09678a8d7caca2b0bfb457625adbd9ea58b9e280938fe5a238d2c8c3c56f267e

Analysis

max time kernel
116s
max time network
181s
platform
windows7_x64
resource
win7-20231025-en
resource tags

arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
submitted
15-11-2023 14:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Xvirus-Tools-1.7.0/Xvirus.py
Size

8KB
MD5

9105f859cdba36dbcfd51c0e70a0d482
SHA1

a82b2e78dcd587a002f67dc6bce5b589bd650f95
SHA256

e27ae207ed527a75b4d11915252c4866dda8c8183976fd06a1b859eafeb9ac18
SHA512

ac23efef2962fb85f5f5c94e0649c6f7b3050990866b48d6714a3aad9fdfca9a2c3c477eb194395138233c64f37aa845d029bb40c379f9576587f23b1b7823b5
SSDEEP

192:eGWZRZd7vnTNxTM/DTdkff9XxrcNqTf2BXsYEDn:j0zlvnTNxTL9XxrcNqTA7ED

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000_Classes\Local Settings	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000_CLASSES\py_auto_file\	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000_CLASSES\.py\ = "py_auto_file"	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000_CLASSES\py_auto_file\shell\Open\command	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000_CLASSES\py_auto_file\shell\Open\ = "Play with VLC media player"	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000_CLASSES\py_auto_file	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000_CLASSES\.py	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000_CLASSES\py_auto_file\shell\Open	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000_CLASSES\py_auto_file\shell	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000_CLASSES\py_auto_file\shell\Open\command\ = "\"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe\" --started-from-file \"%1\""	rundll32.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2644	vlc.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2584	chrome.exe
2584	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
2628	rundll32.exe
2644	vlc.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe

Suspicious use of FindShellTrayWindow 43 IoCs

pid	Process
2644	vlc.exe
2644	vlc.exe
2644	vlc.exe
2644	vlc.exe
2644	vlc.exe
2644	vlc.exe
2644	vlc.exe
2644	vlc.exe
2644	vlc.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe

Suspicious use of SendNotifyMessage 40 IoCs

pid	Process
2644	vlc.exe
2644	vlc.exe
2644	vlc.exe
2644	vlc.exe
2644	vlc.exe
2644	vlc.exe
2644	vlc.exe
2644	vlc.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2644	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2944 wrote to memory of 2628	2944	cmd.exe	29
PID 2944 wrote to memory of 2628	2944	cmd.exe	29
PID 2944 wrote to memory of 2628	2944	cmd.exe	29
PID 2628 wrote to memory of 2644	2628	rundll32.exe	30
PID 2628 wrote to memory of 2644	2628	rundll32.exe	30
PID 2628 wrote to memory of 2644	2628	rundll32.exe	30
PID 2584 wrote to memory of 2860	2584	chrome.exe	33
PID 2584 wrote to memory of 2860	2584	chrome.exe	33
PID 2584 wrote to memory of 2860	2584	chrome.exe	33
PID 2584 wrote to memory of 2696	2584	chrome.exe	35
PID 2584 wrote to memory of 2696	2584	chrome.exe	35
PID 2584 wrote to memory of 2696	2584	chrome.exe	35
PID 2584 wrote to memory of 2696	2584	chrome.exe	35
PID 2584 wrote to memory of 2696	2584	chrome.exe	35
PID 2584 wrote to memory of 2696	2584	chrome.exe	35
PID 2584 wrote to memory of 2696	2584	chrome.exe	35
PID 2584 wrote to memory of 2696	2584	chrome.exe	35
PID 2584 wrote to memory of 2696	2584	chrome.exe	35
PID 2584 wrote to memory of 2696	2584	chrome.exe	35
PID 2584 wrote to memory of 2696	2584	chrome.exe	35
PID 2584 wrote to memory of 2696	2584	chrome.exe	35
PID 2584 wrote to memory of 2696	2584	chrome.exe	35
PID 2584 wrote to memory of 2696	2584	chrome.exe	35
PID 2584 wrote to memory of 2696	2584	chrome.exe	35
PID 2584 wrote to memory of 2696	2584	chrome.exe	35
PID 2584 wrote to memory of 2696	2584	chrome.exe	35
PID 2584 wrote to memory of 2696	2584	chrome.exe	35
PID 2584 wrote to memory of 2696	2584	chrome.exe	35
PID 2584 wrote to memory of 2696	2584	chrome.exe	35
PID 2584 wrote to memory of 2696	2584	chrome.exe	35
PID 2584 wrote to memory of 2696	2584	chrome.exe	35
PID 2584 wrote to memory of 2696	2584	chrome.exe	35
PID 2584 wrote to memory of 2696	2584	chrome.exe	35
PID 2584 wrote to memory of 2696	2584	chrome.exe	35
PID 2584 wrote to memory of 2696	2584	chrome.exe	35
PID 2584 wrote to memory of 2696	2584	chrome.exe	35
PID 2584 wrote to memory of 2696	2584	chrome.exe	35
PID 2584 wrote to memory of 2696	2584	chrome.exe	35
PID 2584 wrote to memory of 2696	2584	chrome.exe	35
PID 2584 wrote to memory of 2696	2584	chrome.exe	35
PID 2584 wrote to memory of 2696	2584	chrome.exe	35
PID 2584 wrote to memory of 2696	2584	chrome.exe	35
PID 2584 wrote to memory of 2696	2584	chrome.exe	35
PID 2584 wrote to memory of 2696	2584	chrome.exe	35
PID 2584 wrote to memory of 2696	2584	chrome.exe	35
PID 2584 wrote to memory of 2696	2584	chrome.exe	35
PID 2584 wrote to memory of 2696	2584	chrome.exe	35
PID 2584 wrote to memory of 2696	2584	chrome.exe	35
PID 2584 wrote to memory of 2552	2584	chrome.exe	36
PID 2584 wrote to memory of 2552	2584	chrome.exe	36
PID 2584 wrote to memory of 2552	2584	chrome.exe	36
PID 2584 wrote to memory of 1140	2584	chrome.exe	37
PID 2584 wrote to memory of 1140	2584	chrome.exe	37
PID 2584 wrote to memory of 1140	2584	chrome.exe	37
PID 2584 wrote to memory of 1140	2584	chrome.exe	37
PID 2584 wrote to memory of 1140	2584	chrome.exe	37
PID 2584 wrote to memory of 1140	2584	chrome.exe	37
PID 2584 wrote to memory of 1140	2584	chrome.exe	37
PID 2584 wrote to memory of 1140	2584	chrome.exe	37
PID 2584 wrote to memory of 1140	2584	chrome.exe	37
PID 2584 wrote to memory of 1140	2584	chrome.exe	37
PID 2584 wrote to memory of 1140	2584	chrome.exe	37
PID 2584 wrote to memory of 1140	2584	chrome.exe	37
PID 2584 wrote to memory of 1140	2584	chrome.exe	37

