c0207a51c8aafebf25ae76732e2bebf76b87b2b9acdfba248cc0a3fc590a4717

Resubmissions

16/04/2024, 08:27

240416-kcnkssdd47 7

16/04/2024, 08:26

240416-kb2q2afb7y 7

Analysis

max time kernel
62s
max time network
63s
platform
windows10-1703_x64
resource
win10-20240404-es
resource tags

arch:x64arch:x86image:win10-20240404-eslocale:es-esos:windows10-1703-x64systemwindows
submitted
16/04/2024, 08:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fabric-api-0.83.0+1.20.jar
Size

1.9MB
MD5

9ecba65b9c5ed19a52982bee4a74003e
SHA1

3b0bcacbb175ae6adbbb2af203fce3a37189e494
SHA256

c0207a51c8aafebf25ae76732e2bebf76b87b2b9acdfba248cc0a3fc590a4717
SHA512

b121ee00b13804d6850cdf506f9b216348a76ee8c1998492062d1b3d09f7ee921c89153449fd9d8ad907d1b8efb660a9cf4c540c20dc0ae892e0f567ac6541fe
SSDEEP

49152:4GrmNHnCXfUzyHW6+Ch+RqZTwo7q2tCZAHnBAk3PmSOa:4GqJnVzyHk+bXJDPua

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
4436	icacls.exe

Unexpected DNS network traffic destination 1 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	54.203.171.68

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133577296681648165"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4948	chrome.exe
4948	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4988 wrote to memory of 4436	4988	java.exe	75
PID 4988 wrote to memory of 4436	4988	java.exe	75
PID 4948 wrote to memory of 4572	4948	chrome.exe	77
PID 4948 wrote to memory of 4572	4948	chrome.exe	77
PID 4948 wrote to memory of 3028	4948	chrome.exe	79
PID 4948 wrote to memory of 3028	4948	chrome.exe	79
PID 4948 wrote to memory of 3028	4948	chrome.exe	79
PID 4948 wrote to memory of 3028	4948	chrome.exe	79
PID 4948 wrote to memory of 3028	4948	chrome.exe	79
PID 4948 wrote to memory of 3028	4948	chrome.exe	79
PID 4948 wrote to memory of 3028	4948	chrome.exe	79
PID 4948 wrote to memory of 3028	4948	chrome.exe	79
PID 4948 wrote to memory of 3028	4948	chrome.exe	79
PID 4948 wrote to memory of 3028	4948	chrome.exe	79
PID 4948 wrote to memory of 3028	4948	chrome.exe	79
PID 4948 wrote to memory of 3028	4948	chrome.exe	79
PID 4948 wrote to memory of 3028	4948	chrome.exe	79
PID 4948 wrote to memory of 3028	4948	chrome.exe	79
PID 4948 wrote to memory of 3028	4948	chrome.exe	79
PID 4948 wrote to memory of 3028	4948	chrome.exe	79
PID 4948 wrote to memory of 3028	4948	chrome.exe	79
PID 4948 wrote to memory of 3028	4948	chrome.exe	79
PID 4948 wrote to memory of 3028	4948	chrome.exe	79
PID 4948 wrote to memory of 3028	4948	chrome.exe	79
PID 4948 wrote to memory of 3028	4948	chrome.exe	79
PID 4948 wrote to memory of 3028	4948	chrome.exe	79
PID 4948 wrote to memory of 3028	4948	chrome.exe	79
PID 4948 wrote to memory of 3028	4948	chrome.exe	79
PID 4948 wrote to memory of 3028	4948	chrome.exe	79
PID 4948 wrote to memory of 3028	4948	chrome.exe	79
PID 4948 wrote to memory of 3028	4948	chrome.exe	79
PID 4948 wrote to memory of 3028	4948	chrome.exe	79
PID 4948 wrote to memory of 3028	4948	chrome.exe	79
PID 4948 wrote to memory of 3028	4948	chrome.exe	79
PID 4948 wrote to memory of 3028	4948	chrome.exe	79
PID 4948 wrote to memory of 3028	4948	chrome.exe	79
PID 4948 wrote to memory of 3028	4948	chrome.exe	79
PID 4948 wrote to memory of 3028	4948	chrome.exe	79
PID 4948 wrote to memory of 3028	4948	chrome.exe	79
PID 4948 wrote to memory of 3028	4948	chrome.exe	79
PID 4948 wrote to memory of 3028	4948	chrome.exe	79
PID 4948 wrote to memory of 3028	4948	chrome.exe	79
PID 4948 wrote to memory of 424	4948	chrome.exe	80
PID 4948 wrote to memory of 424	4948	chrome.exe	80
PID 4948 wrote to memory of 4992	4948	chrome.exe	81
PID 4948 wrote to memory of 4992	4948	chrome.exe	81
PID 4948 wrote to memory of 4992	4948	chrome.exe	81
PID 4948 wrote to memory of 4992	4948	chrome.exe	81
PID 4948 wrote to memory of 4992	4948	chrome.exe	81
PID 4948 wrote to memory of 4992	4948	chrome.exe	81
PID 4948 wrote to memory of 4992	4948	chrome.exe	81
PID 4948 wrote to memory of 4992	4948	chrome.exe	81
PID 4948 wrote to memory of 4992	4948	chrome.exe	81
PID 4948 wrote to memory of 4992	4948	chrome.exe	81
PID 4948 wrote to memory of 4992	4948	chrome.exe	81
PID 4948 wrote to memory of 4992	4948	chrome.exe	81
PID 4948 wrote to memory of 4992	4948	chrome.exe	81
PID 4948 wrote to memory of 4992	4948	chrome.exe	81
PID 4948 wrote to memory of 4992	4948	chrome.exe	81
PID 4948 wrote to memory of 4992	4948	chrome.exe	81
PID 4948 wrote to memory of 4992	4948	chrome.exe	81
PID 4948 wrote to memory of 4992	4948	chrome.exe	81
PID 4948 wrote to memory of 4992	4948	chrome.exe	81
PID 4948 wrote to memory of 4992	4948	chrome.exe	81

