e2e0b07cf6f82a50a7875022f5d3bf13ccd0b8e25d5d23a884ad5eb18ca8d306

Resubmissions

09-04-2024 02:52

240409-dc1rssfh6x 8

09-04-2024 02:49

240409-da6v2acc46 3

09-04-2024 02:45

240409-c8yrmscb55 7

09-04-2024 02:41

240409-c6xfssff6v 1

Analysis

max time kernel
29s
max time network
147s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09-04-2024 02:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Unconfirmed 786937.exe
Size

2.9MB
MD5

dc29dd92582fe161658ceea65e314239
SHA1

22cbba5817885e3bd99470cfda7a49a7aa005a65
SHA256

e2e0b07cf6f82a50a7875022f5d3bf13ccd0b8e25d5d23a884ad5eb18ca8d306
SHA512

0ca785098d55efa83b1bebac71cc9d926661d67eb0dba85db3afdcf54653c1e9902f74a2e094c1ee1b0645833216b9653e71d354fdbfa5e8ec43ab149c4ff413
SSDEEP

24576:yJyn9l7TSInUrer2lTL2Kk8cfLDxvqGos7S8m657w6ZBLmkitKqBCjC0PDgM5A4C:9Ka29L218cvxiVV1BCjBknWo

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2728	360	WerFault.exe	27

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
360	Unconfirmed 786937.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe

Suspicious use of AdjustPrivilegeToken 47 IoCs

description	pid	Process
Token: SeDebugPrivilege	360	Unconfirmed 786937.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe
Token: SeShutdownPrivilege	3020	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe
3020	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 360 wrote to memory of 2728	360	Unconfirmed 786937.exe	28
PID 360 wrote to memory of 2728	360	Unconfirmed 786937.exe	28
PID 360 wrote to memory of 2728	360	Unconfirmed 786937.exe	28
PID 360 wrote to memory of 2728	360	Unconfirmed 786937.exe	28
PID 3020 wrote to memory of 2568	3020	chrome.exe	30
PID 3020 wrote to memory of 2568	3020	chrome.exe	30
PID 3020 wrote to memory of 2568	3020	chrome.exe	30
PID 3020 wrote to memory of 2616	3020	chrome.exe	32
PID 3020 wrote to memory of 2616	3020	chrome.exe	32
PID 3020 wrote to memory of 2616	3020	chrome.exe	32
PID 3020 wrote to memory of 2616	3020	chrome.exe	32
PID 3020 wrote to memory of 2616	3020	chrome.exe	32
PID 3020 wrote to memory of 2616	3020	chrome.exe	32
PID 3020 wrote to memory of 2616	3020	chrome.exe	32
PID 3020 wrote to memory of 2616	3020	chrome.exe	32
PID 3020 wrote to memory of 2616	3020	chrome.exe	32
PID 3020 wrote to memory of 2616	3020	chrome.exe	32
PID 3020 wrote to memory of 2616	3020	chrome.exe	32
