1a84776922a5c30ab54405e3cdefc984e22d4e62e3c07d813010e3965cafd939

Analysis

max time kernel
1564s
max time network
1566s
platform
windows7_x64
resource
win7-20240220-de
resource tags

arch:x64arch:x86image:win7-20240220-delocale:de-deos:windows7-x64systemwindows
submitted
04-04-2024 12:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NameItwhatever.exe
Size

16.4MB
MD5

1b4650df1ae010317e622461ac1b9876
SHA1

f2f501b3cbad1328e20f6d01256516dab4d91019
SHA256

1a84776922a5c30ab54405e3cdefc984e22d4e62e3c07d813010e3965cafd939
SHA512

c025ef8dc10ab8ba4992348294b5d54a6c637aa55e9a899a09118e913d0f5e6c9993e8dca0e982052dbf4afdd0f261dc42852d9e22cc18695e4a2a3a44a160a8
SSDEEP

393216:no9Ddnnx89uxfH7h2Jp5M/urEUWjPCEhM1tv1PYro5NWjjvKda:o9ZnxGul7hNdbqh1x1KuejvKda

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 7 IoCs

Processes:

NameItwhatever.exe

pid	process
1980	NameItwhatever.exe
1980	NameItwhatever.exe
1980	NameItwhatever.exe
1980	NameItwhatever.exe
1980	NameItwhatever.exe
1980	NameItwhatever.exe
1980	NameItwhatever.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_MEI26122\python312.dll	upx
behavioral1/memory/1980-148-0x000007FEF5950000-0x000007FEF6029000-memory.dmp	upx

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

taskmgr.exe

pid	process
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

taskmgr.exe

pid process

1228 taskmgr.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

taskmgr.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	1228	taskmgr.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

NameItwhatever.exetaskmgr.exe

pid	process
1980	NameItwhatever.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

taskmgr.exe

pid	process
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe
1228	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

