560b03c4ba18e5a443f74a69727db0eabac6f455bb836757d620cc51615a92ea

Resubmissions

16-04-2024 15:48

240416-s8783sea37 8

16-04-2024 15:31

240416-sx3jfsde93 8

Analysis

max time kernel
106s
max time network
149s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16-04-2024 15:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$PLUGINSDIR/WinShell.dll
Size

3KB
MD5

1cc7c37b7e0c8cd8bf04b6cc283e1e56
SHA1

0b9519763be6625bd5abce175dcc59c96d100d4c
SHA256

9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
SHA512

7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2244 1964 WerFault.exe rundll32.exe

pid	pid_target	process	target process
2244	1964	WerFault.exe	rundll32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

3068 chrome.exe
3068 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe

pid	process
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

chrome.exe

pid	process
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

rundll32.exerundll32.exechrome.exe

description	pid	process	target process
PID 1168 wrote to memory of 1964	1168	rundll32.exe	rundll32.exe
PID 1168 wrote to memory of 1964	1168	rundll32.exe	rundll32.exe
PID 1168 wrote to memory of 1964	1168	rundll32.exe	rundll32.exe
PID 1168 wrote to memory of 1964	1168	rundll32.exe	rundll32.exe
PID 1168 wrote to memory of 1964	1168	rundll32.exe	rundll32.exe
PID 1168 wrote to memory of 1964	1168	rundll32.exe	rundll32.exe
PID 1168 wrote to memory of 1964	1168	rundll32.exe	rundll32.exe
PID 1964 wrote to memory of 2244	1964	rundll32.exe	WerFault.exe
PID 1964 wrote to memory of 2244	1964	rundll32.exe	WerFault.exe
PID 1964 wrote to memory of 2244	1964	rundll32.exe	WerFault.exe
PID 1964 wrote to memory of 2244	1964	rundll32.exe	WerFault.exe
PID 3068 wrote to memory of 1720	3068	chrome.exe	chrome.exe
PID 3068 wrote to memory of 1720	3068	chrome.exe	chrome.exe
PID 3068 wrote to memory of 1720	3068	chrome.exe	chrome.exe
PID 3068 wrote to memory of 2504	3068	chrome.exe	chrome.exe
PID 3068 wrote to memory of 2504	3068	chrome.exe	chrome.exe
PID 3068 wrote to memory of 2504	3068	chrome.exe	chrome.exe
PID 3068 wrote to memory of 2504	3068	chrome.exe	chrome.exe
PID 3068 wrote to memory of 2504	3068	chrome.exe	chrome.exe
PID 3068 wrote to memory of 2504	3068	chrome.exe	chrome.exe
PID 3068 wrote to memory of 2504	3068	chrome.exe	chrome.exe
PID 3068 wrote to memory of 2504	3068	chrome.exe	chrome.exe
PID 3068 wrote to memory of 2504	3068	chrome.exe	chrome.exe
PID 3068 wrote to memory of 2504	3068	chrome.exe	chrome.exe
PID 3068 wrote to memory of 2504	3068	chrome.exe	chrome.exe
PID 3068 wrote to memory of 2504	3068	chrome.exe	chrome.exe
PID 3068 wrote to memory of 2504	3068	chrome.exe	chrome.exe
PID 3068 wrote to memory of 2504	3068	chrome.exe	chrome.exe
PID 3068 wrote to memory of 2504	3068	chrome.exe	chrome.exe
PID 3068 wrote to memory of 2504	3068	chrome.exe	chrome.exe
PID 3068 wrote to memory of 2504	3068	chrome.exe	chrome.exe
PID 3068 wrote to memory of 2504	3068	chrome.exe	chrome.exe
PID 3068 wrote to memory of 2504	3068	chrome.exe	chrome.exe
PID 3068 wrote to memory of 2504	3068	chrome.exe	chrome.exe
PID 3068 wrote to memory of 2504	3068	chrome.exe	chrome.exe
PID 3068 wrote to memory of 2504	3068	chrome.exe	chrome.exe
PID 3068 wrote to memory of 2504	3068	chrome.exe	chrome.exe
PID 3068 wrote to memory of 2504	3068	chrome.exe	chrome.exe
PID 3068 wrote to memory of 2504	3068	chrome.exe	chrome.exe
PID 3068 wrote to memory of 2504	3068	chrome.exe	chrome.exe
PID 3068 wrote to memory of 2504	3068	chrome.exe	chrome.exe
PID 3068 wrote to memory of 2504	3068	chrome.exe	chrome.exe
PID 3068 wrote to memory of 2504	3068	chrome.exe	chrome.exe
PID 3068 wrote to memory of 2504	3068	chrome.exe	chrome.exe
PID 3068 wrote to memory of 2504	3068	chrome.exe	chrome.exe
PID 3068 wrote to memory of 2504	3068	chrome.exe	chrome.exe
PID 3068 wrote to memory of 2504	3068	chrome.exe	chrome.exe
PID 3068 wrote to memory of 2504	3068	chrome.exe	chrome.exe
PID 3068 wrote to memory of 2504	3068	chrome.exe	chrome.exe
PID 3068 wrote to memory of 2504	3068	chrome.exe	chrome.exe
PID 3068 wrote to memory of 2504	3068	chrome.exe	chrome.exe
PID 3068 wrote to memory of 2504	3068	chrome.exe	chrome.exe
PID 3068 wrote to memory of 2504	3068	chrome.exe	chrome.exe
PID 3068 wrote to memory of 2384	3068	chrome.exe	chrome.exe
PID 3068 wrote to memory of 2384	3068	chrome.exe	chrome.exe
PID 3068 wrote to memory of 2384	3068	chrome.exe	chrome.exe
PID 3068 wrote to memory of 2408	3068	chrome.exe	chrome.exe
PID 3068 wrote to memory of 2408	3068	chrome.exe	chrome.exe
PID 3068 wrote to memory of 2408	3068	chrome.exe	chrome.exe
PID 3068 wrote to memory of 2408	3068	chrome.exe	chrome.exe
PID 3068 wrote to memory of 2408	3068	chrome.exe	chrome.exe
PID 3068 wrote to memory of 2408	3068	chrome.exe	chrome.exe
PID 3068 wrote to memory of 2408	3068	chrome.exe	chrome.exe
PID 3068 wrote to memory of 2408	3068	chrome.exe	chrome.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1168

