47d5295e390021e29ddeced6953bb69a7c81b7e1399c8cf52b071426273be8ce

Resubmissions

26/08/2023, 06:51

230826-hmkwjsgg27 6

26/08/2023, 06:48

230826-hkvmzagg24 6

Analysis

max time kernel
125s
max time network
153s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
26/08/2023, 06:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Stealer.bat
Size

552B
MD5

19e87500f65ad92c7fc92ad7310e6ff9
SHA1

44226cba9c85545a66d6a82c0cfd011894f579c1
SHA256

47d5295e390021e29ddeced6953bb69a7c81b7e1399c8cf52b071426273be8ce
SHA512

94ee394c5c9e66fae53060cfc5bfa327018c71cd546534f20475b7b5c25c9be38e19f332c043c7550726d0256525f7ae00449aaa148cb4359a23cc63abe7a831

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
2988	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3044	chrome.exe
3044	chrome.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2988	NOTEPAD.EXE
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3044 wrote to memory of 3060	3044	chrome.exe	38
PID 3044 wrote to memory of 3060	3044	chrome.exe	38
PID 3044 wrote to memory of 3060	3044	chrome.exe	38
PID 3044 wrote to memory of 2356	3044	chrome.exe	40
PID 3044 wrote to memory of 2356	3044	chrome.exe	40
PID 3044 wrote to memory of 2356	3044	chrome.exe	40
PID 3044 wrote to memory of 2356	3044	chrome.exe	40
PID 3044 wrote to memory of 2356	3044	chrome.exe	40
PID 3044 wrote to memory of 2356	3044	chrome.exe	40
PID 3044 wrote to memory of 2356	3044	chrome.exe	40
PID 3044 wrote to memory of 2356	3044	chrome.exe	40
PID 3044 wrote to memory of 2356	3044	chrome.exe	40
PID 3044 wrote to memory of 2356	3044	chrome.exe	40
PID 3044 wrote to memory of 2356	3044	chrome.exe	40
PID 3044 wrote to memory of 2356	3044	chrome.exe	40
PID 3044 wrote to memory of 2356	3044	chrome.exe	40
PID 3044 wrote to memory of 2356	3044	chrome.exe	40
PID 3044 wrote to memory of 2356	3044	chrome.exe	40
PID 3044 wrote to memory of 2356	3044	chrome.exe	40
PID 3044 wrote to memory of 2356	3044	chrome.exe	40
PID 3044 wrote to memory of 2356	3044	chrome.exe	40
PID 3044 wrote to memory of 2356	3044	chrome.exe	40
PID 3044 wrote to memory of 2356	3044	chrome.exe	40
PID 3044 wrote to memory of 2356	3044	chrome.exe	40
PID 3044 wrote to memory of 2356	3044	chrome.exe	40
PID 3044 wrote to memory of 2356	3044	chrome.exe	40
PID 3044 wrote to memory of 2356	3044	chrome.exe	40
PID 3044 wrote to memory of 2356	3044	chrome.exe	40
PID 3044 wrote to memory of 2356	3044	chrome.exe	40
PID 3044 wrote to memory of 2356	3044	chrome.exe	40
PID 3044 wrote to memory of 2356	3044	chrome.exe	40
PID 3044 wrote to memory of 2356	3044	chrome.exe	40
PID 3044 wrote to memory of 2356	3044	chrome.exe	40
PID 3044 wrote to memory of 2356	3044	chrome.exe	40
PID 3044 wrote to memory of 2356	3044	chrome.exe	40
PID 3044 wrote to memory of 2356	3044	chrome.exe	40
PID 3044 wrote to memory of 2356	3044	chrome.exe	40
PID 3044 wrote to memory of 2356	3044	chrome.exe	40
PID 3044 wrote to memory of 2356	3044	chrome.exe	40
PID 3044 wrote to memory of 2356	3044	chrome.exe	40
PID 3044 wrote to memory of 2356	3044	chrome.exe	40
PID 3044 wrote to memory of 2356	3044	chrome.exe	40
PID 3044 wrote to memory of 2668	3044	chrome.exe	44
PID 3044 wrote to memory of 2668	3044	chrome.exe	44
PID 3044 wrote to memory of 2668	3044	chrome.exe	44
PID 3044 wrote to memory of 2080	3044	chrome.exe	41
PID 3044 wrote to memory of 2080	3044	chrome.exe	41
PID 3044 wrote to memory of 2080	3044	chrome.exe	41
PID 3044 wrote to memory of 2080	3044	chrome.exe	41
PID 3044 wrote to memory of 2080	3044	chrome.exe	41
PID 3044 wrote to memory of 2080	3044	chrome.exe	41
PID 3044 wrote to memory of 2080	3044	chrome.exe	41
PID 3044 wrote to memory of 2080	3044	chrome.exe	41
PID 3044 wrote to memory of 2080	3044	chrome.exe	41
PID 3044 wrote to memory of 2080	3044	chrome.exe	41
PID 3044 wrote to memory of 2080	3044	chrome.exe	41
PID 3044 wrote to memory of 2080	3044	chrome.exe	41
PID 3044 wrote to memory of 2080	3044	chrome.exe	41
PID 3044 wrote to memory of 2080	3044	chrome.exe	41
PID 3044 wrote to memory of 2080	3044	chrome.exe	41
PID 3044 wrote to memory of 2080	3044	chrome.exe	41
PID 3044 wrote to memory of 2080	3044	chrome.exe	41
PID 3044 wrote to memory of 2080	3044	chrome.exe	41
PID 3044 wrote to memory of 2080	3044	chrome.exe	41

