7d83e05b744e1af30ca180a89a7237cef66f528a8cc4d8dff5a6f7bea0d6be79

Resubmissions

25-03-2023 19:09

230325-xt3r9sgb2x 6

25-03-2023 17:46

230325-wcg9kadg63 7

Analysis

max time kernel
1555s
max time network
1592s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
25-03-2023 17:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

New Text Document.txt
Size

60B
MD5

1e9e3f009bb9c8161f6c0c9c6730c0d8
SHA1

9839e937ed586f3a8e721d2b9da83736d2538b10
SHA256

7d83e05b744e1af30ca180a89a7237cef66f528a8cc4d8dff5a6f7bea0d6be79
SHA512

4f585cabf1dc44adc2667c14a30a24ecc4eff371eb48207584def97097bce1255b4d9116e0b15a89ea6a0520802c14ab496c33222e2ac417b1b328b0787cb2ef

Score

7^/10

persistence vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
behavioral1/memory/1312-462-0x00007FF6B5180000-0x00007FF6B5F1D000-memory.dmp	vmprotect

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133242436141344625"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings chrome.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exeRunAsAdmin.exe

pid process

2924 chrome.exe
2924 chrome.exe
1312 RunAsAdmin.exe
1312 RunAsAdmin.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

chrome.exe

pid process

2924 chrome.exe
2924 chrome.exe
2924 chrome.exe
2924 chrome.exe
2924 chrome.exe
2924 chrome.exe
2924 chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe

pid	process
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

RunAsAdmin.exe

pid process

1312 RunAsAdmin.exe

pid	process
1312	RunAsAdmin.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2924 wrote to memory of 428	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 428	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 2088	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 2088	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 2088	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 2088	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 2088	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 2088	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 2088	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 2088	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 2088	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 2088	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 2088	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 2088	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 2088	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 2088	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 2088	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 2088	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 2088	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 2088	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 2088	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 2088	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 2088	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 2088	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 2088	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 2088	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 2088	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 2088	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 2088	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 2088	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 2088	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 2088	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 2088	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 2088	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 2088	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 2088	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 2088	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 2088	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 2088	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 2088	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 1804	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 1804	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 1432	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 1432	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 1432	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 1432	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 1432	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 1432	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 1432	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 1432	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 1432	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 1432	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 1432	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 1432	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 1432	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 1432	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 1432	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 1432	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 1432	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 1432	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 1432	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 1432	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 1432	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 1432	2924	chrome.exe	chrome.exe

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\New Text Document.txt"
1⤵
PID:5108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffea26d9758,0x7ffea26d9768,0x7ffea26d9778
2⤵
PID:428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 --field-trial-handle=1816,i,3705733963814275663,5131263181369911084,131072 /prefetch:2
2⤵
PID:2088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1816,i,3705733963814275663,5131263181369911084,131072 /prefetch:8
2⤵
PID:1804

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1416 --field-trial-handle=1816,i,3705733963814275663,5131263181369911084,131072 /prefetch:8
2⤵
PID:1432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3204 --field-trial-handle=1816,i,3705733963814275663,5131263181369911084,131072 /prefetch:1
2⤵
PID:4604

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3340 --field-trial-handle=1816,i,3705733963814275663,5131263181369911084,131072 /prefetch:1
2⤵
PID:5060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4592 --field-trial-handle=1816,i,3705733963814275663,5131263181369911084,131072 /prefetch:1
2⤵
PID:4864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4720 --field-trial-handle=1816,i,3705733963814275663,5131263181369911084,131072 /prefetch:8
2⤵
PID:4492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4828 --field-trial-handle=1816,i,3705733963814275663,5131263181369911084,131072 /prefetch:8
2⤵
PID:4804