NameItwhatever.exechrome.exe

description	pid	process	target process
PID 2612 wrote to memory of 1980	2612	NameItwhatever.exe	NameItwhatever.exe
PID 2612 wrote to memory of 1980	2612	NameItwhatever.exe	NameItwhatever.exe
PID 2612 wrote to memory of 1980	2612	NameItwhatever.exe	NameItwhatever.exe
PID 3024 wrote to memory of 2572	3024	chrome.exe	chrome.exe
PID 3024 wrote to memory of 2572	3024	chrome.exe	chrome.exe
PID 3024 wrote to memory of 2572	3024	chrome.exe	chrome.exe
PID 3024 wrote to memory of 2184	3024	chrome.exe	chrome.exe
PID 3024 wrote to memory of 2184	3024	chrome.exe	chrome.exe
PID 3024 wrote to memory of 2184	3024	chrome.exe	chrome.exe
PID 3024 wrote to memory of 2184	3024	chrome.exe	chrome.exe
PID 3024 wrote to memory of 2184	3024	chrome.exe	chrome.exe
PID 3024 wrote to memory of 2184	3024	chrome.exe	chrome.exe
PID 3024 wrote to memory of 2184	3024	chrome.exe	chrome.exe
PID 3024 wrote to memory of 2184	3024	chrome.exe	chrome.exe
PID 3024 wrote to memory of 2184	3024	chrome.exe	chrome.exe
PID 3024 wrote to memory of 2184	3024	chrome.exe	chrome.exe
PID 3024 wrote to memory of 2184	3024	chrome.exe	chrome.exe
PID 3024 wrote to memory of 2184	3024	chrome.exe	chrome.exe
PID 3024 wrote to memory of 2184	3024	chrome.exe	chrome.exe
PID 3024 wrote to memory of 2184	3024	chrome.exe	chrome.exe
PID 3024 wrote to memory of 2184	3024	chrome.exe	chrome.exe
PID 3024 wrote to memory of 2184	3024	chrome.exe	chrome.exe
PID 3024 wrote to memory of 2184	3024	chrome.exe	chrome.exe
PID 3024 wrote to memory of 2184	3024	chrome.exe	chrome.exe
PID 3024 wrote to memory of 2184	3024	chrome.exe	chrome.exe
PID 3024 wrote to memory of 2184	3024	chrome.exe	chrome.exe
PID 3024 wrote to memory of 2184	3024	chrome.exe	chrome.exe
PID 3024 wrote to memory of 2184	3024	chrome.exe	chrome.exe
PID 3024 wrote to memory of 2184	3024	chrome.exe	chrome.exe
PID 3024 wrote to memory of 2184	3024	chrome.exe	chrome.exe
PID 3024 wrote to memory of 2184	3024	chrome.exe	chrome.exe
PID 3024 wrote to memory of 2184	3024	chrome.exe	chrome.exe
PID 3024 wrote to memory of 2184	3024	chrome.exe	chrome.exe
PID 3024 wrote to memory of 2184	3024	chrome.exe	chrome.exe
PID 3024 wrote to memory of 2184	3024	chrome.exe	chrome.exe
PID 3024 wrote to memory of 2184	3024	chrome.exe	chrome.exe
PID 3024 wrote to memory of 2184	3024	chrome.exe	chrome.exe
PID 3024 wrote to memory of 2184	3024	chrome.exe	chrome.exe
PID 3024 wrote to memory of 2184	3024	chrome.exe	chrome.exe
PID 3024 wrote to memory of 2184	3024	chrome.exe	chrome.exe
PID 3024 wrote to memory of 2184	3024	chrome.exe	chrome.exe
PID 3024 wrote to memory of 2184	3024	chrome.exe	chrome.exe
PID 3024 wrote to memory of 2184	3024	chrome.exe	chrome.exe
PID 3024 wrote to memory of 2184	3024	chrome.exe	chrome.exe
PID 3024 wrote to memory of 2184	3024	chrome.exe	chrome.exe
PID 3024 wrote to memory of 2544	3024	chrome.exe	chrome.exe
PID 3024 wrote to memory of 2544	3024	chrome.exe	chrome.exe
PID 3024 wrote to memory of 2544	3024	chrome.exe	chrome.exe
PID 3024 wrote to memory of 2444	3024	chrome.exe	chrome.exe
PID 3024 wrote to memory of 2444	3024	chrome.exe	chrome.exe
PID 3024 wrote to memory of 2444	3024	chrome.exe	chrome.exe
PID 3024 wrote to memory of 2444	3024	chrome.exe	chrome.exe
PID 3024 wrote to memory of 2444	3024	chrome.exe	chrome.exe
PID 3024 wrote to memory of 2444	3024	chrome.exe	chrome.exe
PID 3024 wrote to memory of 2444	3024	chrome.exe	chrome.exe
PID 3024 wrote to memory of 2444	3024	chrome.exe	chrome.exe
PID 3024 wrote to memory of 2444	3024	chrome.exe	chrome.exe
PID 3024 wrote to memory of 2444	3024	chrome.exe	chrome.exe
PID 3024 wrote to memory of 2444	3024	chrome.exe	chrome.exe
PID 3024 wrote to memory of 2444	3024	chrome.exe	chrome.exe
PID 3024 wrote to memory of 2444	3024	chrome.exe	chrome.exe
PID 3024 wrote to memory of 2444	3024	chrome.exe	chrome.exe
PID 3024 wrote to memory of 2444	3024	chrome.exe	chrome.exe
PID 3024 wrote to memory of 2444	3024	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\NameItwhatever.exe
"C:\Users\Admin\AppData\Local\Temp\NameItwhatever.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2612

C:\Users\Admin\AppData\Local\Temp\NameItwhatever.exe
"C:\Users\Admin\AppData\Local\Temp\NameItwhatever.exe"
2⤵
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
PID:1980

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef71a9758,0x7fef71a9768,0x7fef71a9778
2⤵
PID:2572

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1176 --field-trial-handle=1304,i,6669361093958507638,183751893831325144,131072 /prefetch:2
2⤵
PID:2184

