a3ffe6ad1ccb3a96f2759208545afdbd7b3d1ec0a957f1b359507ed490e0a067

Analysis

max time kernel
207s
max time network
508s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24/02/2024, 21:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

th-712794540 (1).jpg
Size

38KB
MD5

0f2cb6968fb61624849ee53bd35c68a0
SHA1

a53ed785a6e4383d475cd49c72b2c04f424eed1c
SHA256

a3ffe6ad1ccb3a96f2759208545afdbd7b3d1ec0a957f1b359507ed490e0a067
SHA512

0d6f657667d8e235e9bd766f5c83973fdf15db28514a8fb78a655dfeb0d4d18de31ec738e43bc9d41799df891859cadeb41252b8cd6357d79743f6d6e0d9d18c
SSDEEP

768:h1lOaCBc39PDtF1hP7X5nv2Xy5Ff5rDTcPHfeAxR/NixEixO69PT3LQ:hfOao8PRPx7XRpFf5PTIHfeAxR/I9vZ0

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
48	discord.com
49	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe

Suspicious use of FindShellTrayWindow 50 IoCs

pid	Process
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2224 wrote to memory of 760	2224	chrome.exe	38
PID 2224 wrote to memory of 760	2224	chrome.exe	38
PID 2224 wrote to memory of 760	2224	chrome.exe	38
PID 2224 wrote to memory of 1700	2224	chrome.exe	42
PID 2224 wrote to memory of 1700	2224	chrome.exe	42
PID 2224 wrote to memory of 1700	2224	chrome.exe	42
PID 2224 wrote to memory of 1700	2224	chrome.exe	42
PID 2224 wrote to memory of 1700	2224	chrome.exe	42
PID 2224 wrote to memory of 1700	2224	chrome.exe	42
PID 2224 wrote to memory of 1700	2224	chrome.exe	42
PID 2224 wrote to memory of 1700	2224	chrome.exe	42
PID 2224 wrote to memory of 1700	2224	chrome.exe	42
PID 2224 wrote to memory of 1700	2224	chrome.exe	42
PID 2224 wrote to memory of 1700	2224	chrome.exe	42
PID 2224 wrote to memory of 1700	2224	chrome.exe	42
PID 2224 wrote to memory of 1700	2224	chrome.exe	42
PID 2224 wrote to memory of 1700	2224	chrome.exe	42
PID 2224 wrote to memory of 1700	2224	chrome.exe	42
PID 2224 wrote to memory of 1700	2224	chrome.exe	42
PID 2224 wrote to memory of 1700	2224	chrome.exe	42
PID 2224 wrote to memory of 1700	2224	chrome.exe	42
PID 2224 wrote to memory of 1700	2224	chrome.exe	42
PID 2224 wrote to memory of 1700	2224	chrome.exe	42
PID 2224 wrote to memory of 1700	2224	chrome.exe	42
PID 2224 wrote to memory of 1700	2224	chrome.exe	42
PID 2224 wrote to memory of 1700	2224	chrome.exe	42
PID 2224 wrote to memory of 1700	2224	chrome.exe	42
PID 2224 wrote to memory of 1700	2224	chrome.exe	42
PID 2224 wrote to memory of 1700	2224	chrome.exe	42
PID 2224 wrote to memory of 1700	2224	chrome.exe	42
PID 2224 wrote to memory of 1700	2224	chrome.exe	42
PID 2224 wrote to memory of 1700	2224	chrome.exe	42
PID 2224 wrote to memory of 1700	2224	chrome.exe	42
PID 2224 wrote to memory of 1700	2224	chrome.exe	42
PID 2224 wrote to memory of 1700	2224	chrome.exe	42
PID 2224 wrote to memory of 1700	2224	chrome.exe	42
PID 2224 wrote to memory of 1700	2224	chrome.exe	42
PID 2224 wrote to memory of 1700	2224	chrome.exe	42
PID 2224 wrote to memory of 1700	2224	chrome.exe	42
PID 2224 wrote to memory of 1700	2224	chrome.exe	42
PID 2224 wrote to memory of 1700	2224	chrome.exe	42
PID 2224 wrote to memory of 1700	2224	chrome.exe	42
PID 2224 wrote to memory of 1360	2224	chrome.exe	43
PID 2224 wrote to memory of 1360	2224	chrome.exe	43
PID 2224 wrote to memory of 1360	2224	chrome.exe	43
PID 2224 wrote to memory of 2060	2224	chrome.exe	44
PID 2224 wrote to memory of 2060	2224	chrome.exe	44
PID 2224 wrote to memory of 2060	2224	chrome.exe	44
PID 2224 wrote to memory of 2060	2224	chrome.exe	44
PID 2224 wrote to memory of 2060	2224	chrome.exe	44
PID 2224 wrote to memory of 2060	2224	chrome.exe	44
PID 2224 wrote to memory of 2060	2224	chrome.exe	44
PID 2224 wrote to memory of 2060	2224	chrome.exe	44
PID 2224 wrote to memory of 2060	2224	chrome.exe	44
PID 2224 wrote to memory of 2060	2224	chrome.exe	44
PID 2224 wrote to memory of 2060	2224	chrome.exe	44
PID 2224 wrote to memory of 2060	2224	chrome.exe	44
PID 2224 wrote to memory of 2060	2224	chrome.exe	44
PID 2224 wrote to memory of 2060	2224	chrome.exe	44
PID 2224 wrote to memory of 2060	2224	chrome.exe	44
PID 2224 wrote to memory of 2060	2224	chrome.exe	44
PID 2224 wrote to memory of 2060	2224	chrome.exe	44
PID 2224 wrote to memory of 2060	2224	chrome.exe	44
PID 2224 wrote to memory of 2060	2224	chrome.exe	44