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Xvirus-Tools-1.7.0\Xvirus.py
1⤵
- Suspicious use of WriteProcessMemory
PID:2944
- C:\Windows\system32\rundll32.exe
  "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Xvirus-Tools-1.7.0\Xvirus.py
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of WriteProcessMemory
  PID:2628
- - C:\Program Files\VideoLAN\VLC\vlc.exe
    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\Xvirus-Tools-1.7.0\Xvirus.py"
    3⤵
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:2644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7519758,0x7fef7519768,0x7fef7519778
  2⤵
  PID:2860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1188 --field-trial-handle=1408,i,11988851792386700797,9288220894455047800,131072 /prefetch:2
  2⤵
  PID:2696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1540 --field-trial-handle=1408,i,11988851792386700797,9288220894455047800,131072 /prefetch:8
  2⤵
  PID:2552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1628 --field-trial-handle=1408,i,11988851792386700797,9288220894455047800,131072 /prefetch:8
  2⤵
  PID:1140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2316 --field-trial-handle=1408,i,11988851792386700797,9288220894455047800,131072 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2324 --field-trial-handle=1408,i,11988851792386700797,9288220894455047800,131072 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1420 --field-trial-handle=1408,i,11988851792386700797,9288220894455047800,131072 /prefetch:2
  2⤵
  PID:1900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3204 --field-trial-handle=1408,i,11988851792386700797,9288220894455047800,131072 /prefetch:2
  2⤵
  PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3228 --field-trial-handle=1408,i,11988851792386700797,9288220894455047800,131072 /prefetch:2
  2⤵
  PID:2096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1408,i,11988851792386700797,9288220894455047800,131072 /prefetch:8
  2⤵
  PID:2444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3456 --field-trial-handle=1408,i,11988851792386700797,9288220894455047800,131072 /prefetch:1
  2⤵
  PID:2576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3660 --field-trial-handle=1408,i,11988851792386700797,9288220894455047800,131072 /prefetch:8
  2⤵
  PID:2924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3684 --field-trial-handle=1408,i,11988851792386700797,9288220894455047800,131072 /prefetch:8
  2⤵
  PID:976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3876 --field-trial-handle=1408,i,11988851792386700797,9288220894455047800,131072 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2584 --field-trial-handle=1408,i,11988851792386700797,9288220894455047800,131072 /prefetch:1
  2⤵
  PID:3040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2628 --field-trial-handle=1408,i,11988851792386700797,9288220894455047800,131072 /prefetch:8
  2⤵
  PID:2168

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2280

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d6888b18d8b86af1cac94882ab7e666e

SHA1
9376389843b04129ae02fd21092d6be352a51882

SHA256
e820d9e63b6db3b982b415ece3512f7080ee21d8943349d86063589ead91fe8c

SHA512
1de68eef55afcb461338a8ebcc5e749eb95bdf7964275fccf3ee306ea6919c356f219a79a97c204f7229ed4d57269bb1a5d777f8ffc9261ab6e194c3f7614596

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d6888b18d8b86af1cac94882ab7e666e

SHA1
9376389843b04129ae02fd21092d6be352a51882

SHA256
e820d9e63b6db3b982b415ece3512f7080ee21d8943349d86063589ead91fe8c

SHA512
1de68eef55afcb461338a8ebcc5e749eb95bdf7964275fccf3ee306ea6919c356f219a79a97c204f7229ed4d57269bb1a5d777f8ffc9261ab6e194c3f7614596

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
f1f459983fcc9e54c9c57598113815b7

SHA1
14b72c49ebb0ff6b55ae2fda2e98905e53287ebe

SHA256
c1fc73948d7bc128211f3c59e50e9791796ca4f19544226e0337826b55cce89c

SHA512
6446e9cedb404aed553aebba4514010659bb8e14493c9e5d6486a5d2fe4349a8f93792b4ed1243d4a4e25e0fd89e7e80080c8299bdc9b994f53bcde8350c99e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
83d930eeacafd1043821ee93a366e480

SHA1
3abcc5c5210cfd77777772f6759d0f698d98e01a

SHA256
c804887de296ddeba5fc3bd4d858f9db3f92a6dea860042e2154c80a75edc738

SHA512
5d4a83965686085dd0290b9042129a16bdc8d56963d1f0953fedc8024efc8961b1940eb65b1f6bc8e67382033e9d1b12eac9fe86a65f28e4d1b262f18c12d9f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
845B

MD5
190592a8421056c015338badc10af749

SHA1
843f023c7f9f6bf8256a34a677684d6e6e0e6459

SHA256
2ca3a0cb98cd72dae86116857f13353a921b0f3240b68b91a24844f9a13596f3

SHA512
cc18a9da077f59c11cc909beb176296de87e75b97141074431a9ebea8aa7fe9a3578ff71c68acc3a3a36376dcaae1f4fa3c70184be2a21997b5720d0c990e1be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
845B

MD5
6a36e11e2cf784f4a0c8ade5dab09eba

SHA1
2918ca7e3e08b5eed2eb79f43ee3eb66781ba724

SHA256
67bc625834ffd28646fb8069a168bb8573ccd67cfde7baad1ac94f465e09b23e

SHA512
66436ad8f1a4b09a36e9d7ce1df48a12720ffc2c8fa564894ef613ab7294a6c06616171c81db0e345f41eb83d88305ae3924e6b93b9c2faae1d7e1ba9be94927

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
845B

MD5
6a79fa7f8b7f3b143cc4be7bfdb94bd7

SHA1
42dad296cc4c7b54896244e3e2f7ec1e8963922f

SHA256
a966b1b510c1e0e77c77513100dec4c36f08d09f33baf41d1379dc46c5c5492d

SHA512
488d0f04f54d50a6ea30cfddfa8125bd94a53750334dbb95bb8bdc9fb0438e2cc09bf8d1d54c70e234241ddf33e337c5250d5208b0a7bfef34f2d5caf9727973

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
0b6ba7b24369a568d954e2132fce7f47

SHA1
60fdd0d49c11716b68d53c01012f8df0fe95956f

SHA256
6d12925e08bf9dc7f83bb7ca5d14169d9c3428fc378af5915667e02b7fc4b1d8

SHA512
53c7e0aca39c28c51860e00f6f88967da6012b0ee27d20b7e0fdb6badecf126cd14f850c99241aee773ff9c495f34554fd77a95f640d438dd129c0a7f8bf903e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
9d2bf87ebb908f7a6df37e77be95d368

SHA1
9ba891ca1423cca67e9d4117a5c5e549d974832a

SHA256
f704c4f3114e914666584e298ec6e25255e3207cceec75d9ad921c9bdf749ac6

SHA512
46b039e86b1c03f58c844d71bbef9854c5b86d67205c80f9970d360c921392d987dcc254fbafec020f22d2a68240a0ec6bd72f2272ac1d529f618b53bda751ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
141529a6d4bf9e1241ecf2b9017cf183