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\fabric-api-0.83.0+1.20.jar
1⤵
- Suspicious use of WriteProcessMemory
PID:4988
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:4436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffd97fd9758,0x7ffd97fd9768,0x7ffd97fd9778
  2⤵
  PID:4572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1856,i,8265096285303628669,3095352117112581031,131072 /prefetch:2
  2⤵
  PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1788 --field-trial-handle=1856,i,8265096285303628669,3095352117112581031,131072 /prefetch:8
  2⤵
  PID:424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1896 --field-trial-handle=1856,i,8265096285303628669,3095352117112581031,131072 /prefetch:8
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2956 --field-trial-handle=1856,i,8265096285303628669,3095352117112581031,131072 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2972 --field-trial-handle=1856,i,8265096285303628669,3095352117112581031,131072 /prefetch:1
  2⤵
  PID:3648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3932 --field-trial-handle=1856,i,8265096285303628669,3095352117112581031,131072 /prefetch:1
  2⤵
  PID:824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4524 --field-trial-handle=1856,i,8265096285303628669,3095352117112581031,131072 /prefetch:8
  2⤵
  PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4748 --field-trial-handle=1856,i,8265096285303628669,3095352117112581031,131072 /prefetch:8
  2⤵
  PID:1864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4804 --field-trial-handle=1856,i,8265096285303628669,3095352117112581031,131072 /prefetch:8
  2⤵
  PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 --field-trial-handle=1856,i,8265096285303628669,3095352117112581031,131072 /prefetch:8
  2⤵
  PID:3464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5012 --field-trial-handle=1856,i,8265096285303628669,3095352117112581031,131072 /prefetch:8
  2⤵
  PID:1120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3780 --field-trial-handle=1856,i,8265096285303628669,3095352117112581031,131072 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3088 --field-trial-handle=1856,i,8265096285303628669,3095352117112581031,131072 /prefetch:1
  2⤵
  PID:3720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=892 --field-trial-handle=1856,i,8265096285303628669,3095352117112581031,131072 /prefetch:1
  2⤵
  PID:908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1700 --field-trial-handle=1856,i,8265096285303628669,3095352117112581031,131072 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3152 --field-trial-handle=1856,i,8265096285303628669,3095352117112581031,131072 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5492 --field-trial-handle=1856,i,8265096285303628669,3095352117112581031,131072 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5508 --field-trial-handle=1856,i,8265096285303628669,3095352117112581031,131072 /prefetch:1
  2⤵
  PID:684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5524 --field-trial-handle=1856,i,8265096285303628669,3095352117112581031,131072 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5540 --field-trial-handle=1856,i,8265096285303628669,3095352117112581031,131072 /prefetch:1
  2⤵
  PID:208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5564 --field-trial-handle=1856,i,8265096285303628669,3095352117112581031,131072 /prefetch:1
  2⤵
  PID:3692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5572 --field-trial-handle=1856,i,8265096285303628669,3095352117112581031,131072 /prefetch:1
  2⤵
  PID:3696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5844 --field-trial-handle=1856,i,8265096285303628669,3095352117112581031,131072 /prefetch:1
  2⤵
  PID:428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6380 --field-trial-handle=1856,i,8265096285303628669,3095352117112581031,131072 /prefetch:1
  2⤵
  PID:1456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6752 --field-trial-handle=1856,i,8265096285303628669,3095352117112581031,131072 /prefetch:1
  2⤵
  PID:1360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6796 --field-trial-handle=1856,i,8265096285303628669,3095352117112581031,131072 /prefetch:1
  2⤵
  PID:4772