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Stealer.bat"
1⤵
PID:2820

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2868

C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Stealer.bat
1⤵
- Opens file in notepad (likely ransom note)
- Suspicious use of FindShellTrayWindow
PID:2988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef4329758,0x7fef4329768,0x7fef4329778
  2⤵
  PID:3060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1140 --field-trial-handle=1196,i,13075759112955535852,5314137006629900783,131072 /prefetch:2
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1524 --field-trial-handle=1196,i,13075759112955535852,5314137006629900783,131072 /prefetch:8
  2⤵
  PID:2080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2080 --field-trial-handle=1196,i,13075759112955535852,5314137006629900783,131072 /prefetch:1
  2⤵
  PID:432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2072 --field-trial-handle=1196,i,13075759112955535852,5314137006629900783,131072 /prefetch:1
  2⤵
  PID:892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1488 --field-trial-handle=1196,i,13075759112955535852,5314137006629900783,131072 /prefetch:8
  2⤵
  PID:2668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1380 --field-trial-handle=1196,i,13075759112955535852,5314137006629900783,131072 /prefetch:2
  2⤵
  PID:2512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2564 --field-trial-handle=1196,i,13075759112955535852,5314137006629900783,131072 /prefetch:2
  2⤵
  PID:2252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3152 --field-trial-handle=1196,i,13075759112955535852,5314137006629900783,131072 /prefetch:1
  2⤵
  PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3404 --field-trial-handle=1196,i,13075759112955535852,5314137006629900783,131072 /prefetch:8
  2⤵
  PID:2848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3516 --field-trial-handle=1196,i,13075759112955535852,5314137006629900783,131072 /prefetch:8
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3832 --field-trial-handle=1196,i,13075759112955535852,5314137006629900783,131072 /prefetch:8
  2⤵
  PID:568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3816 --field-trial-handle=1196,i,13075759112955535852,5314137006629900783,131072 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3636 --field-trial-handle=1196,i,13075759112955535852,5314137006629900783,131072 /prefetch:1
  2⤵
  PID:2592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2612 --field-trial-handle=1196,i,13075759112955535852,5314137006629900783,131072 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3660 --field-trial-handle=1196,i,13075759112955535852,5314137006629900783,131072 /prefetch:1
  2⤵
  PID:276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2588 --field-trial-handle=1196,i,13075759112955535852,5314137006629900783,131072 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 --field-trial-handle=1196,i,13075759112955535852,5314137006629900783,131072 /prefetch:8
  2⤵
  PID:1324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3924 --field-trial-handle=1196,i,13075759112955535852,5314137006629900783,131072 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3444 --field-trial-handle=1196,i,13075759112955535852,5314137006629900783,131072 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4060 --field-trial-handle=1196,i,13075759112955535852,5314137006629900783,131072 /prefetch:1
  2⤵
  PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4120 --field-trial-handle=1196,i,13075759112955535852,5314137006629900783,131072 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4008 --field-trial-handle=1196,i,13075759112955535852,5314137006629900783,131072 /prefetch:1
  2⤵
  PID:2204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4244 --field-trial-handle=1196,i,13075759112955535852,5314137006629900783,131072 /prefetch:1
  2⤵
  PID:2648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4296 --field-trial-handle=1196,i,13075759112955535852,5314137006629900783,131072 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4176 --field-trial-handle=1196,i,13075759112955535852,5314137006629900783,131072 /prefetch:1
  2⤵
  PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4148 --field-trial-handle=1196,i,13075759112955535852,5314137006629900783,131072 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=4404 --field-trial-handle=1196,i,13075759112955535852,5314137006629900783,131072 /prefetch:1
  2⤵
  PID:2620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=3692 --field-trial-handle=1196,i,13075759112955535852,5314137006629900783,131072 /prefetch:1
  2⤵
  PID:2412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=4960 --field-trial-handle=1196,i,13075759112955535852,5314137006629900783,131072 /prefetch:1
  2⤵
  PID:2916