SHA1
763c5b584ecbe5659761b152d8476f3ca80c435b

SHA256
2f49b6e1b55c3b0c04dd7775806f119e2fadb2660f080513d7175d1bed837099

SHA512
ee4737c9407e3438efa2802d3c6c528577b36d9746124555a7502de997618ea36b2a571a2a36266f5574a32904d3bdfe7bdb951b321c1643e1483bd6f64638d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
f62c4dcb5b98377cd4827611c69a9737

SHA1
e41d6738512e3050a8fb8a5e64e13633a9c2a9a2

SHA256
2e899fb9c7b99bd69d6eed1ee6292bebbf9786e8f318db38219155d49cdb7aa6

SHA512
b2a6c0358f86911bee9426c05869ee0922055d79821ece3d02e6267ced350c491ee0421344eb6e706b4f882f9dcd894e250bdfe104b5fd3e195b59e85885cce9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
7751e9f914f57be7d8df3817d856b90a

SHA1
e746e63ac31c5813750c970e934cbe1e6731f1b2

SHA256
0d54b9340b2be5f892525d3ad9b017318c87c186760a293089511b392516b68b

SHA512
13ba7720c51996cc044108785ddfa6262ea2b565e418cff81b4da3fd136d9a4ad12734c59fd97687c4ce32d09935de1dfde4377d198a1c799a154edba8570e3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
fb0097a0165bd129b70efa2f898e610f

SHA1
a9ae053d003134637ecd8d3c5194e31bcd53d315

SHA256
26d9b91dd4e3424ceb1497c230a55a8ae27ec2f71b8fb6cb2466be28f801b6f4

SHA512
693bf344afd19cb50d986ab27c1d42617a8dc16186c0f040c8962d1bdc1e4c5009cfed6c71695773985559de90890ecfab68eab432489e647642a4cd4301a9e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
2efa3640f852602166f48b25894d256a

SHA1
54e1b778d644cd730b1982fa5df822ccefd9e65a

SHA256
966416ec257a48b5046917df92a6bcd45531b99b078008f647aaa0565393febb

SHA512
0b93c11cc68db92a6ab77dee3c9906b886e280052d17b54a1071aa2c2a90ec49c29114534994483d82cb044619d40b9f11757ce3a4c9746c6857135d0b83bd15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
221KB

MD5
d3f54525b7fdccdffd67f925f77920c6

SHA1
919a3078feadefcaf111de3c6ec41f34135b7aa9

SHA256
2e7dad5c67f813603dbd007743d93ad89ed6ca24a6d2e168b7bccae9d92669ec

SHA512
66897c86acec4493766a646d6c7994d65b6c534b1f298cccc3a8e2c235b4f1a1b8c197cba6fa6ddbbff553364aaffb30b8962e987cfc5bf9a1eb0d621d681c8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\fe2d7dd4-ffac-423e-804f-640fef1d479e.tmp

Filesize
221KB

MD5
d7d4f721a444e84d5b7265c41bcd66cd

SHA1
6df3705aaff6a00ec5fb8f08423fe7b4b3d67c5a

SHA256
b22095f49c088635c885c71d43a6a2f4ab626cf36fb8150f0b5507a7e385945c

SHA512
01530775ea713cf20bfb35414c4dc448bca490ac11da13c858cb48e4f8c362ee178bd733153ad6648c69c7d9442fe0774514537135f6b9b53bb2758df794a6e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1576.tmp

Filesize
61KB

MD5
f3441b8572aae8801c04f3060b550443

SHA1
4ef0a35436125d6821831ef36c28ffaf196cda15

SHA256
6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

SHA512
5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar15A8.tmp

Filesize
163KB

MD5
9441737383d21192400eca82fda910ec

SHA1
725e0d606a4fc9ba44aa8ffde65bed15e65367e4

SHA256
bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

SHA512
7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

Download Submit
memory/2644-36-0x000000013F4E0000-0x000000013F5D8000-memory.dmp

Filesize
992KB

Download
memory/2644-38-0x000007FEF6770000-0x000007FEF6A24000-memory.dmp

Filesize
2.7MB

Download
memory/2644-40-0x000007FEF3B00000-0x000007FEF3C12000-memory.dmp

Filesize
1.1MB

Download
memory/2644-39-0x000007FEF56C0000-0x000007FEF676B000-memory.dmp

Filesize
16.7MB

Download
memory/2644-37-0x000007FEF80A0000-0x000007FEF80D4000-memory.dmp

Filesize
208KB

Download