1e3521898a31ae290e25f2d4a2ab484a87e8478b3dddb1ee99591fcfaaa7d209

Analysis

max time kernel
181s
max time network
326s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
31-03-2023 15:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

pipe.html
Size

235KB
MD5

0c1218c21d5f03592d06789897947806
SHA1

b6cfa8fbb964c3049de005a5d6db9b69b8dcc3f2
SHA256

1e3521898a31ae290e25f2d4a2ab484a87e8478b3dddb1ee99591fcfaaa7d209
SHA512

64feff90f58b6abaaee5fd4491d5ae2ebb087aa688eac0d86e6d6f87be94b5b3d334c80f1248c8e20d0060d1232d0cdcfd2dfafd74c2ae8f3f0afc470bd017d4
SSDEEP

6144:zI7mRVyEfCAQ9GWa+0KL13gzAetYq/ynpUs5l3qhKljVy44LTkC91cY4fj2YRfo9:E5a

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exechrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies registry class 2 IoCs

Processes:

firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache	firefox.exe

Suspicious use of AdjustPrivilegeToken 18 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe
Token: SeShutdownPrivilege	1016	chrome.exe

Suspicious use of FindShellTrayWindow 6 IoCs

Processes:

firefox.exe

pid process

980 firefox.exe
980 firefox.exe
980 firefox.exe
980 firefox.exe
980 firefox.exe
980 firefox.exe
Suspicious use of SendNotifyMessage 5 IoCs

Processes:

firefox.exe

pid process

980 firefox.exe
980 firefox.exe
980 firefox.exe
980 firefox.exe
980 firefox.exe

pid	process
980	firefox.exe
980	firefox.exe
980	firefox.exe
980	firefox.exe
980	firefox.exe
980	firefox.exe

pid	process
980	firefox.exe
980	firefox.exe
980	firefox.exe
980	firefox.exe
980	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exechrome.exefirefox.exe

description	pid	process	target process
PID 1016 wrote to memory of 948	1016	chrome.exe	chrome.exe
PID 1016 wrote to memory of 948	1016	chrome.exe	chrome.exe
PID 1016 wrote to memory of 948	1016	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2032	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2032	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2032	1120	chrome.exe	chrome.exe
PID 1444 wrote to memory of 980	1444	firefox.exe	firefox.exe
PID 1444 wrote to memory of 980	1444	firefox.exe	firefox.exe
PID 1444 wrote to memory of 980	1444	firefox.exe	firefox.exe
PID 1444 wrote to memory of 980	1444	firefox.exe	firefox.exe
PID 1444 wrote to memory of 980	1444	firefox.exe	firefox.exe
PID 1444 wrote to memory of 980	1444	firefox.exe	firefox.exe
PID 1444 wrote to memory of 980	1444	firefox.exe	firefox.exe
PID 1444 wrote to memory of 980	1444	firefox.exe	firefox.exe
PID 1444 wrote to memory of 980	1444	firefox.exe	firefox.exe
PID 1444 wrote to memory of 980	1444	firefox.exe	firefox.exe
PID 1444 wrote to memory of 980	1444	firefox.exe	firefox.exe
PID 1444 wrote to memory of 980	1444	firefox.exe	firefox.exe
PID 1120 wrote to memory of 2228	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2228	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2228	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2228	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2228	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2228	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2228	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2228	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2228	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2228	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2228	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2228	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2228	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2228	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2228	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2228	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2228	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2228	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2228	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2228	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2228	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2228	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2228	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2228	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2228	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2228	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2228	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2228	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2228	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2228	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2228	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2228	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2228	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2228	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2228	1120	chrome.exe	chrome.exe
PID 1120 wrote to memory of 2228	1120	chrome.exe	chrome.exe
PID 1016 wrote to memory of 2236	1016	chrome.exe	chrome.exe
PID 1016 wrote to memory of 2236	1016	chrome.exe	chrome.exe
PID 1016 wrote to memory of 2236	1016	chrome.exe	chrome.exe
PID 1016 wrote to memory of 2236	1016	chrome.exe	chrome.exe
PID 1016 wrote to memory of 2236	1016	chrome.exe	chrome.exe
PID 1016 wrote to memory of 2236	1016	chrome.exe	chrome.exe
PID 1016 wrote to memory of 2236	1016	chrome.exe	chrome.exe
PID 1016 wrote to memory of 2236	1016	chrome.exe	chrome.exe
PID 1016 wrote to memory of 2236	1016	chrome.exe	chrome.exe
PID 1016 wrote to memory of 2236	1016	chrome.exe	chrome.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6709758,0x7fef6709768,0x7fef6709778
1⤵
PID:948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" C:\Users\Admin\AppData\Local\Temp\pipe.html
1⤵
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1196 --field-trial-handle=1320,i,5123956424249222129,761372156291331608,131072 /prefetch:2
2⤵
PID:2236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1480 --field-trial-handle=1320,i,5123956424249222129,761372156291331608,131072 /prefetch:8
2⤵
PID:2372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:1120