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
61KB

MD5
f3441b8572aae8801c04f3060b550443

SHA1
4ef0a35436125d6821831ef36c28ffaf196cda15

SHA256
6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

SHA512
5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

Filesize
893B

MD5
d4ae187b4574036c2d76b6df8a8c1a30

SHA1
b06f409fa14bab33cbaf4a37811b8740b624d9e5

SHA256
a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7

SHA512
1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
867B

MD5
c5dfb849ca051355ee2dba1ac33eb028

SHA1
d69b561148f01c77c54578c10926df5b856976ad

SHA256
cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b

SHA512
88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f545c2b19d419d188331ceff931ddbd8

SHA1
c42e5c6dae88fd5bdfc9d9d80c8ddc9ca9bea386

SHA256
0c58ce192ecafc4b70fac657cdd9fbd19c7e6189b70df8655f46f9aebec7eef7

SHA512
4a6d44fa8dd3dd5849312cd7f15de3f33df12afe3ad5c8120176162be21ef3fe49e670387132c54912a8247e6dbdc64f8b76e9e079fe3f5d1ba61d06dc79f5e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
20944383803f77f8e29b2e34da33fc8d

SHA1
36aaa85724ee2f8fa57512fffee0e28cd757d3d9

SHA256
33c13843e1014321def3385178e54a531dbad0c3a2178bc7b29e83cb42550a51

SHA512
478d5b6ab0c15897902a46f993a2b10be194f41eb7285e91bd30f5aba74bfdac537af63748525717d0e0be6196d418b398542c9a4fbb462ac78a44f8915b8d95

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8fc5373164ce56edbd410de0904e02ff

SHA1
7778bc8948dff8f7c6dd37a2902048da3a0bc4c0

SHA256
cc8dc3db28ab90943d0ef77ba7d5e8c03f1f9627636859412606a5087a2a1aa0

SHA512
c6fde9e98f30c0459317cedc0e069f9e9c6f7ef1316bf4795688afbd6346e9baf32e43a04ef00650d43125447b86d97ceb52a28c257efd6a3eb0cd072219154d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cbcb9f61b66b21d7b4ba4a1be1863502

SHA1
a06137c674aa6dc1c9ca5a4c331d936005b2d097

SHA256
53d297361d3919ccd882a0eb4d053ab4aea462671260d76dc65a86172b3985e5

SHA512
47c2168c1373f78acacdcdb73ae650aecd78af244a056a805331d2364046058f151f4a3833322c155de876e1d8ec14d625b9a5c62ff86d9115c6a952b1ed440c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
24551d0b0f7737b195fad935fca94a44

