327071b8da02b5fa93ef243416b81063446927bf0d6a9ae0122a3413200bd120

Analysis

max time kernel
40s
max time network
151s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
31-03-2023 20:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

images.jpg
Size

5KB
MD5

a730faf973a840701f599520aa1e9640
SHA1

7d4d03f0b5041feb8b7360f1537da2977ccc0882
SHA256

327071b8da02b5fa93ef243416b81063446927bf0d6a9ae0122a3413200bd120
SHA512

5296b1e8fd630276cb9c617a99d2405aab49d012dd64509138370475fe667d23ea0cd2db44646d18d23b8007bf0ae2dd141ef6b5e05bc08cdd708e23e3fa93a7
SSDEEP

96:Ik9LE2fCg3kpUeaBKDNS8uy/MpkDqA4a7tD0b64TSrzDZp:Ikq2fl3k+eaQ88uy/KAdtol2rpp

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

2040 chrome.exe
2040 chrome.exe

Suspicious use of AdjustPrivilegeToken 44 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

Processes:

rundll32.exechrome.exe

pid	process
1236	rundll32.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

Processes:

chrome.exe

pid	process
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2040 wrote to memory of 1064	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 1064	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 1064	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 916	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 916	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 916	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 916	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 916	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 916	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 916	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 916	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 916	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 916	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 916	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 916	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 916	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 916	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 916	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 916	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 916	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 916	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 916	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 916	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 916	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 916	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 916	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 916	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 916	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 916	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 916	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 916	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 916	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 916	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 916	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 916	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 916	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 916	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 916	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 916	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 916	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 916	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 916	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 1360	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 1360	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 1360	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 1776	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 1776	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 1776	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 1776	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 1776	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 1776	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 1776	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 1776	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 1776	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 1776	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 1776	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 1776	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 1776	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 1776	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 1776	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 1776	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 1776	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 1776	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 1776	2040	chrome.exe	chrome.exe

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\images.jpg
1⤵
- Suspicious use of FindShellTrayWindow
PID:1236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefb249758,0x7fefb249768,0x7fefb249778
2⤵
PID:1064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1128 --field-trial-handle=1260,i,13499806090572904991,8839779705371875244,131072 /prefetch:2
2⤵
PID:916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1456 --field-trial-handle=1260,i,13499806090572904991,8839779705371875244,131072 /prefetch:8
2⤵
PID:1360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1656 --field-trial-handle=1260,i,13499806090572904991,8839779705371875244,131072 /prefetch:8
2⤵
PID:1776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2240 --field-trial-handle=1260,i,13499806090572904991,8839779705371875244,131072 /prefetch:1
2⤵
PID:1580

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2216 --field-trial-handle=1260,i,13499806090572904991,8839779705371875244,131072 /prefetch:1
2⤵
PID:324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1344 --field-trial-handle=1260,i,13499806090572904991,8839779705371875244,131072 /prefetch:2
2⤵
PID:2096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3688 --field-trial-handle=1260,i,13499806090572904991,8839779705371875244,131072 /prefetch:1
2⤵
PID:2188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3900 --field-trial-handle=1260,i,13499806090572904991,8839779705371875244,131072 /prefetch:8
2⤵
PID:2228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4028 --field-trial-handle=1260,i,13499806090572904991,8839779705371875244,131072 /prefetch:8
2⤵
PID:2244

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4172 --field-trial-handle=1260,i,13499806090572904991,8839779705371875244,131072 /prefetch:1
2⤵
PID:2432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4284 --field-trial-handle=1260,i,13499806090572904991,8839779705371875244,131072 /prefetch:1
2⤵
PID:2736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4528 --field-trial-handle=1260,i,13499806090572904991,8839779705371875244,131072 /prefetch:1
2⤵
PID:1984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4800 --field-trial-handle=1260,i,13499806090572904991,8839779705371875244,131072 /prefetch:1
2⤵
PID:2476