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6709758,0x7fef6709768,0x7fef6709778
2⤵
PID:2032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1084 --field-trial-handle=1300,i,2743473343945380164,6835156343977626700,131072 /prefetch:2
2⤵
PID:2228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1484 --field-trial-handle=1300,i,2743473343945380164,6835156343977626700,131072 /prefetch:8
2⤵
PID:2348

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1444

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:980

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="980.0.1683147027\218371534" -parentBuildID 20221007134813 -prefsHandle 1192 -prefMapHandle 1184 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {273dee9d-e2eb-46fc-a265-bf12c0949ffa} 980 "\\.\pipe\gecko-crash-server-pipe.980" 1304 16f1be58 gpu
3⤵
PID:2016

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="980.1.851777546\2100900418" -parentBuildID 20221007134813 -prefsHandle 1456 -prefMapHandle 1452 -prefsLen 20971 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b4ff8d7-d7d4-4a54-bb5e-c563b93e0cb1} 980 "\\.\pipe\gecko-crash-server-pipe.980" 1468 d6fb58 socket
3⤵
PID:1472

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="980.2.36206824\1756126735" -childID 1 -isForBrowser -prefsHandle 2232 -prefMapHandle 2236 -prefsLen 21054 -prefMapSize 232675 -jsInitHandle 816 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {00cdca16-3e99-4cdf-bc49-ca9b1c8e2451} 980 "\\.\pipe\gecko-crash-server-pipe.980" 2216 211c2858 tab
3⤵
PID:2936

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="980.3.2145084491\1219646783" -childID 2 -isForBrowser -prefsHandle 2416 -prefMapHandle 2224 -prefsLen 21160 -prefMapSize 232675 -jsInitHandle 816 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b40fe1e2-2a1c-4867-b213-dee837f6ccf1} 980 "\\.\pipe\gecko-crash-server-pipe.980" 2424 d6ab58 tab
3⤵
PID:3012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="980.5.1820088770\221352369" -childID 4 -isForBrowser -prefsHandle 2700 -prefMapHandle 2704 -prefsLen 21160 -prefMapSize 232675 -jsInitHandle 816 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f46a3ac-140e-4593-ac27-4eae6542fc51} 980 "\\.\pipe\gecko-crash-server-pipe.980" 2688 1ab39858 tab
3⤵
PID:2976

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="980.4.890395280\1234297530" -childID 3 -isForBrowser -prefsHandle 2536 -prefMapHandle 2540 -prefsLen 21160 -prefMapSize 232675 -jsInitHandle 816 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ef1606a-f472-4a70-be7c-9aa7e82732e1} 980 "\\.\pipe\gecko-crash-server-pipe.980" 2524 1ab38658 tab
3⤵
PID:2376

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="980.6.1587236303\1398741908" -childID 5 -isForBrowser -prefsHandle 3260 -prefMapHandle 3256 -prefsLen 26846 -prefMapSize 232675 -jsInitHandle 816 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {82908d48-5b56-4f79-8e3f-321761a75268} 980 "\\.\pipe\gecko-crash-server-pipe.980" 3272 2328bf58 tab
3⤵
PID:1980