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1
2⤵
- Suspicious use of WriteProcessMemory
PID:1964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 224
3⤵
- Program crash
PID:2244

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6e79758,0x7fef6e79768,0x7fef6e79778
2⤵
PID:1720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1160 --field-trial-handle=1236,i,8045238112786154154,8023988564233767497,131072 /prefetch:2
2⤵
PID:2504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1520 --field-trial-handle=1236,i,8045238112786154154,8023988564233767497,131072 /prefetch:8
2⤵
PID:2384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1600 --field-trial-handle=1236,i,8045238112786154154,8023988564233767497,131072 /prefetch:8
2⤵
PID:2408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2264 --field-trial-handle=1236,i,8045238112786154154,8023988564233767497,131072 /prefetch:1
2⤵
PID:2832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2276 --field-trial-handle=1236,i,8045238112786154154,8023988564233767497,131072 /prefetch:1
2⤵
PID:524

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1276 --field-trial-handle=1236,i,8045238112786154154,8023988564233767497,131072 /prefetch:2
2⤵
PID:1388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2932 --field-trial-handle=1236,i,8045238112786154154,8023988564233767497,131072 /prefetch:1
2⤵
PID:1916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1392 --field-trial-handle=1236,i,8045238112786154154,8023988564233767497,131072 /prefetch:8
2⤵
PID:2012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3680 --field-trial-handle=1236,i,8045238112786154154,8023988564233767497,131072 /prefetch:8
2⤵
PID:608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=584 --field-trial-handle=1236,i,8045238112786154154,8023988564233767497,131072 /prefetch:1
2⤵
PID:1980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2460 --field-trial-handle=1236,i,8045238112786154154,8023988564233767497,131072 /prefetch:1
2⤵
PID:2040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4624 --field-trial-handle=1236,i,8045238112786154154,8023988564233767497,131072 /prefetch:8
2⤵
PID:1968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4740 --field-trial-handle=1236,i,8045238112786154154,8023988564233767497,131072 /prefetch:8
2⤵
PID:2104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4776 --field-trial-handle=1236,i,8045238112786154154,8023988564233767497,131072 /prefetch:1
2⤵
PID:1592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4716 --field-trial-handle=1236,i,8045238112786154154,8023988564233767497,131072 /prefetch:1
2⤵
PID:1740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4968 --field-trial-handle=1236,i,8045238112786154154,8023988564233767497,131072 /prefetch:8
2⤵
PID:884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5088 --field-trial-handle=1236,i,8045238112786154154,8023988564233767497,131072 /prefetch:8
2⤵
PID:3008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4332 --field-trial-handle=1236,i,8045238112786154154,8023988564233767497,131072 /prefetch:8
2⤵
PID:1680