PID 3020 wrote to memory of 2616	3020	chrome.exe	32
PID 3020 wrote to memory of 2616	3020	chrome.exe	32
PID 3020 wrote to memory of 2616	3020	chrome.exe	32
PID 3020 wrote to memory of 2616	3020	chrome.exe	32
PID 3020 wrote to memory of 2616	3020	chrome.exe	32
PID 3020 wrote to memory of 2616	3020	chrome.exe	32
PID 3020 wrote to memory of 2616	3020	chrome.exe	32
PID 3020 wrote to memory of 2616	3020	chrome.exe	32
PID 3020 wrote to memory of 2616	3020	chrome.exe	32
PID 3020 wrote to memory of 2616	3020	chrome.exe	32
PID 3020 wrote to memory of 2616	3020	chrome.exe	32
PID 3020 wrote to memory of 2616	3020	chrome.exe	32
PID 3020 wrote to memory of 2616	3020	chrome.exe	32
PID 3020 wrote to memory of 2616	3020	chrome.exe	32
PID 3020 wrote to memory of 2616	3020	chrome.exe	32
PID 3020 wrote to memory of 2616	3020	chrome.exe	32
PID 3020 wrote to memory of 2616	3020	chrome.exe	32
PID 3020 wrote to memory of 2616	3020	chrome.exe	32
PID 3020 wrote to memory of 2616	3020	chrome.exe	32
PID 3020 wrote to memory of 2616	3020	chrome.exe	32
PID 3020 wrote to memory of 2616	3020	chrome.exe	32
PID 3020 wrote to memory of 2616	3020	chrome.exe	32
PID 3020 wrote to memory of 2616	3020	chrome.exe	32
PID 3020 wrote to memory of 2616	3020	chrome.exe	32
PID 3020 wrote to memory of 2616	3020	chrome.exe	32
PID 3020 wrote to memory of 2616	3020	chrome.exe	32
PID 3020 wrote to memory of 2616	3020	chrome.exe	32
PID 3020 wrote to memory of 2616	3020	chrome.exe	32
PID 3020 wrote to memory of 3004	3020	chrome.exe	33
PID 3020 wrote to memory of 3004	3020	chrome.exe	33
PID 3020 wrote to memory of 3004	3020	chrome.exe	33
PID 3020 wrote to memory of 2900	3020	chrome.exe	34
PID 3020 wrote to memory of 2900	3020	chrome.exe	34
PID 3020 wrote to memory of 2900	3020	chrome.exe	34
PID 3020 wrote to memory of 2900	3020	chrome.exe	34
PID 3020 wrote to memory of 2900	3020	chrome.exe	34
PID 3020 wrote to memory of 2900	3020	chrome.exe	34
PID 3020 wrote to memory of 2900	3020	chrome.exe	34
PID 3020 wrote to memory of 2900	3020	chrome.exe	34
PID 3020 wrote to memory of 2900	3020	chrome.exe	34
PID 3020 wrote to memory of 2900	3020	chrome.exe	34
PID 3020 wrote to memory of 2900	3020	chrome.exe	34
PID 3020 wrote to memory of 2900	3020	chrome.exe	34
PID 3020 wrote to memory of 2900	3020	chrome.exe	34
PID 3020 wrote to memory of 2900	3020	chrome.exe	34
PID 3020 wrote to memory of 2900	3020	chrome.exe	34