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
f8cfd488ed9a3ab708cc758826790a8b

SHA1
3d762d659f87ef01859f0da2b7f9f70140bfe539

SHA256
934fd9ceeb82c92f45753792fe930eecbb2db54105c2c3ee510734554eea67b2

SHA512
27e325bee74640beff4090a5336e135a583897ed60806fb06e5f322ccb8fc533a6a43303fe793541ba0c208f91bb08b52063d9d14417d2d67ef56777f4404484

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
18KB

MD5
328a8da2d904403b04d142b11ec6786b

SHA1
2b03b9d2f9b8017ab6e5665d71c7e4b8c9683ee9

SHA256
1fbb0a6c4c6f724420c5301b9b5deeb43cd591b20419c89827cef3af647f12aa

SHA512
6822c4ea256e6aeaa25b626d39fb636bf934f583897131fabab29fe7d065f04109f75ea19c28992081c5548e8d5d29fceed8a2e0cfb4b28af864b52606945a9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
24KB

MD5
5072151739a36e9d9cb713a097480e7f

SHA1
ef8f76780f69e4cfe8110bc51c968baaa1a28faa

SHA256
1ee40c79c7cb648d393dd9381a40bb6f2d5e228cc0d441e3445d46777a199434

SHA512
cf8141b6ce391d3f6e3971dc53c3222e28c3409c391bffd5e141e3fc89163eb5b238a3878adf3a050c45b0de86e305b659ef7fcdfa10078c149870b7b30c7ae1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
25KB

MD5
5507d6b00c37268b7d9a7e8e17d0d5e3

SHA1
213e57f05f76b639c75aa116d7ae4156d346d83d

SHA256
f02e4b82ff2615b6ecd3da15222dd0efc876f635dbe6a1b7c87c4c9256783871

SHA512
72536d6587267fe267a1f49e20b92fa7270209d6c002282e032442c1c8bf2e1bcedbdee2c8a70011b9f469363a2a4fb0c0aeae0819bcb8a4f60e77d73f1ef1a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
16KB

MD5
3fb4b9b1e2f3dc755de272bf826c14ce

SHA1
8aae00b3fdd97348abff114c95c938a2d4c90d19

SHA256
43ccba30c6d10df800d98c36596a595c12bfeb0e7173d18a86a3ea3651947e95

SHA512
ecbb2cab39edc9618ab1c098afaf24ba82c9f6712fc8a234bd3729f0727312dffdd1d43546f10fc1a11a5f84a4edad874a95ef16015720a1b880da3c73ecd4f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
16KB

MD5
5350e96acbe80b9bafa2f59d0b4e5fe2

SHA1
a86728cba97e98e44c46ddd7902ba43bb6e7b786

SHA256
eb903acaee8df348a8755cfe255c294ad40bb866518c001f073f06954a2b01b8

SHA512
fbb3e0aee8c33eeb3648e03887dadb86c117d55fbffd94d275c3388278cb0cc107ae9ea45492f25697b4764d5b9f53b47ede85f137c6556afcc91326ee3a527d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
20KB

MD5
4b0eeaf6f9834375a10bb80962fbf6d2

SHA1
da2c09229c21d3b2018e06a963ccfa91afca2a34

SHA256
1932e110e5c3f6ec4678e10e42596eca330a277d2719c8aa3f004e5fb58c752f

SHA512
685048328acb0d82c0fe9bf82d0a418470b4c9211b6b205530147619e1376d111539a94b5fd156618631ec25d71965697bab3ce4a6f62ea70921c7e5051406ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
27KB