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1304,i,6669361093958507638,183751893831325144,131072 /prefetch:8
2⤵
PID:2544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1604 --field-trial-handle=1304,i,6669361093958507638,183751893831325144,131072 /prefetch:8
2⤵
PID:2444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2108 --field-trial-handle=1304,i,6669361093958507638,183751893831325144,131072 /prefetch:1
2⤵
PID:2776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2116 --field-trial-handle=1304,i,6669361093958507638,183751893831325144,131072 /prefetch:1
2⤵
PID:2720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1388 --field-trial-handle=1304,i,6669361093958507638,183751893831325144,131072 /prefetch:2
2⤵
PID:2316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1168 --field-trial-handle=1304,i,6669361093958507638,183751893831325144,131072 /prefetch:1
2⤵
PID:1808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4008 --field-trial-handle=1304,i,6669361093958507638,183751893831325144,131072 /prefetch:8
2⤵
PID:2772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3996 --field-trial-handle=1304,i,6669361093958507638,183751893831325144,131072 /prefetch:1
2⤵
PID:840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1864 --field-trial-handle=1304,i,6669361093958507638,183751893831325144,131072 /prefetch:1
2⤵
PID:2612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2468 --field-trial-handle=1304,i,6669361093958507638,183751893831325144,131072 /prefetch:1
2⤵
PID:2220

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3988 --field-trial-handle=1304,i,6669361093958507638,183751893831325144,131072 /prefetch:1
2⤵
PID:1716

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1708

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\11f0e4bd-55f9-4296-be3f-fd2ed257ac7e.tmp
Filesize
262KB

MD5
b461f6a71ca345515681fab804ecee89

SHA1
d271138855d6cab378f3be80fa580d246797674f

SHA256
6cb45af6abfab43d5da8b18820e2aacd5fd414b9bb8491ae7ddeea7d9e384e16

SHA512
6f24e83655e4b52cef86a9fdb8bdad5e69182ecd2aa9064b832c5646d5564586f171c2820cac9d5436f95855c37737af7146741802f4f2d39988cdc29e4b86df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
Filesize
198KB

MD5
cda68ffa26095220a82ae0a7eaea5f57

SHA1
e892d887688790ddd8f0594607b539fc6baa9e40

SHA256
f9db7dd5930be2a5c8b4f545a361d51ed9c38e56bd3957650a3f8dbdf9c547fb

SHA512
84c8b0a4f78d8f3797dedf13e833280e6b968b7aeb2c5479211f1ff0b0ba8d3c12e8ab71a89ed128387818e05e335e8b9280a49f1dc775bd090a6114644aaf62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002
Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5637bde03f0ce99e_0
Filesize
280B

MD5
f12f10f6148175b3c72a0acee8cb0a78

SHA1
f87dcf346811bc6111e647b01d9143aaa1c2503d

SHA256
1a0d26a3139f9bbae26e5bf12c3aca0a75eccb8b240c405b33614bf64d2c2f5a

SHA512
382f785863a093a7542bb779882450955134230511802e0c7655d9529c205f6ccb77f93b646abdc4930876b215e28bb6884e791523e3da7fd8bad83ea7e40c14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\990aa3c764e6041e_0
Filesize
19KB

MD5
8a51fcdc335fec9a0bdea9459aa7c945

SHA1
d390e9843c2fe8780fc86c3ccca8d33c7dcbd2f9

SHA256
21250f96bee1971bb8963a4202a2f5eb491a84351d4431550122e39972008d31

SHA512
d4f7a800d2c6431290112e5a306e5526f241ed3681fb8f74358ef9d8d958c49d2725e086f0afe358614f5384aad6be88e30425a33684b82ec08a464db01aa3b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9cfb4fb6f2d6a315_0
Filesize
328KB

MD5
8309bf9fd63626255b6a37d27ec6cbe5

SHA1
3aa9d3f21f70b1b28c56e279bdb7945dc3a61e57

SHA256
4a61afe0e3569ef8e0b67bcd689291b7fcef87cb41cd5da05a2110764c556a86

SHA512
814485246e01f3bd8f441d02bc2164a0eaf0ebef38c2aea1c786aa5800f529751294d41cc38261f460a401b1659174049a0936ba46db98c61aedf93338cdd295

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ba54061886c82dc2_0
Filesize
289B