C:\Users\Admin\AppData\Local\Temp\Unconfirmed 786937.exe
"C:\Users\Admin\AppData\Local\Temp\Unconfirmed 786937.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:360
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 360 -s 1404
  2⤵
  - Program crash
  PID:2728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6c49758,0x7fef6c49768,0x7fef6c49778
  2⤵
  PID:2568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1148 --field-trial-handle=1224,i,13071115768408803763,8452781649960808089,131072 /prefetch:2
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1224,i,13071115768408803763,8452781649960808089,131072 /prefetch:8
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1560 --field-trial-handle=1224,i,13071115768408803763,8452781649960808089,131072 /prefetch:8
  2⤵
  PID:2900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1532 --field-trial-handle=1224,i,13071115768408803763,8452781649960808089,131072 /prefetch:1
  2⤵
  PID:2704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2348 --field-trial-handle=1224,i,13071115768408803763,8452781649960808089,131072 /prefetch:1
  2⤵
  PID:2736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1036 --field-trial-handle=1224,i,13071115768408803763,8452781649960808089,131072 /prefetch:2
  2⤵
  PID:2604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3212 --field-trial-handle=1224,i,13071115768408803763,8452781649960808089,131072 /prefetch:1
  2⤵
  PID:1148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3472 --field-trial-handle=1224,i,13071115768408803763,8452781649960808089,131072 /prefetch:8
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3368 --field-trial-handle=1224,i,13071115768408803763,8452781649960808089,131072 /prefetch:8
  2⤵
  PID:2128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3616 --field-trial-handle=1224,i,13071115768408803763,8452781649960808089,131072 /prefetch:8
  2⤵
  PID:1756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3560 --field-trial-handle=1224,i,13071115768408803763,8452781649960808089,131072 /prefetch:8
  2⤵
  PID:820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3744 --field-trial-handle=1224,i,13071115768408803763,8452781649960808089,131072 /prefetch:8
  2⤵
  PID:1572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3812 --field-trial-handle=1224,i,13071115768408803763,8452781649960808089,131072 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2440 --field-trial-handle=1224,i,13071115768408803763,8452781649960808089,131072 /prefetch:1
  2⤵
  PID:1104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2156 --field-trial-handle=1224,i,13071115768408803763,8452781649960808089,131072 /prefetch:8
  2⤵
  PID:912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3992 --field-trial-handle=1224,i,13071115768408803763,8452781649960808089,131072 /prefetch:1
  2⤵
  PID:820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4052 --field-trial-handle=1224,i,13071115768408803763,8452781649960808089,131072 /prefetch:8
  2⤵
  PID:2952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3836 --field-trial-handle=1224,i,13071115768408803763,8452781649960808089,131072 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4084 --field-trial-handle=1224,i,13071115768408803763,8452781649960808089,131072 /prefetch:8
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=748 --field-trial-handle=1224,i,13071115768408803763,8452781649960808089,131072 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1076 --field-trial-handle=1224,i,13071115768408803763,8452781649960808089,131072 /prefetch:8
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4248 --field-trial-handle=1224,i,13071115768408803763,8452781649960808089,131072 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4352 --field-trial-handle=1224,i,13071115768408803763,8452781649960808089,131072 /prefetch:8
  2⤵
  PID:960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4492 --field-trial-handle=1224,i,13071115768408803763,8452781649960808089,131072 /prefetch:8
  2⤵
  PID:400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4512 --field-trial-handle=1224,i,13071115768408803763,8452781649960808089,131072 /prefetch:8
  2⤵
  PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=2412 --field-trial-handle=1224,i,13071115768408803763,8452781649960808089,131072 /prefetch:1
  2⤵
  PID:2928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=4136 --field-trial-handle=1224,i,13071115768408803763,8452781649960808089,131072 /prefetch:1
  2⤵
  PID:1760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=3840 --field-trial-handle=1224,i,13071115768408803763,8452781649960808089,131072 /prefetch:1
  2⤵
  PID:1820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=4276 --field-trial-handle=1224,i,13071115768408803763,8452781649960808089,131072 /prefetch:1
  2⤵
  PID:764