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="980.7.1928883989\1057943932" -childID 6 -isForBrowser -prefsHandle 1028 -prefMapHandle 1096 -prefsLen 27122 -prefMapSize 232675 -jsInitHandle 816 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {04760c03-1462-4106-936f-bb3e2d2b893d} 980 "\\.\pipe\gecko-crash-server-pipe.980" 2076 16f19758 tab
3⤵
PID:3404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1112 --field-trial-handle=1224,i,559363567005420546,14952578169487461728,131072 /prefetch:2
1⤵
PID:2148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1060 --field-trial-handle=1280,i,11296581720289081693,9600776064783755178,131072 /prefetch:2
1⤵
PID:2140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1280,i,11296581720289081693,9600776064783755178,131072 /prefetch:8
1⤵
PID:2248

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1608 --field-trial-handle=1280,i,11296581720289081693,9600776064783755178,131072 /prefetch:8
1⤵
PID:2264

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1424 --field-trial-handle=1224,i,559363567005420546,14952578169487461728,131072 /prefetch:8
1⤵
PID:2332

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=2272 --field-trial-handle=1280,i,11296581720289081693,9600776064783755178,131072 /prefetch:1
1⤵
PID:2396

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --mojo-platform-channel-handle=2240 --field-trial-handle=1280,i,11296581720289081693,9600776064783755178,131072 /prefetch:1
1⤵
PID:2380

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --mojo-platform-channel-handle=2120 --field-trial-handle=1280,i,11296581720289081693,9600776064783755178,131072 /prefetch:1
1⤵
PID:2540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1396 --field-trial-handle=1280,i,11296581720289081693,9600776064783755178,131072 /prefetch:2
1⤵
PID:688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --mojo-platform-channel-handle=1428 --field-trial-handle=1280,i,11296581720289081693,9600776064783755178,131072 /prefetch:1
1⤵
PID:2708

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4156 --field-trial-handle=1280,i,11296581720289081693,9600776064783755178,131072 /prefetch:8
1⤵
PID:3068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4344 --field-trial-handle=1280,i,11296581720289081693,9600776064783755178,131072 /prefetch:8
1⤵
PID:3008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --mojo-platform-channel-handle=4536 --field-trial-handle=1280,i,11296581720289081693,9600776064783755178,131072 /prefetch:1
1⤵
PID:2784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --mojo-platform-channel-handle=4352 --field-trial-handle=1280,i,11296581720289081693,9600776064783755178,131072 /prefetch:1
1⤵
PID:1736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --mojo-platform-channel-handle=1812 --field-trial-handle=1280,i,11296581720289081693,9600776064783755178,131072 /prefetch:1
1⤵
PID:2344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --mojo-platform-channel-handle=2864 --field-trial-handle=1280,i,11296581720289081693,9600776064783755178,131072 /prefetch:1
1⤵
PID:2508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --mojo-platform-channel-handle=2060 --field-trial-handle=1280,i,11296581720289081693,9600776064783755178,131072 /prefetch:1
1⤵
PID:3632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=2268 --field-trial-handle=1280,i,11296581720289081693,9600776064783755178,131072 /prefetch:1
1⤵
PID:3796

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=3728 --field-trial-handle=1280,i,11296581720289081693,9600776064783755178,131072 /prefetch:1
1⤵
PID:4000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5308 --field-trial-handle=1280,i,11296581720289081693,9600776064783755178,131072 /prefetch:8
1⤵
PID:3184

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5424 --field-trial-handle=1280,i,11296581720289081693,9600776064783755178,131072 /prefetch:8
1⤵
PID:3192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5424 --field-trial-handle=1280,i,11296581720289081693,9600776064783755178,131072 /prefetch:8
1⤵
PID:3292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5388 --field-trial-handle=1280,i,11296581720289081693,9600776064783755178,131072 /prefetch:8
1⤵
PID:3324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5056 --field-trial-handle=1280,i,11296581720289081693,9600776064783755178,131072 /prefetch:8
1⤵
PID:3384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3724 --field-trial-handle=1280,i,11296581720289081693,9600776064783755178,131072 /prefetch:8
1⤵
PID:3392