MD5
c799dc24a565c3ddf54f4067e592e5a5

SHA1
10537512ecb8c647901e1e066a792367e088069b

SHA256
b2139b6e38cbba7da704e7a523443888b89890fc75ae338cc7faf0f3ef98cdb3

SHA512
b899b09c6d3a995f0fc6396cdfd8d75c614ca18d0c848e65cdae15279eb5d12c08ad06df85bc72b4c123dc24e8e4663af89c8a1842fea439dbf1ccdce3f58cfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
192B

MD5
461c0cc7e5687a099690a97605f054b1

SHA1
8c63a2c3ad9324f33acf9d38899fdc5d366aff40

SHA256
3ccfe3caa63a447be908520e640c7d8eb4a2d2e9ff371de49c07cd7c6ca1297e

SHA512
6bfdcd338458b71cf708caa6148894c2c32540381ea1f784c5e273647ca86ca3604f251c92e3f2ea35e93730721a3db9148c9bda507cd46521e8a69f57cb39f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
192B

MD5
689279c353b795e5122ea52eb66ee1fb

SHA1
2dfd4fbc418de8e1dedbf9dec24d2199f17d6213

SHA256
af5f055f358a2b12ad674bd7777dbc9037f9452bee4740d0182ec3413624d880

SHA512
cafefa5e03e4abf7a651f280d48590b25a97370f3c2c0fcc9d19432e621e491a28d5611df006709a528e8ee07141ed2af589b1911e12c47274de87b9985cf8c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
192B

MD5
587bcadaf3c00dcf44dc917e026b245e

SHA1
ba5158cf71a6778a91c6d4bc218804ee870066b8

SHA256
0cfd3b872c4b6b903e4133615ca5b23a6524c597a34e9e428b20894c09e413e6

SHA512
9424b191db89c5518a27d7b3921835977aa12a3b3361326fe73bf7962da5beb1c9bf0e8c5c6ba3b7369169c63d452608c742adc47541ec2051f5ef6722a372f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
192B

MD5
dd64afb2ad4b26b3355aa3aa272cd1e5

SHA1
dc83b14a9c2e3f2e59001dd2de5ce31dce080217

SHA256
862e6809abd8fac6ebf58016f307f463de2749b093967fa2dce5dc387c9b68e0

SHA512
72a17756569dcf92d97470585db016c1a063649932ed2a3146912b8f9445bec5e7cb34c6aec4b04adf02539806a04db151dc0c52927ab4158545536793591a6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
6ffb1289b67408478645920b802c6e37

SHA1
e2721ec3f1cb0f4e790d02fbaa8d6140fd1c1637

SHA256
34b69dd0be421ec8e7c5131729f81ceb13e9fc8aabd4a5ee9d6c62acdfa64413

SHA512
7dccdb5b819cfa79334b5b5b5df78c9adac46b69be0df1c2d821b30b828de0b5c5fda59c07d8bea3751ea5e874e64608712a471a8441be6d7a8f962045fe81a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
192B

MD5
d007703680666dd084894f7c39d0a9e9

SHA1
81467c14fbdd3751b9450c14ad5d7f3b4a74429b

SHA256
84276513752da77c0b9ba93dd97b7175e507b85a7a43a0d8a77ff62b3b53c176

SHA512
d88bdf7534a7a68d80212abdde037bcdb68773b00c7a91054f5095a4f2a9f3e5fce0538651694af1b2c6ca54c4a1827b7da76783552d759d69efd2318cf0c489

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp
Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
ce6074172f0b7e3c6cd08635ee200c71

SHA1
091681cf699223e352702b713348054be2b53876

SHA256
d83e85bf800052ea754458c41cff7ad05932ecccfefce71a4ff68c055179ef28

SHA512
00cd94d72ddaba7e4a5b49f561d2099bdd86f3393cb12389c02c49588744568894d2320422c0d2b0ae9e8427bdfb71cd2ea101316276e5e0a283fd22a5aa101f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
36c996363c84a2aa093aa23e93bc5d6f

SHA1
a96d8d923449642b538093d7f94dcc1927891a73

SHA256
6105c0ef1a19c51543656ea82fa0fa287c096e294f5c2fe6c8cae6d8e33523c9

SHA512
61fd37fec08c9c8e6fca985ef938bf65b5e87cc60ea0f6a224976d8dcb0582ecdc3adf50a6357fb6d4fdb9f6e42c6df80b3a3ad9ab98b95de8c7bf34d032e422