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\25e1d1bb-59f3-4f27-84de-44865b05c7cc.tmp

Filesize
7KB

MD5
db9bc7515f0f73aa39723c74f080f690

SHA1
b63d417a2bb870809594a9471ed9bc99070ec461

SHA256
6cb4f5c5b562e0c0fca602d1d37e38596dcc3b0be49439c8b9c63f86d6d0bd8c

SHA512
3afda66f0f2aa8e02fa0d5a0a88c6e93f249c2a4042e46e4c79fa5043862389c1c219579a216f965a8b9d3d2eb8dfa077c9b0628b1cdbd826bade8f9ba090bad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
216KB

MD5
9cceb51fb2e808774712a619f42ea425

SHA1
70e63296c6e75e93fce6ef567b8c6bab9aa5c108

SHA256
19cc64f02fb3d1220dc61bf31873cad6f7b18bf1a172cd1a239d1883d3197b8f

SHA512
7be57d41ee3d681a27a0a1083afc8090393156097184acc11dcf950c37feb2c1e98f79a1185486ce46c7308f5ca0d5f6aa7e52a9a5a0f19f7abb574f47291f29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
22KB

MD5
7a204d478c8dfe822bf86f9103bbd9b3

SHA1
7114b36ea1588d9372d730b2ee5dec7a3aee36d1

SHA256
d9134e3cf60db564c49cc181251c7308bc568acf060444c443a90c0f464ebfeb

SHA512
f5fb06a9808e9370a5fb3b926ffa27746ca7942eba36a2f63135168218e326abc74195453b9bcd8a045d5870a71b7f250dfc281515c7fa51857410acb316763e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
1.5MB

MD5
8848b747dc53d19debfb37bbaf45d06e

SHA1
888b427a95d41aac57c278103aab2b3b2fdaf758

SHA256
f6c33d8186949c411417c8a02f7a9967082c20660a651aabf842d3210b754595

SHA512
b4ce8a7009bb05c3a5593246286391f517c61df237967a9da2308717f377299ffd22a0369dd4aa10a69ea146661192db3e10d15495b248233e8b0884d0b6a688

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
47KB

MD5
045937268a2acced894a9996af39f816

SHA1
dfbdbd744565fdc5722a2e5a96a55c881b659ed4

SHA256
cc05f08525e5eaf762d1c1c66bef78dec5f3517cf6f7e86e89368c6d4a1ef0cf

SHA512
71a025a421384ed1e88d0c5ffadc6450a9e1efd827fe929f5ef447d2901cd87572fccf13dfa8b2706c9fab8160163e3a0c80bfe1ab49d63ffbbcb0e4e591a84f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
785KB

MD5
d36a279a33de96214071fd7f70c747d8

SHA1
ceac09f798320386352d961e3b8a1c557361c2eb

SHA256
1b07b593ad68e1a8a0d1b0e3ae27ef5c9d9512f6638bbef8555dd046580b92a7

SHA512
d58b0a54678ceed317222ba60eb1ed34c08e92a44839e83047640294bd79edbb2237962892be029110843de7c9c3bcf8ea6d5d9dabe687027669f27d5fc2ffa4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

Filesize
94KB

MD5
fef9f7a110bec0d6447186afafe5dcf7

SHA1
7ee311875848cf2890ae7e2745e147b8d2cfa519

SHA256
c32dd11911b6c83167ca87e7ed5a0d3e425dd927a669c19e8ef848b3b95cb2aa

SHA512
674fafad403b2417925ab35765ef53df2644a04935b2c68b07dac262a33f8c8d3edab999633b09b227330c98b354f2da53ff0c7ef29d69f5b72ac6a3000c9a2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
3ce4ead035f27b568bb64784042d7e93

SHA1
17cb5a428678633faa21cac52647c97197b84946

SHA256
d26125f92954545ab30b790d780d29aca7d0c736f8f56130d834664831f64ff2

SHA512
5a2ab20735dea9809d00d4f8bf229df1c5a17e9f2a801e306162dc02b36988fe491d8be8f58fa7aa8a5e1c24d91d83b4a7fc3d634d7e048fb5ca423c81e18221

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000004.dbtmp

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf769e42.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
b7fff1e1fa9b2387b417f30755c79bb4

SHA1
fa963d3260a8cf98d55c71541ee1ce291ea8de88

SHA256
4f5b24487f6d7eb75e29c00f9e8ac9097c58bdf52a4075111722bf9368eafe3f

SHA512
10ababfd8b2146752afe8a93f8b4329e0a55afa046b8f54206ebfdde27f4c47aad86b8e36921a5ed0d5f128dc6cd4ed9bcbd38bf38d06db846378891abd57b12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
854B

MD5
eb81845a468853e05efa46e4ab03f687

SHA1
7c023d60be27782821023ca96d3efeb4723861f9

SHA256
51b78dd3ebca832d0d957f8c4a4af370cbc27051df01100da042db7af01ff9d5

SHA512
7bb01ed0bedef0beebd477e5ec194232bb0af193f8d49407a5266b364c41f53556232076f3cd65d6a2df39b86d9c425ed711b7d9cf1b43ee87da2a50d0cc4800