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2580

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"
1⤵
PID:2064

C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"
1⤵
PID:3044

C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe
"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding
1⤵
PID:1132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fdf9bda8ad541603a5eb2c83724decb8

SHA1
7a8611dd1c9869d5cffafd52a443d3d89ffdc4a9

SHA256
e54d0a76a71e427d75cf9afc1f0c49845d647498b43f1b6ae31e620c30d16f31

SHA512
84817c37c3cf9adc007bb3730b6dad98779017503e6064a36ab07160c1294ac609f265101184821b4505c941cc3f7605fdc09af488550ed30a7fe26f41cf3e81

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8e6dcc36642f4cba676795f3f3a715e7

SHA1
25e070bcc2d20d7d25bfe6979b44e7f2d3482da0

SHA256
e0d738bf1fb721b1eca84337ddd4d7e52d88a5e18d5ae50b9a55595029b894f5

SHA512
ca3eed31b030e0ca07d5d95cf22d63e68866b4b70fe8fce1f6ff59109169635a79e997782555e3470586cce6805ed0395dc19a0a8cc5baa8c0771a85d6be1fae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
91defec056166631c60024ca4b506e2b

SHA1
447b6012b8f4a85965c02f65971f5d880f82258a

SHA256
e2a16695617b641448de75b9448442d47f6d799f6275d30b44e62501de0055b7

SHA512
384502a9c71be030cce2d2968d91d9357987f8c0a4d6c14a4a00e7c8beb05e21aaa9df9c0973c41c700f90fbd289a89e63272fc500edf59c293b17b2fdcbba97

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4e361b5f69ee6ac3aac55f0a5c62a306

SHA1
fa8afd9477188965ab381305bf8cabd117d5c0ca

SHA256
417d09573f119d58ce350aa4f96e5adedafe1b81737144c178fb8106aaac443f

SHA512
fce69b52c596a672cc1380a122e87088e5f1f016db3d2828c53f829b2cc573f06bc58345821ee3e1cdef6d927a5854dd9763faf543e64e19fea0a745a17e3aab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0bf378439f390db362903df0e6c5338a

SHA1
7fcd59b83032cc2b235522ad841c1efe354f1203

SHA256
adf1a590dbd257d9d5b54e2333c98985324937e671f9685b55b3ec5b74dbe34a

SHA512
1394c1810e2963b5a6c5c594be05381b986124eda80283721cbde7396d2c9b7681d61ad36a826d803711cef1fb0b7dbef7b8b9eebf3f4757af8b83e9331783d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
2f690a36d9db3c297c4f48c7b48c3273

SHA1
7e984817dde62c3f8dc434de9228b3e8f3539668

SHA256
3401bf78622752c4c3a057f8e5d827442c576f93cf5ef7aaf15d58f789dc3f9a

SHA512
d0668e2df26d9a4988320a1f635ef93c7e925990634b2d27856207b4c99cf9075791a94eb5eefa8bc39be703e1594660144c7c4d600f75a6d863e87772353e19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
844B

MD5
2cc1cd3c34a6f1d6d4a4f06d867e3e84

SHA1
79fbe9f1cdad4cba96a5931f54083b68cd5c82b8

SHA256
4b4ad367bcba90d4b2fd4c80601e8368f46dc1e9ae23cdd54fc21d3febd8043f

SHA512
6ae2e27c610af20f4349e68fe3cbbfbdd5fcea4b99488c1074e740becada7950624a1521d0957049eaf019d73b0823bb73c0d592930b99e9bace1f05ec1bb711

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
424997982a266ecc2cde465e2e6cdae4

SHA1
00ad371f8409af515d43601680c2f20607eca3a7

SHA256
05fae32dc59acd9562e49c1dacb38a1830290cc35b810ec04b541281664ab31c

SHA512
668b236b75266a4ea66dc8144b0c1e87b20c743ea95b268a8e7eb4118f26d5891fe80f156fca113e9b320f72d50266862626e12faa6aa13f9766bd8ddd556933