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
361B

MD5
84cf5547e10b0d07e00732a653da75aa

SHA1
5b69c76304fddd9d1ee96292130310549d935e73

SHA256
614ed01ab1cc101e8425ff848d7f064cdbf633cfb56963914855323d881022cf

SHA512
1a48b496280d774b47ff1bbab3f094e5e9a1b0d8cfcfd57732a098bdc6609d528cbd5ecf7dfef01c72a7ed001b22b092bad01233d6edf31e9d96be861c662fc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
361B

MD5
ef98051c9c9447c99c547fd82551f48a

SHA1
8f03767ea9a91c555bb2e8a0d95f65312ef8d7e5

SHA256
7dae2ca812ca22fd7b8bd23914bb7ae16228c05ae7492a0944467f41d524a581

SHA512
0fc41b285330f40f69f9d7ddedcd0ea58675e2287dff037057b01b24d3cecc13390a754cdd6d3c29dacfbe1a624425fc7f692305157642e58635c47e9aa07589

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
e5db7c004c2327efbea05ef5118a5de4

SHA1
3a96d4c2d6727e779e4338c02c0558b61fc50ca1

SHA256
4e36220da0f21a3ec7536d694770917c8c1d99f525a88bde50f59415f2c2345f

SHA512
745d531f834d7784385d9fff55d8ad7c5cdacd0596359845516a84bc9464282e7853f3f4dae99f1863f9bc13f046748f0e1efc450696746e4508fe8d535905ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
0ba2844742297e59ebee8979127a0ce9

SHA1
d5f605ee0a554a24356a8fe65051a92370a8c83f

SHA256
e720973d1513c8cde6b9892da44feec7b6b49d86a5745a2cbbebbe7e7e649ed4

SHA512
0f0f79666813d7fe561fcff62ae57373f152d069d8b8d64b4f7d76c90eb1cdc0fa2c023b1428c0e7ae0de7376c012eb1bdf5ebc1fd391a01991cee8bb0519239

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
b9026e1d9fde6ad37186465c889c8ade

SHA1
214ee801ea74cd973a09b62c8d802e895da03969

SHA256
e23c2da153a8dfecce08009b309561f82c88b891a92a8c9439cfc128c1973c91

SHA512
6bb592fb67d7d6e29de8db4dc9d0e62ce15fc079e5cff54fb945bf9024e357096e5219a410b4ba81983b503c4f527c108735f4c9546fd1b4ceb56e7de7ddef89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
585146616f7046c47acdd6c68bc9a770

SHA1
a3ba245d1903b721847143b5ef067288f64570b5

SHA256
f63c3e0474be26622f2cb1801a96909425d46eaedc9ae2b25678e5740d497928

SHA512
b0e33e21a0909b82b95a23dee732432f06efc5cbfaf582180b12fd5be036ba4ae5bc49cc7f548ac3d28be56fd3464065eae4f1aa821c2995eba7746e6aad5bba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT
Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
262KB

MD5
850664ea1adff1b5978ef0bbd426e993

SHA1
4bc74c256ce571180a711e04be02eccbad781f47

SHA256
7c366483120c2e82ca1e94d3e4c6d01176dd9afe7ff47e3bbdb6bdf80b051b03

SHA512
672ad6974ced4afed49bba27dff878b7c5f4c88f57f9c88af03a85abe4dbb501a13398beaee045eb13fa0443dbfe3b9debe3dbe8b79bcc384cbde33d371cb6d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
262KB

MD5
e5396e50fbf73a7b2f7900900847a119

SHA1
82e544f02f36e5dc4ddb311896ef373333ead458

SHA256
39cd80fe632e06f9e8d1c9592510d98c38ad51b0298b07532ead9c6c99f35dd1

SHA512
455ac14358f77d7d452d4f9d509c64713aae4780535e6294f345399a33be996bb2ca9604f0ad51ea2d42d87a19f1a37f405ba845a6968d7a50fdcf857d3d382e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26122\api-ms-win-core-file-l1-2-0.dll
Filesize
21KB