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4432 --field-trial-handle=1260,i,13499806090572904991,8839779705371875244,131072 /prefetch:1
2⤵
PID:1944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4912 --field-trial-handle=1260,i,13499806090572904991,8839779705371875244,131072 /prefetch:1
2⤵
PID:808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3796 --field-trial-handle=1260,i,13499806090572904991,8839779705371875244,131072 /prefetch:1
2⤵
PID:2784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5020 --field-trial-handle=1260,i,13499806090572904991,8839779705371875244,131072 /prefetch:8
2⤵
PID:2268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3600 --field-trial-handle=1260,i,13499806090572904991,8839779705371875244,131072 /prefetch:1
2⤵
PID:2924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3572 --field-trial-handle=1260,i,13499806090572904991,8839779705371875244,131072 /prefetch:1
2⤵
PID:852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3376 --field-trial-handle=1260,i,13499806090572904991,8839779705371875244,131072 /prefetch:8
2⤵
PID:1296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5084 --field-trial-handle=1260,i,13499806090572904991,8839779705371875244,131072 /prefetch:8
2⤵
PID:2448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3456 --field-trial-handle=1260,i,13499806090572904991,8839779705371875244,131072 /prefetch:1
2⤵
PID:2936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5376 --field-trial-handle=1260,i,13499806090572904991,8839779705371875244,131072 /prefetch:8
2⤵
PID:868

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3552 --field-trial-handle=1260,i,13499806090572904991,8839779705371875244,131072 /prefetch:1
2⤵
PID:3048

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:900

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\0ea60c28-9861-4f4e-bf5a-706bdadc0e94.tmp
Filesize
4KB

MD5
b9350b7c56d76e525708b31cdfddd916

SHA1
8034e0bca87f520b4f9c2928dc70996cb0ed246d

SHA256
9764e92390042f5150284818f95f10fd51f8530128ee823b815a9c3c7ee43092

SHA512
907d8123895e1d6eccc40630ecac061bf667bb94cded2b7af1f682bdab3bf57d5435800ecf385743da731328ea74be6500d805440d87429a707e1467ed5cfe7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\20037424-7e8e-4c65-b3f2-71500b027313.tmp
Filesize
5KB

MD5
b59f056d523b4ba0c60e276c53dec94f

SHA1
3f3420235c5982bfb4a2547f3149d9a38ac5c563

SHA256
4c01169caa5eabe99b46a2ee0741f8e3cf673949c618ed8e1440f4fc4eddaf57

SHA512
16b4b9cf7a01a80d4909f573540e80d0e918f9957faca554eb229026a668f71207a75b26e67839115f8322fd14358a93f3ee19e8cb0a90f31a15f06126cc8743

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
Filesize
37KB

MD5
47ae9b25af86702d77c7895ac6f6b57c

SHA1
f56f78729b99247a975620a1103cac3ee9f313a5

SHA256
9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224

SHA512
72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003e
Filesize
31KB

MD5
95b5720f392e1e8e8f6df78f3fcf5677

SHA1
075133c42dcec911dac4056ee212d87d9530044e

SHA256
a1b3f3bdf6f682910e1822ee51e023e3faeb837bbb017344d361fbb76ad4fafa

SHA512
a994f2c97298ca6b61d6548d6e62daad9de52b9f27de52003fb0260f967a98d87823157dab54130dce14165fd3955f929f2184c54aef91bc2f3ff420af3c0a49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
720B

MD5
7e89b818929d7904337a90a5797ea292

SHA1
12db744130cf80ea774ce168fad3d6a55dbb2244

SHA256
d5568123fb21a0cc93c9d74e118db3868929068da6ac46308f7a6313eda5ec07

SHA512
68d1b5d1d2b9c41ee1be8c44637e5c2cc4c10e76dc34c3dd3457ee9cb3cb456e08e9419b3167947644d91283713229b108124f880f9a86ef4423127099e7f6f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000002.dbtmp
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RF6d205d.TMP
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
363B

MD5
38710d512bc5d04a213bb1c467f89bfd

SHA1
467036ad77b7e98c887ec97dbb26adba4e9bf1dc

SHA256
fd2123f873fa2f2b69a6e9e7b6fbfcf650a93e64c67a8b170d64d51b87318cad

SHA512
268d15e5f2753b37a75d4401ff847e7643f053d864d7023d8a40bbf854df5d57fd0655608c74c731d36f0b3268128a5e3031c8efd4b5abe11f8a5ed1a5528f4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
1e86db1c37b24aeaecdd55744c1c4ff0