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5540 --field-trial-handle=1280,i,11296581720289081693,9600776064783755178,131072 /prefetch:8
1⤵
PID:3080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5344 --field-trial-handle=1280,i,11296581720289081693,9600776064783755178,131072 /prefetch:8
1⤵
PID:1160

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5620 --field-trial-handle=1280,i,11296581720289081693,9600776064783755178,131072 /prefetch:8
1⤵
PID:3468

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1712

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 --field-trial-handle=1280,i,11296581720289081693,9600776064783755178,131072 /prefetch:8
1⤵
PID:776

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x480
1⤵
PID:2700

C:\Users\Admin\Downloads\krnl_beta (2).exe
"C:\Users\Admin\Downloads\krnl_beta (2).exe"
1⤵
PID:3676

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\1c81f2c5-cf76-4f54-b00e-50cf7feba431.tmp
Filesize
71KB

MD5
8ad7661a67c883d1ea4b7bcb82747c45

SHA1
6fb99d16eebcf8be551c5bf9d534bb2d926aa1f8

SHA256
00737899846d9f4be1222d7f168b880cda4a7ed116cf8e845b86406a6b886f76

SHA512
39a6690b6ffd431b614046f50d6e60d10f814fdb6c09da841cde1b711b78c47631bdd4e670503a43095bd97758342bc6f9d027c55c66bb8d4b2eadecf4b761ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\3a128766-23ed-4466-b2ea-c5b6538ef0ea.tmp
Filesize
71KB

MD5
ff7184477f25b49f9eadeb48f1976f29

SHA1
8634bc65e4f9f7b568498888eb538ae1fd8c65f6

SHA256
66f2286b611b5644d46c5f868a04cb64c791f750ee8dcaec3411eb7a22d6716f

SHA512
949cfb6cd73464d12587068dcfb3be0ff028b7195784aaf5a98fe4592423d285120c65acfdfa4fa98efb0c3ed26ce9992c5cf86580eea035f7d45b76b7775de9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
c6e4431d295a1842fea0a903fba97f96

SHA1
b61072829b60b8e757f84812d1e44ce318b8eb12

SHA256
775ba22acda7362b3b8913914d10b3df1610e9ef9e11619c36c6607811bc9f93

SHA512
15761feea1df597afc51529909961187188ce64601193513ecbe41bc8b22fb5877d48a8ce85ce45fb874c8ac51049bfb1eb6cff16164104bc53cbcc38737f5b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
c6e4431d295a1842fea0a903fba97f96

SHA1
b61072829b60b8e757f84812d1e44ce318b8eb12

SHA256
775ba22acda7362b3b8913914d10b3df1610e9ef9e11619c36c6607811bc9f93

SHA512
15761feea1df597afc51529909961187188ce64601193513ecbe41bc8b22fb5877d48a8ce85ce45fb874c8ac51049bfb1eb6cff16164104bc53cbcc38737f5b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009
Filesize
1.8MB

MD5
3701dc535fb395d6a1fb557a3aeec5e9

SHA1
ef517659229ddc6ecfc02481c3953ac9322dae35

SHA256
ec6df713446a8dd5efb376fbb7b444ed7e09f5cdd98c0494999b64af2e2d5537

SHA512
20dc14387138f913034bd2c265156dca1f36c128c040a99d6904fe6f1830d2f98afb3dcf0553817adb66e480be7d0fb0d7df58f0feb9b007a5a6bab648b081a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
f84de57a40b16114c9a8313a873a3eba

SHA1
0a253a3459261a5a1f4c34c19bfac1d9224f22be

SHA256
07f4435b29654908de8fa5634d6a5270e2f4323a4502a694015ccdd13146f832

SHA512
0363280ce7af67f581e49a203e164ffebc1ac1c03fafba3052b47adfa82ed9c63b8928e894b6b453a7a0f83253244e4c8284dc1fbcf31b0a3c78dd41b9e23bfb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
71KB