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
683B

MD5
1ee0ac287005c29339a8570408409c65

SHA1
563e0f23e2a75b9ee27879e6fd772c6136574dcb

SHA256
1005f06414d246ae1728b34f30197aae53494afcbc0df6a0e76de3e3eed12083

SHA512
58f95ec16e1d6e8d4c6783422aeb2b2ac28c7ceae443ba3c068d057ad2d1b3759c50379f20d928179c800629e2993af14f4420c6424a6f373cb2c68d5cf63485

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
6a7836f215f6e02acdadda00be220eba

SHA1
6b10b5466b7d3bfc688f5354d5741fbbef25fcfe

SHA256
f1235d16dfda7b897a59c75c2ff5c5ec00d472561afa6b52b80723037a1f742d

SHA512
32abee466f4c989281ff96263b5cbdb0b6e32bdb20ac6573a1d992e17a2c480748f4728c826ffc9c18e7cade83738b9d6092d5e30f058e57f4f6b461997b4f1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
a7ca2f203070f36de2e9258062ced573

SHA1
376448cbe77b238ac39264134a7b07eef6ce4f5b

SHA256
ce12cce38bc4af6c8e802baea81588fcb6f0a6110faa73709d2f9d1bec530b57

SHA512
71eba1db0f5e712f939ff500a05f82aa05199a4001ef7dd57e1a62fdb0d1922e45a044154b8c30687b50aca83157bdb58a4bc75a35e22e4b8c9d937175096590

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
e20c65ff58c09a0d69fa2cf5ac1899ac

SHA1
bec4aa27efb0c709a03a47871a2f20e72b6a98e5

SHA256
fa214e5d53edfc67e92f5656bc357da565ee3b6160a913d45749eac1c2d16cc5

SHA512
bc08b041a5ddcca83dfd7d3870be9870c5a8a88330200639b57f86d3f0e2400fde259e9e8dd2fa6e59d0a5afd1bb73396f1734a49fc65ba31268206c2981c106

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
18f64c6ee29280fd1127dcc5e2f91de8

SHA1
bbe2a261ce4f884a263e2121e607bd31675f2598

SHA256
36e4c843853bb64b3ea518b8870a45b384450243b014db1258f499b4f8d52471

SHA512
9d44d91e9daa0462e82be24610c9ace0a839420ca69714691397d2e40e97a954391a7eb06d2f8b8a3e2b2be4f8797b39563a92855f4f512bcb3abf5175ec6f2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
9a917213b20b0415d90fdd2eaa892df0

SHA1
e13780f02649e384de76b9d771934521fafd3e44

SHA256
4f44e0afdcafcbcabd42da9db2c26f8c39b5bb453a7925908dbc75a778fa14f6

SHA512
8d806c9710d282e26b2127865b43d210c1958a8aafaa1f4dbc13fd38a171bd37cc90a300e2efcd539841bdae025782a2a9aef9462e818532c36aa4bb40ff2cef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
263KB

MD5
c3d913c4a66d9f60aafbdd0d1c32b110

SHA1
95a9b4663d7f6f60688e78237b6b36d65cd54db3

SHA256
132454b319ba950a2ba9186ea82ed9ab59333f87db28eef28d074fe4a1c6940b

SHA512
0b28dc77c6e7ad2090039cc8de707d8582d12582d9f0cebca27694df8b9ba88a343883f288165a7bb3e0a823b6acafed5cc9c5fff1ca987eae6de055d52b9841

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar74BA.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
\Users\Admin\AppData\Local\Temp\Setup0000046c\OSETUP.DLL

Filesize
5.5MB

MD5
fcc38158c5d62a39e1ba79a29d532240

SHA1
eca2d1e91c634bc8a4381239eb05f30803636c24

SHA256
e51a5292a06674cdbbcea240084b65186aa1dd2bc3316f61ff433d9d9f542a74

SHA512
0d224474a9358863e4bb8dacc48b219376d9cc89cea13f8d0c6f7b093dd420ceb185eb4d649e5bd5246758419d0531922b4f351df8ad580b3baa0fab88d89ec7

Download Submit
memory/3044-589-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/3044-590-0x000000007265D000-0x0000000072668000-memory.dmp

Filesize
44KB

Download