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
868d56e915c9d6da78b25d7f0c9bd35e

SHA1
dbea8489181d41699fdf7bc97b6e47ad9ec04e05

SHA256
2b08d60ec3d805d7d3f4847c842169272d7d1b113a057e98aa4a95bee0df02c8

SHA512
bf0a4e3e829bd7ff1a0c0afdda510c4da6d412948b60c11aea51e779166fbad21e805068143cbca6f79e98f6424b3b767728424b3e81d6cfa4321012ab7383bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
25386e7aa687aad6a230f3df54a5426e

SHA1
b01b13b3e4416ab158f632d2beb9b434b4e8bf9f

SHA256
d50969505e9f38254bd12089a981eca582f34966cef389e2fb164fab54650218

SHA512
7a95d23a0c5090fa9b84649534ed2730da11450498daa7bac947a8f12a52597f9e30b27e6f38361217937326563ac29cdca65bbc42798241159d313d24b4069c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
854B

MD5
216b8394250877075fe771a3da0c25af

SHA1
68594a3401703961ddb615d3348cd50659b732de

SHA256
7f2f9bb1fab583e60a66cadfd89e03f90bdb0ee3ec2400553cc82a750cc77fff

SHA512
748025681b0d2bece39e89fd66240cfbbc594868277a872c073ad4b56f4d0e57e6bc2139d95c7bf25515a01a49a6d126fe11c366dc7bb285d1e84db93ac0a872

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
249d8e6a769aef418a207776662c5ad0

SHA1
038f625b427c3b0880e7dcf99b5346775a19a23a

SHA256
1e160ef1b8018142740ffa2a13e03e0483050411c353a456d47f7b625668c9fa

SHA512
6741cc64514082d8d3cf16169215e48bb4e4c7a2e09082d37e39d0e2e259a826bac57580e7abaf5c15e1dcce5ebd7b8dfc9730406fc55e7206dab1904e3359fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
62dabc6d7ded9f53d4d5089e786b90f3

SHA1
6851644a654c797d12a4b246bc3256ac5a0d0a63

SHA256
fe1fb9f306e9c6e2ff834c627fbd129fd0197c77ec48ac98a8d6a58f20b22a10

SHA512
6f453bb5a0042a31b8b4eecbc8213f4025e4c23cffc0d3d01dcdb1cb4f6e040a614cea18e470de3a6ca5e4df7080fea5e5111bd24f960299ce7134612af552d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\79c4bde1-53ba-4a6a-a0e6-0b4b0b29a3d5\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\79c4bde1-53ba-4a6a-a0e6-0b4b0b29a3d5\index-dir\the-real-index

Filesize
2KB

MD5
951f4dd6e2d7495bbd94490ca43db405

SHA1
f68137bf3012e72b4899988048a25bc5e6b1cab2

SHA256
8d604a2bc91315a1fde3d1f8812f40d396169c3cd4dd1cfde864b6bc62928097

SHA512
f1db9c6069788034de11db80c605a3494e660dea5a2333ef5604638822bd9d773596e43cf20e3e28dcff20623ba6c69cf09e1e7a6ea9855b9e343cb127408e54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
187B

MD5
f111d0b8c69b207d9b7cc8160cf2b75c

SHA1
570462e6677cf3e59d8d935e7969312b1b6dfcc3

SHA256
bc061b4c2e22961f7951cb424a97ad85b0ecceaf4daade83d99f70271c758c5d

SHA512
6395901671562928cc650444f1e83842a69e39c48b41d5ed9d7ff61d35a80239abbba2fcd080eeebd473ceecb87c4f8df4f7f0eb66170606ea60b272157aa17d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
788217189576e86977945e28c3689cac