MD5
bcb8b9f6606d4094270b6d9b2ed92139

SHA1
bd55e985db649eadcb444857beed397362a2ba7b

SHA256
fa18d63a117153e2ace5400ed89b0806e96f0627d9db935906be9294a3038118

SHA512
869b2b38fd528b033b3ec17a4144d818e42242b83d7be48e2e6da6992111758b302f48f52e0dd76becb526a90a2b040ce143c6d4f0e009a513017f06b9a8f2b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26122\api-ms-win-core-file-l2-1-0.dll
Filesize
18KB

MD5
bfffa7117fd9b1622c66d949bac3f1d7

SHA1
402b7b8f8dcfd321b1d12fc85a1ee5137a5569b2

SHA256
1ea267a2e6284f17dd548c6f2285e19f7edb15d6e737a55391140ce5cb95225e

SHA512
b319cc7b436b1be165cdf6ffcab8a87fe29de78f7e0b14c8f562be160481fb5483289bd5956fdc1d8660da7a3f86d8eede35c6cc2b7c3d4c852decf4b2dcdb7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26122\api-ms-win-core-localization-l1-2-0.dll
Filesize
21KB

MD5
20ddf543a1abe7aee845de1ec1d3aa8e

SHA1
0eaf5de57369e1db7f275a2fffd2d2c9e5af65bf

SHA256
d045a72c3e4d21165e9372f76b44ff116446c1e0c221d9cea3ab0a1134a310e8

SHA512
96dd48df315a7eea280ca3da0965a937a649ee77a82a1049e3d09b234439f7d927d7fb749073d7af1b23dadb643978b70dcdadc6c503fe850b512b0c9c1c78dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26122\api-ms-win-core-processthreads-l1-1-1.dll
Filesize
21KB

MD5
4380d56a3b83ca19ea269747c9b8302b

SHA1
0c4427f6f0f367d180d37fc10ecbe6534ef6469c

SHA256
a79c7f86462d8ab8a7b73a3f9e469514f57f9fe456326be3727352b092b6b14a

SHA512
1c29c335c55f5f896526c8ee0f7160211fd457c1f1b98915bcc141112f8a730e1a92391ab96688cbb7287e81e6814cc86e3b057e0a6129cbb02892108bfafaf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26122\api-ms-win-core-timezone-l1-1-0.dll
Filesize
21KB

MD5
2554060f26e548a089cab427990aacdf

SHA1
8cc7a44a16d6b0a6b7ed444e68990ff296d712fe

SHA256
5ab003e899270b04abc7f67be953eaccf980d5bbe80904c47f9aaf5d401bb044

SHA512
fd4d5a7fe4da77b0222b040dc38e53f48f7a3379f69e2199639b9f330b2e55939d89ce8361d2135182b607ad75e58ee8e34b90225143927b15dcc116b994c506

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26122\python312.dll
Filesize
1.8MB

MD5
cbd02b4c0cf69e5609c77dfd13fba7c4

SHA1
a3c8f6bfd7ffe0783157e41538b3955519f1e695

SHA256
ecef0ed97c7b249af3c56cde0bfcae70f66530d716b48b5d94621c3dba8236b5

SHA512
a3760ecaa9736eb24370a0a20dd22a1ee53b3f8002195947bc7d21b239278ec8e26bcc131d0132c530767d1de59954be7946dcf54fcbf2584052c9d9a5615567

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI26122\ucrtbase.dll
Filesize
992KB

MD5
0e0bac3d1dcc1833eae4e3e4cf83c4ef

SHA1
4189f4459c54e69c6d3155a82524bda7549a75a6

SHA256
8a91052ef261b5fbf3223ae9ce789af73dfe1e9b0ba5bdbc4d564870a24f2bae

SHA512
a45946e3971816f66dd7ea3788aacc384a9e95011500b458212dc104741315b85659e0d56a41570731d338bdf182141c093d3ced222c007038583ceb808e26fd

Download Submit
\??\pipe\crashpad_3024_LXOMCDFLZPTBPFOT
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1228-279-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1228-277-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1228-278-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1228-280-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1980-148-0x000007FEF5950000-0x000007FEF6029000-memory.dmp

Filesize
6.8MB

Download
memory/1980-149-0x000007FEF5950000-0x000007FEF6029000-memory.dmp

Filesize
6.8MB

Download