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1344.2.1348320593\1184659483" -childID 1 -isForBrowser -prefsHandle 1808 -prefMapHandle 1780 -prefsLen 20933 -prefMapSize 233444 -jsInitHandle 912 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a79ca2a5-d499-4f8b-b16a-15066db8bd76} 1344 "\\.\pipe\gecko-crash-server-pipe.1344" 1924 12693258 tab
1⤵
PID:1428

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen "C:\Users\Admin\AppData\Local\Temp\th-712794540 (1).jpg"
1⤵
PID:2768

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1344.3.558081309\59815666" -childID 2 -isForBrowser -prefsHandle 2452 -prefMapHandle 2448 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 912 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1b12558-daa4-4e57-ac58-6ea6397832f6} 1344 "\\.\pipe\gecko-crash-server-pipe.1344" 2468 1a2b6758 tab
1⤵
PID:2376

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1344.4.803981938\1224755792" -childID 3 -isForBrowser -prefsHandle 2644 -prefMapHandle 2640 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 912 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f63c3363-264b-48f9-94db-c6361fb88a08} 1344 "\\.\pipe\gecko-crash-server-pipe.1344" 2656 e6a858 tab
1⤵
PID:1944

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1344.5.1030752331\1236337632" -childID 4 -isForBrowser -prefsHandle 3588 -prefMapHandle 3356 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 912 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {84575211-32be-42f7-805b-465e152cf8ca} 1344 "\\.\pipe\gecko-crash-server-pipe.1344" 3592 109d3858 tab
1⤵
PID:2232

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1344.6.1899300810\2096377548" -childID 5 -isForBrowser -prefsHandle 3708 -prefMapHandle 3712 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 912 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1fc7a282-7e42-43b7-90c2-30985d621bf7} 1344 "\\.\pipe\gecko-crash-server-pipe.1344" 3696 1d872e58 tab
1⤵
PID:2664

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1344.7.1677954129\1680494237" -childID 6 -isForBrowser -prefsHandle 3884 -prefMapHandle 3888 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 912 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9706b060-68bb-42a8-b6e7-2f293cd6c8f2} 1344 "\\.\pipe\gecko-crash-server-pipe.1344" 3872 1dd0b258 tab
1⤵
PID:2288

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6789758,0x7fef6789768,0x7fef6789778
  2⤵
  PID:760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1164 --field-trial-handle=1300,i,7431348757605962752,18174608232004372237,131072 /prefetch:2
  2⤵
  PID:1700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1300,i,7431348757605962752,18174608232004372237,131072 /prefetch:8
  2⤵
  PID:1360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1620 --field-trial-handle=1300,i,7431348757605962752,18174608232004372237,131072 /prefetch:8
  2⤵
  PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2228 --field-trial-handle=1300,i,7431348757605962752,18174608232004372237,131072 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2236 --field-trial-handle=1300,i,7431348757605962752,18174608232004372237,131072 /prefetch:1
  2⤵
  PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1316 --field-trial-handle=1300,i,7431348757605962752,18174608232004372237,131072 /prefetch:2
  2⤵
  PID:2504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1372 --field-trial-handle=1300,i,7431348757605962752,18174608232004372237,131072 /prefetch:2
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1324 --field-trial-handle=1300,i,7431348757605962752,18174608232004372237,131072 /prefetch:2
  2⤵
  PID:3000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3776 --field-trial-handle=1300,i,7431348757605962752,18174608232004372237,131072 /prefetch:1
  2⤵
  PID:576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3492 --field-trial-handle=1300,i,7431348757605962752,18174608232004372237,131072 /prefetch:8
  2⤵
  PID:1284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3532 --field-trial-handle=1300,i,7431348757605962752,18174608232004372237,131072 /prefetch:1
  2⤵
  PID:2636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3568 --field-trial-handle=1300,i,7431348757605962752,18174608232004372237,131072 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4016 --field-trial-handle=1300,i,7431348757605962752,18174608232004372237,131072 /prefetch:1
  2⤵
  PID:240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2708 --field-trial-handle=1300,i,7431348757605962752,18174608232004372237,131072 /prefetch:1
  2⤵
  PID:548

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2e3e3aa9d5caee2dd659c8a8350cbc2b