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4556 --field-trial-handle=1816,i,3705733963814275663,5131263181369911084,131072 /prefetch:8
2⤵
PID:2676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 --field-trial-handle=1816,i,3705733963814275663,5131263181369911084,131072 /prefetch:8
2⤵
PID:1104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4572 --field-trial-handle=1816,i,3705733963814275663,5131263181369911084,131072 /prefetch:8
2⤵
PID:316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5116 --field-trial-handle=1816,i,3705733963814275663,5131263181369911084,131072 /prefetch:1
2⤵
PID:5104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 --field-trial-handle=1816,i,3705733963814275663,5131263181369911084,131072 /prefetch:8
2⤵
PID:3224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5516 --field-trial-handle=1816,i,3705733963814275663,5131263181369911084,131072 /prefetch:1
2⤵
PID:3432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5268 --field-trial-handle=1816,i,3705733963814275663,5131263181369911084,131072 /prefetch:1
2⤵
PID:3484

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5688 --field-trial-handle=1816,i,3705733963814275663,5131263181369911084,131072 /prefetch:1
2⤵
PID:4860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5724 --field-trial-handle=1816,i,3705733963814275663,5131263181369911084,131072 /prefetch:8
2⤵
PID:2120

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1812 --field-trial-handle=1816,i,3705733963814275663,5131263181369911084,131072 /prefetch:8
2⤵
PID:4036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3488 --field-trial-handle=1816,i,3705733963814275663,5131263181369911084,131072 /prefetch:8
2⤵
PID:4220

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3768

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4840

C:\Users\Admin\Desktop\Val_lite\Val lite\RunAsAdmin.exe
"C:\Users\Admin\Desktop\Val_lite\Val lite\RunAsAdmin.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1312

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c Color 5
2⤵
PID:5108

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
2⤵
PID:448

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
216B

MD5
7d061b8bce8c2f56cf53552943a4eb69

SHA1
6c59934b7f924798332ecad47286161ec88b7f70

SHA256
492bdc360fd4631c3e792252e991e9ec2f63e24932104e317ba4dbc73f7fd274

SHA512
0ca89101d91a7b7f77934c267c723fddeb7afe31a9a7595c7fc2513b659dc47d1f45352dc0e2d599e311fed21eff69e178ee81a85084632a0f452c8c8908b3cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
Filesize
264KB

MD5
25beedf9a2611cf5fc1e25e0dbe5f7ed

SHA1
6810e9103885fcc1e33ba41fb80f447ad4d0776f

SHA256
78fd23a46559bd2cc77cbfb7a3cf989746e98a87975d5987e4e8d882803c50c9

SHA512
f6e0e6e65c3a97811fcd50cbc8abe20b065d304bccc5528d032c44c69e866068e2895503457822c9fbc9fbd0ebed2b8f0f47364a8154e12e3d28809523ac7bff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
02e0f90d37c78b07cb42b8c0965426cd

SHA1
c09aafc76cf70ca74d7efeaa764e9f42116daae9

SHA256
8937394e4225be93111849603050cee62a817986738e9fe64d84975dc215e60e

SHA512
489c2894e7210ced452b3871610001709635a361dc50137e14b1565b9db8906aad30b533ba7587ea7977c65a3dd9e642bce49152115ba107013984af956dfbeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
707B

MD5
68c819e33c6aad99633e5cdcfc4f1c7b

SHA1
b5ea081dbbe184b97a36651d58a2cfa4ae2f2d2e

SHA256
47841bc3740aa238115d6b1cfc7672e45e6c624fbb79bd1eb7f4d9b22ad422b5

SHA512
241a983f1cc277fbe5d0cb2577ca9fa8433654a846fe6a3bd3b103fda141ac5c82462be2f8f43bf458d0b95458e890b86b8452f32fb9b0e7725dd707cf7ccf26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
371B

MD5
c3d61cb8bbd88ac245ed8026b26d8f03

SHA1
8432fc1500a7b7e9a32fdbe01a37460f2e4a6e55

SHA256
68a59e215e3b60161896005b4a53c9cc66cfb5913b160e07d81a8b058d3f4555

SHA512
bed9cdf4f4f4293ca4380f4a3a4f719da5c09a3a357c5e0aa4ad04e386053670c3fc5d40a5e8fb4a891fd01d26950ad050db7316ded6de3ba5d026933df19a9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
539B

MD5
187fc5f91c7e15c7a39945e996158ef0

SHA1
f8579e90c01508983d513559c677666bee54ecfc

SHA256
3d67d674c83c96bbbcdca76e0ed262583f281f406f489dadadd1d5539e2c03db

SHA512
4dc6176d36c3ef722ca03aa94c4752da1e660b7d097827832d7f29462e61807ac18c138501e8931ff0648eec4890568886cbb315e226cee2a0a0baeeeebe88ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
faf9a3126efab67c22d3166706f6c4c2

SHA1
fa280e569bb3669f645cde42b2f71bb6993016be

SHA256
4216e55ffafdf18e79a27a811d1faf5e7d87b0c424a91a659efcb22812efd785

SHA512
228c1409da4b6895abb7792b91abf39ae9f081b1cbbd71b666e4c45a1068dfbce99c4601eeca309a429ceb8682e89c146c8e1e53780e0f91961f99cb6461c90c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
2d992b2982d9577383f2a98ba5939fe7

SHA1
35ca799e1247ef6e9dacc54221abb811c755257f

SHA256
34ad69a5355af693dc21f44513fbaf3a703c8d8d0c46910876a037f6a758f41c

SHA512
f09661612dfc2e96cae0ab4dbcf0f076549425444fb8fc3b46a899bda9bae25e2313eeb445b97d05af1ae4eaf3214a4e2d15f5c2501fd18123816740f25e4233

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
77bdceecf5685ef7ef9b5624ade7d5c8

SHA1
23857a284d9e277b2b8f63e7bd7c5c870ecf8ec7

SHA256
e0ff55e4690a138a2bff8c7c34fe74750590933da43fdf0aee35c7a54eb7f180

SHA512
2af32568f623f212402ecd57d06fc0726a26aaf35d5df5b9f2dd4f4729e7a2b5df79806c0c66232574b98d91c1a2b3586d593ff44d1d91af0087e35f2b8fe670

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
ba4dcd98ffb4e01b02bb830477c1f0ac

SHA1
998f91b8770d51e82893155ac9d6a1b6b5f0fa7d

SHA256
2ca1d7a21dadc71ca4b5191f000e9518dc343c5fae9c2315abe6ac2359110cb2

SHA512
8051e1cd8be9536b0e962af5839a62127aeef7313eca20c7e331fdd2491bddba7c9f7509ead28b91917d6887c1cd63fa6449c67bd97bc14aeea2a4c6f596d3af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
0d2b12275a5881304c58601f37649e85

SHA1
cd75d3d597e98dc6a01bbb116f4b743b5f5005ce

SHA256
ad9e0a0a58d7ba355a3b720389026a195cae20976713d5715cfe64331a0dca10

SHA512
b675fedd3b2a497c04e9544cbc51c7ce61e9ffcbbabe8426da35a6e2f600f378a4edb8df9c866494f260716cf11c6a3ad134b2063d98a53e15917238419d124f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
96B

MD5
333ad8b295ff97044c71acfe4e2c0401

SHA1
0d66a701055ab534bf8fc75ea0324235bd6e1d9e

SHA256
5444649de01d67fd445953619157f17ed4132945bd1f36ae75c42eb1b892f3e4

SHA512
35d749ae318e01ec90a0aa234894e36cdef903f56a26026958d49df2fe59c5636c24aa439df8603cea6e422db15b6a156e4216e66609a89962dc3766c6a98275

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5759b9.TMP
Filesize
48B

MD5
780dca0a0af1b596961a709cdcce8ce0

SHA1
7251649268add08f7220c681b833741b3a16dc45

SHA256
e2b9f07a583bb641c4c6c74333f5172ba106a15f280d12eefe84b94870489432

SHA512
0e6d17b5cd42990eba6ceecca8b74d98ec59c61265585011cba71a7b0d15b3399959a572bf48d47054915b08da9ea85e804002a2e58a00a84ba07c938d16c39b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
144KB

MD5
40bf41e69897292e1e5adbec75c31dae

SHA1
e8a5adbffd2f5400c0bd69e5523872acd61001b3

SHA256
2714e9d2bdf3bc5182f4c780ad46323677114b9ecb81a99ce694708fd2f0b75d

SHA512
3426cedc7ddfafcf9b9e33db0ba852b60bfe56be59b155cd8adeafc411250c4faef36a0457839beb4777274be956b50ffd24ba36a4b650c41fe9c42ca2c3e898

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
144KB

MD5
2b538fa5d121ea87a2b13a7e7dad765c

SHA1
f8c2cf1ff6c727e3d4defad7ee44771b0ea74cf5

SHA256
b4d116c82ba5b173a84e45a6a57550850406cc29ec64c3bc0cc581f77953e02e

SHA512
8d7199ef06607c51b58dfbf8e22a0b1d104ec837de90291a6213ab8d4703a9f0af2e9cc8e1a1a5d2176b5aac8e17b80d738dc518c43f175e93726fc071035063

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
144KB

MD5
981ee8ecc3395de04636e16116836c3a

SHA1
4ba99f96b97039f03143bbe0e27875a4e7458c37

SHA256
af421ae88242b3b88187e0c94ed787fae3be15d5c6e3d44da94abe8c0e4f5a72

SHA512
e553f5b1bc256449139155322739acc35eacd17cb435f0025872f4cdf0f783f6a66bb2c132804c8fb7b697412c1215c9fffe55ee12ba6eea3381914f12cbd170

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
101KB

MD5
b406953f2ac79221173a014279a5a3ce

SHA1
30a7f3f099271e19528e136da0e2340578998e57

SHA256
a76435ccdb94e514630c3db850c4c6d99af27f26d0e452bc0c98d8d77aef5f43

SHA512
db90028e849db57d78c03d721d945f3e3b3cbd8990a708705486b9a1a87db1e9e9a7e6a7ca256162133838c32b1ff7ff0445f5c6d4958b8378ba709ca01b3d32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
111KB

MD5
bd948985e08a6717948e1ac7e71049e6

SHA1
f4f592289ed581bbebd5b05e17f53167d2df26eb

SHA256
ef24f83f83f99068e2a0c180a68cd4ec0594712c420954afc70418078f6f7505

SHA512
0aed356233385dc07e3c25ddb077017b729a5257977e39e923bc0373e9c5cf3dc00818e8f81b2ae754c52e3d2e3242965d9009ff24e82fbb96c53534f897baf4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5728f4.TMP
Filesize
96KB

MD5
8f786cdbfa21569d6b47155d302ac8e4

SHA1
fe802e577fa414268e8e5a235a0389b64611d188

SHA256
256ae54560021c4a96547b5f70914a3987a3528d34d36499b3c4595f418ac35e

SHA512
76711604644bbed2309c462ee74fac3718d854b00ff2bd277f8b95afb174c1396eae36e902548d9380aa43505cee9e99d1250ed2e002add6dcb3c2803009ca98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\Val_lite.zip.crdownload
Filesize
12.2MB

MD5
c2997818f94786f2b24c4873d1d5c445

SHA1
76cfe1fe23d1443ae2bb6b751778f3682ef320cd

SHA256
45dbf29247f760cb07271b21c5da381adeecc33a3d95ae40dfa80d3422f7996d

SHA512
ac22a5affbc526547f2597a0ff3b4e17e38adf1357c72533796a3626bf640b835dcbd2d518644396009e63ec27a6f02107606f0922d390dbd441a9733989d816

Download Submit
\??\pipe\crashpad_2924_ZUHIIJLCWDWRHJDH
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1312-461-0x00007FFEC2110000-0x00007FFEC2112000-memory.dmp

Filesize
8KB

Download
memory/1312-462-0x00007FF6B5180000-0x00007FF6B5F1D000-memory.dmp

Filesize
13.6MB

Download