SHA1
17cedc976b92d5b5d8dc41f9704506581ee2dd7b

SHA256
8d6af2c29930c4d2b07975ad288382f929382dee3e50484a4056b9933ea4689c

SHA512
22656e7a9c07835d5766268e13b309364c36d813720d8b7a0d815d68b9580efe46907f2515f3c5d9dc0bd4d20ad293b72676e7a5e515e31c331c940d9a4a7b60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
d5b323a14fa66693cbef98729a5e4ba8

SHA1
8b3b87e1caa675d21de79a709b19ae6b10177bd2

SHA256
ece87428777a8cadc0712ffe10f8f38cab510b87dd63d9467b0b04e4d66ba0eb

SHA512
24f6e4d0e182b9a1767a1979d760c56eacd0b3b725de619f468055354805eeaddcaf0d9eeafe5d9bc8e8b4b839508f6d01316aae339a4f2f29fa8006ce8baf29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
3c548d993505af5aa0d5ed6baf9c2e1f

SHA1
68d153ced6d41484f643dc941133be4494af68bd

SHA256
1a3496af3877ceef704724394a7675272a0d8fc7ed84be4717c9b04f32d146b7

SHA512
ec15bbf2a1a4021a361be767fe3404bd6167a732caf617c1dd18c11139d776ef2fd11079dd208baf397d5607ff641fa87112ab22355d1a581256e6c38ee17045

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
178B

MD5
79f1637b3db1f8ba6febb91434401040

SHA1
e17eb66c5a1ef05c64e6fdf617d2b1ef96ff7ccc

SHA256
0ef67e6fef41ec9923404b65225d1288f68f03bd38984d4ffc3e1878532cf5fd

SHA512
3baf67d7c817fc53ef12393c5e5943e71800081be47bb47e72a60cd8adadd0f1a8648e63063eb194a0727975438f2da7933d90de50039f9c55fcd7ed3e8c0ec4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
178B

MD5
4d67c919b797b3d200820b5f3b7e2dc5

SHA1
23381a8c6cc3dec37ed01f079bfc17cf788ef157

SHA256
bb0acc8a43951ce29368d288fe529270e9e098999378a9a28477b02785fa8d38

SHA512
9b746a078ea636e41188af41507437d4867bc54e1c02ceac7c4b9d7ca1814cb355ebf17dc68c88b678f2e6e56cfb419385db54f2787a206193d662ea36cf65c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
bec3965d51a464f2d3b5e6250c98e7be

SHA1
8644b4b2ead5717f4daecdaf0ce2aba9f510baa1

SHA256
bdbeba42a6b0a3c4fa1b447c3a9824ffedd072cae698329df4fdca891318706a

SHA512
df650e89fe1fc4a0fc6624420ae37570c373fb3d54f6bbe983af90522a42cad6036623351c3470767b665ff5fce196a83b09d4260295a6c6cc6362421cdbba47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
261KB

MD5
0c79f216b93f28b82137f07ddb701ce2

SHA1
90d9c29e010314f783916a8c87ced14d21a8f6d6

SHA256
065c046be90c5244e0914b6cb2314f5cf1c4d0839bb4a6dfedb167318d32fed1

SHA512
947fe93d76bcec1d3dd7399aef9b2fadc7ad6562b274769652c9cabdd7941fdffcbacfdd912b89b99d761a61e71ecb554379915fa688e0a841419de42da00f4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
memory/360-0-0x0000000000E50000-0x0000000001130000-memory.dmp

Filesize
2.9MB

Download
memory/360-93-0x0000000000970000-0x00000000009B0000-memory.dmp

Filesize
256KB

Download
memory/360-92-0x0000000074640000-0x0000000074D2E000-memory.dmp

Filesize
6.9MB

Download
memory/360-3-0x0000000004E70000-0x0000000004F20000-memory.dmp

Filesize
704KB

Download
memory/360-2-0x0000000000970000-0x00000000009B0000-memory.dmp

Filesize
256KB

Download
memory/360-1-0x0000000074640000-0x0000000074D2E000-memory.dmp

Filesize
6.9MB

Download