SHA1
d331febc3a06a4524f2f66c872fd6a2450fb3255

SHA256
0c1d494c764ca601c758ed202522ab604ed2fccde088ce49ad5a86ef9003e2ad

SHA512
2332ff434839e4134633c2c206cbe8aa368ead573b0062efec1502756ed7572e5cf525ed337bbb95d9fffc26e3f33d4a1b5f16148def6ab3eecf81b3bf4eddd8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1e3f4aac859f1fdea9cb3747a1339362

SHA1
ef4455ded8aceedcf6ba4a6331991e3b794af4a2

SHA256
69d07e01738b44d20fc4fb53b223718aa26430ab544a68e6e3f333915e14de49

SHA512
e9f20b015f92b1731b44ab84ee1fe4a6c38469a0ff349eca6f434b3912af6f227d519ef5a5d1d161e6504fb8a03460af993692a4cc24d86f007dbbc069685c1b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2d8ba09a4a7fd3844540a0f5fe857a39

SHA1
fc84729ca1215949801e04aad3f95ff0b59cafce

SHA256
75723d050719f113b46eefddd30f9e02de3ae68155e399b3c7cd297ff47e779d

SHA512
73a2e406b7639186be5fc28047bf79c37ba216b872d0cf793a36b3041547a959ebda353ad1eb68389c077a9a0b648ef81149eca57b17c9adecdb67349b0603cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1031d634aa4d5ee98f5187f8fe8c5480

SHA1
54c284dd26447379fe6237b94395db67f6690491

SHA256
02535428a438da56b96fe19938e5c61266ad2a2c5488f096cea5ea56df0e9a36

SHA512
2496faa26d4028a14be6f18ef8217fb05649b2b4f1c1913b60771470f6edb16c33c60536116a7bc8f8285ee6568315fef58b2e5ea36c556f5ee25571a9441841

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8c5c22bca71ca0c061a6a14422c0acc6

SHA1
f42636945c00ec2ab3bde93cfd7664e55cefe0ce

SHA256
60ea4e9e8143c6c1b7f0bdcc30047eb9325005eed92f78e7fcc0430b70a89b5c

SHA512
23c190420c0bc08ee6c925e21cc8da7f1f49d5b72f6ede503850d09d732d20b373f540e56927818dcfd542d53900bba9ffc79bb933dc917726782c1ebd433bf7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9709aa894adbd7c962945783bf8e32ce

SHA1
7838d195068e9a37938bb7d08adeb18bf6c0b26e

SHA256
2de92a778aa715be96a5d0925fab2770478913b656b1e80c9f95c9a4e5a078a9

SHA512
2b615c1943a66f018f783c99dddb389fb5b6e58867e081f13a8313410a65a764bd89fab3e94f9ebc8412b435b1edf68209f3ee8e0209c921542a01ecbc05286a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0c96a47b3a9496f5547d83684b0fdbb1

SHA1
fbb4f35db0f60162609f06aa837592f8aae28473

SHA256
3b593508575dd582fc248d9a9919e48f9e34db926e65ac353f33aeae817fb571

SHA512
57f4b6abd08915eec90ac0f8a8d0505e44c2c723051e94d44820abc7fe6dfdc804e4900b018754e87a00c5004d934743f994abb02fda31aa368dc1ef4a9b153d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cab72858dc4773e09e2297079597a436

SHA1
2467cffbd42dcea7c15164b2231732455d41fc20

SHA256
51a2186dab8302878c7f3dfe25faada253ff1aeeaf7217751d5d12c95479f733

SHA512
b52b0300af111e794a0b370d770acd4b1ca51ac497769f7ac14469186e1ccede8232333fbbcb229f1575b479629541b5f20a86c22443f047d2fe97bdb0b22bf5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6be9c22f6541f5e4318cc5bf7a8e283e

