670219831099,16189753940676319583,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6048 /prefetch:8
4⤵
PID:2552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1084,14082523670219831099,16189753940676319583,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5132 /prefetch:8
4⤵
PID:2984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1084,14082523670219831099,16189753940676319583,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4988 /prefetch:8
4⤵
PID:2856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1084,14082523670219831099,16189753940676319583,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2312 /prefetch:8
4⤵
PID:1144

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1084,14082523670219831099,16189753940676319583,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=104 /prefetch:8
4⤵
PID:2472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1084,14082523670219831099,16189753940676319583,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5284 /prefetch:8
4⤵
PID:2020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1084,14082523670219831099,16189753940676319583,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=956 /prefetch:8
4⤵
PID:1584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1084,14082523670219831099,16189753940676319583,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
4⤵
PID:2680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1084,14082523670219831099,16189753940676319583,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2620 /prefetch:8
4⤵
PID:2436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1084,14082523670219831099,16189753940676319583,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4520 /prefetch:8
4⤵
PID:2724

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1084,14082523670219831099,16189753940676319583,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
4⤵
PID:3012

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
MD5
8fa9be9f18616d95b86eb494d1c920d2

SHA1
24dbd366f4ff6ded6368346f422182c7b9070ebd

SHA256
0f27dfa98993d9f68dfeb47aecc0ce52cd3c7dff6dfa2fd9ca0079e675a3c699

SHA512
ed04d21b22b8b8fb8f85d33bc6af58ca387dc75a7f8ab6147d9d39a0657990cc829fa00aefdba76a9b987ef3f0a4b49c3524f2fac993cf5f3cac326aa641e2f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\B27D.tmp\test.bat
MD5
42ac200380fe0e83e8530221a5338973

SHA1
ce274c74a88d33f002831a3858180ea0e0dd97c8

SHA256
20a0c6fec7dd212aad286fde1bfaf9a26805adac4d694cf1c90ce1920b75f49f

SHA512
f846ad20777266854b69c6bf5f3f8c3b7db7a1ab5306bb4f6b7ba46446cf9b99e654bf1f6c244ba813d2a369432a7564ec2e87e819ed4ca8710ab986ef8bb439

Download Submit
\??\pipe\crashpad_1536_XKMKHKMILOCCBSFP
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/316-60-0x0000000000000000-mapping.dmp

Download
memory/368-83-0x0000000000000000-mapping.dmp

Download
memory/552-87-0x0000000000000000-mapping.dmp

Download
memory/592-59-0x0000000075A71000-0x0000000075A73000-memory.dmp

Filesize
8KB

Download
memory/604-64-0x0000000000000000-mapping.dmp

Download
memory/676-139-0x0000000000000000-mapping.dmp

Download
memory/856-72-0x0000000000000000-mapping.dmp

Download
memory/892-81-0x0000000000000000-mapping.dmp

Download
memory/960-77-0x0000000000000000-mapping.dmp

Download
memory/1144-198-0x0000000000000000-mapping.dmp

Download
memory/1160-89-0x0000000000000000-mapping.dmp

Download
memory/1232-172-0x0000000000000000-mapping.dmp

Download
memory/1536-92-0x00000000045C0000-0x00000000045C1000-memory.dmp

Filesize
4KB

Download
memory/1536-63-0x0000000000000000-mapping.dmp

Download
memory/1584-206-0x0000000000000000-mapping.dmp

Download
memory/1608-175-0x0000000000000000-mapping.dmp

Download
memory/1696-69-0x0000000077020000-0x0000000077021000-memory.dmp

Filesize
4KB

Download
memory/1696-67-0x0000000000000000-mapping.dmp

Download
memory/1764-68-0x0000000000000000-mapping.dmp

Download
memory/1836-133-0x0000000000000000-mapping.dmp

Download
memory/1860-130-0x0000000000000000-mapping.dmp

Download
memory/1936-75-0x0000000000000000-mapping.dmp

Download
memory/2020-204-0x0000000000000000-mapping.dmp

Download
memory/2060-147-0x0000000000000000-mapping.dmp

Download
memory/2188-136-0x0000000000000000-mapping.dmp

Download
memory/2232-145-0x0000000000000000-mapping.dmp

Download
memory/2284-143-0x0000000000000000-mapping.dmp

Download
memory/2304-188-0x0000000000000000-mapping.dmp

Download
memory/2336-94-0x0000000000000000-mapping.dmp

Download
memory/2348-184-0x0000000000000000-mapping.dmp

Download
memory/2412-97-0x0000000000000000-mapping.dmp

Download
memory/2436-213-0x0000000000000000-mapping.dmp

Download
memory/2472-201-0x0000000000000000-mapping.dmp

Download
memory/2500-101-0x000007FEFB9A1000-0x000007FEFB9A3000-memory.dmp

Filesize
8KB

Download
memory/2500-99-0x0000000000000000-mapping.dmp

Download
memory/2516-157-0x0000000000000000-mapping.dmp

Download
memory/2516-100-0x0000000000000000-mapping.dmp

Download
memory/2552-179-0x0000000000000000-mapping.dmp

Download
memory/2576-103-0x0000000000000000-mapping.dmp

Download
memory/2608-151-0x0000000000000000-mapping.dmp

Download
memory/2628-182-0x0000000000000000-mapping.dmp

Download
memory/2652-155-0x0000000000000000-mapping.dmp

Download
memory/2656-106-0x0000000000000000-mapping.dmp

Download
memory/2668-170-0x0000000000000000-mapping.dmp

Download
memory/2680-210-0x0000000000000000-mapping.dmp

Download
memory/2720-109-0x0000000000000000-mapping.dmp

Download
memory/2724-216-0x0000000000000000-mapping.dmp

Download
memory/2728-160-0x0000000000000000-mapping.dmp

Download
memory/2764-163-0x0000000000000000-mapping.dmp

Download
memory/2772-112-0x0000000000000000-mapping.dmp

Download
memory/2788-190-0x0000000000000000-mapping.dmp

Download
memory/2816-167-0x0000000000000000-mapping.dmp

Download
memory/2820-115-0x0000000000000000-mapping.dmp

Download
memory/2856-196-0x0000000000000000-mapping.dmp

Download
memory/2868-118-0x0000000000000000-mapping.dmp

Download
memory/2920-121-0x0000000000000000-mapping.dmp

Download
memory/2968-124-0x0000000000000000-mapping.dmp

Download
memory/2984-194-0x0000000000000000-mapping.dmp

Download
memory/3012-219-0x0000000000000000-mapping.dmp

Download
memory/3016-126-0x0000000000000000-mapping.dmp

Download
memory/3056-128-0x0000000000000000-mapping.dmp

Download