MD5
1881d59094fd6ae4fa5f7c72475afce5

SHA1
d4d123a71bae9496171e27e06b10f553e00427f6

SHA256
203087b8aa20c0b96ff146e029678d15c708a78b4ebffc56954391f63a5fa144

SHA512
6e47aaf8956993a18e4095d84cef23536080bf501bc13329c13f9a70b17ca9ac903587b862b692973f283552d7f95ba0f32270f7fda20de8efff367da366d505

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
bdc19e4f63616be1396859b8b84a7829

SHA1
83a65261696fea66033dca1d04dc7ce7f3b61607

SHA256
21fbc5a61dbea28bdeb4883723754ce2a18d3d2c8cf2775bc853bcd4b4e28261

SHA512
ccec8e8b1725747a1da2c40c03425dbe34e36bf34c4fee8c33db1f75320f37f4f47bce80662a2f3a94694b9c63cbfd373ec7795c155cf8b09a45fa86c0c2929f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
09bc9680e5bdb62ba07bac39b85c6e1f

SHA1
dc82bcd91af21521ef37393101ea8d846d9c14e4

SHA256
00fda6623bc93f4c292eee242f0af331ab156cfb639fc56b0bfaf107b6a2b66f

SHA512
c80fd1f82fd9bb8953218ac7cff047fb05351331f4e7aed6754079837bd5f0f1ece72e15538e810b414afa38eed07776cd6547fc001ac360ea897ec526a804c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
de93570f2f2d38647ce1aff5c0af5c8a

SHA1
8c3662ce7acb0d29f7e43d3b083cf1bfbfbe1710

SHA256
b0c4f1613215985359b03f274b399818ba1c5fbdae51fdf265535c18d1ab4abe

SHA512
348437d096c3ec7eb7637dc886b2f43b449665b62077aca4807d54ad00c22a2dbb6883dd08dfebcadd7895119ec833c70450ce1d6f223eba9999265b1dc3f316

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0368dcaa11cbfb8f43fcea65fd492863

SHA1
57121951d4504621bbb9997f561f1e5697c65af7

SHA256
de71dfbe3d9e3bbcb9365cee1b35902ae5de19abdd97d95166075455fc351a0a

SHA512
a31e31a4e9a6ab04060f46902f4e040d31b333e4c85566152bc20d8de4dfa000312082ef2ce612215bc39847612c1c34f91c73f535d2f8242992979478b2330e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7cfb911fa94d81648afde701ab56ee73

SHA1
9502355e7438319137ffa69df5fd38108f4f7388

SHA256
c2c3f28e4cf052834792a44a333b829aaf7a77ca89e556e0546c86ce699a1f67

SHA512
6955fa6e991d3d71e2c75076cc4218cff7375ce9ecfc25dedb4393f095191b242916d7132a425d671086592f4e86582b66ca3f4fc6ee695e22e6d12200ec0845

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
3f3888546bf78e4da3422cafd8bec07d

SHA1
91764c8601b124c40e3e263b1aaaa202e2f75392

SHA256
0ded5d92c424340a028d0fa85a4b1eb8c5172cc9bab897e30d39310e103cfde4

SHA512
5d6d48cb2f67cf84a8584fe60ffdf9d7d734ca2a4d7531b10354a956779da961df101f29de1dfb4d9b0626489c8ff2214a89c0c19a87f222d58555fe353d23e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9d186d5bf3e0a0bf1aa1bef40b5fabfa

SHA1
fa1274b552449b00c626856f486048bcd5505499

SHA256
bd3913f2fe3c9ce226d67e968301e943bb6f375df0f96cc9d11df43ec670afb9

SHA512
362cd96954f43d396c63f7801a587848990e289eb7a841e1befa62522c3daac9782d273b9d521a65cdd7c1fbf966f3d64c92319132b7220ef67e9dd6535ba2ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
6fbe394f312e8a7984f06309cc6e0023

SHA1
f4c0e2079bb7047e3eab9466f28a3f255a655844

SHA256
ffec6ab083a5c5e93104b615eba17e7b31b748257de930dbae7660430746ba8f

SHA512
53159c9b5f8e7d3bcdd40612d7cc60c2bf46d413428c1036bd143f7e5b7f4f4e199f2a8ef17b7eefda99172bf3e5453cf7454bd63cf139d3c6b408c1c916817b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\b9678162-c942-46c2-b4ca-68ad8fcb5508.tmp