SHA1
307020a45b2af7c917237cf246aee00578001b3b

SHA256
13a8fd736a01d96a689bd938d2ec34f18a0a3d1f880287f6adbe376786240c53

SHA512
beeba65f13f1912fa0e19f8bc32145a73c465a04634e4bb79322e2632790bc139052458dfc86c7d413a9a46fc07b92d28bbf7948c99dbbed48041f214072894c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6be9c22f6541f5e4318cc5bf7a8e283e

SHA1
307020a45b2af7c917237cf246aee00578001b3b

SHA256
13a8fd736a01d96a689bd938d2ec34f18a0a3d1f880287f6adbe376786240c53

SHA512
beeba65f13f1912fa0e19f8bc32145a73c465a04634e4bb79322e2632790bc139052458dfc86c7d413a9a46fc07b92d28bbf7948c99dbbed48041f214072894c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6531b3de6644dcdba377df0e8c90d1c4

SHA1
a37cb9c6118c23d2fc26284bb9b983c440d97295

SHA256
f72476563e5a9ca577d802c6defadae7ce8606c11f720d555623a0b7b7de23ac

SHA512
83b6aff36c50a6901da4e48ace03aa53be11e47f1eab17ddace139e2c9e6474650b917111aff2b0d8ed2bddc4959364f0d321ee6f4562cc0ec9d911497b5c115

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2e20a2a86b5834407213840c98efef6c

SHA1
42ad72959f0b35f20b5bbdccf59b8c32f6638fc7

SHA256
ca14c6f9c9b700039a0b56f9ab6b1f266beaf2535a8dfaf19b2d3347581b2828

SHA512
d3bce8755d0f57aee91917ce354fd1bd8cb2725f6080c345a93dc8d4221548a02bd5e9ee3eac5d210474df87495fd607c50f75d72796e3209d9cdace7d35f70c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bdc96534c078d873c1ab070bfbea37cd

SHA1
3115d4ec12508c3c803100d62e5d81e603d6da79

SHA256
c9e574becad4b982e1d11c181b44496a208f6e4ff0e405059432007153fbd058

SHA512
52f7ca7455b71323dc8fa02d077b11c0739918be3a5a3cc15b1da417d4728316093903c1a20f63a664f1d4d93e0ab13e267ac8c8cc0c574351a5178c2e388b87

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

Filesize
252B

MD5
890105daaebae23ecfe719d4df90be03

SHA1
fe9c466cba19495e20af4b5cbf4c26dc655141e9

SHA256
d1f22a96bdbc89f1a6159fd9e0d9fe9def0a038723f04843f53fe7e4116f0d30

SHA512
3e8225453f767027ee610c189db7fb6b46eab44eba2b437eca341529ba6e13e0cb403877815b82d4a8ba5baa797a74c2dc4bdd89d45edcdb061ccdfa11334b58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
242B

MD5
d7f4da47695a01e880987bf65271dc71

SHA1
df22e2f64f40bcd528f39ffe238abfa8b0692cde

SHA256
2d6936c0d43b6bfd7493cebe09dc5252f03d572edfd16560854e61844732143f

SHA512
7d9da89a9ffafde7de633dd42637c9ef2db3adeead4c0d70fbb6be0847f0231ff316455a2822442f133887313943249df6a544bd22ca014fd05642c3387e9101

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
e42a1a7382d735fa94545213ed9188b6

SHA1
9a2491eb4a964fc08b963619fa338934094b864b

SHA256
0e478da4e457c33929b5458cdb1769c08e31942b43a54bb07159549b05759224

SHA512
f80d48f2638e2359c018df821c02cc34e31a5614ac5e1fa7544ca0be8b2298a2353804c31938829f923430b649a065bdf452dc72975be5d1c0b6def89265c4f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9F72.tmp

Filesize
163KB

MD5
9441737383d21192400eca82fda910ec

SHA1
725e0d606a4fc9ba44aa8ffde65bed15e65367e4

SHA256
bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

SHA512
7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

Download Submit