SHA1
7c1f7bcc93992cec550459d94b6a17040b8194b1

SHA256
75859b114b6d6bf15ef4d9364db06dafd43c773d49797cbd2aeb15db86c00373

SHA512
c71c99f580e9ea52168acde7fe1de4e033a53a97314d5450bbc2bbea8f86a30b58252ef61b7c9bca80c55982e08a70e1b2c3e1bf99e937bea91307df38723477

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
d33ccbb16d9554040e038dc4d5a85bd3

SHA1
9b7ac343b1644d2f8bf2a851682c51344d881cfa

SHA256
89312ccad56593709c6b408fdd5cb01daf62b49e54c080353074fea8630da8e4

SHA512
fc8a2d8f68fa65db64d421839b2fb2c92b820c0fcfdc864d83c649963a02d0024c76868c2674cf73def129cfa066ed1eca1145d5d9468b0d20991fa4988de336

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
762404290c9b1687360e87504ae950ad

SHA1
28628274b99040626a6f94939273fa53ae7b4164

SHA256
446f07b357ef153e55be583ccf299d0b5822dd5e4ba35f168d21e053a83e3b45

SHA512
8eb5c589b8a7b7c030875c2641472a5e5c387dfc709a6fb77f1f677946e2dc15f6f4d9cd536b85bf7ec6046cd99486c7604d4487bf0cc8965add5ed5daf8b902

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
527B

MD5
88e647fed52193ae44f9c09fee8c98ee

SHA1
6d646a288a42336d1682fc9bbb733b37d6a49c27

SHA256
5577833dc5ad9dec2426ae9aee722a0ebf75bb13105ae0cf8d038feabfbc6038

SHA512
488ddf2eeb042e7b8060b38d47a310dd975898c3ca068ad63c2ecda40ecccb94652007d849f87812b5e8fd6f5828ea7655c64a19b5670ef176abb631a15771ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
ecc3fff86c9e69b220f917ad5203317d

SHA1
6f9d05a719b3994018f5882052e580a318617bb1

SHA256
b7211bf5b87c2a95728404949e3635adad3daa7628d4e08cc8934d49f8dfff10

SHA512
31083ae500fe060005d0c853d6631e0fca181e5ca07934653052f686fca8870c5595d5af30e7344c71bdeec5a34a2cf136c7ea1914c3b4105f874a66362204a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
4KB

MD5
a4a82ed794b80b3635d329a7d736de17

SHA1
e2e1a85a881ec6c46dde55b3f5843db179694fa3

SHA256
f6431c708ac4f868670c5c33994e8a650c0b01d87bfd305ee4a635ff0432753f

SHA512
21e19209306e18bb209dd28f3d56907187acd2f6d05e18e3faba59d924d14cf400b41a1d39fb645d3544f9369a796ba1aaf4c44e7a7d05676c735ba3705dec6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
cc641e3380f4390943dd82e14bf1b9dd

SHA1
0834d41f8eee2ff716c1c5446cea74c3747fb327

SHA256
a1153551a3d35749137baa799331d78ebf4f06bfb2390eeeb8727834771b3635

SHA512
b718fac07f7578269dc9a8893a6415ab9374c4871f6de6f09ca38ee0e36e83a64733d93b57b520d38f726383ed5d8c99fca77550806870c005c31f15422ae08e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000004.dbtmp
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
67cfb4f4c6f4ce23ce0b8aaea980c6f4

SHA1
1a170abfa562cecc8e086613c19070d5b7f8bd18

SHA256
84688a9cbd5dbccc346307c31ccae30517d06fecf29914a9dbe63847b9c6a97c

SHA512
faecdf266fddaa59f7d75a7116633a79351f69137e935f8cda874fbccce542155a826782ad74100e6317e67c9db28e67bb67fd04c0e385c35eeeafc1c917163c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5B90.tmp
Filesize
161KB

MD5
be2bec6e8c5653136d3e72fe53c98aa3

SHA1
a8182d6db17c14671c3d5766c72e58d87c0810de

SHA256
1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

SHA512
0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

Download Submit
\??\pipe\crashpad_2040_FUCRKGADHGDBWGEZ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1236-54-0x0000000000210000-0x0000000000211000-memory.dmp

Filesize
4KB

Download
memory/1236-112-0x0000000000210000-0x0000000000211000-memory.dmp

Filesize
4KB

Download