Filesize
1KB

MD5
032cea29d8d76927b49ca3bb15430791

SHA1
032b63c75022674d6cdd74624580a90ca0eace87

SHA256
c9ba764e7aa47cc18fbb048b3a835ced9311c4a6b65cdfd17d8fa430d34dbc9e

SHA512
4c5d3f1b9cd4d6be95446bd4ae95f694e86effcd4ba45a5b5c1cb1efef0ea58d3915469f4dac9f0e1c5b139d31c9e4a65b38117f582f2091c8645b8ea5e7f1bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
2b89a9c44a38824b19f9e7931feb425e

SHA1
4f588cd686e7c37aec7ca05366f27e5bceba3fb2

SHA256
cc4a96b20478c26a589a992f190f66e2a3196bd89a04a97af3fda0c57a599b70

SHA512
e9b847be020ec0773dc55969dde083187add0e5864e5a3f64a413536a8b847059ca77e9bbaa14786b26b1db4e736c9e9eded219e77d124d3f6c73eb9d9777320

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a317d662e1c2673c345b8e43417bf173

SHA1
089e983d351bce9e701ed1df746b912e9e707f38

SHA256
45dd93ed3e902d137ed0e3c9a0d7585db54ab4652185c7dd30f53c525269d7c6

SHA512
0e0d16de90e3e9eb32f9667ba215c4f61510eb91beeaa7c3eceea39ea88383902afde79b76eb4a37d20ee525b5e053e554f8cb0996876c34ca3e04530f427a1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c5ffc872c4e42f866caba29f701f80db

SHA1
29d26337f030d0df17c32c8579cbe371d973d4bb

SHA256
150e38575a62d1a574a922b953b2c7e026233ae7f2dcff73c8a307bd5f1aef22

SHA512
9f1c2be03fbc4b26c78ed55aa640818ce7108976423782bdd2e61f44e64c7c038776f771b06554a9992b6f5284d43b330b946640d23d1a8d5ed060f5c846030e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
a33e62051eca7653ff1b4624880e9670

SHA1
ad31a675d8b8495ddc2f52d053319df2dea34452

SHA256
071ba956389f9ec955d9e80184098f31a286258753c19737e1aada68795f1709

SHA512
86d38b9649de8d103e2428cef02df3e50b06addff3fce45ff6162e10b2aca19d0b3d5bd4450117a7a53e7e69525fe21e743517459d12fbf3b56e5d3deda00a0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
f0a51a75da622e90784619d4f63644bc

SHA1
8e0cc48dcffe1692696da2ae12309004a06bc60a

SHA256
74a654df774d88e973ed6c146f0e171218b64ccb47e61f9b89133a8a69f8990e

SHA512
b08a35ec6794d019a1cb26af8d0902519e1cf64c4d5e6d7efdb2040d3af73961e8bf893819bffaaf7c91453706da84b2ebbeb623ba6f38d4b57468c0297ed76b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe585493.TMP

Filesize
48B

MD5
1cc31ea9acce9e8855504e4e687749dc

SHA1
4aaa0d9e674db828f6f27e878af631798364f069

SHA256
46e17393bcaa017e22b2046a51779ca4f89ea950f987019b1a9a643494febe39

SHA512
2ec81f3143438c9c8f3414f3927b685ea96b2d2e2c4ea11d4adf3d40e2ee68df3d4c6df0f84cdf975db9e0350b47f65eb9579916922f3917da6ee67bece25a7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
270KB

MD5
4c2902e8d2c74b19bd9182b738d8caa2

SHA1
819139b1ae21a1aaad1f427c943367ed6f5d23f3

SHA256
fe3358c5d342196d5ff80f1f3290ba4cd3229839465450c787bba86384898e3f

SHA512
76c302447761f2fe931f947675bca3d7ad11b2e40c02c254927f3bc33b681ee93e4a0be6b951e8b629a03094740cdbeef4c51e69d4dbdbd8c9e365d5554981e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
270KB

MD5
e878792405907bd3e68f979175afa23b

SHA1
05f067cfb079e05de4667926dc944c9c5b7094a9

SHA256
ab18fdcbad6eb57c708a8026efb3035f872e0d9b289deaf7c951ad576d379119

SHA512
f633904123a7e89da03e84e5b20e197b2bccc68c1893d60a928829cbf10d7a4d1c9c73f1da5fe014d5cebd85e7ef075f51241df644d3e83b7ac3b3a9ef5670c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
memory/4988-5-0x0000021DDB570000-0x0000021DDC570000-memory.dmp

Filesize
16.0MB

Download
memory/4988-12-0x0000021DDB550000-0x0000021DDB551000-memory.dmp

Filesize
4KB

Download