SHA1
1ad86b50c38e97d4166f53f5839aacd12eaa8c78

SHA256
969c435e3bf06602b396ee12352a02b807875cada1caa82b29c2471b98140e16

SHA512
a86ea214cd58567b63a2a9db946b3e49f04c085a1d9e4e06bad55d80c9bc448208b8055209c94c0bae5cf1e1e1833be19c20c59f1e56b334162ca9a08f363cf6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1e7197944f0254562599103e83392a9f

SHA1
cabd4a472f248a33329ac74f534d95b517ca24d8

SHA256
5350e77555c68c4f6c0829bdb3c65aae7756d0d80caeecfb8db7d374e929d1be

SHA512
e0cca45e336f4c76d8e0bda83831e345c8a85e9aedb1bd622caff1c0969f5450bb3ce85f5104f1ca1a51845612d65a85a0db37f702c3bbf81de65e8c0d38c61f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\1f6ea13a-61aa-4c05-8027-0d8780b56c88.tmp

Filesize
4KB

MD5
f5766c25dd91da6578d25fbe57b1422b

SHA1
6f39e9b29fa3ee6111d3eae3dab25a25fb04b0a8

SHA256
ed243ade4f713abb9f84f782681a420395bb1e8a3d9f93bc6ab24671d9740e17

SHA512
5573693cb12a1a9f4b8e7ed7223750391c7d448d5eb0b1bedaf42c60cec21b9b53de9f175b94884f95ac709d5d02198fe0130b6a665189e230568b7a98db6bfe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\87706e9aa9d5879f_0

Filesize
20KB

MD5
0dd2407fa2f41799574e1bcacaacb148

SHA1
4b2a1502f7950bea94cf77380f1340dbc5a0b00e

SHA256
575de60f4740794d78d3b81b22d8021bbeefa5f1b4ae3e821dcc586fc0ebca94

SHA512
9fd0907356af5d3dfb6815c6270f26aa71cb12a241800fbc796221524b727ad11006363754cfc25d2cf511fa6fe80de9eecc3391cefae5ab3c7a2b684fc31bbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e985e3ff492c677c_0

Filesize
290B

MD5
030d30b9cb8ea0d93bcb0220c673393a

SHA1
1b2b0be7958d00838d6a72d94e90a972201ab051

SHA256
a1410acbb0e7e00c822bcc502d213fc8426cc3ca2844c7388b716412fe8050f6

SHA512
7f5cbedf2ca93ba92eaa168aefda8c6f06ebe4c1d16f7e99cbb835b7dd0b5a18f14dfebac5613c6931298c377d88618acad71a92d66408c3b6334396ebb236db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
4b6675299ffaa1d56ff881f3e7d78ace

SHA1
1a9e0079ffba652b97381f32dfb831f31f52029c

SHA256
30aa1d96fa118563811f23e946b1641bd4a696e2c1c291ff8796d369ce8847bd

SHA512
03cf8153f607a5b870efd035efa5b0fcefd5c2c27121078eff69d9370f08b3800e54498d503ad1c85523442f6027b9224952efa056e7fea4ed161286f043187c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
b92b5f8191f77bf2a131d4f570be84cd

SHA1
4d0a6764d7d0ae18565fe2923a700205b7faaffb

SHA256
c0c3ca479d4b69d0ee755ac12616909a7e7916e3a76ff5395b771ddae2c5c61d

SHA512
9c2e24e699c4e0c5995b5dede5aac3d4f60132d2f0414b592ddf4da4c556bec8db95f8b1b648beba92647090ae0e044213d7cb165d2de76d7af2d23fcc463d17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
362cbdf6df46006a3d278430c978bf50

SHA1
0bb2a324f121e16c13df7ed6f49df7f5bdd28962

SHA256
cf04955f029d1734a20be4f9f85dd221dbba2456a741cec1847737510ec70bae

SHA512
cb2ee56bd69092dd4f542e99c00065129323a55a286170c31209cf05606d531f41a3742c9ba9e744730cc2b1ed4631bc4deb34381f501ecacb33b1b0247672bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
b7c5129226eb3b4e5f6c88a3ffa53f6f

SHA1
0989263f6f650f6f0cd6ee2522cde5cb8d341736

SHA256
3115144b875373f4906216a58db429627874c3c3494e8149a2eb44a97b9d39ee

SHA512
b06b7c049e491ec777604eb6cbff2eb79806985cc79587afbc31920e5d92131174d94a218d1ffafb1649846729128fa384b0fc2af985ab144bb3453e8afe79fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
5e28715019f184254ecf349a057dc9c8

SHA1
2c65180c5548a05b16cc8ef8c4e774aeabd39d25

SHA256
163c696039c41621b3d39a62676b9fb4eeed98cccd0093e5a8bb0108074fa78e

SHA512
14190bdbfa66452e77aeaf81d3bc9eb6790a7a5480d150efd73d2692de01c6a4f1239c652140dbb1ffb6720aec39e40539f8319eece9d4e5ffb1ecb3d9cabe28

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab15B4.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1C2D.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit