d0d6cabab10e62f0261e2ca13daa453b4ec38c9f81880a55d1aca04c8ae5a3fa

Resubmissions

06/04/2024, 02:27

240406-cxlmyahb6x 3

06/04/2024, 02:26

06/04/2024, 02:25

06/04/2024, 02:21

06/04/2024, 02:19

06/04/2024, 02:18

06/04/2024, 02:17

Analysis

max time kernel
105s
max time network
258s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
06/04/2024, 02:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

compiler.exe
Size

89KB
MD5

dd98a43cb27efd5bcc29efb23fdd6ca5
SHA1

38f621f3f0df5764938015b56ecfa54948dde8f5
SHA256

1cf20b8449ea84c684822a5e8ab3672213072db8267061537d1ce4ec2c30c42a
SHA512

871a2079892b1eb54cb761aebd500ac8da96489c3071c32a3dab00200f74f4e12b9ab6c62623c53aea5b8be3fc031fb1b3e628ffe15d73323d917083240742b0
SSDEEP

1536:Ee7h7q/J6K3nHC+AGUob2f0DBFPbPWNPWp350NHcHkDsWqxcd2ZPSAv:Ee7oU8HC+AGUu2abPbPWQpO8E0A2tSAv

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1164	chrome.exe
1164	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe
Token: SeShutdownPrivilege	1164	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1164 wrote to memory of 2016	1164	chrome.exe	30
PID 1164 wrote to memory of 2016	1164	chrome.exe	30
PID 1164 wrote to memory of 2016	1164	chrome.exe	30
PID 1164 wrote to memory of 2460	1164	chrome.exe	32
PID 1164 wrote to memory of 2460	1164	chrome.exe	32
PID 1164 wrote to memory of 2460	1164	chrome.exe	32
PID 1164 wrote to memory of 2460	1164	chrome.exe	32
PID 1164 wrote to memory of 2460	1164	chrome.exe	32
PID 1164 wrote to memory of 2460	1164	chrome.exe	32
PID 1164 wrote to memory of 2460	1164	chrome.exe	32
PID 1164 wrote to memory of 2460	1164	chrome.exe	32
PID 1164 wrote to memory of 2460	1164	chrome.exe	32
PID 1164 wrote to memory of 2460	1164	chrome.exe	32
PID 1164 wrote to memory of 2460	1164	chrome.exe	32
PID 1164 wrote to memory of 2460	1164	chrome.exe	32
PID 1164 wrote to memory of 2460	1164	chrome.exe	32
PID 1164 wrote to memory of 2460	1164	chrome.exe	32
PID 1164 wrote to memory of 2460	1164	chrome.exe	32
PID 1164 wrote to memory of 2460	1164	chrome.exe	32
PID 1164 wrote to memory of 2460	1164	chrome.exe	32
PID 1164 wrote to memory of 2460	1164	chrome.exe	32
PID 1164 wrote to memory of 2460	1164	chrome.exe	32
PID 1164 wrote to memory of 2460	1164	chrome.exe	32
PID 1164 wrote to memory of 2460	1164	chrome.exe	32
PID 1164 wrote to memory of 2460	1164	chrome.exe	32
PID 1164 wrote to memory of 2460	1164	chrome.exe	32
PID 1164 wrote to memory of 2460	1164	chrome.exe	32
PID 1164 wrote to memory of 2460	1164	chrome.exe	32
PID 1164 wrote to memory of 2460	1164	chrome.exe	32
PID 1164 wrote to memory of 2460	1164	chrome.exe	32
PID 1164 wrote to memory of 2460	1164	chrome.exe	32
PID 1164 wrote to memory of 2460	1164	chrome.exe	32
PID 1164 wrote to memory of 2460	1164	chrome.exe	32
PID 1164 wrote to memory of 2460	1164	chrome.exe	32
PID 1164 wrote to memory of 2460	1164	chrome.exe	32
PID 1164 wrote to memory of 2460	1164	chrome.exe	32
PID 1164 wrote to memory of 2460	1164	chrome.exe	32
PID 1164 wrote to memory of 2460	1164	chrome.exe	32
PID 1164 wrote to memory of 2460	1164	chrome.exe	32
PID 1164 wrote to memory of 2460	1164	chrome.exe	32
PID 1164 wrote to memory of 2460	1164	chrome.exe	32
PID 1164 wrote to memory of 2460	1164	chrome.exe	32
PID 1164 wrote to memory of 2760	1164	chrome.exe	33
PID 1164 wrote to memory of 2760	1164	chrome.exe	33
PID 1164 wrote to memory of 2760	1164	chrome.exe	33
PID 1164 wrote to memory of 2756	1164	chrome.exe	34
PID 1164 wrote to memory of 2756	1164	chrome.exe	34
PID 1164 wrote to memory of 2756	1164	chrome.exe	34
PID 1164 wrote to memory of 2756	1164	chrome.exe	34
PID 1164 wrote to memory of 2756	1164	chrome.exe	34
PID 1164 wrote to memory of 2756	1164	chrome.exe	34
PID 1164 wrote to memory of 2756	1164	chrome.exe	34
PID 1164 wrote to memory of 2756	1164	chrome.exe	34
PID 1164 wrote to memory of 2756	1164	chrome.exe	34
PID 1164 wrote to memory of 2756	1164	chrome.exe	34
PID 1164 wrote to memory of 2756	1164	chrome.exe	34
PID 1164 wrote to memory of 2756	1164	chrome.exe	34
PID 1164 wrote to memory of 2756	1164	chrome.exe	34
PID 1164 wrote to memory of 2756	1164	chrome.exe	34
PID 1164 wrote to memory of 2756	1164	chrome.exe	34
PID 1164 wrote to memory of 2756	1164	chrome.exe	34
PID 1164 wrote to memory of 2756	1164	chrome.exe	34
PID 1164 wrote to memory of 2756	1164	chrome.exe	34
PID 1164 wrote to memory of 2756	1164	chrome.exe	34

C:\Users\Admin\AppData\Local\Temp\compiler.exe
"C:\Users\Admin\AppData\Local\Temp\compiler.exe"
1⤵
PID:1712

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7049758,0x7fef7049768,0x7fef7049778
  2⤵
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1176 --field-trial-handle=1200,i,12291902639586645518,12237311486423955553,131072 /prefetch:2
  2⤵
  PID:2460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1200,i,12291902639586645518,12237311486423955553,131072 /prefetch:8
  2⤵
  PID:2760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1636 --field-trial-handle=1200,i,12291902639586645518,12237311486423955553,131072 /prefetch:8
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2256 --field-trial-handle=1200,i,12291902639586645518,12237311486423955553,131072 /prefetch:1
  2⤵
  PID:2496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2264 --field-trial-handle=1200,i,12291902639586645518,12237311486423955553,131072 /prefetch:1
  2⤵
  PID:3016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1604 --field-trial-handle=1200,i,12291902639586645518,12237311486423955553,131072 /prefetch:2
  2⤵
  PID:1432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3228 --field-trial-handle=1200,i,12291902639586645518,12237311486423955553,131072 /prefetch:1
  2⤵
  PID:924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3684 --field-trial-handle=1200,i,12291902639586645518,12237311486423955553,131072 /prefetch:8
  2⤵
  PID:1952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3708 --field-trial-handle=1200,i,12291902639586645518,12237311486423955553,131072 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3852 --field-trial-handle=1200,i,12291902639586645518,12237311486423955553,131072 /prefetch:1
  2⤵
  PID:1380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3876 --field-trial-handle=1200,i,12291902639586645518,12237311486423955553,131072 /prefetch:1
  2⤵
  PID:788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2592 --field-trial-handle=1200,i,12291902639586645518,12237311486423955553,131072 /prefetch:1
  2⤵
  PID:1296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2660 --field-trial-handle=1200,i,12291902639586645518,12237311486423955553,131072 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2748 --field-trial-handle=1200,i,12291902639586645518,12237311486423955553,131072 /prefetch:1
  2⤵
  PID:2384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2764 --field-trial-handle=1200,i,12291902639586645518,12237311486423955553,131072 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2756 --field-trial-handle=1200,i,12291902639586645518,12237311486423955553,131072 /prefetch:8
  2⤵
  PID:2860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3940 --field-trial-handle=1200,i,12291902639586645518,12237311486423955553,131072 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2448 --field-trial-handle=1200,i,12291902639586645518,12237311486423955553,131072 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2756 --field-trial-handle=1200,i,12291902639586645518,12237311486423955553,131072 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3988 --field-trial-handle=1200,i,12291902639586645518,12237311486423955553,131072 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4048 --field-trial-handle=1200,i,12291902639586645518,12237311486423955553,131072 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3928 --field-trial-handle=1200,i,12291902639586645518,12237311486423955553,131072 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=2412 --field-trial-handle=1200,i,12291902639586645518,12237311486423955553,131072 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4008 --field-trial-handle=1200,i,12291902639586645518,12237311486423955553,131072 /prefetch:1
  2⤵
  PID:2136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3432 --field-trial-handle=1200,i,12291902639586645518,12237311486423955553,131072 /prefetch:1
  2⤵
  PID:1740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=1876 --field-trial-handle=1200,i,12291902639586645518,12237311486423955553,131072 /prefetch:1
  2⤵
  PID:1280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=2592 --field-trial-handle=1200,i,12291902639586645518,12237311486423955553,131072 /prefetch:1
  2⤵
  PID:2620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=2420 --field-trial-handle=1200,i,12291902639586645518,12237311486423955553,131072 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=664 --field-trial-handle=1200,i,12291902639586645518,12237311486423955553,131072 /prefetch:1
  2⤵
  PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=1956 --field-trial-handle=1200,i,12291902639586645518,12237311486423955553,131072 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=4084 --field-trial-handle=1200,i,12291902639586645518,12237311486423955553,131072 /prefetch:1
  2⤵
  PID:2380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=2452 --field-trial-handle=1200,i,12291902639586645518,12237311486423955553,131072 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=2604 --field-trial-handle=1200,i,12291902639586645518,12237311486423955553,131072 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=3428 --field-trial-handle=1200,i,12291902639586645518,12237311486423955553,131072 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=3380 --field-trial-handle=1200,i,12291902639586645518,12237311486423955553,131072 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=3868 --field-trial-handle=1200,i,12291902639586645518,12237311486423955553,131072 /prefetch:1
  2⤵
  PID:2840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=2384 --field-trial-handle=1200,i,12291902639586645518,12237311486423955553,131072 /prefetch:1
  2⤵
  PID:2624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=2444 --field-trial-handle=1200,i,12291902639586645518,12237311486423955553,131072 /prefetch:1
  2⤵
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=4020 --field-trial-handle=1200,i,12291902639586645518,12237311486423955553,131072 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=3904 --field-trial-handle=1200,i,12291902639586645518,12237311486423955553,131072 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=4080 --field-trial-handle=1200,i,12291902639586645518,12237311486423955553,131072 /prefetch:1
  2⤵
  PID:1532

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\902f1e4a-8894-43bb-810b-48c79f271961.tmp

Filesize
6KB

MD5
5bf6549ddf63bb378548326ebfc45c3c

SHA1
ffcda5f41828f33347cf101ce24d1883497c449f

SHA256
96e3f77c11f007ad1260049af051e3870f31ec125415391b2724c09255814d9b

SHA512
986a838050133f80250b5e93043298b2e79de347239a1463bb157622de947fc6e49ed24bd1ae4936d595a476fb9b59ca39b5cd5b20ff101292f681f2be3bd6ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
1a7280d91b31f8ecc2770180c6404045

SHA1
b54786c530092eb71a2c6e2ad0087edd7642fd9f

SHA256
a814951fb2c336641a0ea9fc2dd29bc4c43d6a63a3fe58f4ade0e12e56577a1e

SHA512
f4d9e69c351f901992af88ddb86e500bb2833bffb19a30b4073168b9b8de82bb0cf4df32c058a593056b998a65683c3b4f85a5ba78b75fa46376b2193b553038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
829835a5ed15d426ca04a3cb68f8e0e5

SHA1
2128ffc9f1bb207cbc3b68636e0ef63745b98793

SHA256
3f476ab972335c6a5a56fa4c0407e677d489b8305621b7003243eae3d69a5d3b

SHA512
4d102bb9406d1a73acd8421f9181ddd14b19ada3a595d9ac4942d7ab7510b42c3d65b4082c4993f05d7caa7cdf07188620728e29ae46f00c0eb985512dfe70b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bfa4b640927db11644d24dba3f55363d

SHA1
a229da14061fd9a967471fcbd2fab698b31f5210

SHA256
8c98aee6c2144071f24efa78a0d1eee0921f7f60eabf2dd3e50e9d6e6f988855

SHA512
ac7a066a844423e773e50928195e1df45ca7943d8ae4e993b8e4668407866003024faf62b3fd8b6fa832ca176234173cf0e6110b08c36a123c725408b790f030

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f51909eef77fd167ab6856ec47279f87

SHA1
16d43e770704a96df57521197e069228ea60c7fe

SHA256
e3a88cf27a5c352d03666aa27fe6346695ee79ed91c52465e48977f9c98ebd26

SHA512
aebbab1e441def540407a0f92ef6085075aa724df5ade9bc24a651639e0811530558c043bf97d6177771179c807aa9cd9928883a75c1217fe128dbd46387148b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
00a7cdc3ab183af810d6b3e670411e34

SHA1
4513ecf5a7246310696611baa16979f73161ee68

SHA256
c03a797ba6b5218da745f2c1ebb96ab866386b3c1e5f5689cc166ee788633761

SHA512
2785805e0c0c8f212c5868bf53ee1efb01592e339c27c122aa141ac39c5457608dfe18dd9d3e0dd89fda201dc9bd875722b40a6b2e4490a4519b84d6a526690f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
ea909fc7ce2f4f856aa7b8de8466df15

SHA1
57553352771b9133e3cea8e8876e6bbba3480eca

SHA256
3dc0847def0967e6812a8822837b511235eadc5e81db452d286f3868ed1a8588

SHA512
86d85d2b5ec773157171e947fac127d2dad855f73936c34eedd177a6c9a15bda2a8734792cf8bd170234f5a0e89873bea2a47ba09c34666ddea21d331d8b88ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
2adf396a7655460273404014a5276386

SHA1
9ad361b630a9c5635bb3b2ec15cf3bf3c4eed369

SHA256
a7d966b605f6e2167c8b8acfb75ea4bbcbfa8128881c3bfcbd7fd2467bc0f081

SHA512
1706e6d912ede5f40e3c9960d44a51a68942587272a602d87a1b33e69c345023060a82a0ac0e5918c342ce8dbc7a37f415503cea3f827767ab2df4b6848e2da4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
8030c0aac7e1d1cc91976fe9a677de7c

SHA1
fda8402ddc9ca704c40ce15f695b587be9c1ffe8

SHA256
a11079c7aeae2dcecc7288c1ab39b0a3744e4711e996d0e9896b208091d11ae9

SHA512
557d2445fd1ff20a27665c9ede9b0302c54fe9388e3e1980bd76f6dcdc03ac6b2322c6392b4ce3dcce9fb9d5e65fb5c17f444f0909a6a655dd04205d87114b44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
56b6cd55b042016879ad5ecc3c8326f4

SHA1
b28be9885e1c7fed35fc8b62e2458e08d7a43cb5

SHA256
5c864be673b3bbca3112c7a53ec3638218ca18ee428d8b935836dee137fed17e

SHA512
60c853c5b6517dd29ee64c6f705c40488ba1230f18633d26ba7a73c158ef9d7514f9b5e5bac78a6abbb081ae732e893b10d38ce7d605b879e42242c894da9344

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
ffe6f41ee4d17d536f8beabbac489130

SHA1
1ccb95fdd21e6f46e89e60ea6057cd4391591820

SHA256
ab77554531fee502aa08b627506eefdbdb3e5c1019913e353c31ccec21b07da2

SHA512
0ff8bd6cdea526a02b69069265c8b2448837a0bc87b3d9d1e050b6a7aa37d6b5f3bd952cddf241c53f4da9e99bf0ea3c2e4f2d540a789b1853caa655914b4830

Download Submit