MD5
8ad7661a67c883d1ea4b7bcb82747c45

SHA1
6fb99d16eebcf8be551c5bf9d534bb2d926aa1f8

SHA256
00737899846d9f4be1222d7f168b880cda4a7ed116cf8e845b86406a6b886f76

SHA512
39a6690b6ffd431b614046f50d6e60d10f814fdb6c09da841cde1b711b78c47631bdd4e670503a43095bd97758342bc6f9d027c55c66bb8d4b2eadecf4b761ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
Filesize
86B

MD5
16b7586b9eba5296ea04b791fc3d675e

SHA1
8890767dd7eb4d1beab829324ba8b9599051f0b0

SHA256
474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680

SHA512
58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
Filesize
85B

MD5
8549c255650427d618ef18b14dfd2b56

SHA1
8272585186777b344db3960df62b00f570d247f6

SHA256
40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13

SHA512
e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\81ei91hh.default-release\activity-stream.discovery_stream.json.tmp
Filesize
151KB

MD5
4f412ab2d9baabb89c5165ada1dad756

SHA1
3f268b98dfcd592c76a86ce802d0f72ebe40c8f4

SHA256
4970e4c245e920b0b9e964675ed120b48636d7fcbbbba1f59a9f66bd9e193dcf

SHA512
f927a5af1a2c5b48e5d9c1f5a955d0e1139b3a0346dfef96bbf32256cdbc5b6618eb51d3b66fbb72ff6a0f16b12a5027d7b704f899613fa694299d8110a83512

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\81ei91hh.default-release\prefs.js
Filesize
6KB

MD5
287079c0a70882ef8bb416820d8184ad

SHA1
67f9835b12c37eee8e6d0e00dbc303d8f7d9a772

SHA256
cdce500c9efcf5aaa92013a70429d0fb43331c7f28472a7186f8079e510b91b1

SHA512
05048711b5b6c658a6f7c522d33e0260b25f7ba970bd129adba232d68c82ca018fee195022a880972204f5d4566cbb89f2d4063741b0df1aafa8e8bf7d5795b8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\81ei91hh.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
272B

MD5
0f40c113f36e73bcc1e221d61b749ec3

SHA1
e2175f6720ec43e0b86ca100f12e8461604e03a2

SHA256
daf7922c600ad4788d05d364603c1a4678b872a89aacea9f3a6aa1aa0c8c72d9

SHA512
2acbf1147ce2602ae448e17a3650421b811962343dd302f3c41d7cac685878153458ae147f4e3e8cea3526218d4e5cce135b6c1d6470f2f18fc7b2e6cc64f516

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\81ei91hh.default-release\sessionstore.jsonlz4
Filesize
837B

MD5
329cdea60aea027e98986d4a9fc3bde4

SHA1
b30a5d2bd927269b74b5b178126f55a5f2724960

SHA256
88f8f22e94d276427c95ecfd2a9ad8315fe03d5fd7454d6580a5e35d6e399d2b

SHA512
a2a19d7f4dcebbd95fde6855fffc9740a55455c5f17fe08c220f0e4d0715cab7230f52a2e460de9c6c0bede9b9aa450f05bd60e5296a47821152512f60e0a902

Download Submit
\??\pipe\crashpad_1120_YXOOJTQARCKDZCDZ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/3676-338-0x00000000012F0000-0x00000000014CA000-memory.dmp

Filesize
1.9MB

Download
memory/3676-339-0x0000000004E40000-0x0000000004E80000-memory.dmp

Filesize
256KB

Download
memory/3676-340-0x00000000004F0000-0x00000000004FA000-memory.dmp

Filesize
40KB

Download
memory/3676-341-0x0000000004E40000-0x0000000004E80000-memory.dmp

Filesize
256KB

Download
memory/3676-342-0x0000000000BA0000-0x0000000000BA1000-memory.dmp

Filesize
4KB

Download
memory/3676-343-0x0000000004E40000-0x0000000004E80000-memory.dmp

Filesize
256KB

Download